05_Web Portal supporting statement _07 21 09_vfinal

05_Web Portal supporting statement _07 21 09_vfinal.doc

FPLS Portal Registration

OMB: 0970-0370

Document [doc]
Download: doc | pdf














Supporting Statement For

OMB Clearance



FPLS Child Support Services Portal Registration

2009


















Prepared by:


U.S. Department of Health and Human Services

Administration for Children and Families

Office of Child Support Enforcement

370 L'Enfant Promenade S.W.

Washington, DC 20447


TABLE OF CONTENTS



Section Page


A. JUSTIFICATION 3


1. Circumstances Making the Collection of Information Necessary 4

2. Purpose and Use of the Information Collection 4

3. Use of Improved Information Technology and Burden Reduction 5

4. Efforts to Identify Duplication and Use of Similar Information 5

5. Impact on Small Businesses or Other Small Entities 5

6. Consequences of Collecting the Information Less Frequently 6

7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.50 6

8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency 6

9. Explanation of Any Payment or Gift to Respondents 6

10. Assurances of Confidentiality Provided to Respondents 7

11. Justification for Sensitive Questions 7

12. Estimates of Annualized Burden Hours and Costs 7

13. Estimates of Other Total Annual Cost Burden to Respondents and Record Keepers 8

14. Annualized Cost to the Federal Government 9

15. Explanation for Program Changes or Adjustments 9

16. Plans for Tabulation and Publication and Project Time Schedule 9

17. Reason(s) Display of OMB Expiration Date is Inappropriate 9

18. Exceptions to Certification for Paperwork Reduction Act Submissions... 9


B. STATISTICAL METHODS 10



APPENDICES

APPENDIX A: FPLS Child Support Services Portal Registration Screens











SUPPORTING STATEMENT:



PART A – JUSTIFICATION


Part A of the Supporting Statement for this information collection, Federal Parent Locator Service (FPLS) Child Support Services Portal (FCSSP), addresses the 18 points outlined in

Part A of 5 CFR 1320.


A. JUSTIFICATION


1. Circumstances Making the Collection of Information Necessary


The Federal Office of Child Support Enforcement (OCSE) is implementing the Federal Parent Locator Service (FPLS) Child Support Services Portal (FCSSP) for users of the FPLS to access online web applications. The programs being accessed are programs currently covered under separate, OMB approved PRAs. The only component covered under this PRA is the Registration Process required to use the FCSSP.


The FCSSP provides CSE agencies and private businesses performing child support activities access to the following Federal Child Support sponsored programs:

  • Multistate Financial Institution Data Match Online (MSFIDM)

  • Electronic Income Withholding Order Online (e-IWO)

  • Federal Offset and Passport Denial Online


All data used by these applications is owned by OCSE. All of these applications are in support of OCSE’s mission to provide support to families. They directly impact our ability to increase child support collections.



2. Purpose and Use of the Information Collection


2.1 How the information is to be used


The FCSSP Registration Process will allow States, employers and financial institutions the ability to create a secure account in order to view the appropriate data for their online applications. In order for users to access the FCSSP, registration is required, which will create an account to run the appropriate programs.


After completing the registration process and logging into the FCSSP using the FPLS Security Framework (FSF),

       E-IWO users who are designated by the e-IWO employers can monitor wage withholdings for child support.

       Multistate financial institutions (MSFIs) users, which are doing business in two or more States, are able to upload and download Inquiry and Response Files for a quarterly data match with OCSE instead of conducting the match with each State.

  • States view an obligor’s data in the Passport Denial program.


    1. By whom the information is to be used

Initially the FCSSP will be used by multistate financial institutions for MSFIDM and employers for the e-IWO process. Federal OCSE administrative staff will also use the information to perform user verification, tracking and general support.


The Insurance Match program will begin using the FCSSP at a later date and will not require registration until such time.


It is anticipated that within two to three years, up to 520 users will be providing information. This includes employers, financial institutions, OCSE administrative staff and up to 25 State users.


2.3 For what purpose the information is to be used


The FCSSP registration process will allow registrants from State agencies, employers and Financial Institutions the ability to create a secure account in order to send and retrieve the appropriate data for their online applications. Without access to the FCSSP, users cannot access data online.


