Legal Status This site displays a prototype of a “Web 2.0” version of the daily
Federal Register. It is not an official legal edition of the Federal
Register, and does not replace the official print version or the official
electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal
Register documents. Each document posted on the site includes a link to the
corresponding official PDF file on govinfo.gov. This prototype edition of the
daily Federal Register on FederalRegister.gov will remain an unofficial
informational resource until the Administrative Committee of the Federal
Register (ACFR) issues a regulation granting it official legal status.
For complete information about, and access to, our official publications
and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable
regulatory information on FederalRegister.gov with the objective of
establishing the XML-based Federal Register as an ACFR-sanctioned
publication in the future. While every effort has been made to ensure that
the material on FederalRegister.gov is accurately displayed, consistent with
the official SGML-based PDF version on govinfo.gov, those relying on it for
legal research should verify their results against an official edition of
the Federal Register. Until the ACFR grants it official status, the XML
rendition of the daily Federal Register on FederalRegister.gov does not
provide legal notice to the public or judicial notice to the courts.

Legal Status

Notice

Data Security Requirements for Accessing Confidential Data; Agency Information Collection Activities: Comment Request

A Notice by the Transportation Statistics Bureau on 03/11/2026

• 1.

1.
This document has a comment period that ends in 58 days.
(05/11/2026) Submit a public comment

Thank you for taking the time to create a comment. Your input is important.

Once you have filled in the required fields below you can preview and/or submit your comment to the Transportation Department for review. All comments are considered public and will be posted online once the Transportation Department has reviewed them.

You can view alternative ways to comment or you may also comment via Regulations.gov at https://www.regulations.gov/commenton/RITAFRDOC0001-0178.

It appears that you have attempted to comment on this document before
so we've restored your progress.
Start over.
1.
2. Comment * What is your comment about? Upload File(s) Note: You can attach your comment as a file and/or attach supporting
documents to your comment. Attachment Requirements.

Email this will NOT be posted on regulations.gov

Opt to receive email confirmation of submission and tracking number? Tell us about yourself! I am... * An Individual An Organization Anonymous First Name * Last Name * City Region State Alabama Alaska American Samoa Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Florida Georgia Guam Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Puerto Rico Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virgin Islands Virginia Washington West Virginia Wisconsin Wyoming Zip Country Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Phone Organization Type * Company Organization Federal State Local Tribal Regional Foreign U.S. House of Representatives U.S. Senate Organization Name * You are filing a document into an official docket. Any personal
information included in your comment text and/or uploaded
attachment(s) may be publicly viewable on the web. I read and understand the statement above.

2. Preview Comment Please review the Regulations.gov privacy notice and user notice.
3. Document Details Published Content - Document Details Agencies Department of Transportation Bureau of Transportation Statistics Agency/Docket Number Docket No. DOT-OST-2026-0727 Document Citation 91 FR 12045 Document Number 2026-04735 Document Type Notice Pages 12045-12047 (3 pages) Publication Date 03/11/2026 Published Content - Document Details

• PDF Official Content
  • View printed version (PDF) Official Content
• Document Details Published Content - Document Details Agencies Department of Transportation Bureau of Transportation Statistics Agency/Docket Number Docket No. DOT-OST-2026-0727 Document Citation 91 FR 12045 Document Number 2026-04735 Document Type Notice Pages 12045-12047 (3 pages) Publication Date 03/11/2026 Published Content - Document Details
• Document Dates Published Content - Document Dates Comments Close 05/11/2026 Dates Text Written comments on this notice must be received by May 11, 2026 to be assured of consideration. Comments received after that date will be considered to the extent practicable. Send comments to the address below. Published Content - Document Dates

• Table of Contents Enhanced Content - Table of Contents This table of contents is a navigational tool, processed from the
  headings within the legal text of Federal Register documents.
  This repetition of headings to form internal navigation links
  has no substantive legal effect.

  • AGENCY:
  • ACTION:
  • SUMMARY:
  • DATES:
  • ADDRESSES:
  • FOR FURTHER INFORMATION CONTACT:
  • SUPPLEMENTARY INFORMATION:
  • The SAP Policy
  • The SAP Portal
  • Data Discovery
  • SAP Application Process
  • Submission for Review
  • Collection of Information for Data Security Requirements Enhanced Content - Table of Contents

• Public Comments Enhanced Content - Public Comments Comments are being accepted - Submit a public comment.

