SUPPORTING STATEMENT
U.S. Department of Commerce
National Institute of Standards and Technology
Events and Efforts Supporting Cybersecurity Career Awareness Week
OMB Control No. 0693-0082
SUPPORTING STATEMENT PART A
Abstract
The purpose of the Cybersecurity Career Awareness Week event and activity collection instrument is to create a resource for the public with information on efforts they can get involved in if interested in learning more about cybersecurity careers. The first objective in the National Initiative for Cybersecurity Education (NICE) Strategic Plan is to “Identify and share effective practices for promoting cybersecurity career awareness and discovery to diverse stakeholders.” The collection instrument will do this by allowing the public to voluntarily share their efforts. By providing this resource, those interested in learning about cybersecurity careers will have a single, central location to find information instead of having to visit multiple different websites to learn about activities. A central resource also helps grow traction and participation.
Justification
1. Explain the circumstances that make the collection of information necessary. Identify any legal or administrative requirements that necessitate the collection. Attach a copy of the appropriate section of each statute and regulation mandating or authorizing the collection of information.
This collection is necessary to support the NICE Strategic Plan goal to promote the discovery of cybersecurity careers and multiple pathways. The collection of information will allow the NICE Program Office to share with the public a compiled list of events and opportunities to learn about cybersecurity careers. Doing so will provide a resource for potential attendees, extend the reach of programs and efforts, serve as a source of metrics for outreach activities and impact, and encourage more stakeholders to get involved in Cybersecurity Career Awareness Week.
2. Indicate how, by whom, and for what purpose the information is to be used. Except for a new collection, indicate the actual use the agency has made of the information received from the current collection.
The information gathered in this collection will be populated into publicly accessible list on nist.gov/nice on an on-going basis. The public will access this list to learn about events held by the public to raise cybersecurity career awareness with the intention to increase the reach of and participation at such events. The list will also serve as a resource for those wishing to access information on cybersecurity careers. The information collected is reviewed for accuracy, but otherwise will not be analyzed or changed prior to publishing.
Information collected includes basic contact information, such as name, however the data is referential in nature only. Records will not be retrieved by a personal identifier; therefore, this is not a Privacy Act System of Records and does not require a SORN or Privacy Act Statement. The primary goal for this collection is to learn what kind of events are happening and where.
To date the information collected through this instrument has been used to increase excitement around and activity in support of Cybersecurity Career Awareness Week. Over the past two years we have seen significant growth in the number of efforts from the community to help raise awareness of cybersecurity career resources. The collection instrument has enabled us to create a sense of community around the annual event has encouraged more individuals and organizations to participate.
3. Describe whether, and to what extent, the collection of information involves the use of automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses, and the basis for the decision for adopting this means of collection. Also describe any consideration of using information technology to reduce burden.
The collection process will take place on nist.gov/nice. A web form will allow participants to enter information. After the information is received by the NICE Program Office, it will be organized into a format that can be placed on nist.gov/nice.
4. Describe efforts to identify duplication. Show specifically why any similar information already available cannot be used or modified for use for the purposes described in Item 2 above.
Through the NIST PRA process, it has been noted that there is no duplication within the agency. NICE convenes monthly interagency coordination meetings in which this collection was discussed among agencies including, but not limited to: Department of Homeland Security, National Science Foundation, National Security Agency, Department of Education, and Department of Labor. There is no duplication of efforts among these agencies. An environmental scan was also conducted among the NICE Community Coordinating Council, a public group consisting of several government, academic, and industry stakeholders. No duplication was found.
5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
All responses to this collection are completely voluntary.
6. Describe the consequence to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
If the collection is not conducted, the NICE Program Office will be unable to promote and stimulate excitement and energy around Cybersecurity Career Awareness Week, a campaign that focuses local, regional, national, and international interest to inspire, educate and engage children through adults to pursue careers in cybersecurity.
7. Explain any special circumstances that would cause an information collection to be conducted in a manner: requiring respondents to report information to the agency more often than quarterly; requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it; requiring respondents to submit more than an original and two copies of any document; requiring respondents to retain records, other than health, medical, government contract; grant-in-aid, or tax records, for more than three years; in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study; requiring the use of a statistical data classification that has not been reviewed and approved by OMB; that includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or requiring respondents to submit proprietary trade secrets, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.
