Supporting Statement for OMB Clearance
Office of Child Support Enforcement
Division of Federal Systems
Child Support Portal Registration
August 2015
Prepared by:
U.S. Department of Health and Human Services
Administration for Children and Families
Office of Child Support Enforcement
370 L’Enfant Promenade SW
Washington, DC 20447
Section Page
A. JUSTIFICATION 3
1. Circumstances Making the Collection of Information Necessary 3
2. Purpose and Use of the Information Collection 3
3. Use of Improved Information Technology and Burden Reduction 4
4. Efforts to Identify Duplication and Use of Similar Information 4
5. Impact on Small Businesses or Other Small Entities 4
6. Consequences of Collecting the Information Less Frequently 4
7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5 4
8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency 5
9. Explanation of Any Payment or Gift to Respondents 5
10. Assurances of Confidentiality Provided to Respondents 5
11. Justification for Sensitive Questions 5
12. Estimates of Annualized Burden Hours and Costs 6
13. Estimates of Other Total Annual Cost Burden to Respondents and Record Keepers 6
14. Annualized Cost to the Federal Government 6
15. Explanation for Program Changes or Adjustments 7
16. Plans for Tabulation and Publication and Project Time Schedule 7
17. Reason(s) Display of OMB Expiration Date is Inappropriate 7
18. Exceptions to Certification for Paperwork Reduction Act Submissions... 7
B. STATISTICAL METHODS 8
A. JUSTIFICATION
1. Circumstances Making the Collection of Information Necessary
The information collected during the federal Office of Child Support Enforcement (OCSE) Child Support Portal (hereafter “the Portal”) registration process is necessary to enable the federal OCSE to authenticate and authorize users accessing the Portal.
OCSE, Division of Federal Systems maintains the Portal, which contains a variety of child support applications to help enforce state child support cases. To access the child support applications, individuals must first register and be verified as an authorized user of the Portal. This is to ensure that only authorized users access secure web applications and information maintained in the Portal. After an authorized user’s identification is verified, OCSE will create secure accounts for the authorized user, who may then easily access the child support applications that will facilitate state agencies’ child support collections.
The information collection activities associated with the Portal registration process are authorized by 1) 42 U.S.C. §653(m)(2), which requires the Secretary to establish and implement safeguards to restrict access to confidential information in the Federal Parent Locator Service to authorized persons, and to restrict use of such information to authorized purposes; 2) E-Government act of 2002 and Office of Management and Budget (OMB) Circular 03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, which requires agencies to ensure program integrity by verifying access to data; and 3) 44 U.S.C. §3554, which requires OCSE to implement security protections to prevent unauthorized access to information maintained by OCSE.
2. Purpose and Use of the Information Collection
2.1 By whom the information is to be used
The information collected will be used by OCSE administrative staff.
2.2 How the information is to be used
Information collected via the registration process will be used to perform authorized user verification, create authorized user accounts, tracking log-in activity, and general support.
Information obtained during the registration process will be compared against the National Directory of New Hires (NDNH) by OCSE administrative staff to verify the name and Social Security number. OCSE administrative staff will call the employer to verify employment of individuals registering.
After individuals information is verified, a Portal access account is created, which then requires activation by the authorized user. Activation involves retrieving information linked to account authorizations; generating a security token and sending an e-mail notification to the authorized user with instructions to log in and activate his/her account. If rejected, the e-mail will contain a notification of denial.
The authorized user can log into the Portal using the Federal Parent Locator Service (FPLS) Security Framework to access specific Portal programs for which the authorized user is approved. The login process accepts user credentials (User ID and password) and the answer to a challenge question, and then validates credentials against a data store, which is a table of authorized users. If the credentials are valid, access to the Portal is permitted. If the credentials are not valid, an “access denied” alert is displayed and access is not permitted. The Portal uses security software that monitors unsuccessful log-in attempts and will lock authorized user accounts. The Portal also monitors lack of use for 90 days and requests deactivation.
3. Use of Improved Information Technology and Burden Reduction
The process by which the Portal registration captures information for verification is compliant with the Federal Information Security Modernization Act of 2014. See 44 US.C. §3554. Authorized users provide required information during registration that is captured via a secure Internet site. The operation of the FPLS Security Framework provides authentication and authorization services for the Portal. Authorized users access the Portal website via the Internet and will need to present a login User ID, password, access code, and the answer to a challenge question to be authenticated. The authentication service includes geo-location capability to identify where the authorized users requests originated. These schemes represent federal multifactor authentication requirements.
4. Efforts to Identify Duplication and Use of Similar Information
There is no possibility for duplication or use of similar information. The Portal and Portal authorized user registration process is unique to OCSE.
5. Impact on Small Businesses or Other Small Entities
Not applicable.
6. Consequences of Collecting the Information Less Frequently
OCSE collects information from authorized users during the one-time registration process; therefore, not collecting information at registration will prevent OCSE from verifying the identity of authorized users and increases the risk of unauthorized use.
7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5
Not applicable.
8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency
A notice was published in the Federal Register at 80 FR 19668 on April 13, 2015, which allowed for a 60-day comment period for the public to submit in writing comments about this information collection. No comments were received.
