0693-XXXX-NIST-CybersecurityCareerAwarness-SupportingStatement-UPDATED

SUPPORTING STATEMENT

U.S. Department of Commerce

National Institute of Standards and Technology

Events and Efforts Supporting National Cybersecurity Career Awareness Week

OMB Control No. 0693-XXXX

A. JUSTIFICATION

1. Explain the circumstances that make the collection of information necessary

This collection is necessary to support the National Initiative for Cybersecurity Education (NICE) Strategic Plan objective to inspire cybersecurity career awareness. The collection of information will allow the NICE Program Office to share with the public a compiled list of events and opportunities to learn about cybersecurity careers. Doing so will provide a resource for potential attendees, extend the reach of programs and efforts, serve as a source of metrics for outreach activities and impact, and encourage more stakeholders to get involved in National Cybersecurity Career Awareness Week.

2. Explain how, by whom, how frequently, and for what purpose the information will be used. If the information collected will be disseminated to the public or used to support information that will be disseminated to the public, then explain how the collection complies with all applicable Information Quality Guidelines.

The information gathered in this collection will be populated into publicly accessible list on nist.gov/nice on an on-going basis. The public will access this list to learn about events held by the public to raise cybersecurity career awareness with the intention to increase the reach of and participation at such events. The list will also serve as a resource for those wishing to access information on cybersecurity careers. The information collected will not be analyzed or changed prior to publishing.

Information collected includes basic contact information, such as name, however the data is referential in nature only. Records will not be retrieved by a personal identifier, therefore this is not a Privacy Act System of Records and does not require a SORN or Privacy Act Statement. The primary goal for this collection is to learn what kind of events are happening and where.

3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological techniques or other forms of information technology.

The collection process will take place on nist.gov/nice. A web form will allow participants to enter information. After the information is received by the NICE Program Office, it will be organized into a format that can be place on nist.gov/nice.

4. Describe efforts to identify duplication.

Through the NIST PRA process, it has been noted that there is no duplication within the agency. NICE convenes monthly interagency coordination meetings in which this collection was discussed among agencies including, but not limited to: Department of Homeland Security, National Science Foundation, National Security Agency, Department of Education, and Department of Labor. There is no duplication of efforts among these agencies. An environmental scan was also conducted among the NICE Working Group, a public group consisting of several government, academic, and industry stakeholders. No duplication was found.

5. If the collection of information involves small businesses or other small entities, describe the methods used to minimize burden.

All responses to this collection are completely voluntary.

6. Describe the consequences to the Federal program or policy activities if the collection is not conducted or is conducted less frequently.

If the collection is not conducted, the NICE Program Office will be unable to promote and stimulate excitement and energy around National Cybersecurity Career Awareness Week, a campaign that focuses local, regional, and national interest to inspire, educate and engage children through adults to pursue careers in cybersecurity.

7. Explain any special circumstances that require the collection to be conducted in a manner inconsistent with OMB guidelines.

This collection is consistent with OMB guidelines.

8. Provide information of the PRA Federal Register Notice that solicited public comments on the information collection prior to this submission. Summarize the public comments received in response to that notice and describe the actions taken by the agency in response to those comments. Describe the efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and recordkeeping, disclosure, or reporting format (if any), and on the data elements to be recorded, disclosed, or reported.

A 60 day federal register notice soliciting public comments was published on March 9, 2018 (Vol. 83, Number 47, page 10434).

NIST received one comment from Patrick Schultz, the National NICE K12 Subgroup Co-Chair. The comment received was positive and supportive of the proposed information collection. NIST did not communicate with the commenter. The comment received has been uploaded in ROCIS for review.

A 30 day federal register notice soliciting public comments was published on August 24, 2018 (Vol. 83, Number 165, page 42867.)

9. Explain any decisions to provide payments or gifts to respondents, other than remuneration of contractors or grantees.

Payments or gifts will not be provided to respondents.

10. Describe any assurance of confidentiality provided to respondents and the basis for assurance in statute, regulation, or agency policy.

Responses will be voluntary and posted publicly. There will be an announcement at the beginning of the collection to notify respondents that their responses will be made public.

11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private.

There will be no questions of sensitive nature included in the collection.

12. Provide an estimate in hours of the burden of the collection of information.

NIST estimates that 500 Respondents will take 10 minutes to complete the collection instrument, for a total annual burden of 83 hours.

13. Provide an estimate of the total annual cost burden to the respondents or record-keepers resulting from the collection (excluding the value of the burden hours in

Question 12 above).

The collection will be voluntary and free to access. It will not bear any cost burden.

14. Provide estimates of annualized cost to the Federal government.

It is estimated that 170 labor hours will be allocated for this collection. This includes all activities of the PRA process, developing the collection instrument (website form), maintaining the collection instrument and data collected, and updating the public-facing website with collected information. Per these NIST estimates that 170 labor hours @ $40.00 per hour, this collection will incur an annual cost of $6,800 on the Federal government.

15. Explain the reasons for any program changes or adjustments.

This is a new collection and the estimates described in the 60 day Federal Register Notice (FRN) have been modified. In the process of finalizing the collection instrument, the total time for a single respondent to complete the instrument was re-adjusted. It is now estimated to take 10 minutes to complete, an increase of 5 minutes.

16. For collections whose results will be published, outline the plans for tabulation and publication.

Data will be collected through an online form which will export into a database format. Data will then be organized by event or activity date and published to a public-facing web site on nist.gov/nice.

17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons why display would be inappropriate.

Not applicable.

18. Explain each exception to the certification statement.

Not applicable.