Enhanced Content - Public Comments
- Regulations.gov Data Enhanced Content - Regulations.gov Data Additional information is not currently available for this document.

Enhanced Content - Regulations.gov Data

- Sharing Enhanced Content - Sharing Shorter Document URL https://www.federalregister.gov/d/2026-04735 Email Email this document to a friend Enhanced Content - Sharing

• Print Enhanced Content - Print
  • Print this document Enhanced Content - Print
• Document Statistics Enhanced Content - Document Statistics Document page views are updated periodically throughout the day and are cumulative counts for this document. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.

Page views 90
as of
03/14/2026 at 2:15 pm EDT Enhanced Content - Document Statistics
- Other Formats Enhanced Content - Other Formats This document is also available in the following formats:

JSON Normalized attributes and metadata XML Original full text XML MODS Government Publishing Office metadata More information and documentation can be found in our developer tools pages.

Enhanced Content - Other Formats
- Public Inspection Public Inspection This PDF is FR Doc. 2026-04735 as it appeared on Public Inspection on
03/10/2026 at 8:45 am.

It was viewed
12
times while on Public Inspection.

If you are using public inspection listings for legal research, you
should verify the contents of the documents against a final, official
edition of the Federal Register. Only official editions of the
Federal Register provide legal notice of publication to the public and judicial notice
to the courts under 44 U.S.C. 1503 & 1507. Learn more here.

Public Inspection
Published Document: 2026-04735 (91 FR 12045) This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Document Headings Document headings vary by document type but may contain
the following:

1. the agency or agencies that issued and signed a document
2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
3. the agency docket number / agency internal file number
4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details.

Department of Transportation

Bureau of Transportation Statistics

1. [Docket No. DOT-OST-2026-0727]

AGENCY:

Bureau of Transportation Statistics (BTS), Office of the Assistant Secretary for Research and Technology (OST-R), DOT.

ACTION:

Notice.

SUMMARY:

The Bureau of Transportation Statistics (BTS) within the Department of Transportation (DOT) invites the general public and other Federal agencies to comment on an existing information collection. BTS collects information from the public to fulfill its data security requirements when providing access to restricted use microdata for the purpose of evidence building. BTS's data security agreements and other paperwork along with the corresponding security protocols allow BTS to maintain careful controls on confidentiality and privacy, as required by law. The purpose of this notice is to allow for 60 days of public comment on the renewal of the data security information collection, prior to submission of the information collection request (ICR) to the Office of Management and Budget (OMB).

DATES:

Written comments on this notice must be received by May 11, 2026 to be assured of consideration. Comments received after that date will be considered to the extent practicable. Send comments to the address below.

ADDRESSES:

1200 New Jersey Ave. SE, Room E34-308, Washington, DC 20590.

Comments: Comments are invited on (a) whether the proposed collection of information is necessary for the proper performance of the functions of BTS, including whether the information will have practical utility; (b) the accuracy of BTS's estimate of the burden of the proposed collection of information; (c) ways to enhance the quality, use, and clarity of the information on respondents, including through the use of automated collection techniques or other forms of information technology; and (d) ways to minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.

FOR FURTHER INFORMATION CONTACT:

Clara Reschovsky, BTS Confidentiality Officer, BTS, OST-R, Department of Transportation, 1200 New Jersey Ave. SE, Room E34-308, Washington, DC 20590, (202) 768-4994, Office hours are from 8:00 a.m. to 5:30 p.m., E.T., Monday through Friday, except Federal holidays.

SUPPLEMENTARY INFORMATION:

The Foundations for Evidence-Based Policymaking Act of 2018 mandated that the Office of Management and Budget (OMB) establish a Standard Application Process (SAP) for requesting access to certain confidential data assets. While the adoption of the SAP is required for statistical agencies and units designated under the Confidential Information Protection and Statistical Efficiency Act (CIPSEA), it is recognized that other agencies and organizational units within the Executive branch may benefit from the adoption of the SAP to accept applications for access to confidential data assets. The SAP is to be a process through which agencies, the Congressional Budget Office, State, local, and Tribal governments, researchers, and other individuals, as appropriate, may apply to access confidential data assets held by a federal statistical agency or unit for the purposes of developing evidence. With the Interagency Council on Statistical Policy (ICSP) as advisors, the entities upon whom this requirement is levied are working with the SAP Project Management Office (PMO) and with OMB to implement the SAP. The SAP Portal is to be a single web-based common application for the public to request access to confidential data assets from federal statistical agencies and units. The National Center for Science and Engineering Statistics (NCSES), within the National Science Foundation (NSF), submitted a Federal Register Notice in June 2025 announcing the renewal plan to collect information through the SAP Portal (90 FR 25380).

