0503-0014 Rev USDA eA IC Spprting Stmt 11 21 13

0503-0014 Rev USDA eA IC Spprting Stmt 11 21 13.doc

USDA Registration Form to Request Electronic Access Code

OMB: 0503-0014

Document [doc]
Download: doc | pdf

U.S. Department of Agriculture


Office of the Chief Information Officer (OCIO)


OMB Control Number: 0503-0014


USDA eAuthentication Service Customer Registration


Purpose:

The purpose of this request for OMB review is to obtain approval for a 3 year renewal and new information collection contained in the USDA eAuthentication Service based on the addition of the Online Identity Proofing (OIDP) function. This information collection is necessary to allow USDA customers to securely and confidently conduct business with USDA electronically via the Internet. No new information is collected using OIDP. Authority for obtaining new information from users is included in Section 2, (c), of the Freedom to E-File Act (Pub. L. 106-222), the Government Paperwork Elimination Act (GPEA, Pub. L. 105-277), the Electronic Signatures in Global and National Commerce Act (E-SIGN, Pub. L. 106-229), and the E-Government Act of 2002 (H.R. 2458). New online customers must provide information during the Registration process, which is accessible through the USDA eAuthentication web site, located at www.eauth.egov.usda.gov. This voluntary online self-registration process enables USDA customers, as well as employees, to obtain accounts that will enable them to access USDA web applications and services via the Internet. The objectives of this self-registration process are to employ standardized methods for verifying the identity of USDA customers/partners and to manage their credentials in support of electronic alternatives to traditional ink signatures. In addition, the centralized approach USDA has taken will prevent current customers from having to complete additional registrations to conduct additional USDA business.


Background:

The USDA provides services to ranchers and farmers ranging from development and economic assistance; farm loans and subsidies; and land, water, and livestock resource management. In addition, the USDA is responsible for the federal government’s major agricultural procurements and generation and dissemination of natural resource research data. The USDA also leads the Federal anti-hunger effort by providing human nutrition services through the Food Stamp, School Lunch, School Breakfast, and the Women, Infant, and Children (WIC) Program.


Many of these services are provided through face to face transactions either at a central office or at one of approximately 2,500 local USDA Service Centers. In June 2002, USDA developed the capability for Service Center Agencies (SCA), formerly known as County Based Agencies (CBA), to offer the services traditionally available from service centers via the Internet. The USDA enabled SCAs, which is comprised of the Farm Service Agency (FSA), Natural Resources Conservation Service (NRCS), and Rural Development (RD), to offer agricultural producers the alternative of electronically submitting most of the forms needed to participate in the agencies’ programs and services. Currently, there are hundreds of SCA’s commonly used forms available through the eForms service and many can be electronically submitted to USDA. As users were enabled to electronically submit forms to USDA, there was a need to authenticate and authorize users electronically.


Initially, USDA’s Service Center Agencies developed an online user authentication and authorization system known as the Web Central Authentication and Authorization Facility (WebCAAF). WebCAAF required a one-time registration requirement for each SCA customer desiring access to any online service that required authentication. Form AD-2016, USDA Registration Form to Request Electronic Access Code, was used to collect the minimum information necessary to verify and validate the identity of the customer before issuing user access credentials. Despite providing user authentication and authorization electronically, WebCAAF exhibited limited capabilities in that it serviced only form submissions of the USDA SCAs and required a manual submission process for Form AD-2016.


In January 2003, the USDA initiated the eAuthentication Service, an expanded USDA enterprise wide authentication and authorization service for all USDA web-based applications. The USDA eAuthentication Service plays a vital role in the Expanded Electronic Government (e-Government), one of the five key initiatives of the President's Management Agenda. It is a strategic component of USDA’s eGovernment vision and USDA’s Enterprise Architecture to provide common authentication and authorization services for web-based applications.


