The IT Law Wiki


Protected critical infrastructure information (PCII) refers to

all critical infrastructure information, including categorical inclusion PCII, that has undergone the validation process and that the PCII Program Office has determined qualifies for protection under the Critical Infrastructure Information Act of 2002 (CII Act). All information submitted to the PCII Program Office or Designee with an express statement is presumed to be PCII until the PCII Program Office determines otherwise.
[s]ystems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction.[1]


PCII is a category of Sensitive but Unclassified (SBU) information that is afforded protections from (a) disclosure under the Freedom of Information Act (FOIA) and similar State and local disclosure laws and (b) use in civil litigation or for regulatory purposes. PCII is accessed only by authorized users who have a need-to-know specified PCII.

PCII is administered by the Department of Homeland Security (DHS).[2]



See also[]