Download: doc | pdf

Supporting Statement for

“The FNS User Access Request Form Data Collection”

(OMB Control Number 0584-0532)

Leo Wong

Deputy, Chief Information Security Officer (CISO)

Office of Information Technology (OIT)

Food, Nutrition and Consumer Services, USDA

3101 Park Center Drive

Alexandria, Virginia 22302

Office: 703-605-1181

Fax: 703-305-2924

Email: [email protected]

TABLE OF CONTENTS

A. Justification

1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.

This is a revision of a currently approved collection. Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources, dated February 8, 1996, establishes a minimum set of controls to be included in Federal automated information security programs. Establishing personal controls to screen users to allow access to authorized system is directed in this appendix. The FNS User Access Request Form, FNS-674, is designed for this purpose and will be used in all situations where access to an FNS computer system is required, where current access is required to be modified or where access is no longer required and must be deleted.

2. Indicate how, by whom and for what purpose the information is to be used. Except for a new collection, indicate the actual use the Agency has made of the information received from the current collection.

FNCS employees, contractors, state agencies and partners, e.g. Food Banks, etc. have requested access to FNCS systems via the User Access Request form. FNCS has used the information collected to grant access to FNCS Systems. Only specific systems require PII in order to grant access. Information that is collected: Name, e-Authentication ID (if exists), telephone number, home zip code, email address, contract expiration date, temporary employee expiration date, office address, State/locality codes, system name, form type, type of access, action requested, comments and special instructions.

From whom will the information be collected?

The User Access Request Form collects information from:

• new FNCS Employees

• new FNCS Contract Staff

• new State Agencies to FNCS

• new Partners to FNCS or

• Existing employees, Contract Staff, State Agencies or Partners to FNCS requesting updates to current access to FNCS Information Systems.

How will the information be collected (e.g., forms, non-forms, electronically, face-to-face, over the phone, over the internet)?

The information is collected via a FNS-674 paper-based and online form.

How frequently will the information be collected?

The information is requested as often as needed based on the user requests for new access or updated access requests to systems. In State agencies, the State Coordinators provide a liaison between the State agency and the Information Systems Security Officers (ISSO) in FNCS Regional Offices and the Information Security Office (ISO) in the FNCS National Office. The State Coordinator is responsible for ensuring that State users and entities comply with the FNCS Information Systems Security Guidelines and Procedures Handbook 702. The ISSOs act on behalf of the National Office ISO to ensure that Regional, Field and Compliance Office users comply with the FNCS 702 Handbook.

Will the information be shared with any other organizations inside or outside USDA or the government?

This information will be stored in the Information System Security Office (ISO), the Financial Management Division (FMD) where the information is stored and maintained for users requesting access to Financial Management Systems, the National Finance Center (NFC), and the National Information Technology Center (NITC) where information from this form is shared to grant access to NFC and NITC Systems.

If this is an ongoing collection, how have the collection requirements changed over time?

The information collected on this form and instructions has changed to include additional required fields used to identify a user when changes are requested to their access or when password resets are needed. Also, information is now collected to validate the completion of Computer Security and Awareness Training (CSAT) and Privacy Act Training, prior to processing the form. No changes have been made to include other training.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g. permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also, describe any consideration of using information technology to reduce burden.

FNS is currently automating the FNS 674 for applications that have available funding to support the automation. This has not yet been entirely implemented and is in the first phase of reaching out to the FNS workgroup to collect requirements. Therefore, this collection is in compliance with E-Government 2002.

Information on the FNS-674 will be displayed and captured using Microsoft ASP.Net and HTML, via a web-based system on the FNCS web site. The information will be stored in Microsoft Sharepoint Server. The information will be transmitted over a secured HTTP protocol. The foundation of this technical architecture is Microsoft, which is consistent with current FNCS standards. One hundred percent of FNS-674 forms are submitted electronically via http://fncs/apps/isodoc/Pages/Default.aspx.

4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purpose described in item 2 above.

There is no similar information.

5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.

There will be no impact to small businesses or entities. 15 contracting groups working with USDA FNCS OIT are classified as small businesses.