Once an application for confidential data is approved through the SAP Portal, BTS will collect information to meet its data security requirements. This collection will occur outside of the SAP Portal.

Title of Collection: Data Security Requirements for Accessing Confidential Data.

OMB Control Number: 2138-0052.

Expiration Date of Current Approval: May 31, 2026.

Type of Request: Intent to seek approval to collect information from the public to fulfill BTS security requirements allowing individuals to access confidential data assets for the purposes of building evidence.

Abstract: Title III of the Foundations for Evidence-Based Policymaking Act of 2018 (hereafter referred to as the Evidence Act) mandates that OMB establish a Standard Application Process (SAP) for requesting access to certain confidential data assets. Specifically, the Evidence Act requires OMB to establish a common application process through which agencies, the Congressional Budget Office, State, local, and Tribal governments, researchers, and other individuals, as appropriate, may apply for access to confidential data assets collected, accessed, or acquired by a statistical agency or unit. This new process will be implemented while maintaining stringent controls to protect confidentiality and privacy, as required by law. ( printed page 12046)

Data collected, accessed, or acquired by statistical agencies and units is vital for developing evidence on conditions, characteristics, and behaviors of the public and on the operations and outcomes of public programs and policies. This evidence can benefit the stakeholders in the programs, the broader public, as well as policymakers and program managers at the local, State, Tribal, and National levels. The many benefits of access to data for evidence building notwithstanding, BTS is required by law to maintain careful controls that allow it to minimize disclosure risk while protecting confidentiality and privacy. The fulfillment of BTS's data security requirements places a degree of burden on the public, which is outlined below.

The SAP Portal is a web-based application for the public to request access to confidential data assets from federal statistical agencies and units. The objective of the SAP Portal is to increase public access to confidential data for the purposes of evidence building and reduce the burden of applying for confidential data. The paragraphs below outline the SAP Policy, the steps to complete an application through the SAP Portal, and the process for agencies to collect information fulfilling their data security requirements.

The SAP Policy

At the recommendation of the ICSP, the SAP Policy established the SAP to be implemented by statistical agencies and units and incorporates directives from the Evidence Act. The policy is intended to provide guidance as to the application and review processes using the SAP Portal, setting forth clear standards that enable statistical agencies and units to implement a common application form and a uniform review process. The methods of collection outlined below are in accordance with the SAP Policy. The SAP Policy was submitted to the public for comment in January 2022 (87 FR 2459). The policy was issued by OMB in December of 2022 as M-23 (https://www.whitehouse.gov/​wp-content/​uploads/​2022/​12/​M-23-04.pdf).

For the purpose of the SAP Policy, the application process begins with an applicant discovering a confidential data asset for which a statistical agency or unit is accepting applications to access for the purpose of building evidence and ends with the agency or unit's determination on whether to grant access. In the case of an adverse determination, the application process ends with the conclusion of an appeals process if the applicant elects to appeal the determination.

The SAP Portal

The SAP Portal is an application interface connecting applicants seeking data with a catalog of data assets owned by the federal statistical agencies and units. The SAP Portal is not a new data repository or warehouse; confidential data assets will continue to be stored in secure data access facilities owned and hosted by the federal statistical agencies and units. The Portal provides a streamlined application process across agencies, reducing redundancies in the application process. This single SAP Portal improves the process for applicants, tracking and communicating the application process throughout its lifecycle. This reduces redundancies and burden on applicants that request access to data from multiple agencies. The SAP Portal automates key tasks to save resources and time and will bring agencies into compliance with the Evidence Act statutory requirements.

