SUPPORTING STATEMENT – PART A
A. JUSTIFICATION
1. Need for the Information Collection
The Defense Technical Information Center (DTIC) requires all eligible users to be registered for access to DTIC’s repository of access controlled scientific and technical information documents. The registration of a user enforces validation of an individual’s identity, as well as their persona, i.e., whether they are Department of Defense (DoD), federal government, or a contractor supporting the DoD or another federal agency) and their authority to access limited and classified documents with distribution controls. A role-based environment based on a user’s identification ensures security for DTIC’s electronic information collection while the online systems increase availability of information to each user based on their mission needs.
The authority to maintain the Defense User Registration System is governed by the following issuances:
E.O. 13526, Classified National Security Information December 29, 2009
Revokes and replaces the previous Executive Order EO 12958 Classified National Security Information, April 17, 1995. Prescribes a uniform system for classifying, safeguarding, and declassifying national security information.
DoD Directive 5105.73 Defense Technical Information Center (DTIC), May 2, 2013. Establishes the Defense Technical Information Center (DTIC) as a DoD Field Activity. Establishes DTIC as the central scientific, research, and engineering information support activity for the Assistant Secretary of Defense for Research and Engineering (ASD(R&E)) executing the programs and functions of the DoD Scientific and Technical Information Program (STIP). DTIC is responsible for the centralized operation of DoD services, databases, and systems for the acquisition, storage, retrieval, and distribution of scientific, research, and engineering information in support of DoD research, development, testing and evaluation, and studies programs. DTIC also provides systems, technologies, and analytical tools to promote exchange of information and ideas among scientists, engineers, and warfighter communities to facilitate discovery, dissemination, and collaboration. The directive authorizes DTIC to obtain reports and information, in accordance with DoDI 8910.01 “Information Collection and Reporting,” March 6, 2007, to carry out assigned responsibilities and functions.
DoD Instruction 3200.12 DoD Scientific and Technical Information Program (STIP), August 22, 2013. Establishes policy, assigns responsibilities, and prescribes procedures to carry out a coordinated program to manage scientific and technical information created or acquired in the execution of research and engineering activities. The Instruction directs DTIC to maintain information management systems and web-based databases to enable full use of DoD-funded STI. It also directs DTIC to provide a suite of web products and services for publicly releasable STI as well as systems to manage protected categories of STI in accordance with control or distribution markings including export control. Other DTIC responsibilities include the operation and maintenance of a DoD-wide certification and registration system and a central authority file of certified and approved users.
DoD Manual 3200.14, Volume 1, Principles and Operational Parameters of the DoD Scientific and Technical Information Program (STIP): General Processes, March 14, 2014. The manual implements policy, assigns responsibilities, and prescribes procedures to carry out the DoD STIP, and delineate the major elements of the DoD STIP, including the specific implementation of policy, responsibilities, principles, and operational parameters for each segment of that program. Volume 1 describes the principles, concepts, and procedural functions to ensure that DoD scientific and technical information (STI) is appropriately managed to enable scientific knowledge and technological innovations to be fully accessible to authorized recipients while applying appropriate safeguards to assure that the information is protected as necessary.
DoD Instruction 5230.24 Distribution Statements on Technical Documents, August 23, 2012. The instruction establishes DoD policies, assigns responsibilities, and prescribes procedures for marking and managing technical documents, including research, development, engineering, test, sustainment, and logistics information, to denote the extent to which they are available for secondary distribution, release, and dissemination without additional approvals or authorizations. It directs DTIC to maintain a permanent record of controlling DoD office decisions for classification and distribution of scientific and technical information. In accordance with paragraph 3 of Enclosure 3, control of secondary distribution of scientific and technical documents is accomplished through use of the DoD-wide “Registration System for Scientific and Technical Information,” administered by DTIC.
DoD Directive 5230.25 Withholding of Unclassified Technical Data from Public Disclosure, August 18, 1995. Establishes policy, prescribes procedures, and assigns responsibilities for the dissemination and withholding of technical data that may not be exported lawfully without an approval, authorization, or license in accordance with Executive Order 13222 or the Arms Export Control Act of 1976.
DoD Manual 5200.01-Volume 3, DoD Information Security Program: Protection of Classified Information, February 24, 2012, as amended.
Provides guidance for safeguarding, storage, destruction, transmission, and transportation of classified information; identifies security education and training requirements and processes for handling of security violations and compromise of classified information; addresses information technology issues of which the security manager must be aware.
DoD Regulation 5200.2-R, Personnel Security Program, February 23, 1996, as amended. Establishes policies and procedures to ensure that acceptance and retention of personnel in the Armed Forces, acceptance and retention of civilian employees in the Department of Defense, and granting members of the Armed Forces, DoD civilian employees, DoD contractors, and other affiliated persons access to classified information are clearly consistent with the interests of national security.
