SUPPORTING STATEMENT - PART A
System Authorization Access Request Form – 0704-SAAR
1. Need for the Information Collection
The DD Form 2875 “System Authorization Access Request (SAAR)” is utilized to document the data elements necessary for validating the trustworthiness of individuals requesting access to Department of Defense systems and information. Executive Order 10450 “Security Requirements for Government Employment” establishes the security requirements for government employment. The requestor’s security requirements (background investigation and clearance information) are identified on the DD Form 2875 and validated by the cognizant Security Manager. Collection of the requestor’s security requirements information ensures that any system access granted is consistent with the interests of national security. Public Law 99-474 “Computer Fraud and Abuse Act of 1986” provides penalties for fraud and related activities in connection with access to government computers/systems.
2. Use of the Information
When an initial determination is made that an individual requires access to one or more DoD information systems, applications, databases, etc. to perform assigned duties and responsibilities, he/she retrieves the DD Form 2875 from the official website for DoD Forms at https://www.esd.whs.mil/Portals/54/Documents/DD/forms/dd/dd2875.pdf. The DD Form 2875 may be utilized by any DoD civilian, military, contractor, or other authorized individual with the need for access to a DoD information system, application, database, etc. It is in adobe pdf. (fillable) format and may be completed electronically or manually. A DD Form 2875 is completed for each individual and often for each system owner. Disclosure of the requested information is voluntary however, failure to provide the requested information may impede, delay, or prevent further processing of the request.
The individual will complete Part I of the DD Form 2875 and submit it to his/her supervisor or government sponsor. The supervisor/government sponsor will review the request, complete Part II (through block 20b.) of the form, and return the form to the individual. The individual submits the form to the cognizant Security Manager to complete Part III. Once completed, the Security Manager returns the form to the individual. The individual submits the form to the Information Assurance Officer (IAO) or other authorized system administrator via upload, email, fax or manually, according to locally established procedures. The individual may be required to provide supporting documentation such as training completion certificates as requested by the IAO. The IAO or other authorized system administrator will review the request, grant/deny the requested access(es) and complete Part IV and blocks 21 through 25 of the form. The IAO notifies the individual of the approval/rejection and provides a copy of the completed DD Form 2875 via locally established procedures. The original DD Form 2875, with original signatures in Parts I, II and III, must be maintained on file for one year after termination of the individual’s account. The file may be maintained by the DoD, or the cognizant IAO. The result of this collection is the Department’s ability to make informed decisions regarding an individual’s trustworthiness prior to granting access to DoD systems and information, and the record of these decisions in an auditable format.
3. Use of Information Technology
DISA estimates approximately 95% of agency responses are collected electronically. The DD Form 2875 is available for download directly from the DoD Forms Management Program website and can therefore be accessed at any time. The DD Form 2875 is in adobe pdf. (fillable form) format so the individual can immediately begin completing the form. The DD Form 2875 also supports electronic signatures. Electronic signatures are encouraged and preferred, however, ink signatures are still accepted. The form may be submitted via upload, email, fax or manually, according to locally established procedures.
DISA is currently working on the automated Enterprise Security Posture System Access Management (SAM) tool for the collection and processing of SAAR information. The SAM tool is being introduced in an effort to create a central repository for DISA’s DD Form 2875 submissions worldwide and improve agency means for auditing this data.
4. Non-duplication
The information obtained through this collection is unique and is not already available for use or adaptation from another cleared source.
5. Burden on Small Businesses
This information collection does not impose a significant economic impact on a substantial number of small businesses or entities.
6. Less Frequent Collection
The DD Form 2875 collection frequency is as required. Each individual requesting access to DoD systems or information must complete his/her own DD Form 2875, or they will not be granted access. An individual requesting access to multiple systems may be required to submit separate DD Form 2875s as well. The DD Form 2875 accommodates one Information Assurance Owner (IAO) signature, therefore requests for multiple systems must be separated for processing and file maintenance. Varying DoD information systems and access levels may have different trust requirements too. Lastly everyone’s justification for access is unique to his/her assigned duties and responsibilities.
7. Paperwork Reduction Act Guidelines
This collection of information does not require collection to be conducted in a manner inconsistent with the guidelines delineated in 5 CFR 1320.5(d)(2).
8. Consultation and Public Comments
Part A: PUBLIC NOTICE
A 60-Day Federal Register Notice for the collection published on Friday, October 29, 2021. The 60-Day FRN citation is 86 FRN 60006.
No comments were received during the 60-Day Comment Period.
A 30-Day Federal Register Notice for the collection published on Monday, March 28, 2022. The 30-Day FRN citation is 87 FRN17277.
