Supporting Statement A - TRIPwire User Registration (v4 knc clean)

Supporting Statement A - TRIPwire User Registration (v4 knc clean).docx

Technical Resource for Incident Prevention (TRIPwire) User Registration

OMB: 1670-0028

Document [docx]
Download: docx | pdf

Supporting Statement for Paperwork Reduction Act Submissions


Title: Technical Resource for Incident Prevention (TRIPwire) User Registration


OMB Control Number: 1670-NEW


Supporting Statement A


A. Justification


1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.


The Technical Resource for Incident Prevention (TRIPwire) is the Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) Office of Infrastructure Protection (IP) Protective Security Coordination Division (PSCD) Office for Bombing Prevention’s (OBP) online, collaborative, information-sharing portal for bomb squad, law enforcement, and other emergency services personnel to learn about current terrorist improvised explosive device (IED) tactics, techniques, and procedures, including design and emplacement considerations.


TRIPwire supports Homeland Security Presidential Directive 19 (HSPD-19), which calls for a unified national policy for the prevention and detection of, protection against, and response to terrorist use of explosives in the United States. As a DHS-accredited secure system according to Federal Information Security Management Act of 2002 (FISMA), TRIPwire is required to safeguard sensitive information and authenticate user access to sensitive information.


Users from Federal, state, local, and tribal government entities, as well as business and/or other for-profit industries can elect to register through TRIPwire to verify eligibility and access to the system. Eligibility to TRIPwire is based on the compliancy to the following technical security controls in DHS 4300A sensitive system policy:


  • Policy ID 5.1.a -- “Components shall ensure that user access is controlled and limited based on positive user identification and authentication mechanisms that support the minimum requirements of access control, least privilege, and system integrity.”


  • Policy ID 5.1.b -- “For information systems requiring authentication controls, Components shall ensure that the information system is configured to require that each user be authenticated before information system access occurs.”


The TRIPwire portal contains sensitive information related to terrorist use of explosives and therefore user information is needed to verify eligibility and access to the system.



2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.


The information collected during the TRIPwire user registration process is reviewed electronically by the TRIPwire team to validate the user’s “need to know,” which determines their eligibility for and access to TRIPwire. In accordance to DHS 4300A, users are re-verified annually based on the information provided upon registration or communication with the TRIPwire help desk analysts.


The user information collected is for internal TRIPwire and OBP use only.


3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.


TRIPwire registration is user-driven and is completed electronically via the secure TRIPwire interface. Users are required to have a computer and access to the Internet. Notifications regarding the user registration are handled via electronic submission responses and/or e-mail. In addition to electronic registration, TRIPwire uses automated notifications to registered users when/if their account or password is set to expire as well as annual re-verification of users’ need for access to TRIPwire.


4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.



The TRIPwire user registration information is not collected or duplicated elsewhere. The TRIPwire system automatically checks for duplicate usernames when users are registering for and/or changing their account information. If the username selected already occurs in TRIPwire the user is notified via an electronic message to select a different username before s/he may proceed with the registration process.


Users may edit their account information at any time. They are not asked to provide personal information beyond registration unless or until their Employment Verification Contact or employment role change, in which case, they must provide updates in order to maintain membership.


5. If the collection of information impacts small businesses or other small entities (Item 5 of OMB Form 83-I), describe any methods used to minimize.


This information collection does not have an impact on small businesses or other small entities.


6. Describe the consequence to Federal/DHS program or policy activities if the collection of information is not conducted, or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.


This information collection is necessary for TRIPwire to maintain its DHS accreditation to operate in public space in accordance to FISMA and DHS 4300A. TRIPwire cannot allow public access to sensitive information without user authentication. The information provided determines a user’s “need to know,” which is a safeguard for the sensitive information within the TRIPwire system.


7. Explain any special circumstances that would cause an information collection to be conducted in a manner:


(a) Requiring respondents to report information to the agency more often than quarterly.

(b) Requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it.

(c) Requiring respondents to submit more than an original and two copies of any document.

(d) Requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years.

(e) In connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study.

(f) Requiring the use of a statistical data classification that has not been reviewed and approved by OMB.

