Supporting Statement for
“The FNS User Access Request Form Data Collection”
(OMB Control Number 0584-0532)
Leo Wong
Chief Information Security Officer (CISO)
Office of Information Technology (OIT)
Food, Nutrition and Consumer Services, USDA
3101 Park Center Drive
Alexandria, Virginia 22302
Office: 703-605-1181
Fax: 703-305-2924
Email: [email protected]
TABLE OF CONTENTS
1. Explain the circumstances that make the collection of information necessary. 3
2. How the information will be used, by whom and for what purpose 3
3. use of improved information technology to reduce burden 6
4. Efforts to identify and avoid duplication…………………………………………………….7
5. eFFORTS TO MINIMIZE BURDEN ON SMALL BUSINESSES OR OTHER ENTITIES. 7
6. consequences of less frequent data collection. 7
7. Special circumstances requiring collection of information 8
8. federal register comments and efforts to consult with persons outside the agency. 9
9. Payments to respondents. 10
10. assurance of confidentiality . 10
11. questions of a sensitive nature . 11
12. estimates of respondent burden. 11
13. estimates of other annual costs to respondents 13
14. estimates of annualized government costs. 14
15. changes in burden hours. 15
16. time schedule, publication and analysis plans . 15
17. display of expiration date for omb approval. 16
18. exceptions to the certification statement 16
This is a revision of a currently approved collection. Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources, revised November 28, 2000, establishes a minimum set of controls to be included in Federal automated information security programs. Establishing personal controls to screen users to allow access to authorized system is directed in this appendix. The FNS User Access Request Form, FNS-674, is designed for this purpose and will be used in all situations where access to an FNS computer system is required or where current access is required to be modified and can be used where access is no longer required and must be deleted.
FNCS employees, contractors, state agencies and partners, e.g. Food Banks, etc. have requested access to FNCS systems via the User Access Request form. FNCS has used the information collected to grant access to FNCS Systems. Only specific systems require PII in order to grant access. Information that is collected includes: Name, e-Authentication ID (if exists), telephone number, home zip code, email address, contract expiration date, temporary employee expiration date, office address, State/locality codes, system name, form type, type of access, action requested, comments and special instructions.
From whom will the information be collected?
The User Access Request Form collects information from:
new FNCS Employees
new FNCS Contract Staff
new State Agencies to FNCS
new Partners to FNCS or
Existing employees, Contract Staff, State Agencies or Partners to FNCS requesting updates to current access to FNCS Information Systems.
How will the information be collected (e.g., forms, non-forms, electronically, face-to-face, over the phone, over the internet)?
The information is collected via a paper form FNS-674 available online.
How frequently will the information be collected?
The information is requested as often as needed based on the user requests for new access or updated access requests to systems. In State agencies, the State Coordinators provide a liaison between the State agency and the Information Systems Security Officers (ISSO) in FNCS Regional Offices and the Information Security Office (ISO) in the FNCS National Office. The State Coordinator is responsible for ensuring that State users and entities comply with the FNCS Information Systems Security Guidelines and Procedures Handbook 702. The ISSOs act on behalf of the National Office ISO to ensure that Regional, Field and Compliance Office users comply with the FNCS 702 Handbook.
Will the information be shared with any other organizations inside or outside USDA or the government?
This information will be stored in the Information System Security Office (ISO), the Financial Management Division (FMD) where the information is stored and maintained for users requesting access to Financial Management Systems, the National Finance Center (NFC), and the National Information Technology Center (NITC) where information from this form is shared to grant access to NFC and NITC Systems.
If this is an ongoing collection, how have the collection requirements changed over time?
The information collected on this form and instructions has changed to include additional required fields used to identify a user when changes are requested to their access or when password resets are needed. Also, information is now collected to validate the completion of Information Security Awareness (ISA) and Privacy Act Training, prior to processing the form. No changes have been made to include other training.
FNS has reached out to the FNS workgroup to collect requirements in order to automate the FNS- 674 for applications that have available funding to support the automation. Therefore, this collection is in compliance with E-Government 2002. The automation has not been implemented. Information on the FNS-674 will be displayed and captured using Microsoft ASP.Net and HTML, via a web-based system on the FNCS web site. Currently, FNS doesn’t have an electronic submission web-based system to receive these requests. The information will be stored in Microsoft SharePoint Server. The information will be transmitted over a secured HTTP protocol. The foundation of this technical architecture is Microsoft, which is consistent with current FNCS standards. The FNS-674 forms are currently submitted via email sent to [email protected] and are stored electronically at http://fncs/apps/isodoc/Pages/Default.aspx. The form is a fillable electronic Adobe pdf, available on the FNCS intranet e-forms library at http://fncs/ondemand/elibrary/EForms/FNS-674.pdf and also on the internet on various public sites for systems. Almost 100% of the received forms are submitted via email.
