Supporting Statement for
“The FNS User Access Request Form Data Collection”
(OMB Control Number 0584-0532)
Joseph Binns
Assistant Chief Information Security Officer (ACISO)
Office of Information Technology (OIT)
Food, Nutrition and Consumer Services, USDA
1320 Braddock Place
Alexandria, Virginia 22314
Office: 703-605-1181
Email: [email protected]
TABLE OF CONTENTS
1. Explain the circumstances that make the collection of information necessary. 3
2. How the information will be used, by whom and for what purpose 4
3. use of improved information technology to reduce burden 6
4. Efforts to identify and avoid duplication ………………………………………………….7
5. eFFORTS TO MINIMIZE BURDEN ON SMALL BUSINESSES OR OTHER ENTITIES. 7
6. consequences of less frequent data collection. 7
7. Special circumstances requiring collection of information 8
8. federal register comments and efforts to consult with persons outside the agency. 9
9. Payments to respondents. 10
10. assurance of confidentiality . 10
11. questions of a sensitive nature . 10
12. estimates of respondent burden. 11
13. estimates of other annual costs to respondents 13
14. estimates of annualized government costs. 14
15. changes in burden hours. 15
16. time schedule, publication and analysis plans . 15
17. display of expiration date for omb approval. 15
18. exceptions to the certification statement 15
APPENDICES:
Appendix A: Legal Authority Public Law 107-347
Appendix B: USDA Information System Security Program Directive
Appendix C: Public Law 113-283
Appendix D: OMB Circular No A-130
Appendix E: FNS-674
Appendix F: NIST.SP.800-53r5
Appendix GOutside Consultations Comments on Form FNS-674
Appendix G1: Outside Consultation Comment - Michele Rodgers
Appendix G 2: Outside Consultation Comment - Rise' Wiggins
Appendix G 3: Outside Consultation Comment - Glade Roos
Appendix G 4: FNS Response to Michele Rodgers
Appendix G 5: FNS Response to Rise' Wiggins
Appendix G 6: FNS Response to Glade Roos
Appendix H: Burden Calculations Table
This is a revision of a currently approved collection. Collection of this information is dictated by: Public Law 107-347 (see Appendix A) and USDA Information System Security Program Directive (see Appendix B). The Federal Information Security Modernization Act of 2014 (P.L. 113-283) (see Appendix C) and Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource, (see Appendix D) established a minimum set of controls to be included in Federal automated information security programs. Establishing controls over the provisioning of access to sensitive systems and data is directed in OMB Circular A-130. The FNS User Access Request Form, FNS-674 (see Appendix E), is designed for this purpose and can be used in situations where (1) access to the FNCS network or an FNCS information system is required; (2) current access is required to be modified; and (3) access is no longer required and must be revoked.
FNCS employees, contractors, State Agencies and partners (Food Banks, etc.) request access to FNCS systems via the User Access Request form. FNCS uses the information collected to grant access to the FNCS network and information systems. Information that is collected includes: Name, e-Authentication ID (if applicable), telephone number, email address, contract expiration date, temporary employee expiration date, office address, State/locality codes, system name, form type, type of access, action requested, comments and special instructions.
From whom will the information be collected?
The User Access Request Form collects information from:
new FNCS Employees
new FNCS Contract Staff
new State Agencies to FNCS
new Partners to FNCS or
Existing employees, Contract Staff, State Agencies or Partners to FNCS requesting updates to current access to FNCS information systems.
How will the information be collected (e.g., forms, non-forms, electronically, face-to-face, over the phone, over the internet)?
The information is collected via an electronically fillable form FNS-674 (see Appendix E). The form must also be printed in a paper version to be signed by state users, to be scanned and submitted. After email submission to FNS contacts, forms usually remain electronic rather than requiring printing.
How frequently will the information be collected?
The information is requested as often as needed, based on the user requests for new access or updated access requests to systems. In State Agencies, the State Coordinators provide a liaison between the State Agency and FNCS Regional Offices and FNCS National Office and the Information Security Division (ISD).
Will the information be shared with any other organizations inside or outside USDA or the government?