The registration process collects user and company information to create new accounts, and makes that information available to the OCSE administrative staff for verification. Data entered in the registration screens will verify data through existing Federal databases and will then be verified manually by the OCSE administrative staff. The OCSE administrative staff will call the employer to verify employment of those individuals registering for an account.


The activation process retrieves information that is related to account authorizations. It generates a security token and an email notification to the new user with instructions to activate his/her account or, if rejected, a notification of denial.



The login process accepts user credentials (username and password) and the answer to a challenge question, and validates credentials against a data store (table of authorized users). If the credentials are valid, access to the FCSSP is allowed. Otherwise, an access denied alert is displayed and access is denied. The security module monitors unsuccessful attempts and lack of use for 360 days, locks accounts and requests deactivation.


3. Use of Improved Information Technology and Burden Reduction


The registration information within the FCSSP is collected through a secure Internet site. FPLS Security Framework provides the authorization and authentication services for the FCSSP. Users come in through the Internet to the FCSSP website to login. Initially, users will present a login ID, password, and the answer to a challenge question to be authenticated. The challenge scheme represents a mitigation control until the two-factor authentication requirement can be implemented. A NIST-compliant two-factor authentication will be introduced in a later revision. In addition to granting access to the applications on FCSSP, users will be able to manage their account through the FPLS Security Framework (FSF).

4. Efforts to Identify Duplication and Use of Similar Information


There is no other source in which users can register for the FCSSP.


5. Impact on Small Businesses or Other Small Entities


No discernible impact is associated with the collection of this information.


6. Consequences of Collecting the Information Less Frequently


Use of the FCSSP will allow users to run programs more efficiently and will streamline access to the common, secure portal. Currently data is submitted via CONNECT:Direct, CD-ROMs and email. This new process allows all users to access the data via one location.


7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5


Not applicable.

8. Comments in Response to the Federal Register Notice and Efforts to Consult Outside the Agency


A notice was published in the Federal Register on May 18, 2009 at FR Volume 74, Number 94, page 23190 - 23191, which allowed for a 60-day comment period for the public to submit in writing any comments about this information collection.  No comments were received.

9. Explanation of Any Payment or Gift to Respondents


Not applicable.


10. Assurance of Confidentiality Provided to Respondents


FPLS Security Framework provides secure access through the registration process. The following are in place to ensure the security of the user’s information:

  • Passwords on the OCSE Network are stored as 128-bit hash map.

  • SSN, DOB and Responses to challenge questions are stored encrypted using the NIST-standard Advanced Encryption Standard (AES).

  • The FCSSP application uses SSL encryption. FCSSP has its login server in the firewall’s Demilitarized Zone (DMZ). Communications with the login server from outside must use SSL encryption.

  • A User ID and password, along with answering a challenge question, are required to access the FCSSP protected applications and data. Session authenticity is ensured by integral HTTPS and SSL encrypted session management functionality. Multiple logins for the same user ID are not permitted.

  • The OCSE Network employs custom-developed monitoring tools, such as Cisco IDS integrated in the routers and firewall, and techniques such as port scanning to monitor events and detect attacks on the information system. System log files provide another tool to detect unauthorized activity.

  • System alerts are monitored daily for applicable advisories for the OCSE Network. Updates and security patch notifications are received and reviewed by network personnel to determine if they are applicable to the OCSE Network and to recommend appropriate actions, if any, to be taken in response to the alert or advisory.

 


11. Justification for Sensitive Questions


The SSN is collected during the initial registration process in order to verify the user’s employment information through the NDNH. Additional information collected includes the name, date of birth and employer information of the registrant.


12. Estimates of Annualized Burden Hours and Costs


Table 12.1

Instrument


Number of Respondents

Number of Responses per Respondent

Average Burden Hours Per Response

Total Burden Hours

Registration Screens – Employers, Financial Institutions and State Child Support Agencies

520

1

0.1

52


Estimated Total Annual Burden Hours: 52.


The annual burden for collecting registration information from employers, financial institutions, and State child support agencies is 52 hours, based on 15 employer users, 480 financial institution users, and one staff member for each of up to 25 State child support agencies, registering one time only. The average time to enter the registration information is approximately 0.1 hours (6 minutes) per registration.


