U.S. Department of Agriculture
Office of the Chief Information Officer (OCIO)
OMB Control Number: 0503-0014
USDA eAuthentication Service Customer Registration
Purpose:
The purpose of this request for OMB review is to obtain approval for a 3 year renewal and new information collection contained in the USDA eAuthentication Service based on the addition of the Online Identity Proofing (OIDP) function. This information collection is necessary to allow USDA customers to securely and confidently conduct business with USDA electronically via the Internet. No new information is collected using OIDP. Authority for obtaining new information from users is included in Section 2, (c), of the Freedom to E-File Act (Pub. L. 106-222), the Government Paperwork Elimination Act (GPEA, Pub. L. 105-277), the Electronic Signatures in Global and National Commerce Act (E-SIGN, Pub. L. 106-229), E-Government Act of 2002 (H.R. 2458), and GRAMM–LEACH–BLILEY ACT (Pub L. 106-102., 502-504). New online customers must provide information during the Registration process, which is accessible through the USDA eAuthentication web site, located at www.eauth.usda.gov. This voluntary online self-registration process enables USDA customers, as well as employees, to obtain accounts that will enable them to access USDA web applications and services via the Internet. The objectives of this self-registration process are to employ standardized methods for verifying the identity of USDA customers/partners and to manage their credentials in support of electronic alternatives to traditional ink signatures. In addition, the centralized approach USDA has taken will prevent current customers from having to complete additional registrations to conduct additional USDA business.
Background:
The USDA provides services to ranchers and farmers ranging from development and economic assistance; farm loans and subsidies; and land, water, and livestock resource management. In addition, the USDA is responsible for the federal government’s major agricultural procurements and generation and dissemination of natural resource research data. The USDA also leads the Federal anti-hunger effort by providing human nutrition services through the Food Stamp, School Lunch, School Breakfast, and the Women, Infant, and Children (WIC) Program.
Many of these services are provided through face to face transactions either at a central office or at one of approximately 2,500 local USDA Service Centers. In June 2002, USDA developed the capability for Service Center Agencies (SCA), formerly known as County Based Agencies (CBA), to offer the services traditionally available from service centers via the Internet. The USDA enabled SCAs, which is comprised of the Farm Service Agency (FSA), Natural Resources Conservation Service (NRCS), and Rural Development (RD), to offer agricultural producers the alternative of electronically submitting most of the forms needed to participate in the agencies’ programs and services. Currently, there are hundreds of SCA’s commonly used forms available through the eForms service and many can be electronically submitted to USDA. As users were enabled to electronically submit forms to USDA, there was a need to authenticate and authorize users electronically.
Initially, USDA’s Service Center Agencies developed an online user authentication and authorization system known as the Web Central Authentication and Authorization Facility (WebCAAF). WebCAAF required a one-time registration requirement for each SCA customer desiring access to any online service that required authentication. Form AD-2016, USDA Registration Form to Request Electronic Access Code, was used to collect the minimum information necessary to verify and validate the identity of the customer before issuing user access credentials. Despite providing user authentication and authorization electronically, WebCAAF exhibited limited capabilities in that it serviced only form submissions of the USDA SCAs and required a manual submission process for Form AD-2016.
In January 2003, the USDA initiated the eAuthentication Service, an expanded USDA enterprise wide authentication and authorization service for all USDA web-based applications. It is a strategic component of USDA’s eGovernment vision and USDA’s Enterprise Architecture to provide common authentication and authorization services for web-based applications.
In October 2003, the USDA eAuthentication Service was launched to service all USDA agencies. The eAuthentication service provides a single point of entry for conducting business online with USDA. Users desiring access to any service that is protected with eAuthentication are required to complete a one-time electronic self-registration to obtain an eAuthentication account. This supporting statement pertains to customers interacting with the USDA eAuthentication Service, excluding USDA Agency employees. USDA customers can self-register for a Level 1 or Level 2 Access account. A Level 1 Access account provides users with limited access to USDA web sites. A Level 2 Access account enables users to conduct official electronic business transactions via the Internet, enter into a contract with the USDA, and submit forms electronically via the Internet to USDA agencies. Due to the increased customer access associated with a Level 2 Access account, customers must be authenticated in person at a USDA Service Center by a local registration authority (LRA), or be authenticated via Online Identity Proofing, in addition to the electronic self-registration. Once an account is activated, customers may use the associated user ID and password that they created to access USDA resources that are protected by eAuthentication. As of March 2016 there are 845,503 active eAuthentication customer accounts. We estimate that there will be 132,104 new account registrations in the upcoming year.