There is no similar information available. FNS solely monitors issuance of FNS computer access to ensure integrity. The information required for FNS-674 is not currently reported to any other entity outside of FNS. Every effort has been made to avoid duplication. FNS has reviewed USDA reporting requirements.
If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
There will be no impact to small businesses or entities that work with FNCS. FNS anticipates that out of the 180 respondents (Contractors) 75 percent or 130 are considered respondents of small businesses.
Describe the consequences to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
If this form were not submitted, FNCS computer users would be denied access to systems needed to effectively deliver or monitor FNCS programs benefits. Users provide name, e-Authentication ID (if exists), telephone number, email address, contract expiration date, temporary employee expiration date, office address, State/locality codes, system name, form type, type of access, action requested, comments and special instructions to gain initial access to FNCS Information Systems and may require subsequent submissions if access requires changes. This form can also be used if an individual should be removed as a user from a specific system.
Explain any special circumstances that would cause an information collection to be conducted in a manner:
requiring respondents to report information to the agency more often than quarterly;
requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;
requiring respondents to submit more than an original and two copies of any document;
requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;
in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;
requiring the use of a statistical data classification that has not been reviewed and approved by OMB;
that includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or
requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.
There are no special circumstances. The collection of information is conducted in a manner consistent with the guidelines in 5 CFR 1320.5.
A 60-day notice requesting public comment on this collection was published in the Federal Register at Vol. 79, No. 168, Pages 51535 - 51536, Thursday, August 28, 2014. The comment period closed on October 28, 2014 and no comments were received.
Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and record keeping, disclosure, or reporting form, and on the data elements to be recorded, disclosed, or reported.
State agencies interact daily with Regional staff and would provide their views on the aspects of this collection if necessary. State agencies’ concerns about the use of this form would be brought to the attention of FNCS National Office Information Systems Security Office and all valid suggestions would be taken into consideration on the development and delivery of this form to its users.
The FNS ISO employee working group considered all suggestions received for changes to be made for the FNS-674. In December 2011, comments were collected about the FNS-674 specifically on the availability of data, frequency of collection, the clarity of instructions and record keeping responsibilities, disclosure, or reporting format (if any), and the data elements to be recorded, disclosed, or reported. Comments were collected from American Systems contracting group and by state users. One comment by state user Jim Bergstrom of the MA DPH suggested a change to the last section that has now been incorporated into the most recent version of FNS-674 that will be used beginning in February 2015. All suggestions for changes agreed upon by the FNS ISO employee working group during the summer of 2014 were incorporated into that version of the FNS-674 to be used beginning in February 2015.
Payments or gifts are not provided to respondents.
The FNS-674 will contain a Privacy Act Statement and the data will be stored in a secured database. The applications for authorization contain personal identifying information on individuals doing business with Food and Nutrition Service. Therefore, the Food and Nutrition Service published such a Privacy Act notice (system of records), USDA/FNS-10, entitled “Persons Doing Business with the Food and Nutrition Service” on March 31, 2000 in the Federal Register Volume 65 pages 17251-52 to specify the uses to be made of the information in this collection. Access to records is limited to those persons who process the records for the specific uses stated in this Privacy Act notice. Records are kept in physically secured rooms and/or cabinets. Various methods of computer security limit access to records in automated databases.
This information collection includes no questions of a sensitive nature.
12. Provide estimates of the hour burden of the collection of information. The statement should:
Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.
Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories.
Estimate of Burden
The respondents are State agencies, who are located in the 50 states and Trust Territories, staff contractors and Federal employees. Respondents who require access to the FNS systems are estimated at 3,600 annually (includes Federal, State and private) however, only 2,700 will account for the total public burden, excluding Federal employees. FNS estimates that it will receive an average of 300 requests per month (15 per day). Of the 300, 70 percent (or 210) of the responses are State Agency users, 5 percent (or 15) are staff contractors and 25 percent (or 75) are Federal employees which is not included in the total number of responses. Annually, that results in 2,700 respondents (210 State Agency users per month + 15 staff contractors per month × 12 months).
