Attachment J: 2018 Reabstraction Burden
Form Approved: OMB No. 0920-0234 Exp. Date xx/xx/20xx
NOTICE
– Public reporting burden of this collection of information is
estimated to average 1 minute per response, including the time for
reviewing instructions, searching existing data sources, gathering
and maintaining the data needed, and completing and reviewing the
collection of information. An agency may not conduct or sponsor, and
a person is not required to respond to, a collection of information
unless it displays a currently valid OMB control number. Send
comments regarding this burden estimate or any other aspect of this
collection of information, including suggestions for reducing this
burden to CDC/ATSDR Information Collection Review Office, 1600
Clifton Road, MS D-74, Atlanta, GA 30333, ATTN: PRA (0920-0234).
Assurance of
confidentiality-We
take your privacy very seriously. All information that relates to
or describes identifiable characteristics of individuals, a
practice, or an establishment will be used only for statistical
purposes. NCHS staff, contractors, and agents will not disclose or
release responses in identifiable form without the consent of the
individual or establishment in accordance with section 308(d) of the
Public Health Service Act (42USC 242m) and the Confidential
Information Protection and Statistical Efficiency Act of 2001
(CIPSEA, Title 5 of Public Law 107-347). In accordance with CIPSEA,
every NCHS employee, contractor, and agent has taken an oath and is
subject to a jail term of up to five years, a fine of up to
$250,000, or both if he or she willfully discloses ANY identifiable
information about you. In addition, NCHS complies with the Federal
Cybersecurity Enhancement Act of 2015. This law requires the
federal government to protect federal computer networks by using
computer security programs to identify cybersecurity risks like
hacking, internet attacks, and other security weaknesses. If
information sent through government networks triggers a cyber threat
indicator, the information may be intercepted and reviewed for cyber
threats by computer network experts working for, or on behalf, of
the government.
The Cybersecurity Act of 2015
permits monitoring information systems for the purpose of protecting
a network form hacking, denial of service attacks and other security
vulnerabilities.1
The software used
for monitoring may scan information that is transiting, stored on,
or processed by the system. If the information triggers a cyber
threat indicator, the information may be intercepted and reviewed
for cyber threats. The Cybersecurity Act specifies that the cyber
threat indicator or defensive measure taken to remove the threat may
be shared with others only after any information not directly
related to a cybersecurity threat has been removed, including
removal of personal information of a specific individual or
information that identifies a specific individual. Monitoring under
the Cybersecurity Act may be done by a system owner or another
entity the system owner allows to monitor its network and operate
defensive measures on its behalf.
1
“Monitor” means “to acquire, identify, or scan, or
to possess, information that is stored on, processed by, or
transiting an information system”; “information system”
means “a discrete set of information resources organized for
the collection, processing, maintenance, use, sharing, dissemination
or disposition of information”; “cyber threat indicator”
means “information that is necessary to describe or identify
security vulnerabilities of an information system, enable the
exploitation of a security vulnerability, or unauthorized remote
access or use of an information system.”
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | CDC User |
File Modified | 0000-00-00 |
File Created | 2021-01-20 |