This information will be stored in:
The ISD records, where the information is stored and maintained for users requesting access to FNCS internal systems;
The Financial Management Division (FMD) records, where the information is stored and maintained for users requesting access to Financial Management (FM) systems;
The National Finance Center (NFC) records, where the information is stored and maintained for users requesting access to NFC systems; and
The Digital Infrastructure Services Center (DISC) records, where the information is stored and maintained for users requesting access to DISC systems.
If this is an ongoing collection, how have the collection requirements changed over time?
The information collected on this form has changed over time to remove the system drop-down list and use a text box for single line of text entries instead. The form signatories have changed to remove a signature box and rename one to further align with USDA Departmental Regulation 3505-003. The instructions have changed to refer users to contact system websites and helpdesks for additional information on system-specific access control procedures. Also, the Rules of Behavior have been significantly updated to distinguish between internal and external users. With this renewal revisions were made to, update and clarify acronyms used on the form, and specify in the instructions that requesters should ask their FNCS Point of Contact if they do not know the System Name they desire access to.
FNCS has reached out to the FNCS workgroup to collect requirements in order to automate the FNS- 674 for applications that have available funding to support the automation. Therefore, this collection is in compliance with E-Government 2002. Total automation cannot be implemented at this time, however planning sessions were held during the last year about possible future automation of the form internally for submissions originating from FNCS employees and contractors only. Information on the FNS-674 is displayed and captured using Microsoft ASP.Net and HTML, via a web-based system on the FNCS web site. The information is stored in Microsoft SharePoint Server. The information is transmitted over a secured HTTP protocol. The foundation of this technical architecture is Microsoft, which is consistent with current FNCS standards. The FNS-674 forms are currently submitted via email and sent to the respective system Account Manager for record-keeping. The form is a fillable electronic Adobe pdf, available on the FNCS intranet e-forms library and also on the internet on various public sites for systems. FNCS information system Account Managers are responsible for maintaining approved copies of the form, if used for their respective information systems. Currently, FNCS does not have an electronic submission web-based system to receive these requests and no plans are in place for one in the near future.
There is no similar information available. FNCS solely monitors issuance of FNCS network access to ensure integrity. The information required for FNS-674 is not currently reported to any other entity outside of FNCS. Every effort has been made to avoid duplication. FNCS has reviewed USDA reporting requirements.
If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
There will be no impact to small businesses or entities that work with FNCS. FNCS anticipates that out of the 180 respondents, 75 percent, or 130, are considered respondents of small businesses.
Describe the consequences to Federal program or policy activities if the collection is not conducted or is conducted less frequently, as well as any technical or legal obstacles to reducing burden.
This is a mandatory and on-going data collection required for access by external personnel to FNCS information systems. If this form were not submitted, FNCS could not ensure integrity of access to FNCS information systems. The form itself is an access control used for account management as defined in NIST 800-53 Rev. 5 (see Appendix F). Users provide information and special instructions used to gain initial access to FNCS information systems and may require subsequent submissions if access requires changes. This form can also be used if an individual should be removed as a user from a specific system.
Explain any special circumstances that would cause an information collection to be conducted in a manner:
requiring respondents to report information to the agency more often than quarterly;
requiring respondents to prepare a written response to a collection of information in fewer than 30 days after receipt of it;
requiring respondents to submit more than an original and two copies of any document;
requiring respondents to retain records, other than health, medical, government contract, grant-in-aid, or tax records for more than three years;
in connection with a statistical survey, that is not designed to produce valid and reliable results that can be generalized to the universe of study;
requiring the use of a statistical data classification that has not been reviewed and approved by OMB;
that includes a pledge of confidentiality that is not supported by authority established in statute or regulation, that is not supported by disclosure and data security policies that are consistent with the pledge, or which unnecessarily impedes sharing of data with other agencies for compatible confidential use; or
requiring respondents to submit proprietary trade secret, or other confidential information unless the agency can demonstrate that it has instituted procedures to protect the information's confidentiality to the extent permitted by law.
There are no special circumstances. The collection of information is conducted in a manner consistent with the guidelines in 5 CFR 1320.5.
A 60-day notice requesting public comment on this collection was published in the Federal Register at Vol. 89, No. 102, Page 45819, Friday, May 24, 2024. The comment period closed on July 23, 2024. No comments were received.
