Download:
docx |
pdf
Supporting
Statement for Paperwork Reduction Act Submissions
Title:
Secure Software Attestation Common Form
OMB
Control Number: 1670-NEW
A.
Justification
���1.
Explain the circumstances that make the collection of information
necessary. Identify any legal or administrative requirements that
necessitate the collection. Attach a copy of the appropriate section
of each statute and regulation mandating or authorizing the
collection of information.
This justification supports clearance of a new OMB control number for
a common form. Office of Management and Budget (OMB) Memorandum
M-22-18, Enhancing the Security of the Software Supply Chain through
Secure Software Development Practices, dated September 14, 2022,
requires CISA, in consultation with OMB, to develop a secure software
attestation “common form” for Paperwork Reduction Act
(PRA) clearance for all Federal departments and agencies. The common
form will allow agencies to collect software attestation information
from software producers. This supporting statement addresses the
burden for all DHS contractors, to include Plan of Action and
Milestones (POA&M) burden for Federal departments and agencies.
However, other Federal departments and agencies will self-report
burden estimates and number of respondents under the common form.
���2.
Indicate how, by whom, and for what purpose the information is to be
used. Except for a new collection, indicate the actual use the
agency has made of the information received from the current
collection.
This is a
new information collection request. This collection is to provide
assurance that software producers have performed secure due diligence
in their Software Lifecycle Management and to attest to such. The
information in the collection will be used by the Executive Brach
agency to perform validation of the information. The purpose of the
collection to meet the requirements prescribed and mandated in by
Executive Order (EO) 14028, Improving the Nation’s
Cybersecurity (May 12, 2021), OMB Memorandum M-22-18 Enhancing the
Security of the Software Supply Chain through Secure Software
Development Practices, and OMB Memorandum M-23-16 Update to
Memorandum M-22-18, Enhancing the Security of the Software Supply
Chain
through
Secure Software Development Practices.
���3.
Describe whether, and to what extent, the collection of information
involves the use of automated, electronic, mechanical, or other
technological collection techniques or other forms of information
technology, e.g., permitting electronic submission of responses, and
the basis for the decision for adopting this means of collection.
Also describe any consideration of using information technology to
reduce burden.
The
Government uses this information to help ensure: 1) protection of
Federal information and information systems used or operated by an
agency or by a contractor of an agency or other organization on
behalf of an agency, and 2) software producer compliance with minimum
requirements promulgated by OMB.
Federal
agencies use information technology to the maximum extent
practicable. Where both the Government agency and contractors are
capable of electronic interchange, the contractors shall submit this
information collection requirement electronically. Additionally,
this inform collection request covers the requirement for the
software producer to develop a POA&M if a completed attestation
form cannot be obtained by a Federal agency.
The
form contemplates each software producer self-attesting to their own
compliance with secure software development practices. CISA, in
consultation with OMB, will bring a platform to initial operating
capacity for the collection of software producer attestations.
Completed attestations will eventually be storied in this centralized
repository.
It
should be noted that the secure software development practices
identified in the common form are a subset of NIST Special
Publication 800-218, Secure Software Development Framework (SSDF)
(see https://csrc.nist.gov/publications/detail/sp/800-218/final),
and requirements put forth in subsection (4)(e) of EO 14028,
Improving the Nation’s Cybersecurity, dated May 12, 2021.
���4.
Describe efforts to identify duplication. Show specifically why any
similar information already available cannot be used or modified for
use for the purposes described in Item 2 above.
���
No such requirements currently exist, therefore duplication is
unlikely. This information collection is being issued pursuant to OMB
M-22-18, M-23-16 and EO 14028.
���5.
If the collection of information impacts small businesses or other
small entities (Item 5 of OMB Form 83-I), describe any methods used
to minimize.
There
are no methods available to minimize burden on small entities.
Because the threats from insecure software come regardless of size of
the entity, we are unable to identify measures for small entities
that would not unduly undermine the effectiveness of this collection.
Furthermore, this attestation pertains solely to software and
services procured by the Federal Government, so small entities should
be able to pass the costs of compliance to the Federal Government.
���6.
Describe the consequence to Federal/DHS program or policy activities
if the collection of information is not conducted, or is conducted
less frequently, as well as any technical or legal obstacles to
reducing burden.