2. Use of the Information
The purpose of this existing Defense User Registration System is to collect registration requests, validate eligibility, and maintain an official registry that identifies individuals who apply for, and are granted access privileges to DTIC owned or controlled databases, products, services, and electronic information systems on the NIPRNet and SIPRNet. The registration information provides the validation for a user’s access to unclassified, limited and classified information which has specific distribution markings. In the past, registration was a manual process and document delivery of scientific and technical reports to users also involved printed documentation. However, for several years, registration has been electronic, and the DTIC collection is digitized with authorized users accessing electronic databases and full-text files based on their registration profile. The user records contain the individual's name; DoD identification (ID) number (Electronic Data Interchange Personal Identifier); citizenship; service type; personnel category; civilian pay grade; military rank; organization/company name; office mailing address/physical location; email office address; userid and password/reset questions; office telephone number(s); access eligibility; dissemination/distribution group codes; and personal and facility security clearance level(s). Records also contain the government approving official's name, office phone number and email address; dates of registration activation and the projected date of expiration. Where applicable, the records contain contract number(s), contract expiration date(s), and the Militarily Critical Technical Data Agreement (MCTDA) Certification Number. With this information, DTIC creates a role-based environment that add a comprehensive level of security for the wealth of various documents available
3. Use of Information Technology
DTIC conducts all new user registration entirely electronically. For the majority of DTIC users, DTIC utilizes existing DoD and federal information systems, the Defense Manpower Data Center (DMDC) and Office of Personnel Management (OPM), for the purposes of Identity Access Management that provides the infrastructure to leverage authoritative information electronically for personnel digital identity. The smaller group of eligible non-DoD and non-federal users, such as support contractors with a business relationship to DTIC, input registration information electronically, and confirmation of contracts is done by email with the government approving official. While eligible customers using DTIC registration and access tools utilize autonomous methods for credentialing, in the event the system does not recognize their identity, DTIC Customer Support will assist customers with the electronic process. DoD personnel and many DoD contractors use their Common Access Card (CAC) for seamless access to the DTIC databases. Other registered users log on to the systems with an ID/password process.
4. Non-duplication
DTIC already has agreements in place with DMDC and OPM to utilize only the fields needed from these authoritative DoD and federal personnel collections to ease the burden for registrants and to eliminate collecting duplicative information.
DTIC’s online registration has streamlined the process for contractors from both large and small businesses.
6. Less Frequent Collection
Failure to share and disseminate essential scientific and technical information for the DoD and federal research and engineering communities would decimate the availability of important research to decision-makers and would cause major duplication of the effort and cost of future research for the United States.
7. Paperwork Reduction Act Guidelines
There are no special circumstances requiring the collection to be conducted inconsistent with 5 CFR 1320.5(d)(2).
8. Consultation and Public Comments
a. 60 Day Federal Register Notice: 80 FR 22718 Proposed Collection; Comment Request, Defense Technical Information Center (DTIC), DoD, April 23, 2015. http://www.gpo.gov/fdsys/pkg/FR-2015-04-23/pdf/2015-09439.pdf
There were no comments regarding this posting.
b. 30 Day Federal Register Notice: 80 FR 65723 Proposed Collection; Comment Request, Defense Technical Information Center (DTIC), DoD, October 27, 2015. http://www.gpo.gov/fdsys/pkg/FR-2015-10-27/pdf/2015-27318.pdf
c. DTIC continually informs the registered users and eligible users of improvements to the registration system to make their access to research documents more efficient. The User Council made up of elected members from the user community provides feedback on procedures. In addition, there is an electronic feedback capability for users to make comments or suggestions directly to DTIC about the registration system.
There are no gifts or payments to respondents.
10. Confidentiality
The Privacy Act Statement appears on the first page of the Contractor Registration form at http://dtic.mil/dtic/registration/contractor_employees.html
Privacy Act Statement:
AUTHORITY: 5 U.S.C. 301, Departmental Regulations; E.O. 13526, Classified National Security Information; DoDM 5200.01-Volume 3, DoD Information Security Program: Protection of Classified Information; DoD 5200.2-R, Personnel Security Program.
PURPOSE: To identify individuals who apply for, and are granted, access privileges to DTIC products and electronic information systems.
ROUTINE USES: Information is used for the purpose set forth above and may be disclosed outside the DoD pursuant to the "Blanket Routine Uses" set forth at the beginning of the OSD's compilation of Systems of Records Notices.
DISCLOSURE: Voluntary, but failure to provide the requested personal information may prevent the individual from gaining access to DTIC's controlled information services. To read the full content of the DTIC System of Records Notice (SORN), click here.