(g) That includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use.

(h) Requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information’s confidentiality to the extent permitted by law.



There are no special circumstances causing information to be collected in this manner.


8. Federal Register Notice:

a. Provide a copy and identify the date and page number of publication in the Federal Register of the agency’s notice soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Specifically address comments received on cost and hour burden.

b. Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.

c. Describe consultations with representatives of those from whom information is to be obtained or those who must compile records. Consultation should occur at least once every three years, even if the collection of information activities is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.






Date of Publication

Volume Number

Number

Page Number

Comments Addressed

60Day Federal Register Notice:

February 27, 2013

78

39

13366

No comments were received.

30-Day Federal Register Notice

November 29, 2013

78

230

71629

No comments were received.



9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.


There is no offer of monetary or material value for this information collection.


10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy.



DHS 4300A, based on NIST SP 800-53 controls, stipulate that TRIPwire maintain a moderate impact level for confidentiality.


  • ID 3.14.2.e – “For Privacy Sensitive Systems, the confidentiality security objective shall be assigned an impact level of moderate or higher.”


TRIPwire meets the moderate impact level for protecting, encrypting, and safeguarding user collected information. TRIPwire applicants must provide their full name, assignment, citizenship, job title, employer name, professional address and contact information, as well as an Employment Verification Contact and their contact information. The system does not store sensitive personally identifiable information (PII) such as social security numbers.


Additionally, the collection of PII by TRIPwire to establish user accounts occurs in accordance with the DHS Privacy Impact Assessment 015, “DHS Web Portals,” DHS/ALL-004 - General Information Technology Access Account Records System (GITAARS) November 27, 2012, 77 FR 70792, and DHS/ALL-002- Department of Homeland Security Mailing and Other Lists System November 25, 2008, 73 FR 71659.


11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.


There are no questions of sensitive nature.


12. Provide estimates of the hour burden of the collection of information. The statement should:



a. Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. Unless directed to do so, agencies should not conduct special surveys to obtain information on which to base hour burden estimates. Consultation with a sample (fewer than 10) of potential respondents is desired. If the hour burden on respondents is expected to vary widely because of differences in activity, size, or complexity, show the range of estimated hour burden, and explain the reasons for the variance. Generally, estimates should not include burden hours for customary and usual business practices.


b. If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.


c. Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories. The cost of contracting out or paying outside parties for information collection activities should not be included here. Instead, this cost should be included in Item 14.


TRIPwire was designed and is marketed to bomb squad, law enforcement, and other emergency services personnel, to learn about current terrorist IED tactics, techniques, and procedures, including design and emplacement considerations.


TRIPwire estimates approximately 3500 registrations for system access. The program estimates that approximately 10 minutes is required complete the registration process. Each user will have to provide one registration submission. The registration process requires users to provide their full name, assignment, citizenship, job title, employer name, professional address and contact information, as well as an Employment Verification Contact and their contact information.


Therefore, the total annual burden associated with the proposed elements of this collection is 10 minutes per respondent. For an estimated 3500 respondents, the burden is 595 hours at a rate of $25.63 per hour. The dollar value of the total annual burden hours associated with the existing elements of this information collection equals $15,249.


Instrument

Number of Respondents

Responses per Respondent

Average Burden per Response
(in hours)

Total Annual Burden
(in hours)

Total Annual Burden
(in dollars)

TRIPwire User Registration

3500

1

.17

595

$15,249

TOTAL

3500

1

.17

595

$15,249


This 2013 hourly rate was determined using adjusted medium hourly wage calculation based on 2012 Bureau of Labor Statistics’ (BLS) U.S. National Occupational Employment and Wage Estimates for occupations of TRIPwire users who would register for access, including the following: Law Enforcement Workers; First-Line Supervisors of Law Enforcement Workers; First-Line Supervisors of Fire Fighting and Prevention Workers; Fire Fighting and Prevention Workers; Explosives Workers, Ordnance Handling Experts, and Blasters; Police Officers; Police and Sheriff’s Patrol Officers; Transit and Railroad Police; Other Protective Service Workers; Miscellaneous Protective Service Workers; Transportation Security Screens; Protective Service Workers, All Others; Firefighters; Fire Inspectors; Fire Inspectors and Investigators; Law Enforcement Workers; Computer System Analyst; Operations Research Analysts; Reservation and Transportation Ticket Agents and Travel Clerks; Police, Fire, and Ambulance Dispatchers; Postal Service Workers; Postal Service Clerks; Postal Service Carriers; Postal Service Mail; and Sorters, Processors, and Processing Machine Operators. U.S. Government employees from GS 9-14 step 5 were included.