In October 2003, the USDA eAuthentication Service was launched to service all USDA agencies. The eAuthentication service provides a single point of entry for conducting business online with USDA. Users desiring access to any service that is protected with eAuthentication are required to complete a one-time electronic self-registration to obtain an eAuthentication account. This supporting statement pertains to customers interacting with the USDA eAuthentication Service, excluding USDA Agency employees. USDA customers can self-register for a Level 1 or Level 2 Access account. A Level 1 Access account provides users with limited access to USDA web sites. A Level 2 Access account enables users to conduct official electronic business transactions via the Internet, enter into a contract with the USDA, and submit forms electronically via the Internet to USDA agencies. Due to the increased customer access associated with a Level 2 Access account, customers must be authenticated in person at a USDA Service Center by a local registration authority (LRA), or be authenticated via Online Identity Proofing, in addition to the electronic self-registration. Once an account is activated, customers may use the associated user ID and password that they created to access USDA resources that are protected by eAuthentication. As of October 2012 there are 541,744 active eAuthentication customer accounts. We estimate that there will be 157,000 new account registrations in the upcoming year.


The eAuthentication system architecture is a major expansion from the previous WebCAAF system architecture. In addition, eAuthentication is consistent with the USDA Web Style Guide, which was developed after the implementation of the WebCAAF system. The eAuthentication system is developed and managed by the Office of the Chief Information Officer (OCIO). eAuthentication collects customer information under OMB Control Number 0503-0014, which pertains to WebCAAF. We are requesting a 3-year approval for the revision of this currently approved collection.


National Institute of Standards and Technology (NIST) requirements dictate the need for strong authentication to protect more sensitive applications. In order to provide Level 3 and Level 4 Access accounts eAuthentication must develop public key infrastructure to support strong authentication.


Supporting Statement


Justification


  1. Explain the circumstances that make the collection of information necessary.

The Freedom to E-File Act, E-Government Act, and the President’s Management Agenda prescribe eGovernment functions as alternatives to traditional paper-based processes. Conducting online transactions necessitates processes for authenticating and authorizing online users and completing transactions with an electronic equivalent to traditional ink signatures. The information collected from the eAuthentication web site enables the electronic authentication and authorization of users to USDA web-based applications.


  1. Indicate how, by whom, how frequently, and for what purpose the information is to be used.

The USDA eAuthentication Service provides public and government businesses single sign-on capability for USDA applications, management of user credentials, and verification of identity, authorization, and electronic signatures. USDA eAuthentication obtains customer information through an electronic self-registration process provided through the eAuthentication web site. This voluntary online self-registration process applies to USDA Agency customers, as well as employees, who request access to protected USDA web applications and services via the Internet. Registrants are able to self-register online from the eAuthentication web site, located at www.eauth.egov.usda.gov, for a Level 1 or Level 2 Access eAuthentication account. An eAuthentication account has an associated user ID and password which enables the electronic authentication of users. A user will then have access to authorized resources without needing to reauthenticate within the context of a single Internet session. The user ID and password and permissions associated with an account are what authenticates and authorizes a user to access a requested USDA resource.


A customer eAuthentication Level 1 Access account provides limited access to USDA web site portals and applications that have minimal security requirements. Level 1 Access does not allow you to conduct official business transactions with the USDA via the Internet. A Level 1 Access account may be used to customize a web portal page, obtain general information about a specific USDA agency, and participate in public surveys for a USDA agency. A registrant can apply for a Level 1 Access account directly from the USDA eAuthentication web site located at www.eauth.egov.usda.gov. After accessing the eAuthentication web site the registrant must click on the Create an account tab located on the left-hand navigation bar and subsequently click on the Level 1 Access link located within the context of the web page. The registrant must then complete and submit the registration form. Once the Level 1 Access self-registration form is submitted, a Level 1 Access account is created in the eAuthentication system and an email is sent to the registrant confirming their registration for a Level 1 Access account. In order to activate the account the registrant must click on the ACTIVATE MY ACCOUNT link in the email message. The user is now able to provide their eAuthentication account credentials to access protected USDA resources requiring a Level 1 Access.