Describe efforts to consult with persons outside the agency to obtain their views on the availability of data, frequency of collection, the clarity of instructions and record keeping, disclosure, or reporting form, and on the data elements to be recorded, disclosed, or reported.
An FNCS employee working group considered all suggestions received when redesigning this form for its users. We reached out to three individuals for outside consultations. Their input was requested about the FNS-674, including specifically on the burden estimate and other characteristics including availability of data, frequency of collection, the clarity of instructions and record keeping, disclosure, or reporting form, and on the data elements to be recorded, disclosed, or reported.
The outside consultations included three (3) State Users of the FNS-674, including Michele Rodgers (501-303-4997) (see Appendix G1 and G4), Rise' Wiggins (443-377-3684) (see Appendix G2 and G5), and Glade Roos (406-444-2841) (see Appendix G3 and G6). Michele Rodgers, Assistant Controller, Arkansas Department of Human Services, [email protected], suggested that it would be helpful if the acronyms could be spelled out for COR and FNCS. To best address this concern, the employee working group found locations of first use on the form to spell out each acronym, to be implemented in the update of the form. Rise' Wiggins, Case Manager, Maryland Department of Social Services, [email protected], suggested it would be helpful to have guidance on what System Name to request access to. To address this, the employee working group decided to alter the form instructions to direct users to their FNCS Contact for guidance on System Name. Glade Roos, Vendor and Farm Direct Coordinator, Montana Department of Health and Human Services, [email protected], expressed no issue with ease of use of the form. FNS has revised the FNS-674 to incorporate these changes with this revision (see Appendix E).
9. Explain any decision to provide any payment or gift to respondents, other than re-enumeration of contractors or grantees.
Payments or gifts are not provided to respondents.
The FNS-674 will contain a Privacy Act Statement and the data will be stored in accordance with the Federal Information Security Modernization Act of 2014 (P.L. 113-283) and OMB Circular A-130, Managing Information as a Strategic Resource. Access to records is limited to those persons who process the records for the specific uses stated in the Privacy Act notice. Any printed records are kept in physically secured rooms and/or cabinets. Various methods of computer security limit access to records. The System of Records Notice for this information collection is under development in the USDA Office of the Chief Information Officer.
This information collection includes no questions of a sensitive nature.
12. Provide estimates of the hour burden of the collection of information. The statement should:
Indicate the number of respondents, frequency of response, annual hour burden, and an explanation of how the burden was estimated. If this request for approval covers more than one form, provide separate hour burden estimates for each form and aggregate the hour burdens in Item 13 of OMB Form 83-I.
Provide estimates of annualized cost to respondents for the hour burdens for collections of information, identifying and using appropriate wage rate categories.
Estimate of Burden
The respondents are State agencies, who are located in the 50 states and Trust Territories, staff contractors and Federal employees. Respondents who require access to the FNS systems are estimated at 8,100 annually (includes Federal, State and private) however, only 7,200 will account for the total public burden, excluding Federal employees. FNS estimates that it will receive an average of 1,185 requests per month (59.25 per business day). Of the 1,185, 92.4 percent (or 1,095) of the responses are State Agency users, 1.3 percent (or 15) are staff contractors and 6.3 percent (or 75) are Federal employees which is not included in the total number of responses. Annually, that results in 7,200 respondents (585 State Agency users per month + 15 staff contractors per month × 12 months). Estimated Number of Responses per Respondent: 1.975. Estimated Total Annual Responses: 14,220. Estimated Time per Response: 0.167 of an hour. Each respondent takes approximately 0.167 of an hour, or 10 minutes, to complete the required information on the online form. Estimated Total Annual Burden on Respondents: 2,370 hours. See the table below for estimated total annual burden for each type of respondent.
REPORTING BURDEN
Affected Public |
Form Number |
Number of Respondents |
Number of responses annually per Respondent |
Total Annual Responses |
Estimate of Burden Hours per response |
Total Annual Burden Hours |
Contractors |
FNS-674 |
180 |
1 |
180 |
0.16667 (10 minutes) |
30 |
State Agency Users |
FNS-674 |
7,020 |
2 |
14,040 |
0.16667 (10 minutes) |
2,340 |
Annualized Totals |
|
7,200 |
1.975 |
14,220 |
10 minutes |
2.370 |
There is no recordkeeping burden imposed on the public. All requests from respondents are archived in FNCS systems.
