§Why CasetextPricing

FHWA Adoption of Cyber Security Evaluation Tool

89 Fed. Reg. 73488 (Sep. 10, 2024)

FHWA Adoption of Cyber Security Evaluation Tool

Download PDF
Federal RegisterSep 10, 2024
89 Fed. Reg. 73488 (Sep. 10, 2024)
Document Headings

Document headings vary by document type but may contain the following:

  • the agency or agencies that issued and signed a document
  • the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
  • the agency docket number / agency internal file number
  • the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions

    • See the Document Drafting Handbook for more details.

    Department of Transportation Federal Highway Administration
  • [FHWA Docket No. FHWA-2024-0005]

    • AGENCY:

    Federal Highway Administration (FHWA), U.S. Department of Transportation (DOT).

    ACTION:

    Notice.

    SUMMARY:

    With this notice, FHWA announces that it is adopting the Cyber Security Evaluation Tool (CSET) as a voluntary tool transportation authorities can use to assist in identifying, detecting, protecting against, responding to, and recovering from cyber incidents.

    FOR FURTHER INFORMATION CONTACT:

    For questions about this notice, please contact Mr. Jason Carnes, FHWA Transportation Security Coordinator (202) 366-5280, or via email at Jason.Carnes@dot.gov, Federal Highway Administration, 1200 New Jersey Avenue SE, Washington, DC 20590. Office hours are from 8:00 a.m. to 4:30 p.m., ET, Monday through Friday, except Federal holidays.

    SUPPLEMENTARY INFORMATION:

    Electronic Access

    This document may be viewed online under the docket number noted above through the Federal eRulemaking portal at: www.regulations.gov. Electronic submission and retrieval help and guidelines are available on the website. Please follow the online instructions.

    An electronic copy of this document may also be downloaded from the Office of the Federal Register's website at: www.FederalRegister.gov and the U.S. Government Publishing Office's website at: www.GovInfo.gov.

    Background

    Pursuant to section 11510(b) of the Bipartisan Infrastructure Law (BIL), enacted as the Infrastructure Investment and Jobs Act (Pub. L. 117-58), FHWA is required to develop a tool to assist transportation authorities in identifying, detecting, protecting against, responding to, and recovering from cyber incidents. Safety is the top priority of DOT and FHWA. The FHWA routinely works closely and collaboratively with Federal and State agencies whose primary missions revolve around securing critical transportation infrastructure. The FHWA provides subject matter expertise to those agencies in identifying potential physical and cybersecurity threats and appropriate mitigation efforts. When presented with physical or cybersecurity questions, concerns or incidents from State, local, Tribal, and Territorial transportation authorities, or other stakeholders, FHWA routinely assists in connecting these entities to security-focused government agencies, including the Transportation Security Administration, the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation.

    On March 5, 2024, FHWA published in the Federal Register (89 FR 15923) a notice and request for comments proposing to adopt CISA's CSET as a voluntary tool that transportation authorities can use to assist in identifying, detecting, protecting against, responding to, and recovering from cyber incidents. The CISA's cybersecurity mission is to defend and secure cyberspace by leading national efforts to drive national cyber defense, resilience of national critical functions, and a robust technology ecosystem. The FHWA therefore thinks it is appropriate to leverage CISA's expertise instead of attempting to create a separate and potentially duplicative tool. The CSET, developed by CISA, is a comprehensive software tool designed to assist organizations in assessing their cybersecurity posture and developing structured improvement programs. The CSET helps organizations evaluate their cybersecurity practices, identify vulnerabilities, and prioritize mitigation efforts by providing a systematic approach to assess cybersecurity controls and processes. It offers a range of modules and questionnaires tailored to different critical infrastructure sectors, making it a valuable resource for organizations seeking to enhance their cybersecurity resilience through a well-structured assessment and development program. The CSET is available to the public for download at https://www.cisa.gov/downloading-and-installing-cset.

    Discussion of Comments Received

    Consistent with BIL, section 11510(b)(2)(E), FHWA requested comments on its notice proposing to adopt CSET. The FHWA received two comments, both of which supported FHWA's proposal to adopt CSET as a voluntary cybersecurity tool. The FHWA appreciates the comments.

    Adoption of Cyber Security Evaluation Tool

    In accordance with BIL, section 11510(b), and after reviewing the comments received, FHWA announces with this notice that FHWA adopts CISA's CSET as a voluntary tool transportation authorities can use to provide assistance regarding cyber incidents.

    Authority: Sec. 11510, Pub. L. 117-58, 135 Stat. 592.

    Shailen P. Bhatt,

    Administrator, Federal Highway Administration.

    [FR Doc. 2024-20331 Filed 9-9-24; 8:45 am]

    BILLING CODE 4910-22-P