A customer eAuthentication Level 2 Access account provides access to all the portals and applications that are covered by an account with Level 2 Access, and also provides the ability to conduct official electronic business transactions with the USDA via the Internet. A Level 2 account also enables customers to enter into a contract with the USDA and submit forms electronically via the Internet with a USDA agency. Similarly, a registrant can apply for an eAuthentication Level 2 Access account directly from the USDA eAuthentication web site. After the registrant clicks on the appropriate Level 2 Access links, completes and submits the Level 2 Access self-registration form, and responds to the confirmation email, a Level 1 Access account is created in the system. An activated Level 2 Access account is not provided until the registrant is identity proofed. The registrant must then either 1) present their government issued photo ID at their local USDA Service Center or 2) answer a set of custom questions in a secured online session. For option 1, the USDA Service Center employee, a trained local registration authority (LRA), confirms the registrant’s identity and activates their Level 2 Access account. For option 2, once the registrant correctly answers the custom questions their account is automatically activated. Option 2 represents the newly added Online Identity Proofing (OIDP). OIDP consists of a potential new eAuth Level 2 user calling the USDA Call Center and answering a set of personal questions to confirm their identity, instead of travelling to a USDA location with physical proof of identity. Approximately one hour after the Level 2 Access has been activated by the USDA Service Center, the registrant will have access to USDA applications and services that require an account with Level 2 Access.


Informational data that must be reported through the online self-registration form in order to obtain a Level 1 Access account are: User ID, Password, First Name, Last Name, Country Name, and Email address. Although not required, the registrant may also provide their Middle Name, and Zip Code. Due to the increased level of access to USDA applications, users must provide additional informational items to obtain a Level 2 Access account. In order to obtain a Level 2 Access account the registrant must also provide their: Home Address, City, State, Mother’s Maiden Name, 4 digit PIN number, and Date of Birth, in addition to the information that must be provided to obtain a Level 1 Access account. The registrant also has the option to provide their Home Phone number or International Home Phone number (if applicable), and an Alternate Phone number or International Alternate Home Phone number (if applicable).


The online self-registration process to obtain an eAuthentication account is a one-time information collection process. The account information can be modified without the need of the user to re-register.


An eAuthentication account enables customers to access eAuthentication-protected USDA web-based applications. These resources have been integrated with the eAuthentication Service to enable electronic authentication and authorization of users. Certain personal information collected through the online self-registration process is conditionally shared with USDA Agencies in order to integrate USDA resources with the eAuthentication service. Sensitive data such as Date of Birth, Mother’s Maiden Name, Password, and other security related data is not shared. The eAuthentication Service ensures that shared data is transmitted to a system that has an approved and valid Certification and Accreditation (C&A) Authority to Operate (ATO) in effect. In addition, the eAuthentication Service ensures that shared data is securely managed by requiring a Privacy Impact Assessment (PIA) and Interconnection Security Agreement (ISA) with the target system.

  1. Use of information technology.

All technology used in the eAuthentication System is compliant with NIST Special Publication 800-63: Electronic Authentication Guideline. Users can obtain an eAuthentication Level 1 or Level 2 Access account solely through the online self-registration forms in the USDA eAuthentication web site, located at www.eauth.egov.usda.gov. There is not a paper based form available to register for an eAuthentication account. Users must access the eAuthentication web site and complete and submit the self-registration forms electronically over the Internet. There are separate online self-registration forms for a Level 1 and Level 2 Access account. The self-registration form for a Level 2 Access account requires additional user data due to the increased level of access. The self-registration forms can be accessed directly from the following links:


Level 1 Access - https://eauth.sc.egov.usda.gov/eAuth/selfRegistration/selfRegLevel1Step1.jsp


Level 2 Access - https://eauth.sc.egov.usda.gov/eAuth/selfRegistration/selfRegLevel2Step1.jsp


Each eAuthentication account contains an associated user ID and password that was created by the user. In addition, each account contains associated roles or permissions, given by administrators, which allow the user to access requested applications. The user ID and password and permissions associated with an account are what authenticates and authorizes a user to access a requested USDA resource.


The eAuthentication Service complies with the E-Government Act by eliminating the need for traditional paper-based forms. In addition, eAuthentication provides full electronic reporting capabilities as required in the E-Government Act.

  1. Describe efforts to identify duplication.

USDA has built the eAuthentication Service with the elimination of duplication in mind. eAuthentication prevents users from creating and/or maintaining multiple online accounts with USDA. All eAuthentication accounts have a unique user ID. Once a registrant submits an account application the system automatically searches for pre-existing user IDs and prevents duplication of an account’s key identifier. Not all USDA customers need an eAuthentication account, only those who are requesting access to USDA resources that are protected by eAuthentication. Therefore, the eAuthentication Service can not obtain customer information from other systems. There is also no alternate USDA enterprise service for authenticating and authorizing users electronically.

