BUREAU OF CONSUMER FINANCIAL PROTECTION
Request for Approval under the
“GENERIC INFORMATION COLLECTION PLAN FOR THE COLLECTION OF QUALITATIVE FEEDBACK ON THE SERVICE DELIVERY OF THE CONSUMER FINANCIAL PROTECTION BUREAU”
(OMB Control Number: 3170-0024)
2. PURPOSE: The Cybersecurity office is requesting permission to survey CFPB contractors on cybersecurity skills that the Bureau may or may not have on staff. This survey was recommended by the Office of Inspector General following the CFPB 2019 Federal Information System Modernization Act) audit. Data collected will be used solely by the Cybersecurity office to better inform cybersecurity training offerings and training needs for FY22. The data will not be used for hiring/firing, evaluating contractor performance, evaluating programs, or any other activities conducted by other offices in the CFPB.
3. DESCRIPTION OF RESPONDENTS: CFPB contractors.
4. TYPE OF COLLECTION (Administration of the COLLECTION instrument):
How will you collect the information? Check all that apply.
[ ] Web-based or other forms of Social Media [ ] Telephone
[ ] In-person [ ] Mail
[ ] Small Discussion Group [ ] Focus Group [ ] Other (please explain)
Will interviewers or facilitators be used?
[ ] Yes [ ] No [X] Not Applicable
Focus group or survey:
If you plan to conduct a focus group or survey, please provide answers to the following questions:
a. Do you have a customer list or something similar that defines the universe of potential respondents and do you have a sampling plan for selecting from this universe?
[X] Yes [ ] No [ ] Not Applicable
b. If yes, please provide a description below. If no, please provide a description of how you plan to identify your potential group of respondents and how you will select them.
The Cybersecurity department will use the list of CFPB contractors identified within CFPB’s Active Directory tool, which is fed into the KnowBe4 learning management platform used for our role-based training and all cyber related trainings.
Information Collection Procedures:
Please summarize the procedures that will be used to collect data from respondents.
An anonymized and voluntary survey will be sent to all contractors who have been identified within Active Directory as working in the affected divisions. No names or other PII will be collected.
Personally Identifiable Information:
Is personally identifiable information (PII) collected? [ ] Yes [X] No
If yes, is the information that will be collected included in records that are subject to the Privacy Act of 1974?
[ ] Yes [ ] No [X] Not Applicable
If Yes, describe what PII will be collected and why it is needed and how it will be used.
Has a System or Records Notice (SORN) been published?
[ ] Yes [ ] No [X] Not Applicable
If yes, list the SORN title and the Federal Register (FR) citation:
Title: _________________________________________________________
__ FR _____.
If applicable, please provide a link to the Privacy Impact Assessment.
INCENTIVES:
Is an incentive provided to participants? [ ] Yes [X] No
If yes, provide a statement justifying the use and amount of the incentive and the amount or value of the incentive: N/A
Assurances of Confidentiality:
Will a pledge of confidentiality be made to respondents? [ ] Yes [ X] No
If yes, please cite the statue, regulation, or contractual terms supporting the pledge. N/A
JUSTIFICATION OF SENSITIVE QUESTIONS (if applicable): N/A
BURDEN HOURS:
Collection of Information |
Number of Respondents |
Frequency |
Number of Annual Responses |
Average Response Time (hours) |
Burden (hours) |
Cybersecurity Skills Gap Survey |
160 |
1 |
160 |
0.5 |
80 |
TOTAL |
160 |
|
160 |
|
80 |
FEDERAL COST: The estimated annual cost to the Federal government is $0.
13. CERTIFICATION:
CERTIFICATION PURSUANT TO 5 CFR 1320.9, AND THE RELATED PROVISIONS OF
5 CFR 1320.8(b)(3):
By submitting this document, the Bureau certifies the following to be true:
(a) It is necessary for the proper performance of agency functions;
(b) It avoids unnecessary duplication;
(c) It uses plain, coherent, and unambiguous terminology that is understandable to respondents;
(d) Its implementation will be consistent and compatible with current reporting and recordkeeping practices;
(e) It indicates the retention period for recordkeeping requirements;
(f) It informs respondents of the information called for under 5 CFR 1320.8(b)(3):
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
(g) It was developed by an office that has planned and allocated resources for the efficient and effective management and use of the information to be collected;
(h) It uses effective and efficient statistical survey methodology; and
(i) It makes appropriate use of information technology.
CERTIFICATION FOR INFORMATION COLLECTIONS SUBMITTED UNDER A GENERIC INFORMATION COLLECTION PLAN
By submitting this document, the Bureau certifies the following to be true:
The collection is voluntary.
The collection is low-burden for respondents.
The collection is non-controversial and does not raise issues of concern to other Federal agencies.
Information gathered will not be used for the purpose of substantially informing influential policy decisions.
The collection is not statistically significant; the results are not intended to be generalizable beyond the survey population.
The results will not be used to measure regulatory compliance or for program evaluation.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | DOCUMENTATION FOR THE GENERIC CLEARANCE |
| Author | 558022 |
| File Modified | 0000-00-00 |
| File Created | 2022-10-11 |