Part B: CONSULTATION
No additional consultation apart from soliciting public comments through the Federal Register was conducted for this submission.
9. Gifts or Payment
No payments or gifts are being offered to respondents as an incentive to participate in the collection.
10. Confidentiality
The Privacy Act Statement is in the header on page 1 of the DD Form 2875.
A System of Record Notice (SORN) is not required for this collection because records are not retrievable by PII.
A Privacy Impact Assessment (PIA) is not required for this collection because PII is not being collected electronically.
Records Retention and Disposition Schedule. Each DoD Component is responsible for retaining and disposing of DD Form 2875 “System Authorization Access Request (SAAR)” records.
General Records Schedule 3.2 Information Systems Security Records.
Item 030 and 031. System access records. These records are created as par of the user identification and authorization process to gain access to systems. Records are used to monitor inappropriate systems access by users. Includes records such as:
User profiles
Log-in files
Password files
Audit trail files and extracts
System usage files
Cost-back files used to assess charges for system use
Exclusion 1. Excludes records relating to electronic signatures.
Exclusion 2. Does not include monitoring for agency mission activities such as law enforcement.
Systems not requiring special accountability for access. These are user identification records generated according to preset requirements, typically system generated. A system may, for example, prompt users for new passwords every 90 days for all users.
Temporary. Destroy when business use ceases. DAA-GRS-2013-0006-0003
Systems requiring special accountability for access. These are user identification records associated with systems which are highly sensitive and potentially vulnerable.
Temporary. Destroy 6 years after password is altered or user account is terminated, but longer retention is authorized if required for business use. DAA-GRS-0006-0004
11. Sensitive Questions
No questions considered sensitive are being asked in this collection.
12. Respondent Burden and its Labor Costs
Part A: ESTIMATION OF RESPONDENT BURDEN
Collection Instrument(s)
DD Form 2875 System Authorization Access Request (SAAR)
Number of Respondents: 900,000
Number of Responses Per Respondent: 8
Number of Total Annual Responses: 7,200,000
Response Time: 5 minutes
Respondent Burden Hours: 600,000 hours
Total Submission Burden
Total Number of Respondents: 900,000
Total Number of Annual Responses: 7,200,000
Total Respondent Burden Hours: 600,000 hours
Part B: LABOR COST OF RESPONDENT BURDEN
Collection Instrument(s)
DD Form 2875 System Authorization Access Request (SAAR)
Number of Total Annual Responses: 7,200,000
Response Time: 5 minutes
Respondent Hourly Wage: $27.07
Labor Burden per Response: $2.26
Total Labor Burden: $16,242,000
Overall Labor Burden
Total Number of Annual Responses: 7,200,000
Total Labor Burden: $16,242,000
The respondent hourly wage was determined by using the Department of Labor Wage Website (https://www.bls.gov/oes/current/oes_nat.htm).
13. Respondent Costs Other Than Burden Hour Costs
There are no annualized costs to respondents other than the labor burden costs addressed in Section 12 of this document to complete this collection.
14. Cost to the Federal Government
Part A: LABOR COST TO THE FEDERAL GOVERNMENT
Collection Instrument(s)
DD Form 2875 System Authorization Access Request (SAAR)
Number of Total Annual Responses: 7,200,000
Processing Time per Response: 20 minutes
Hourly Wage of Worker(s) Processing Responses: $27.07
Cost to Process Each Response: $9.02
Total Cost to Process Responses: $64,968,000
Overall Labor Burden to the Federal Government
Total Number of Annual Responses: 7,200,000
Total Labor Burden: $64,968,000
The hourly wage of workers processing responses was determined by using the Department of Labor Wage Website (https://www.bls.gov/oes/current/oes_nat.htm).
Part B: OPERATIONAL AND MAINTENANCE COSTS
Cost Categories
Equipment: $0
Printing: $0
Postage: $0
Software Purchases: $0
Licensing Costs: $0
Other: $0
Total Operational and Maintenance Cost: $0
Part C: TOTAL COST TO THE FEDERAL GOVERNMENT
Total Labor Cost to the Federal Government: $64,968,000
Total Operational and Maintenance Costs: $0
Total Cost to the Federal Government: $64,968,000
15. Reasons for Change in Burden
This is an existing collection currently in use without an OMB Control Number.
16. Publication of Results
The results of this information collection will not be published.
17. Non-Display of OMB Expiration Date
We are not seeking approval to omit the display of the expiration date of the OMB approval on the collection instrument.
18. Exceptions to “Certification for Paperwork Reduction Submissions”
We are not requesting any exemptions to the provisions stated in 5 CFR 1320.9.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Kaitlin Chiarelli |
| File Modified | 0000-00-00 |
| File Created | 2022-03-30 |