6. Describe the consequences to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.

If this form was not submitted, FNCS computer users would be denied access to systems needed to effectively deliver or monitor FNCS programs benefits. Users provide name, e-Authentication ID (if exists), telephone number, home zip code, email address, contract expiration date, temporary employee expiration date, office address, State/locality codes, system name, form type, type of access, action requested, comments and special instructions to gain initial access to FNCS Information Systems and may require subsequent submissions if access privileges change. This form is also required if an individual is to be removed as a user from a specific system.

7. Explain any special circumstances that would cause an information collecti­on to be con­ducted in a manner:

• requiring respondents to report informa­tion to the agency more often than quarterly;

• requiring respondents to prepare a writ­ten response to a collection of infor­ma­tion in fewer than 30 days after receipt of it;

• requiring respondents to submit more than an original and two copies of any docu­ment;

• requiring respondents to retain re­cords, other than health, medical, governm­ent contract, grant-in-aid, or tax records for more than three years;

• in connection with a statisti­cal sur­vey, that is not de­signed to produce valid and reli­able results that can be general­ized to the uni­verse of study;

• requiring the use of a statis­tical data classi­fication that has not been re­vie­wed and approved by OMB;

• that includes a pledge of confiden­tiali­ty that is not supported by au­thority estab­lished in statute or regu­la­tion, that is not sup­ported by dis­closure and data security policies that are consistent with the pledge, or which unneces­sarily impedes shar­ing of data with other agencies for com­patible confiden­tial use; or

• requiring respondents to submit propri­etary trade secret, or other confidential information unless the agency can demon­strate that it has instituted procedures to protect the information's confidentiality to the extent permit­ted by law.

There are no special circumstances. The collection of information is conducted in a manner consistent with the guidelines in 5 CFR 1320.5.

8. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments.

A 60-day notice requesting public comment on this collection was published in the Federal Register at Vol. 76, No. 124, Page 37773, Tuesday, June 28, 2011. The comment period closed on August 29, 2011 and no comments were received.

Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and record keeping, disclosure, or reporting form, and on the data elements to be recorded, disclosed, or reported.

State agencies interact daily with Regional staff and would provide their views on the aspects of this collection if necessitates. State agencies’ concerns on the use of this form would be brought to the attention of FNCS National Office Information Systems Security Office and all valid suggestions would be taken into consideration on the development and delivery of this form to its users.

In December 2011, state users provided comments on the FNS 674, including Jim Bergstrom of the MA DPH and Lynda Pooler of the ME DHHS. Comments were made specifically on the availability of data, frequency of collection, the clarity of instructions and record keeping responsibilities, disclosure, or reporting format (if any), and the data elements to be recorded, disclosed, or reported.  The consensus is that FNS 674 is easy to fill out by end users.  FNS received advice on the design of the instrument as it relates to policy and procedures to verify CSAT compliance.  American Systems provided advice on the instructions to provide better clarity. Another individual stated that the instructions were very helpful.

9. Explain any decision to provide any payment or gift to respondents, other than re-enumeration of contractors or grantees.

Payments or gifts are not provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.

The FNS-674 will contain a Privacy Act Statement and the data will be stored in a secured database. The applications for authorization contain personal identifying information on individuals doing business with Food and Nutrition Service. Therefore, the Food and Nutrition Service published such a Privacy Act notice (system of records), USDA/FNS-10, entitled “Persons Doing Business with the Food and Nutrition Service” on March 31, 2000 in the Federal Register Volume 65 pages 17251-52 to specify the uses to be made of the information in this collection.  Access to records is limited to those persons who process the records for the specific uses stated in this Privacy Act notice.  Records are kept in physically secured rooms and/or cabinets. Paper records are segregated and physically secured in located cabinets. Various methods of computer security limit access to records in automated databases.

11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior or attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.

This information collection includes no questions of a sensitive nature.

12. Provide estimates of the hour burden of the collection of information. The statement should:

• Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.

• Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories.