REPORTING BURDEN
Affected Public |
Form Number |
Number of Respondents |
Number of responses annually per Respondent |
Total Annual Responses |
Estimate of Burden Hours per response |
Total Annual Burden Hours |
Contractors |
FNS-674 |
180 |
1 |
180 |
0.16667 (10 minutes) |
30 |
State Agency Users |
FNS-674 |
2,520 |
2 |
5,040 |
0.16667 (10 minutes) |
840 |
Annualized Totals |
|
2,700 |
1.9 |
5,220 |
10 minutes |
870 |
There is no recordkeeping burden imposed on the public. All requests from respondents are archived on FNCS National Office systems.
Annualized Cost to Respondent
It is estimated that each respondent take 10 minutes to read the instruction and complete the on-line form. Using the hourly rate reported in the National Sector NAICS Industry-Specific estimates of US Occupational Employment and Wages in the U.S., May 2013; Department of Labor, Bureau of Labor Statistics at http://www.bls.gov/oes/current/oes_stru.htm. Occupational codes (OC) used for States and Contractors include NAICS 999200 - 13-0000 Business and Financial Operations Occupations (at $34.14 hourly wage rate) and 15-1122 Information Security Analysts (at $51.70 hourly wage rate).
Affected Public |
Type of Instrument |
Average time per response |
Number of Respondents |
Frequency of Response |
Hourly Wage Rate |
Cost to Respondent |
State Agencies |
FNS-674 |
0.16667 |
2,520 |
2 |
$34.14 |
$28,678.17 |
Contractors |
FNS-674 |
0.16667 |
180 |
1 |
$51.70 |
$1551.03 |
Total |
|
|
2,700 |
3 |
|
$30,229.20 |
There are no capital/startups or ongoing/annualized maintenance costs to the respondents.
Description of Activities |
HQ Staff (2 – GS-13 @ ($42.78 per hr) |
Regional Staff (14 – GS-12 @ $35.98 per hr) |
Contractor ($51.70 per hr) |
Total |
Updating on-line form to support the collection |
|
|
70 hours = $3,619.00 |
$3,619.00 |
Testing of computer system |
|
|
10 hours = $517.00 |
$517.00 |
Reviewing, approving and issuing password 1 |
$1,540.08 |
$3,885.84 |
|
$5,425.92 |
Labor for analyzing, evaluating, summarizing, and reporting on the collected information 2 |
$342.24 |
|
|
$342.24 |
Total Cost to the Federal Government |
$9,904.16 |
|||
Annualized costs are determined by tasks as described in the chart above. The FNCS National Office’ staff salary was determined by the 2014 Salary and Wage tables available from the Office of Personnel Management (OPM). The staff contractors’ salary was determined by using the national average available from the Department of Labor.
This is a revision of a currently approved collection; the current burden inventory for this information collection is 73 burden hours. This revision seeks to request an estimated annual burden hours of 870. This is an increase of 797 burden hours. This is a direct results of aadjustments increased the number of respondents filling out this form (from 435 to 5,220 and increase of 4,785 users). Additionally, there is another program change, FNS has increased the frequency of responses for State Agencies from 1 to 2 times per year. Although the time to fill out the form remains unchanged, FNS has revised the FNS-674 to include additional requirements needed to identify users and verify completion of Information Security Awareness (ISA) Privacy Act Training prior to processing the form.
There are no plans for publication.
We are seeking to display the expiration date for OMB approval on this form.
There are no exceptions to the certification statement.
?National Office: Two (2) GS-13 Information Security Officers spend 2 minutes (0.04 of an hour) reviewing, approving, and issuing passwords for each National Office’ applications received. (3,600 applications/25% = 900 x 0.04 = 36 hrs. [36 hrs. @$42.78 per hour = $1,540.08.
Regions: Fourteen (14) GS-12 Information Security Officers spends 2 minutes (or 0.04 of an hour) reviewing, approving, and issuing passwords for users in State agencies. (3,600 applications/75% = 2,700 x 0.04 = 108 hrs. x $35.98 = $3,885.84)
2 Two (2) GS-13 HQ Security Officers spend 2 hours per quarter, each, on the analyzing and running reports of security users and authorized systems. (GS-13 @ $42.78 x 8 hrs. = $342.24)
December 2014
| File Type | application/msword |
| File Title | Date |
| Author | Authorized Gateway Customer |
| Last Modified By | Windows User |
| File Modified | 2015-01-21 |
| File Created | 2015-01-21 |