This collection is consistent with OMB guidelines.
8. If applicable, provide a copy and identify the date and page number of publication in the Federal Register of the agency's notice, required by 5 CFR 1320.8(d), soliciting comments on the information collection prior to submission to OMB. Summarize public comments received in response to that notice and describe actions taken by the agency in response to these comments. Consultation with representatives of those from whom information is to be obtained or those who must compile records should occur at least once every 3 years - even if the collection of information activity is the same as in prior periods. There may be circumstances that may preclude consultation in a specific situation. These circumstances should be explained.
A 60-day Federal Register Notice soliciting public comments was published on June 28, 2021 (Vol. 86, Number 121, pages 33991-33992). No comments were received.
A 30-day Federal Register Notice soliciting public comments was published on October 26, 2021 (Vol. 86, Number 204, page 59147.)
Through the NICE Community Coordinating Council, the NICE Program Office maintains on-going communication with those in the public and private sector who promote cybersecurity careers and submit materials to the collection instrument. Consensus continues to be that the collection is valuable in showcasing activities and helpful to those wanting to get more engaged.
9. Explain any decision to provide any payment or gift to respondents, other than remuneration of contractors or grantees.
Payments or gifts will not be provided to respondents.
10. Describe any assurance of confidentiality provided to respondents and the basis for the assurance in statute, regulation, or agency policy. If the collection requires a system of records notice (SORN) or privacy impact assessment (PIA), those should be cited and described here.
Responses will be voluntary and posted publicly. There will be an announcement at the beginning of the collection to notify respondents that their responses will be made public.
11. Provide additional justification for any questions of a sensitive nature, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. This justification should include the reasons why the agency considers the questions necessary, the specific uses to be made of the information, the explanation to be given to persons from whom the information is requested, and any steps to be taken to obtain their consent.
There will be no questions of sensitive nature included in the collection.
12. Provide estimates of the hour burden of the collection of information.
NIST estimates that 500 Respondents will take 10 minutes to complete the collection instrument, for a total annual burden of 83 hours.
13. Provide an estimate for the total annual cost burden to respondents or record keepers resulting from the collection of information. (Do not include the cost of any hour burden already reflected on the burden worksheet).
The collection will be voluntary and free to access. It will not bear any cost burden.
14. Provide estimates of annualized costs to the Federal government. Also, provide a description of the method used to estimate cost, which should include quantification of hours, operational expenses (such as equipment, overhead, printing, and support staff), and any other expense that would not have been incurred without this collection of information. Agencies may also aggregate cost estimates from Items 12, 13, and 14 in a single table.
It is estimated that 80 labor hours will be allocated for this collection. This includes all activities of the PRA process, developing the collection instrument (website form), maintaining the collection instrument and data collected, and updating the public-facing website with collected information. Per these NIST estimates that 80 labor hours @ $40.00 per hour, this collection will incur an annual cost of $3,200 on the Federal government.
15. Explain the reasons for any program changes or adjustments reported on the burden
worksheet.
There is a global demand for cybersecurity careers. To strengthen the efforts of Cybersecurity Career Awareness Week, it was decided to remove the reference to “National”. Doing so encourages a broader audience to get involved.
The collection instrument was also adjusted to make it easier for participants to report multiple activities at one time. Feedback was provided to the NICE Program Office that it was tedious to submit entries individually. Additionally, there was previously no option to indicate if an event was being held virtually. Virtual event option has been added.
16. For collections of information whose results will be published, outline plans for tabulation and publication. Address any complex analytical techniques that will be used. Provide the time schedule for the entire project, including beginning and ending dates of the collection of information, completion of report, publication dates, and other actions.
Data will be collected through an online form which will export into a database format. Data will then be organized by event or activity date and published to a public-facing web site on nist.gov/nice.
17. If seeking approval to not display the expiration date for OMB approval of the information collection, explain the reasons that display would be inappropriate.
The OMB number and expiration date will be displayed on the instrument.
18. Explain each exception to the topics of the certification statement identified in “Certification or Paperwork Reduction Act Submissions.”
There are no exceptions to this information collection.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Reinhart, Liz (Fed) |
File Modified | 0000-00-00 |
File Created | 2021-10-27 |