Skip to content
LexBuild

Revision of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 Series 

---
identifier: "/us/fr/2025-24198"
source: "fr"
legal_status: "authoritative_unofficial"
title: "Revision of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 Series"
title_number: 0
title_name: "Federal Register"
section_number: "2025-24198"
section_name: "Revision of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 Series"
positive_law: false
currency: "2026-01-02"
last_updated: "2026-01-02"
format_version: "1.1.0"
generator: "[email protected]"
agency: "Homeland Security Department"
document_number: "2025-24198"
document_type: "notice"
publication_date: "2026-01-02"
agencies:
  - "Homeland Security Department"
  - "Transportation Security Administration"
fr_citation: "91 FR 149"
fr_volume: 91
comments_close_date: "2026-02-02"
fr_action: "30-Day notice."
---

#  Revision of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 Series

**AGENCY:**

Transportation Security Administration, DHS.

**ACTION:**

30-Day notice.

**SUMMARY:**

This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0056, abstracted below, to OMB for review and approval of a revision of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection allows TSA to assess the current security practices in the pipeline industry through TSA's Pipeline Corporate Security Review (CSR) program and allows for the continuation of mandatory cybersecurity requirements under the TSA Security Directive (SD) Pipeline-2021-02 series.

**DATES:**

Send your comments by February 2, 2026. A comment to OMB is most effective if OMB receives it within 30 days of publication.

**ADDRESSES:**

Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to *https://www.reginfo.gov/public/do/PRAMain.* Find this particular information collection by selecting “Currently under Review—Open for Public Comments” and by using the find function.

**FOR FURTHER INFORMATION CONTACT:**

Christina A. Walsh, TSA PRA Officer, Information Technology, TSA-11, Transportation Security Administration, 6595 Springfield Center Drive, Springfield, VA 20598-6011; telephone (571) 227-2062; email *[email protected].*

**SUPPLEMENTARY INFORMATION:**

TSA published a *Federal Register* notice, with a 60-day comment period soliciting comments, of the following collection of information on August 1, 2025, 90 FR 36169. TSA did not receive any comments on the notice.

**Comments Invited**

In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 *et seq.* ), an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. The ICR documentation will be available at *https://www.reginfo.gov* upon its submission to OMB. Therefore, in preparation for OMB review and approval of the following information collection, TSA is soliciting comments to—

(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(2) Evaluate the accuracy of the agency's estimate of the burden;

(3) Enhance the quality, utility, and clarity of the information to be collected; and

(4) Minimize the burden of the collection of information on those who are to respond, including using appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

**Information Collection Requirement**

*Title:* Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 series.

*Type of Request:* Revision of a currently approved collection.

*OMB Control Number:* 1652-0056.

*Forms(s):* Pipeline CSR Protocol Form and documents submitted to TSA pursuant to the requirements in the Security Directive.

*Affected Public:* Hazardous Liquids and Natural Gas Pipeline Industry.

*Abstract:* Under the Aviation and Transportation Security Act [^1] and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for “security in all modes of transportation . . . including security responsibilities . . . over modes of transportation that are exercised by the Department of Transportation.” [^2] TSA is specifically empowered to assess threats to transportation; [^3] develop policies, strategies, and plans for dealing with threats to transportation; [^4] oversee the implementation and adequacy of security measures at transportation facilities; [^5] and carry out other appropriate duties relating to transportation security. [^6] The Implementing Recommendations of the 9/11 Commission Act of 2007 included a specific requirement for TSA to conduct assessments of critical pipeline facilities. [^7]

[^1] Public Law 107-71 (115 Stat. 597; Nov. 19, 2001), codified at 49 U.S.C. 114.

[^2]*See* 49 U.S.C. 114(d). The TSA Administrator's current authorities under the Aviation and Transportation Security Act have been delegated to him by the Secretary of Homeland Security. Section 403(2) of the Homeland Security Act of 2002, Public Law 107-296 (116 Stat. 2135, Nov. 25, 2002), transferred all functions of TSA, including those of the Secretary of Transportation and the Under Secretary of Transportation of Security related to TSA, to the Secretary of Homeland Security. Pursuant to DHS Delegation Number 7060.2, the Secretary delegated to the Administrator of TSA, subject to the Secretary's guidance and control, the authority vested in the Secretary with respect to TSA, including that in section 403(2) of the Homeland Security Act.

[^3] 49 U.S.C. 114(f)(2).

[^4] 49 U.S.C. 114(f)(3).

[^5] 49 U.S.C. 114(f)(11).

[^6] 49 U.S.C. 114(f)(15).

[^7]*See* section 1557 of Public Law 110-53 (121 Stat. 266, Aug. 3, 2007) as codified at 6 U.S.C. 1207.

**Establishing Compliance With Voluntary Pipeline CSR Program Information Collection Requirements**

TSA has historically assessed industry security practices through its Pipeline CSR program. [^8] Pipeline CSRs are voluntary, face-to-face visits, usually at the headquarters facility of the pipeline Owner/Operator. TSA has developed a Question Set to aid in the conducting of CSRs. The CSR Question Set structures the TSA and pipeline Owner/Operator discussion and is the central data source for the physical security information TSA collects.

[^8]*See* section 1557 of Public Law 110-53 (121 Stat. 266; Aug. 3, 2007) as codified at 6 U.S.C. 1207.

**Establishing Compliance With Mandatory Requirements in the TSA SD Pipeline-2021-02 Series; Information Collection Requirements**

While the CSR collection supports physical security plans and processes, TSA issued the SD Pipeline-2021-02 series with mandatory requirements in order to mitigate specific cybersecurity concerns posed by current threats to national security. Pipeline Owner/Operators designated by TSA as critical must:

• Submit a Cybersecurity Implementation Plan to TSA for approval (there is no designated form or format). Once approved by TSA, pipeline Owner/Operators must implement and maintain all measures. Owner/Operators must submit changes to their Cybersecurity Implementation Plan for approval in accordance with the instructions in the SD.

• Develop and maintain an up-to-date Cybersecurity Incident Response Plan for their designated critical cyber systems to reduce the risk of operational disruption, or the risk of other significant impacts on business critical functions. Owner/operators must test the effectiveness of the Cybersecurity Incident Response Plan no less than annually.

• Submit a Cybersecurity Assessment Plan on an annual basis to TSA for approval (there is no designated form or format).

• Maintain records that establish compliance with the SD Pipeline-2021-02 series and make them available to TSA upon request for inspection and/or copying.

Submissions by pipeline owner/operators in compliance with the voluntary PCSR or the mandatory SD Pipeline-2021-02 series requirements are deemed Sensitive Security Information (SSI) and are protected in accordance with procedures meeting the transmission, handling, and storage requirements of SSI in 49 CFR part 1520.

**Revision of the Collection**

TSA is revising the title of the collection from “Pipeline Corporate Security Reviews and Security Directives” to “Pipeline Corporate Security Reviews and TSA Security Directive Pipeline-2021-02 series.” This title more accurately reflects the specific TSA SD associated with this collection. TSA is seeking renewal of this information collection for the maximum 3-year approval period.

*Estimated Annual Number of Respondents:* 100.

*Estimated Annual Burden Hours:* 80,231.

Dated: December 30, 2025.

Christina A. Walsh,

Paperwork Reduction Act Officer, Information Technology, Transportation Security Administration.