9. Explanation of Any Payment or Gift to Respondents
Not applicable.
10. Assurance of Confidentiality Provided to Respondents
FPLS Security Framework provides secure access through the registration process. The following are in place to ensure the confidentiality and security of the user’s information:
Passwords on the OCSE Network are stored as 128-bit hash map.
Social Security number, date of birth, and responses to challenge questions are stored encrypted using the NIST-standard Advanced Encryption Standard (AES).
The Portal application uses SSL encryption. The Portal has its login server in the firewall’s demilitarized zone (DMZ). Communications with the login server from outside must use SSL encryption.
A User ID and password, one time access code along with answering a challenge question, are required to access the Portal protected applications and data. Session authenticity is ensured by integral HTTPS and SSL encrypted session management functionality. Multiple logins for the same User ID are not permitted.
The OCSE Network employs custom-developed monitoring tools, such as Cisco IDS integrated in the routers and firewall, and techniques such as port scanning to monitor events and detect attacks on the information system. System log files provide another tool to detect unauthorized activity.
System alerts are monitored daily for applicable advisories for the OCSE Network. Updates and security patch notifications are received and reviewed by network personnel to determine if they are applicable to the OCSE Network and to recommend appropriate actions, if any, to be taken in response to the alert or advisory.
11. Justification for Sensitive Questions
OCSE is required by law to operate the FPLS for the primary purpose of helping child support agencies. Sensitive information, if any, is justified because states are required to obtain sensitive information pertaining to the establishment of parentage and the establishment, modification, and enforcement of support obligations.
The Social Security number of an authorized user is collected during the registration process in order to verify the individual user’s employment information through the NDNH. Additional information collected includes the name, date of birth, and employer information, which is necessary to ensure proper verification of individuals before creating an access account.
12. Estimates of Annualized Burden Hours and Costs
Instrument
|
Number of Respondents |
Number of Responses per Respondent |
Average Burden Hours Per Response |
Total Burden Hours |
Registration Screens |
299 |
1 |
0.15 |
44.85 |
Estimated Total Annual Burden Hours1: 45
The estimated time to populate a registration form was derived through OCSE staff conducting “test registrations”. OCSE determined that the average time to enter the registration information is approximately 0.15 hours (9 minutes) per registration.
Based on the number of users who completed the registration form in 2014, multiplied by the average burden hour (.15), the annual burden for collecting registration information from employers, financial institutions, insurers, and state agencies is approximately 45 hours.
The total annualized cost to the users for the collection of registration information is $789.36, or an average cost of $2.64 for each response. Costs were calculated using average hourly wage rate of $17.62 for employers, financial institutions, insurers, tribal, and state agencies2.
13. Estimates of Other Total Annual Cost Burden to Respondents and Record Keepers
Respondents and Record Keepers do not incur operation and/or maintenance costs associated with the Portal. The registration screens were developed, and will be maintained, by OCSE. Total Estimated Costs for Respondents (Burden and Other Annual Costs): $789.36.
14. Annualized Cost to the Federal Government
The registration process is part of the Portal system, and it is a small part of the overall operational activities and cost. Costs for the entire Portal system include federal salaries and benefits of $170,409 and contractor and hardware/software costs of $1,261,922. Total Estimated Annualized Cost for the Portal system to the Federal Government is: $1,432,331.
15. Explanation for Program Changes or Adjustments
Since the previous approval, the title of this information collection changed from “Federal Child Support Services Portal (FCSSP) Registration” to “Child Support Portal Registration” and Tribes were added to the list of respondents. The title change constitutes a program change but had no impact on the respondents’ burden hour or burden costs.
Tribes were added to the list of respondents and federal employees were removed as respondents. This constitutes a program change, but it did not impact the burden hour because the inclusion of the Tribes offset the removal of federal employees as respondents. However, the overall burden hour for this information collection request was adjusted down from the previous approval because the number of individuals who completed the registration form decreased.
Increases in the annual cost to the federal government from the previous information collection approval are for costs to develop and maintain new Portal applications that were added to expand the capabilities and services of the Portal. While the enhanced applications improve the services available to authorized users, they do not impact the respondents overall burden to complete the registration process that must first be completed to obtain access the applications maintained in the Portal system.
16. Plans for Tabulation and Publication and Project Time Schedule
Not applicable.
17. Reason(s) Display of OMB Expiration Date is Inappropriate
Not applicable.
18. Exceptions to Certification for Paperwork Reduction Act Submissions
There are no exceptions.
SUPPORTING STATEMENT:
PART B - STATISTICAL METHODS (used for collection of information employing statistical methods)
The information collection requirements outlined in this report do not employ the use of statistical methods.
1Burden hours rounded from 44.85
2Based on Bureau of Labor Statistics July 2011 National Compensation Survey
| File Type | application/msword |
| File Title | FPLS Child Support Services Portal Registration (FCSSP |
| Author | Michelle Carpenter |
| Last Modified By | Author |
| File Modified | 2015-11-02 |
| File Created | 2015-11-02 |