Estimate of Burden

The respondents are State agencies, who are located in the 50 states and Trust Territories, staff contractors and Federal employees. Respondents who require access to the FNCS systems are estimated at 1725 (includes Federal, State and private) however, only 225 will account for the total burden. This is due predominately because the Federal government completes this data collection instrument in the line of duty. Each respondent takes approximately 0.16667 of an hour, or 10 minutes, to complete the required information on the on-line form.

FNCS estimates that it will receive an average of 300 requests per month (15 per day). Of the 300, 70% (or 210) of the responses are State Agency users, 5% (or 15) are staff contractors and 25% (or 75) are Federal employees which is not included in the total number of responses.

REPORTING BURDEN

Affected Public	Form Number	Number of Respondents	Number of responses annually per Respondent	Total Annual Responses	Estimate of Burden Hours per response	Total Annual Burden Hours
Contractors	FNS-674	15	1	15	0.16667 (10 minutes)	2.50005
State Agency Users	FNS-674	210	2	420	0.16667 (10 minutes)	70.0014
Annualized Totals		225	3	435	(10 minutes)	72.50145

RECORDKEEPING BURDEN

There is no recordkeeping burden imposed on the public. All requests from respondents are archived on FNCS National Office systems.

Annualized Cost to Respondent

It is estimated that each respondent take 10 minutes to read the instruction and complete the on-line form. Using the hourly rate reported in the National Sector NAICS Industry-Specific estimates of US Occupational Employment and Wages in the U.S., May 2010; Department of Labor, Bureau of Labor Statistics at http://bls.gov/oes/oes_dl.htm.

Affected Public	Type of Instrument	Average time per response	Number of Respondents	Frequency of Response	Hourly Wage Rate	Cost to Respondent
State Agencies	FNS-674	0.16667	210	2	$27.80	$1,946.04
Contractors	FNS-674	0.16667	15	1	$38.34	$95.85
Total			225	3		$2,041.89

13. Provide estimates of the total annual cost burden to respondents or record keepers resulting from the collection of information, (do not include the cost of any hour burden shown in items 12 and 14). The cost estimates should be split into two components: (a) a total capital and start-up cost component annualized over its expected useful life; and (b) a total operation and maintenance and purchase of services component.

There are no capital/startups or ongoing/annualized maintenance costs to the respondents.

14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost and any other expense that would not have been incurred without this collection of information.

Description of Activities	HQ Security Officers (2 – GS-13 @ ($42.66 per hr)	Regional Security Officers (14 GS-12- @ $35.88)	Contractor ($38.34 per hr)	Total
Updating on-line form to support the collection			70 hours = $2,683.80	$2,683.80
Testing of computer system			10 hours = $383.40	$383.40
Reviewing, approving and issuing password 1	$1,535.76	$3,875.04		$5,410.80
Labor for analyzing, evaluating, summarizing, and reporting on the collected information 2	$341.28			$341.28
Total Cost to the Federal Government				$8,819.28

Annualized costs are determined by tasks as described in the chart above. The FNCS National Office’ staff salary was determined by the 2011 Salary and Wage tables available from the Office of Personnel Management (OPM). The staff contractors’ salary was determined by using the national average available from the Department of Labor.

15. Explain the reasons for any program changes or adjustments reported in items 13 or 14 of the OMB Form 83-I.

This is a revised collection; there are adjustments to the burden hours requested due to a re-calculation of respondents and frequency of responses. Although the burden hours remains unchanged, FNS has revised the FNS 674 to include additional requirements needed to identify users; collects and identifies completion of Computer Security and Awareness Training (CSAT) and Privacy Act Training, prior to processing the form and request access to information systems.

16. For collection of information whose results are planned to be published, outline plans for tabulation and publication.

There are no plans for publication.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.

We are seeking not to display the expiration date for OMB approval on this form. To display the expiration date would mean the web system would require revisions each time this date changes. Also, the revision date of the form would change, which may cause confusion to the respondents thinking there may have been changes to data elements.

17. Explain each exception to the certification statement identified in Item 19 “Certification for Paperwork Reduction Act.”

There are no exceptions to the certification statement.

File Type	application/msword
File Title	Date
Author	Authorized Gateway Customer
Last Modified By	RBrown
File Modified	2011-12-21
File Created	2011-12-21