The eAuthentication system architecture is a major expansion from the previous WebCAAF system architecture. In addition, eAuthentication is consistent with the USDA Web Style Guide, which was developed after the implementation of the WebCAAF system. The eAuthentication system is developed and managed by the Office of the Chief Information Officer (OCIO). eAuthentication collects customer information under OMB Control Number 0503-0014, which pertains to WebCAAF. We are requesting a 3-year approval for the revision of this currently approved collection.
National Institute of Standards and Technology (NIST) requirements dictate the need for strong authentication to protect more sensitive applications. In order to provide Level 3 and Level 4 Access accounts eAuthentication has developed public key infrastructure to support strong authentication. To provide further capability for Level 3 and Level 4 Assurance, the eAuthentication Application service in conjunction with other federal partners is aware of the need enabling trusted digital credentials for interactions between people and government requiring multifactor authentication for public citizens; but this has not yet been implemented and we are not seeking approval for this in this ICR.
Supporting Statement
Justification
Explain the circumstances that make the collection of information necessary.
The Freedom to E-File Act, and the E-Government Act prescribe eGovernment functions as alternatives to traditional paper-based processes. Conducting online transactions necessitates processes for authenticating and authorizing online users and completing transactions with an electronic equivalent to traditional ink signatures. The information collected from the eAuthentication web site enables the electronic authentication and authorization of users to conduct official business with USDA through web-based applications.
Indicate how, by whom, how frequently, and for what purpose the information is to be used.
The USDA eAuthentication Service provides public and government businesses single sign-on capability for USDA applications, management of user credentials, and verification of identity, authorization, and electronic signatures. USDA eAuthentication obtains customer information through an electronic self-registration process provided through the eAuthentication web site. This voluntary online self-registration process applies to USDA Agency customers, as well as employees, who request access to protected USDA web applications and services via the Internet. Registrants are able to self-register online from the eAuthentication web site, located at www.eauth.usda.gov, for a Level 1 or Level 2 Access eAuthentication account. An eAuthentication account has an associated user ID and password which enables the electronic authentication of users. A user will then have access to authorized resources without needing to re-authenticate within the context of a single Internet session. The user ID and password and permissions associated with an account are what authenticates and authorizes a user to access a requested USDA resource.
A customer eAuthentication Level 1 Access account provides limited access to USDA web site portals and applications that have minimal security requirements. Level 1 Access accounts, anonymous, do not allow you to conduct official business transactions with the USDA via the Internet. A Level 1 Access account may be used to customize a web portal page, obtain general information about a specific USDA agency, and participate in public surveys for a USDA agency. A registrant can apply for a Level 1 Access account directly from the USDA eAuthentication web site located at www.eauth.usda.gov. After accessing the eAuthentication web site the registrant must click on the Create an account tab located on the left-hand navigation bar and subsequently click on the Level 1 Access link located within the context of the web page. The registrant must then complete and submit the registration form. Once the Level 1 Access self-registration form is submitted, a Level 1 Access account is created in the eAuthentication system and an email is sent to the registrant confirming their registration for a Level 1 Access account. In order to activate the account the registrant must click on the ACTIVATE MY ACCOUNT link in the email message. The user is now able to provide their eAuthentication account credentials to access protected USDA resources requiring a Level 1 Access.