The registration records are maintained in secure, limited access, and monitored areas. The database is monitored; authorized access is password protected and common access card (CAC) enabled. Physical entry by unauthorized persons is restricted through the use of locks, guards, passwords, and/or other security measures. Archived data is stored on compact discs, or magnetic tapes, which are kept in a locked, controlled access area. Risks by other factors are mitigated through the Network "defense-in-depth" methodology to protect not only persona information, but other sensitive DoD scientific and technical information contained within the DTIC repository through the use of multi-layered firewalls, Intrusion Detection System, Secure Socket Layer protocols, Secure Routers, Access Control List, Systems Logs, Common Access Card (CAC) authentications, and files permissions. Restricted system administrators/managers within DTIC are responsible for the prevention of unauthorized disclosure outside official use of this information. Access to personal information is limited to those DTIC personnel who require a need to know to perform their official assigned duties.
The retention and disposal policy, based on GRS 24, Information Technology Operations and Management Records, is to destroy/delete inactive file 6 years after user account is terminated or password is altered, or when no longer needed for investigative or security purposes, whichever is later. (N1-GRS-03-1 item 6a).
All DTIC personnel and contractors are required to take annual Privacy/Personally Identifiable Information (PII) Training to maintain awareness and adherence to privacy protection rules and requirements. The training.is covered in three categories: General, Specialized, and Supervisor/Manager. The Specialized training is geared for employees and contractors with the responsibilities, such as IT system designer/developers/managers, who focus on protecting personal information in systems.
Privacy Act System of Records Notice (SORN): DTIC 01 Defense User Registration System (DURS) http://dpcld.defense.gov/Privacy/SORNsIndex/DODwideSORNArticleView/tabid/6797/Article/570703/dtic-01.aspx
Privacy Impact Assessment (PIA) http://www.dtic.mil/dtic/pdf/privacy_impact_awareness_external.pdf
11. Sensitive Questions
Sensitive questions are not asked on the Defense User Registration System (DURS) form.
12. Respondent Burden, and its Labor Costs
a. Estimation of Respondent Burden
Annual Burden hours are not applicable for potential DoD registered users who are automatically registered for and receive immediate access to DTIC’s Suite of Services with their common access card (CAC). CAC users do not input content into the Defense User Registration System (DURS) since the CAC provides seamless access based on a user’s electronic information available on the card.
The annual burden estimate was based on the non-CAC users, which is a small group in comparison to the thousands of CAC users. Using an average typical number of 605 non-CAC users spending approximately 10 minutes with the registration process, as timed periodically by staff, the estimated burden hours total 101 hours.
b. Labor Cost of Respondent Burden
Using an average typical number of 605 non-CAC users spending approximately 10 minutes with the registration process, as timed periodically by staff, the estimated burden hours total 101 hours. Total cost to respondents $3,139.95.
A median annual salary of $65,000* for employed U.S. scientists and engineers. Information on registrants’ pay grade is not collected.
2087** hours per year
$31.15 hourly rate
$5.19 10 minutes for the registration process
*Scientists and Engineers Statistical Data System Surveys
National Center for Science and Engineering Statistics
National Science Foundation
http://ncsesdata.nsf.gov/datatables/us-workforce/2010/html/SES2010_DST12.html
**Computing Hourly Rates of Pay Using the 2,087-Hour Divisor
Office of Personnel Management
https://www.opm.gov/policy-data-oversight/pay-leave/pay-administration/fact-sheets/computing-hourly-rates-of-pay-using-the-2087-hour-divisor/
13. Respondent Costs Other Than Burden Hour Costs
There is no cost to the respondents for the registration system.
14. Cost to the Federal Government
Total cost to the Federal Government $165,796.
$48,796 – 1 FTE Registrar GS 7 step 5 (2015 General Schedule Locality Pay Tables https://www.opm.gov/policy-data-oversight/pay-leave/salaries-wages/salary-tables/15Tables/pdf/DCB.pdf)
$117,000 – OM costs under contract GS-06F-0665Z 22 Aug 2014
15. Reasons for Change in Burden
This is a new collection, and a new associated burden.
16. Publication of Results
The Defense User Registration System (DURS) records are not published.
17. Non-Display of OMB Expiration Date
Control Number and expiration date will be displayed.
18. Exceptions to "Certification for Paperwork Reduction Submissions"
Exceptions to "Certification for Paperwork Reduction Submissions” are not claimed.
| File Type | application/msword |
| Author | Patricia Toppings |
| Last Modified By | Mitchell Zink |
| File Modified | 2015-10-27 |
| File Created | 2015-09-14 |