Annual burden hours were estimated through OCSE conducting a “test registration.”

The total annualized cost to the users for collection of registration information is $312, based on an average hourly wage rate of $18 per hour for employers and Financial Institutions submitting data.


13. Estimates of Other Total Annual Cost Burden to Respondents and Record Keepers


There is no operation and/or maintenance costs associated with the FCSSP. The registration screens have been developed, and will be maintained by OCSE.


14. Annualized Cost to the Federal Government


The Registration Module/process is a subset of the FPLS Security Project. The cost of the FPLS Security Project was budgeted for $650K.


15. Explanation for Program Changes or Adjustments


There is no change in burden. This is a new information collection.


16. Plans for Tabulation and Publication and Project Time Schedule


There are no plans for analysis or publication of this information.


17. Reason(s) Display of OMB Expiration Date is Inappropriate


OCSE will display the expiration date of the OMB approval on the information collection instruments.


18. Exceptions to Certification for Paperwork Reduction Act Submissions


There are no exceptions.

SUPPORTING STATEMENT:



PART B - STATISTICAL METHODS (used for collection of information employing statistical methods)


The information collection requirements outlined in this report do not employ the use of statistical methods.






APPENDIX A: FPLS Child Support Services Portal Registration Screens




APPENDIX B: Legislative Authority


The information collection addressed in this Supporting Statement is necessary to enable OCSE to authenticate the identity of users of the FPLS Child Support Services Portal and increase the collection of child support by State agencies operating child support programs pursuant to Title IV, Part D, of the Social Security Act (the Act).

The Act requires OCSE to operate the FPLS. 42 U.S.C. §§ 652(a)(9) and 653(a)(1). In addition, OCSE must provide technical assistance to the States to help them establish effective systems for collecting child and spousal support. 42 U.S.C. § 652(a)(7).


The establishment and operation of the FPLS Child Support Services Portal by OCSE enhances OCSE’s ability to provide State child support agencies with the essential technical assistance that will facilitate the collection of support.


The FPLS Child Support Services Portal will improve and expedite the collection of child support. For example, the use of the FPLS Child Support Services Portal by employers, or their agents, to retrieve income withholding notices via the portal will increase the timeliness of withholding of child support by the employer from the income of noncustodial parent. This measure will increase the ability of a State child support agency to provide timely child support payments to a custodial parent and potentially decrease the accrual of past-due support by the noncustodial parent that might occur if the notices were sent by the child support agency to the employer via U.S. mail.


Especially in those circumstances where a noncustodial parent is delinquent in payments and has accrued a debt for past-due support, it is anticipated that the FPLS Child Support Services Portal will serve a pivotal role in facilitating the collection of past-due support. For example, Federal law authorizes OCSE, through the FPLS, to assist State child support agencies and multistate financial institutions in exchanging information to assist the State agencies in collecting past-due child support. 42 U.S.C. § 652(l);

See also 42 U.S.C. § 666(a)(17)(A)(i) and (ii).


In addition, Federal law requires OCSE to transmit to the Department of State certifications of child support delinquency, as indicated by State child support agencies, so that the Department of State may refuse to issue a passport to noncustodial parents delinquent in their child support payments. 42 U.S.C. § 652(k).


It is anticipated that the operation of the FPLS Child Support Services Portal by OCSE for this purpose will expedite and increase the collection of past-due child support and potentially prevent the accrual of past-due support in the first instance.

Finally, Federal law requires OCSE to establish and implement safeguards to restrict access to confidential information in the FPLS to authorized users, and restrict use of such information to authorized users. 42 U.S.C. § 653(m)(2). The collection of information from an individual registering to use the FPLS Child Support Services Portal for the purpose of authenticating the individual’s identity will enhance the ability of OCSE to comply with this requirement.


12


File Typeapplication/msword
File TitleNATIONAL DIRECTORY OF NEW HIRES
AuthorMichelle Carpenter
Last Modified ByOCSE
File Modified2009-07-21
File Created2009-07-21

© 2024 OMB.report | Privacy Policy