13. Provide an estimate of the total annual cost burden to respondents or record keepers resulting from the collection of information. (Do not include the cost of any hour burden shown in Items 12 and 14.)


The cost estimate should be split into two components: (1) a total capital and start-up cost component (annualized over its expected useful life); and (b) a total operation and maintenance and purchase of services component. The estimates should take into account costs associated with generating, maintaining, and disclosing or providing the information. Include descriptions of methods used to estimate major cost factors including system and technology acquisition, expected useful life of capital equipment, the discount rate(s), and the time period over which costs will be incurred. Capital and start-up costs include, among other items, preparations for collecting information such as purchasing computers and software; monitoring, sampling, drilling and testing equipment; and record storage facilities.



If cost estimates are expected to vary widely, agencies should present ranges of cost burdens and explain the reasons for the variance. The cost of purchasing or contracting out information collection services should be a part of this cost burden estimate. In developing cost burden estimates, agencies may consult with a sample of respondents (fewer than 10), utilize the 60-day pre-OMB submission public comment process and use existing economic or regulatory impact analysis associated with the rulemaking containing the information collection as appropriate.


Generally, estimates should not include purchases of equipment or services, or portions thereof, made: (1) prior to October 1, 1995, (2) to achieve regulatory compliance with requirements not associated with the information collection, (3) for reasons other than to provide information to keep records for the government, or (4) as part of customary and usual business or private practices.


There are no recordkeeping, capital, start-up or maintenance costs associated with this information collection.


14. Provide estimates of annualized cost to the Federal Government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), and any other expense that would have been incurred without this collection of information. You may also aggregate cost estimates for Items 12, 13, and 14 in a single table.



The Federal Government contracts a support staff that will review and process each submitted TRIPwire registration. The help desk staff earn a salary equivalent to Computer Support Specialist at $23.51 per hour (based on BLS’s 2012 average medium salary).


We estimate that it will take the help desk staff approximately 7 minutes to complete the registration review process. Given the estimate of 3500 respondents, the help desk staff will require approximately 409 hours to process user registration


The total estimate annual cost is $9,615.59.



Hours per

Registration

Number of

Registrants

Total

Annual

Burden

(in hours)

Average Hourly Wage Rate

Total

Annual Cost

TRIPwire User Registration Processing

.11

3500

409

$23.51

$9,615.59

TOTAL

.11

3500

409

$23.51

$9,615.59


15. Explain the reasons for any program changes or adjustments reported in Items 13 or 14 of the OMB Form 83-I. Changes in hour burden, i.e., program changes or adjustments made to annual reporting and recordkeeping hour and cost burden. A program change is the result of deliberate Federal government action. All new collections and any subsequent revisions of existing collections (e.g., the addition or deletion of questions) are recorded as program changes. An adjustment is a change that is not the result of a deliberate Federal government action. These changes that result from new estimates or actions not controllable by the Federal government are recorded as adjustments.



This is a new information request.


16. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.



DHS 4300A stipulates the confidentiality of collected information. As a DHS-accredited system, TRIPwire is not permitted to use the collected information for any use other than to authenticate user access to the system. TRIPwire is not designed to export user collected information.


17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain reasons that display would be inappropriate.



OBP will display the expiration date for the Office of Management and Budget’s approval of this information collection.


18. Explain each exception to the certification statement identified in Item 19 “Certification for Paperwork Reduction Act Submissions,” of OMB Form 83-I.


OBP does not request an exception to the certification of this information collection.

File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupporting Statement A - Template
Authorfema user
File Modified0000-00-00
File Created2021-01-27

© 2024 OMB.report | Privacy Policy