A customer eAuthentication Level 2 Access account provides access to all the portals and applications that are covered by an account with Level 2 Access, and also provides the ability to conduct official electronic business transactions with the USDA via the Internet. A Level 2 account also enables customers to enter into a contract with the USDA and submit forms electronically via the Internet with a USDA agency. Similarly, a registrant can apply for an eAuthentication Level 2 Access account directly from the USDA eAuthentication web site. After the registrant clicks on the appropriate Level 2 Access links, completes and submits the Level 2 Access self-registration form, and responds to the confirmation email, a Level 1 Access account is created in the system. An activated Level 2 Access account is not provided until the registrant is identity proofed. The registrant must then either 1) present their government issued photo ID at their local USDA Service Center or 2) answer a set of custom questions in a secured online session. For option 1, the USDA Service Center employee, a trained local registration authority (LRA), confirms the registrant’s identity and activates their Level 2 Access account. For option 2, once the registrant correctly answers the custom questions their account is automatically activated through a service with a national credit bureau. Option 2 represents the Online Identity Proofing (OIDP). OIDP consists of a web interface that makes web service calls to a national credit bureau or the user calling the USDA Call Center and answering a set of personal questions to confirm their identity. This is a service, as an alternative to the long-standing approach: than traveling to a USDA location to conduct an in-person identity proof process with an LRA. It is estimated it takes USDA customers one hour after the Level 2 Access activation by the USDA Service Center to allow the registrant access to USDA applications and services that require an account with Level 2 Access.
Informational data that must be reported through the online self-registration form in order to obtain a Level 1 Access account are: User ID, Password, First Name, Last Name, Country Name, and Email address. Although not required, the registrant may also provide their Middle Name, and Zip Code. Due to the increased level of access to USDA applications, users must provide additional informational items to obtain a Level 2 Access account. In order to obtain a Level 2 Access account the registrant in addition to Level 1 attributes must include but not limited to their: Home Address, City, State, Date of Birth and Social Security Number (SSN) (Online Identity Proofing with national credit bureau; however, this is not stored by USDA but is encrypted and then transmitted to the credit bureau), in addition to the information that must be provided to obtain a Level 1 Access account. The registrant also has the option to provide their Home Phone number or International Home Phone number (if applicable), and a Mobile Phone number or International Alternate Home Phone number (if applicable).
The online self-registration process to obtain an eAuthentication account is a one-time information collection process. The account information can be modified without the need of the user to re-register.
An eAuthentication account enables customers to access eAuthentication-protected USDA web-based applications. These resources have been integrated with the eAuthentication Service to enable electronic authentication and authorization of users. Certain personal information collected through the online self-registration process is conditionally shared with USDA Agencies in order to integrate USDA resources with the eAuthentication service. Sensitive data such as password will not be shared. The eAuthentication Service ensures that shared data is transmitted to a system that has an approved and valid Certification and Accreditation (C&A) Authority to Operate (ATO) in effect. In addition, the eAuthentication Service ensures that shared data is securely managed by requiring a Privacy Impact Assessment (PIA) and Interconnection Security Agreement (ISA) with the target system.
Use of information technology.
All technology used in the eAuthentication System is compliant with NIST Special Publication 800-63: Electronic Authentication Guideline. Users can obtain an eAuthentication Level 1 or Level 2 Access account solely through the online self-registration forms in the USDA eAuthentication web site, located at www.eauth.usda.gov. There is not a paper based form available to register for an eAuthentication account. Users must access the eAuthentication web site and complete and submit the self-registration forms electronically over the Internet. There are separate online self-registration forms for a Level 1 and Level 2 Access account. The self-registration form for a Level 2 Access account requires additional user data due to the increased level of access. The self-registration forms can be accessed directly from the following links:
Request Level 1 Access - https://www.eauth.usda.gov – Click on Create an Account – click on Register for a level 1 Account
Request Level 2 Access - https://www.eauth.usda.gov – Click on Create an Account – click on Register for a level 2 Account
Each eAuthentication account contains an associated user ID and password that was created by the user. In addition, each account contains associated roles or permissions, given by administrators, which allow the user to request access to USDA applications. The user ID and password and permissions associated with an account are what authenticates and authorizes a user to access a requested USDA resource.