Data Discovery

Individuals begin the process of accessing restricted use data by discovering confidential data assets through the SAP data catalog, maintained by federal statistical agencies at www.researchdatagov.org. Potential applicants can search by agency, topic, or keyword to identify data of interest or relevance. Once they have identified data of interest, applicants can view metadata outlining the title, description or abstract, scope and coverage, and detailed methodology related to a specific data asset to determine its relevance to their research.

While statistical agencies and units shall endeavor to include metadata in the SAP data catalog on all confidential data assets for which they accept applications, it may not be feasible to include metadata for some data assets (e.g., potential curated versions of administrative data). A statistical agency or unit may still accept an application through the SAP Portal even if the requested data asset is not listed in the SAP data catalog.

SAP Application Process

Individuals who have identified and wish to access confidential data assets are able to apply for access through the SAP Portal. Applicants must create an account and follow all steps to complete the application. Applicants begin by entering their personal, contact, and institutional information, as well as the personal, contact, and institutional information of all individuals on their research team. Applicants proceed to provide summary information about their proposed project, to include project title, duration, funding, timeline, and other details including the data asset(s) they are requesting and any proposed linkages to data not listed in the SAP data catalog, including non-federal data sources. Applicants then proceed to enter detailed information regarding their proposed project, including a project abstract, research question(s), literature review, project scope, research methodology, project products, and anticipated output. Applicants must demonstrate a need for confidential data, outlining why their research question cannot be answered using publicly available information.

Submission for Review

Upon submission of their application, applicants will receive a notification that their application has been received and is under review by the data owning agency or agencies (in the event where data assets are requested from multiple agencies).

In accordance with the Evidence Act and the direction of the ICSP, agencies will approve or reject an application within a prompt timeframe. In some cases, agencies may determine that additional clarity, information, or modification is needed and request the applicant to “revise and resubmit” their application.

Appeals Process: In the event of an adverse determination, the applicant is provided justification through the SAP Portal detailing the determination. The SAP Portal provides the applicant with the option to submit an appeal for reconsideration by the data-owning agency or agencies. Applicants can also file an appeal for noncompliance with the SAP Policy.

Access to Restricted Use Data: In the event of a positive determination, applicants are notified that their proposal has been accepted and that application approval does not alone grant access to confidential data, and that applicants must comply with the data-owning agency's security requirements outside of the SAP Portal, which may include a background check. In the event of an adverse determination, the applicant is notified of the decision and their right to appeal the decision. The positive or final adverse determination concludes the SAP-Portal process. In the instance of a positive determination, the data-owning agency (or agencies) will contact the applicant to provide instructions on the agency's security requirements that must be completed to gain access to the confidential data. The completion and ( printed page 12047) submission of the agency's security requirements occurs outside of the SAP Portal and is therefore not included in the estimate of burden below.

Collection of Information for Data Security Requirements

In the instance of a positive determination for an application requesting access to a BTS confidential data asset, BTS will contact the applicant(s) to initiate the process of collecting information to fulfill their security requirements. These include additional requirements necessary for BTS to place the applicant(s) in a trusted category that may include the applicant's successful completion of a background investigation, confidentiality training, nondisclosure, and data use agreements.

Estimate of Burden: The amount of time to complete the agreements and other paperwork that comprise BTS's security requirements will vary based on the confidential data assets requested and the access modality. To obtain access to BTS confidential data assets, it is estimated that the average time to complete and submit BTS's data security agreements and other paperwork is 90 minutes. This estimate does not include the time needed to complete and submit an application within the SAP Portal. All efforts related to SAP Portal applications occur prior to and separate from BTS's effort to collect information related to data security requirements.

The expected number of applications in the SAP Portal that receive a positive determination from BTS in a given year may vary. Overall, per year, BTS estimates it will collect data security information for five application submissions that received a positive determination within the SAP Portal. BTS estimates that the total burden for the collection of information for data security requirements over the course of the three-year OMB clearance will be about 22.5 hours and, as a result, an average annual burden of 7.5 hours.

Issued in Washington, DC, on the 5th of March 2026.

Edward Strocko,

Acting Director, Bureau of Transportation Statistics, U.S. Department of Transportation.

[FR Doc. 2026-04735 Filed 3-10-26; 8:45 am]

BILLING CODE 4910-9X-P

Published Document: 2026-04735 (91 FR 12045)