If the collection is not conducted or conducted less frequently,
Federal agencies and departments will not have regular insight into
the secure software practices of software producers who are relied
upon to provide software used on federal information systems. This
may result in missed opportunities to implement beneficial risk
mitigation strategies that protect federal information and systems
from malicious cyber campaigns. Additionally, collecting this
information will ensure software producers are performing due
diligence when developing, packaging, and delivering code.
���7.
Explain any special circumstances that would cause an information
collection to be conducted in a manner:
���Requiring
respondents to report information to the agency more often than
quarterly.
Not required.
������Requiring
respondents to prepare a written response to a collection of
information in fewer than 30 days after receipt of it.
Not
required.
���Requiring
respondents to submit more than an original and two copies of any
document.
Not
required.
���Requiring
respondents to retain records, other than health, medical,
government contract, grant-in-aid, or tax records for more than
three years.
Not
required.
���In
connection with a statistical survey, that is not designed to
produce valid and reliable results that can be generalized to the
universe of study.
Not
required.
������Requiring
the use of a statistical data classification that has not been
reviewed and approved by OMB.
Not
required.
���That
includes a pledge of confidentiality that is not supported by
authority established in statute or regulation, that is not
supported by disclosure and data security policies that are
consistent with the pledge, or which unnecessarily impedes sharing
of data with other agencies for compatible confidential use.
Not required.
���(h)
Requiring respondents to submit proprietary trade secret, or other
confidential information unless the agency can demonstrate that it
has instituted procedures to protect the information’s
confidentiality to the extent permitted by law.
���
Not
required.
������
���8.
Federal Register Notice:
������a.
Provide a copy and identify the date and page number of
publications in the Federal Register of the agency’s notice
soliciting comments on the information collection prior to submission
to OMB. Summarize public comments received in response to that
notice and describe actions taken by the agency in response to these
comments. Specifically address comments received on cost and hour
burden.
������b.
Describe efforts to consult with persons outside the agency to
obtain their views on the availability of data, frequency of
collection, the clarity of instructions and recordkeeping,
disclosure, or reporting format (if any), and on the data elements to
be recorded, disclosed, or reported.
���c.
Describe consultations with representatives of those from whom
information is to be obtained or those who must compile records.
Consultation should occur at least once every three years, even if
the collection of information activities is the same as in prior
periods. There may be circumstances that may preclude consultation
in a specific situation. These circumstances should be explained.
���
|
Date of Publication
|
Volume #
|
Number #
|
Page #
|
Comments Addressed
|
60-Day Federal Register Notice:
|
04/27/2023
|
88
|
25670
|
25670-25672
|
110
|
30-Day Federal Register Notice
|
11/16/2023
|
88
|
78759
|
78759-78761
|
0
|
A 60-day notice
was published in the Federal Register at 88 FR 25670, on April
27, 2023. A spreadsheet containing a summary of comments and
responses is included in the clearance package.
A
30-day notice for comments was published in the Federal Register on
11/16/2023. 0 comments were received related to the 30-day notice.
���9.
Explain any decision to provide any payment or gift to respondents,
other than remuneration of contractors or grantees.
This
collection does not provide any payment or gift to respondents, other
than remuneration of contractors.
���10.
Describe any assurance of confidentiality provided to respondents
and the basis for the assurance in statute, regulation, or agency
policy.
���
While there are no
assurances of confidentiality provided to respondents, the
information will be maintained in a secured repository and access to
the information will be limited to U.S. Government employees and U.S.
citizen contractor employees with a need to access to perform their
work, applying principles of least privilege.
The DHS Privacy
Office review finds that this is a privacy sensitive collection
requiring a Privacy Impact Assessment (PIA) and System of Records
Notice (SORN). The collection is covered by PIA –
DHS/ALL/PIA-006 DHS General Contacts List and SORN –
DHS/ALL-002 DHS Mailing and Other Lists System, 73 FR 71659 (Nov. 25,
2008).
11.
Provide additional justification for any questions of a sensitive
nature, such as sexual behavior and attitudes, religious beliefs, and
other matters that are commonly considered private. This
justification should include the reasons why the agency considers the
questions necessary, the specific uses to be made of the information,
the explanation to be given to persons from whom the information is
requested, and any steps to be taken to obtain their consent.
No
sensitive questions are involved.
������12.
Provide estimates of the hour burden of the collection of
information. The statement should:
���
���Indicate
the number of respondents, frequency of response, annual hour
burden, and an explanation of how the burden was estimated. Unless
directed to do so, agencies should not conduct special surveys to
obtain information on which to base hour burden estimates.
Consultation with a sample (fewer than 10) of potential respondents
is desired. If the hour burden on respondents is expected to vary
widely because of differences in activity, size, or complexity, show
the range of estimated hour burden, and explain the reasons for the
variance. Generally, estimates should not include burden hours for
customary and usual business practices.
Department of Homeland Security Only
DHS
adjusted the base used to calculate the public burden realizing that
utilizing specific Product and Service Codes (PSC) could result in
the omission of software in other types of contracts. As such, DHS
utilized a broader base (ICT) to capture awards that would include
software. For DHS, including all Components, the burden was
calculated by using the total average awardees for FY19-FY22 from
Federal Procurement Data Systems (FPDS), which is 22,252 entities, of
which 12,971 are small entities. The number of entities is assumed
based on an assumption that 50% (11,126) of all entities awarded
contracts (22,252) are award contracts with some ICT and would likely
include software. DHS assumes that 75% (8,344) of these entities
(11,126) would be for software contracts or for products that include
software, which would require producers' completion of the
attestation form.
Time
burden for the attestation form includes time to review the form and
understand requirements, gather information, review, and approve the
release of information and submission. DHS assumes a three-hour
burden per initial submission
for a software quality assurance analyst or tester and an additional
20 minutes per initial submission for a Chief Information Security
Officer (CISO). Software producers may have to resubmit the
attestation form if changes occur to their company structure or to
correct/edit information in the form, and DHS assumes half the number
of initial submissions will result in a resubmission. DHS assumes
that resubmissions would take 1 hour and 30 minutes for a software
quality assurance analyst or tester and retains 20 minutes for a
CISO. DHS estimates that half (4,172) of the 8,344 entities, or 75%
of entities (11,126) that may have to complete the initial
attestation form, would likely have to resubmit if changes occur to
their company structure or to correct/edit information in the form
(e.g. product names). DHS acknowledges the information collection
request allows for a software producer to use a prior submitted form
for multiple agencies.
To
estimate opportunity costs, DHS uses an hourly compensation rate of
$67.90 for a software quality assurance analyst or tester and $177.66
for a CISO.
Initial
Submission.
DHS
is assuming that a software quality assurance analyst or tester 3
hours to complete the attestation form applied to 8,344 entities, or
75% of entities (11,126) that may have to complete the attestation
form, multiplied
by $67.90 compensation rate to estimate the opportunity cost of
$5,099,018.
DHS estimates an average of 3 responses per respondent based on the
assumption that an entity may be required to submit more than one
attestation form, depending on the nature of the requirement. . DHS
estimates CISO annual hourly burden of 8,336 hours and multiplying
$177.66 compensation rate to a CISO estimate the opportunity cost of
$1,480,974.
Resubmission. DHS assumes that it would take 1 hour and 30
minutes for a software quality assurance analyst or tester to
complete the attestation form if changes occur to their company
structure or to correct/edit information in the form, applied to half
(4,172) of the 8,344 entities, or 75% of entities (11,126),
multiplied by $67.90 compensation rate to estimate the opportunity
cost of $424,918. DHS retains 20 minutes for a CISO for an annual
hourly burden of 1,389 hours and multiplying $177.66 compensation
rate to a CISO estimate the opportunity cost of $246,769. The
assumption is that any resubmission for changes required to come into
compliance with practices identified in the POA&M is captured in
the burden.
Estimated Number of Respondents: 8,344
Estimated Number of Responses per Respondent per Initial
Submission: 3
Estimated Number of Responses: 8,344
Estimated Time for Initial Submission per Respondent: 3
hours and 20 minutes
Estimated Time for Resubmission per Respondent: 1 hour and
50 minutes
Estimated Number of Responses per Respondent per Resubmission:
1
Total Annualized Hours for Initial Submission: 83,432 hours
Total Annualized Hours for Resubmission: 7,647 hours
Hourly rate*: $67.90 (software quality assurance analyst or
tester) and $177.66 (CISO)
Estimated cost to public: 7,251,679
Estimated Public Burden for Form. The total estimated annual
burden for DHS vendors is:
Form
|
Respondent
Type
|
Number
of Respondents
|
Number
of Responses per Respondent
|
Average
Burden per Response
(in
hours)
|
Total
Annual Burden
(in
hours)
|
Loaded
Average Hourly Wage Rate
|
Total
Annual Respondent Cost
|
Initial
Submission
|
Analyst
|
8,344
|
3
|
3
|
75,096
|
$67.90
|
$5,099,018
|
CISO
|
8,344
|
3
|
0.333
|
8,336
|
$177.66
|
$1,480,974
|
Resubmissions
|
Analyst
|
4,172
|
1
|
1.5
|
6,258
|
$67.90
|
$424,918
|
CISO
|
4,172
|
1
|
0.333
|
1,389
|
$177.66
|
$246,769
|
Total
|
|
25,032
|
|
|
91,079
|
|
$7,251,679
|
Federal
departments and agencies
Plan
of Action & Milestones (POA&M)
This burden was calculated by using the total
average awardees across Federal agencies for FY19-FY21 from FPDS,
which is 94,035 entities, of which 61,797 are small entities. The
number of entities is assumed based on an assumption that 50% of all
entities awarded contracts (94,035) are award contracts with some
information communication technology (ICT), and that 75% would have
to complete the attestation form, it is assumed that 20% would have
to provide a POA&M. DHS
utilized awards with some ICT across agencies to provide a larger
base for capturing where software would likely be included.
Time burden for Plan of Action & Milestones (POA&M)
and similar documentation, includes time to develop and provide to
Government. DHS used an average of shorter more streamlined POA&Ms
and those requiring extensive detail based on feedback from Subject
Matter Experts (SMEs). DHS is assuming that when a software producer
needs to provide a Plan of Action & Milestones (POA&M), it is
estimated that it would take 6 hours to develop and provide these
documents applied to 14,105 entities, or 75% of entities (70,526)
that may have to complete the attestation form, and of that 75%, it
is assumed that 20% of the entities, 14,105 would be impacted by this
activity. The six (6) hours to develop and provide, accounts for the
variation in the complexity of the software. DHS
estimates that portions of burden applicable to the artifacts will
apply to different percentages of the 70,526 entities depending on
how often the agencies requests the data and information associated
with the collection activity. DHS has no way to know how often a
particular activity will generate a paperwork burden, except for the
estimates based on historical data regarding the number of hours it
would take to develop and provide POA&Ms and similar
documentation submission, but otherwise assumes the burden for
activities for POA&Ms and similar documentation will occur for
20% of the entities that would be unable to attest to one or more
practices from the NIST Guidance, resulting in a submission. To
estimate opportunity costs, DHS uses an hourly compensation rate of
$67.90 for a software quality assurance analyst.
Estimated Number of respondents: 14,105
Estimated Responses per respondent: 1
Estimated Total annual responses: 14,105
Estimated Hours per response: 6
Estimated Total Burden hours:
84,630
Hourly rate*: $67.90
Estimated Cost to Public:
$5,746,377
Estimated
Public Burden for POA&M. The total estimated annual burden
for all Federal department and agencies
POA&M
|
Respondent
Type
|
Number
of Respondents
|
Number
of Responses per Respondent
|
Average
Burden per Response
(in
hours)
|
Total
Annual Burden
(in
hours)
|
Loaded
Average Hourly Wage Rate
|
Total
Annual Respondent Cost
|
Development
|
Analyst
|
14,105
|
1
|
6
|
84,630
|
$67.90
|
$5,746,377
|
Total Public Burden. The total estimated annual burden for
DHS vendors and other Federal agency vendors (for POA&M
development only) is $13,264,954:
|
Respondent
Type
|
Number
of Respondents
|
Number
of Responses per Respondent
|
Average
Burden per Response
(in
hours)
|
Total
Annual Burden
(in
hours)
|
Loaded
Average Hourly Wage Rate
|
Total
Annual Respondent Cost
|
Form
-Initial
Submission
|
Analyst
|
8,344
|
3
|
3
|
75,096
|
$67.90
|
$5,099,018
|
CISO
|
8,344
|
3
|
0.333
|
8,336
|
$177.66
|
$1,480,974
|
Form-Resubmissions
|
Analyst
|
4,172
|
1
|
1.5
|
6,258
|
$67.90
|
$424,918
|
CISO
|
4,172
|
1
|
0.333
|
1,389
|
$177.66
|
$246,769
|
POA&M
Development
|
Analyst
|
14,105
|
1
|
6
|
84,630
|
$67.90
|
$5,746,377
|
Total
|
|
39,137
|
|
|
175,709
|
|
$13,264,954
|
���13.
Provide an estimate of the total annual cost burden to respondents
or record keepers resulting from the collection of information. (Do
not include the cost of any hour burden shown in Items 12 and 14.)
CISA
does not anticipate there to be any recordkeeping costs associated
with this collection.
���
14. Provide estimates of annualized cost to the Federal Government.
Also, provide a description of the method used to estimate cost,
which should include quantification of hours, operational expenses
(such as equipment, overhead, printing and support staff), and any
other expense that would have been incurred without this collection
of information. You may also aggregate cost estimates for Items 12,
13, and 14 in a single table.
Estimated
cost to the Government.
Department
of Homeland Security Only
DHS estimates it will require at
least two employees to accept and review the initial form and
resubmission, when applicable. A GS-13/Step 5 Contracting Officer or
Contracting Officer’s Representative (COR), and a GS-14/Step 5
Procurement or Program Analyst (PA), the CO or designated COR will
accept and review the form to ensure it meets the requirements and
consult with the Program Manager if there are any discrepancies
requiring further action. The hourly rates of pay used in
the following estimates are based on the hourly rates of pay from the
Office of Personnel Management (OPM) 2023 General Schedule (GS)
Salary Table for the Rest of the United States locality, effective
January 2023 (available at https://www.opm.gov/), plus a 36.25
percent fringe factor mandated by Office of Management and Budget
(OMB) memorandum M-08-13 for use in public-private competition (see
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/
memoranda/2008/m08-13.pdf), plus 12 percent overhead factor,
rounded to the nearest whole dollar.
Initial
Submission.
Based on consultation with subject matter experts within DHS, it is
estimated that it will take the Government 3
hours to accept and review of the attestation form. The burden is
broken down as follows: 2 hours for the CO or COR to review the form
and coordinate with the Program Analyst at an average rate of
$82/hour; and 1 hour for the PA to provide any additional reviews and
communicate with the CO the need for any follow-up actions at an
average rate of $96/hour. Therefore, the estimated cost per software
producer is $260 ((2 hours * $82/hour) + (1 hour * $96/hour)). The
DHS estimate applies 8,344 entities, or 75% of entities (11,126) that
may have to submit the initial attestation form. DHS
estimates an average of 3 responses per respondent based on the
assumption that an entity may be required to submit more than one
attestation form, depending on the nature of the submission.
The total estimated annual Government cost for reviewing the initial
submission of attestation forms is summarized as follows:
Estimated Number of respondents: 8,344
Estimated Responses per respondent: 3
Estimated Total annual responses: 25,032
Estimated Hours per response: 3
Estimated Total Burden hours: 75,096
Average Hourly rate*:
~$90.00
Estimated Cost to Government:
$6,758,640
Resubmission.
Based on consultation with subject matter experts within DHS, it is
estimated that it will take the Government 1.5
hours to accept and review a resubmission of the attestation form if
changes occur to their company structure or to correct/edit
information in the form.
The burden is broken down as follows: .5 hour for the CO or COR to
review the form and coordinate with the Program Analyst at an average
rate of $82/hour;
and 1 hour for the PA to provide review of the resubmission and
communicate with the CO regarding any follow-up actions on the at an
average rate of $96/hour. Therefore, the estimated cost per vendor
is $137 ((.5 hours * $82/hour) + (1 hour * $96/hour)). The DHS
estimate applies 4,172 entities, half of the 8,344 or 75% of entities
(11,126) that may have to resubmit the attestation form. The total
estimated annual Government cost for reviewing the resubmission of
software producer attestation forms is summarized as follows:
Estimated Number of respondents: 4,172
Estimated Responses per respondent: 1
Estimated Total annual responses: 4,172
Estimated Hours per response: 1.5
Estimated Total Burden hours: 6,258
Average Hourly rate*:
~$90.00
Estimated Cost to Government:
$563,220
Estimated Government Burden for Form. The total estimated
annual burden for DHS vendors is:
|
Respondent
Type
|
Number
of Respondents
|
Number
of Responses per Respondent
|
Average
Burden per Response
(in
hours)
|
Total
Annual Burden
(in
hours)
|
Loaded
Average Hourly Wage Rate
|
Total
Annual Respondent Cost
|
Form
-Initial
Submission
|
CO/COR+
PA
|
8,344
|
3
|
3
|
75,096
|
~$90.00
|
$6,758,640
|
Form-Resubmissions
|
CO/COR+PA
|
4,172
|
1
|
1.5
|
6,258
|
~$90.00
|
$563,220
|
Total
|
|
12,516
|
|
|
81,354
|
|
$7,321,860
|
Federal
departments and agencies
Plan
of Action & Milestones (POA&M)
Burden Only
Based
on consultation with subject matter experts within DHS, it is
estimated that it will take the Government 4
hours to accept and review POA&M and submit to seek an extension
of the deadline for attestation from OMB. The burden is broken down
as follows: 2 hours for the CO or COR to accept and coordinate review
with Program Analyst to determine if software producer’s POA&M
is satisfactory and coordinate OMB notification process, at an
average rate of $82/hour;
and 2 hours for the PA to review, communicate with the CO regarding
any follow-up actions, and provide any support during the OMB
notification process, at an average rate of $96/hour. Therefore, the
estimated cost per vendor POA&M is $356 ((2 hours * $82/hour) +
(2 hours * $96/hour)). The DHS estimate applies 14,105 entities,
or
75% of entities (70,526) that may have to complete the attestation
form, and of that 75%, it is assumed that 20% of the entities, 14,105
would be impacted by this requirement. The total estimated annual
Government cost for accepting and reviewing POA&Ms is summarized
as follows:
Estimated Number of respondents: 14,105
Estimated Responses per respondent: 1
Estimated Total annual responses: 14,105
Estimated Hours per response: 4
Estimated Total Burden hours:
56,420
Average Hourly rate*: ~$90.00
Estimated
Cost to Government: $5,077,800
Estimated
Government Burden for POA&M.
The total estimated Government annual burden.
POA&M
|
Respondent
Type
|
Number
of Respondents
|
Number
of Responses per Respondent
|
Average
Burden per Response
(in
hours)
|
Total
Annual Burden
(in
hours)
|
Loaded
Average Hourly Wage Rate
|
Total
Annual Respondent Cost
|
Review
+ Collection
|
CO/COR
+ PA
|
14,105
|
1
|
4
|
56,420
|
~$90.00
|
$5,077,800
|
Total Government Burden. The
total estimated annual burden for DHS (attestation form) and all
Federal agencies (for POA&M only) $12,399,660.
|
Respondent
Type
|
Number
of Respondents
|
Number
of Responses per Respondent
|
Average
Burden per Response
(in
hours)
|
Total
Annual Burden
(in
hours)
|
Loaded
Average Hourly Wage Rate
|
Total
Annual Respondent Cost
|
Form
-Initial
Submission
|
CO/COR+
PA
|
8,344
|
3
|
3
|
75,096
|
~$90.00
|
$6,758,640
|
Form-Resubmissions
|
CO/COR+PA
|
4,172
|
1
|
1.5
|
6,258
|
~$90.00
|
$563,220
|
POA&M
Review
|
CO/COR
+ PA
|
14,105
|
1
|
4
|
56,240
|
~$90.00
|
$5,077,800
|
Total
|
|
26,621
|
|
|
137,594
|
|
$12,399,660
|
���
���15.
Explain the reasons for any program changes or adjustments reported
in Items 13 or 14 of the OMB Form 83-I. Changes in hour burden,
i.e., program changes or adjustments made to annual reporting and
recordkeeping hour and cost burden. A program change
is the result of deliberate Federal government action. All new
collections and any subsequent revisions of existing collections
(e.g., the addition or deletion of questions) are recorded as program
changes. An adjustment is a change that is not the result of a
deliberate Federal government action. These changes that result from
new estimates or actions not controllable by the Federal government
are recorded as adjustments.
���
This
is a new information collection requirement.
���16.
For collections of information whose results will be published,
outline plans for tabulation and publication. Address any complex
analytical techniques that will be used. Provide the time schedule
for the entire project, including beginning and ending dates of the
collection of information, completion of report, publication dates,
and other actions.
���
Results
will not be tabulated or published.
���17.
If seeking approval to not display the expiration date for OMB
approval of the information collection, explain reasons that display
would be inappropriate.
���
Approval to not
display the
expiration date for OMB approval of the information collection is not
sought.
���18.
Explain each exception to the certification statement identified in
Item 19 “Certification for Paperwork Reduction Act
Submissions,” of OMB Form 83-I.
There are no
exceptions to the certification statement accompanying this Paperwork
Reduction Act submission.
Collections
of Information Employing Statistical Methods. Statistical methods
are not used in this information collection. A Part B supporting
statement is not needed, or required, and therefore was not
completed.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Supporting Statement A - Template |
| Author | fema user |
| File Modified | 0000-00-00 |
| File Created | 2023-11-17 |