The eAuthentication Service complies with the E-Government Act by eliminating the need for traditional paper-based forms. In addition, eAuthentication provides full electronic reporting capabilities as required in the E-Government Act. Also, the use of a national credit bureau provides the capacity to validate the identity of USDA customers based on the Gramm-Leach-Bliley Act.
Describe efforts to identify duplication.
USDA has built the eAuthentication Service with the elimination of duplication in mind. eAuthentication prevents users from creating and/or maintaining multiple online accounts with USDA. All eAuthentication accounts have a unique user ID. Once a registrant submits an account application the system automatically searches for pre-existing user IDs and prevents duplication of an account’s key identifier. Not all USDA customers need an eAuthentication account, only those who are requesting access to USDA resources that are protected by eAuthentication. Therefore, the eAuthentication Service cannot obtain customer information from other systems. There is also no alternate USDA enterprise service for authenticating and authorizing users electronically.
Methods used to minimize burden on small businesses or other small entities.
The reporting requirements in this information collection package will not affect small businesses. The online self-registration form is identical for all applicants irrespective to their volume or business. Therefore, no additional burden is being placed on businesses of any particular size.
Consequence if the information collection is not conducted or is conducted less frequently.
The information collected through the online eAuthentication self-registration form will only need to be collected once. If the information is not ever collected, the user must continue to conduct business with USDA through the existing paper-based processes.
Special Circumstances.
requiring respondents to report information to the agency more often than quarterly;
requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;
requiring respondents to submit more than an original and two copies of any document;
requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;
in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;
requiring the use of a statistical data classification that has not been reviewed and approved by OMB;
that includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or
requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.
None of the special circumstances shown above are applicable. There are no other special circumstances.
Federal Register notice, summarization of comments, and consultation with persons outside the agency.
A Notice to request to renew this information collection was published in the Federal Register on Friday, July 22, 2016, (Vol. 81, No. 141, pg. 47746). No comments were received.
There were no consultations outside of the agency on this collection.
Explain any decision to provide any payment or gift to respondents.
The agency does not provide any payments or gifts to respondents for information collected through the USDA eAuthentication web site.
Confidentiality provided to respondents.
All information collected will be treated as confidential in compliance with the Privacy Act and Freedom of Information Act.
The current SORN, USDA eAuthentication Service, was published on March 14, 2012 (Volume 77, No.50, page 15024). The current SORN is in the process of being revised to include additional information. Upon approval and publication of the SORN, USDA will notify OMB through a change justification.
Questions of a sensitive nature.
The information requested through the eAuthentication web site is not considered of a sensitive nature (such as religious beliefs, sexual behavior and attitude, etc.).
Estimate of burden.
USDA Agency customers can register for an eAuthentication Level 1 and Level 2 Access account. Registrants must submit a one-time online self-registration form and respond to a confirmation email to obtain an activated account. In order to obtain an active Level 2 Access account, the registrant’s identity must be manually validated at a USDA Service Center by an LRA, or validated using the Online Identity Proofing provided through a contract with an identity proofing provider.
The time estimated for the Online Identity Proofing (OIDP) is estimated to be 10 minutes. This is due to the fact that there will be no travel time involved. Once a Level 2 Access account is requested the registrant can go on to ID proof online, which is estimated to be an additional 10 minutes after initial online self-registration.
The USDA eAuthentication Service has been operating since October 2003. From October 2003 – October 2016 there has been an average of 9,521 new Level 1 Access and 1,487 new Level 2 Access account registrations each month. During this time period the number of integrated USDA applications with eAuthentication has increased from 40 applications to more than 450 web applications. The eAuthentication Service estimates that there will be a similar rate of expected new registrations annually due to the OIDP implementation. Therefore, eAuthentication estimates that there will be 114,256 (9,521 registrants * 12 months) new Level 1 Access account registrations annually. Similarly, there will be an estimated 17,848 (1,487 registrants * 12 months) new Level 2 Access account registrations annually. Collectively, eAuthentication estimates 132,104 (114,840 Level 1 + 17,848 Level 2) new account registrations annually. There are no entries on the online form that requires any applicant to develop new information not already known by the applicant.