  1. Methods used to minimize burden on small businesses or other small entities.

The reporting requirements in this information collection package will not affect small businesses. The online self-registration form is identical for all applicants irrespective to their volume or business. Therefore, no additional burden is being placed on businesses of any particular size.

  1. Consequence if the information collection is not conducted or is conducted less frequently.

The information collected through the online eAuthentication self-registration form will only need to be collected once. If the information is not ever collected, the user must continue to conduct business with USDA through the existing paper-based processes.

  1. Special Circumstances.

  • requiring respondents to report informa­tion to the agency more often than quarterly;

  • requiring respondents to prepare a writ­ten response to a collection of infor­ma­tion in fewer than 30 days after receipt of it;

  • requiring respondents to submit more than an original and two copies of any docu­ment;

  • requiring respondents to retain re­cords, other than health, medical, governm­ent contract, grant-in-aid, or tax records for more than three years;

  • in connection with a statisti­cal sur­vey, that is not de­signed to produce valid and reli­able results that can be general­ized to the uni­verse of study;

  • requiring the use of a statis­tical data classi­fication that has not been re­vie­wed and approved by OMB;

  • that includes a pledge of confiden­tiali­ty that is not supported by au­thority estab­lished in statute or regu­la­tion, that is not sup­ported by dis­closure and data security policies that are consistent with the pledge, or which unneces­sarily impedes shar­ing of data with other agencies for com­patible confiden­tial use; or

  • requiring respondents to submit propri­etary trade secret, or other confidential information unless the agency can demon­strate that it has instituted procedures to protect the information's confidentiality to the extent permit­ted by law.



None of the special circumstances shown above are applicable. There are no other special circumstances.

  1. Federal Register notice, summarization of comments, and consultation with persons outside the agency.

A request for public comment notice was published in the Federal Register on August 17, 2012 (Page No. 49774 Volume 77, Number 160). Comments were not received in response to this notice and therefore no action was taken by the agency based upon public comment via the Federal Register.

The following individuals were consulted to review the eAuthentication information collection process:

  1. Steve Timchak, U.S. General Services Administration, [email protected], 703-872-8604.


  1. Carol Coren, Oregon State University, Member of the USDA Technology and eGovernment Advisory Council, [email protected], 503-872-6657


  1. Johnny Shin, J.P. Morgan, 201-592-8610


These individuals were requested to review the eAuthentication information collection process as detailed in the eAuthentication web site and the customer registration job aid document. They provided opinions about the information collection process including the clarity of the registration instructions, the usefulness to the government of the information requested, and the accuracy of the Department’s estimate of the time for someone to provide the information requested.

  1. Explain any decision to provide any payment or gift to respondents.

The agency does not provide any payments or gifts to respondents for information collected through the USDA eAuthentication web site.

  1. Confidentiality provided to respondents.

All information collected will be treated as confidential in compliance with the Privacy Act and Freedom of Information Act.

  1. Questions of a sensitive nature.

The information requested through the eAuthentication web site is not considered of a sensitive nature (such as religious beliefs, sexual behavior and attitude, etc.).

  1. Estimate of burden.

USDA Agency customers can register for an eAuthentication Level 1 and Level 2 Access account. Registrants must submit a one-time online self-registration form and respond to a confirmation email to obtain an activated account. In order to obtain an active Level 2 Access account, the registrant’s identity must be manually validated at a USDA Service Center by an LRA, or validated using the Online Identity Proofing provided through a contract with Lexis Nexis.

The time estimated for the Online Identity Proofing (OIDP) is estimated to be 50 minutes. This is due to the fact that there will be no travel time involved. Once a Level 2 Access account is requested the registrant can go on to ID proof online, which is estimated to be an additional 10 minutes after initial online self-registration.


The USDA eAuthentication Service has been operating since October 2003. From October 2003 – October 2012 there has been an average of 9,570 new Level 1 Access and 1,238 new Level 2 Access account registrations each month. During this time period the number of integrated USDA applications with eAuthentication has increased from 40 applications to over 350 applications. The eAuthentication Service estimates that there will be a similar rate of expected new registrations annually. Therefore, eAuthentication estimates that there will be 114,840 (9,570 registrants * 12 months) new Level 1 Access account registrations annually. Similarly, there will be an estimated 14,860 (1,238 registrants * 12 months) new Level 2 Access account registrations annually. Collectively, eAuthentication estimates 129,700 (114,840 Level 1 + 14,860 Level 2) new account registrations annually. There are no entries on the online form that requires any applicant to develop new information not already known by the applicant.


For a Level 1 Access account it is estimated to take 8 minutes to read, understand, and complete the online self-registration form. The estimated annual cost to the public is $165,245, which is based on the annual burden of 15,315 hours (114,860 responses * 8 minutes) times an average hourly wage of $10.79 per customer. The average hourly wage is based on the mean hourly rate of Farming, Fishing, and Forestry Occupations in the Agriculture, Forestry, Fishing and Hunting sector of the May 2011 National Industry-Specific Occupational Employment and Wage Estimates. This estimate is provided through the Bureau of Labor Statistics and can be directly accessed at http://www.bls.gov/oes/current/naics2_11.htm#b45-0000.


For a Level 2 Access account it is estimated to take 40 minutes to read, understand, and complete the online self-registration form, an additional 10 minutes if the optional Online Identity Proofing (OIDP) is used, or one hour of travel time if the in person registration is used. This amounts to an estimated annual cost to the public of $173,698, which is based on the annual burden as follows:

  • Using an estimate of 70% of registrants (10,402) using OIDP – 8,668 hours (10,402 responses * 50 minutes) times an hourly wage of $10.79 per customer equals $93,551.

  • Using an estimate of 30% of registrants (4,458) using online self-registration (average 40 minutes) and then travelling (average 1 hour) to a USDA Service Center to be manually validated – 7,430 hours (4,458 responses * 100 minutes) times an hourly wage of $10.79 per customer equals $80,169.

  1. Total annual cost burden to respondents.

The information collection and reporting burden does not impose any capital or start-up costs to respondents. The information is already known by respondents and there are no ongoing or follow-up reporting requirements that impose any costs but for the one-time collection.

  1. Provide estimates of annualized cost to the Federal government.

The estimated cost to the Federal government is $200,647. This estimate is based on the cost of gathering, maintaining, retrieving, and disseminating the data. Despite fully supporting electronic information collection, additional time is sometimes needed to assist customers who are having difficulties. The estimated cost is based on requiring at least 10 minutes per response (62,184 annual responses) times the average of the GS-5 (step 5) through GS-7 (step 5) salary income of $40,277 per year or $19.36 per hour ($40,277/2080 hours per year).

  1. Reasons for changes in burden.

The overall annual burden rate has decreased from $378,763 to $338,945. The factors that con­tributed to this change are shown here:


There is an adjustment increase of +70,772 Level 1 account respondents (from 44,088 in the last submission to 114,860 in this renewal). The increase in the growth of Level 1 accounts was due to more government website applications requiring a Level 1 account for access. This resulted in an increase in the total burden rate for Level 1 accounts of 9,437 hours (from 5878 to 15315).


There is an adjustment decrease of -3,236 Level 2 account respondents (from 18,096 in the last submission to 14,860 in this renewal). The decrease in the growth of Level 2 accounts was due to a slowdown in the number of USDA customers requiring Level 2 access for restricted government website applications. Along with that, 70% of the new Level 2 registrants are able to self-register online not requiring a trip to a Local Registration Authority (LRA) to be IDed in person. This resulted in reduced burden of -14,062 hours (30,160 minus 16,098). In total, therefore, there is a decrease of -4,625 hours (9,437 minus 14,062).


  1. Outline plans for tabulation and publication.

The information collected is not planned for publication. It will only be used to provide the customer authorized access to applications.

  1. Reasons display of expiration date for OMB approval of the information collection is inappropriate.

The USDA eAuthentication Service requests permission from OMB to not post the expiration date. The self-registration form will be used for a one-time registration process.

  1. Exceptions to the certification statement identified in Item 19 of the OMB 83-I form.

There are no exceptions to the certification statement.

8

File Typeapplication/msword
File Modified2013-11-22
File Created2013-11-22

© 2024 OMB.report | Privacy Policy