Annualized Cost to Respondent
FNS estimates that the total respondent costs will be $103,708.18. It is estimated that each respondent takes 10 minutes to read the instruction and complete the on-line form. The data provided in the table below is calculated using the hourly wage rate reported in the National Sector NAICS Industry-Specific estimates of US Occupational Employment and Wages in the U.S., May 2023; Department of Labor, Bureau of Labor Statistics at http://www.bls.gov/oes/current/oes_stru.htm. Occupational codes (OC) used for States and Contractors include NAICS 999200 - 13-0000 Business and Financial Operations Occupations (at $43.55 hourly wage rate) and 15-1212 Information Security Analysts (at $59.97 hourly wage rate).
Affected Public |
Type of Instrument |
Average time per response |
Number of Respondents |
Frequency of Response |
Hourly Wage Rate |
Cost to Respondent |
State Agencies |
FNS-674 |
0.16667 |
7,020 |
2 |
$43.55 |
$101,909.04 |
Contractors |
FNS-674 |
0.16667 |
180 |
1 |
$59.97 |
$1,799.14 |
Total |
|
|
7,200 |
1.975 |
|
$103,708.18 |
There are no capital/startups or ongoing/annualized maintenance costs to the respondents.
Description of Activities |
HQ Staff (2 – GS-13 @ ($56.62 per hour) |
Regional Staff (14 – GS-12 @ $41.67 per hour) |
Contractor ($59.97 per hour) |
Total +33% |
Updating on-line form to support the collection |
2 hours = $113.24 |
|
|
$150.61 |
Testing of computer system |
|
|
10 hours = $599.70 |
$797.60 |
Reviewing, approving and issuing password 1 |
81 hours =$4,586.22 |
243 hours = $10,125.81 |
|
$19,567.00 |
Labor for analyzing, evaluating, summarizing, and reporting on the collected information 2 |
16 hours =$905.92 |
|
|
$1,046.76 |
Total Cost to the Federal Government3 |
$21,561.97 |
National Office: Two (2) GS-13 Information Security Officers spend 2 minutes (0.04 of an hour) reviewing, approving, and issuing passwords for each of the National Office applications received. (8,100 applications/25% = 2025 x 0.04 = 81 hours. 81 hours @$56.62 per hour = $4,586.22.)
Regions: Fourteen (14) GS-12 Information Security Officers spend 2 minutes (or 0.04 of an hour) reviewing, approving, and issuing passwords for users in State agencies. (8,100 applications/75% = 6,075 x 0.04 = 243 hours. 243 hours @ $41.67 per hour = $10,125.81.)
2 Two (2) GS-13 HQ Security Officers spend 2 hours per quarter, each, on the analyzing and running reports of security users and authorized systems. (16 hours @ $56.62 per hour = $905.92.)
3 33% fully loaded wages were added to calculations in order to provide a more accurate representation of total costs
.
The total annualized costs to the federal government related to this information collection request is $21,561.97. Annualized costs are determined by tasks as described in the chart above. The FNCS National Office and Regional staff salary was determined by the January 2024 Salary and Wage tables available from the Office of Personnel Management (OPM). The staff contractors’ salary was determined by using the national average available from the Department of Labor. 33% fully loaded wages were added to calculations in order to provide a more accurate representation of total costs.
This is a revision to an approved collection. The changes to the annual burden chart reflect the addition of a new FNCS System Helpdesk for a new system called NAC, which projects processing 9,000 forms as an annual average. For example, if they receive 3,000 the first year and 15,000 the next year for the first two years, one a slowest projected year and one a busiest projected year, that is 18,000 total forms for two years, or an average of 9,000 forms per year. This is an adjustment to account for the new system NAC, and reflects an increase from the previous revision. For the currently approved burden hours and total annual responses, the difference is an increase of 180 burden hours to equal 352 rather than the previous 172 burden hours, and an increase of 9,000 total annual responses to equal 14,220 rather than the previous 5,220 total annual responses.
There are no plans for publication.
We will display the OMB control number and expiration date on this form.
There are no exceptions to the certification statement.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Date |
Author | Authorized Gateway Customer |
File Modified | 0000-00-00 |
File Created | 2024-07-30 |