For a Level 1 Access account it is estimated to take 8 minutes to read, understand, and complete the online self-registration form. The estimated annual cost to the public is $207,032 which is based on the annual burden of 15,234 hours (114,256 responses * 8 minutes) times an average hourly wage of $13.59 per customer. The average hourly wage is based on the mean hourly rate of Farming, Fishing, and Forestry Occupations in the Agriculture, Forestry, Fishing and Hunting sector of the May 2015 National Industry-Specific Occupational Employment and Wage Estimates. This estimate is provided through the Bureau of Labor Statistics and can be directly accessed at http://www.bls.gov/oes/current/naics2_11.htm#00-0000.
For a Level 2 Access account it is estimated to take 40 minutes to read, understand, and complete the online self-registration form, an additional 10 minutes if the optional Online Identity Proofing (OIDP) is used, or one hour of travel time if the in person registration is used. This amounts to an estimated annual cost to the public of $173,698, which is based on the annual burden as follows:
Using an estimate of 70% of registrants (12,494) using OIDP – 2,082 hours (12,494 responses * 10 minutes) times an hourly wage of $13.59 per customer equals $28,294.
Using an estimate of 30% of registrants (5,354) using online self-registration and local registrant authority (average 40 minutes) and then travelling (average 1 hour) to a USDA Service Center to be manually validated – 8923 hours (5,354 responses * 100 minutes) times an hourly wage of $13.59 per customer equals $121,264.
Total annual cost burden to respondents.
The information collection and reporting burden does not impose any capital or start-up costs to respondents. The information is already known by respondents and there are no ongoing or follow-up reporting requirements that impose any costs but for the one-time collection.
Provide estimates of annualized cost to the Federal government.
The estimated cost to the Federal government is $437,520. This estimate is based on the cost of gathering, maintaining, retrieving, and disseminating the data. Despite fully supporting electronic information collection, additional time is sometimes needed to assist customers who are having difficulties. The estimated cost is based on requiring at least 10 minutes per response (135,596 annual responses) times the average of the GS-5 (step 5) through GS-7 (step 5) salary income of $40,277 per year or $19.36 per hour ($40,277/2080 hours per year).
Reasons for changes in burden.
The overall annual burden rate has increased from $338,945 to $396,859. The factors that contributed to this change are shown here:
There is an adjusted increase of $10.79 per customer to $13.59 per customer based on the National Industry-Specific Occupational Employment and Wage Estimates from the Bureau of Labor Statistics. Although Farming, Fishing, and Forestry under the Agriculture, Forestry, Fishing, and Hunting was selected in October 2012 the cliental of the 450 web applications is much larger in the aspects of Agriculture.
There is an increase of account holders from 541,744 to 845,503 (574,774 Level 1; 113,944 Level 2 (Internal-USDA); and 156,784 Level 2(External)) from October 2012 to April 2016. USDA has expanded the web application capability to conduct official business.
114,256 Level 1 account respondents (from 114,860 in the last submission to 114,256 in this renewal). The decrease in the growth of Level 1 accounts was due to more government website applications requiring a Level 2 accounts for access.
There is an adjustment increase of 2,988 in Level 2 account respondents (from 14,860 in the last submission to 17,848 in this renewal period). The increase in growth of Level 2 accounts is due to USDA requiring more Level 2 accounts to conduct business and is a direct result in the increase of web applications to conduct official business with the USDA. It is anticipated that Level 2 accounts will grow further will the enhancement of OIDP and the federal government setting precedence with multifactor authentication for public users.
There is a 402 hour decrease in the identity proofing due to the implementation of OIDP. OIDP level of effort reduces the hourly burden for the public by 52 minutes.
Outline plans for tabulation and publication.
The information collected is not planned for publication. It will only be used to provide the customer authorized access to applications.
Reasons display of expiration date for OMB approval of the information collection is inappropriate.
The USDA eAuthentication Service is not requesting an exemption for the expiration date..
Exceptions to the certification statement identified in Item 19 of the OMB 83-I form.
There are no exceptions to the certification statement.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |