View Information Collection Request (ICR) Package
Skip to main content
An official website of the United States government
The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Search:
Agenda
Reg Review
ICR
This script is used to control the display of information in this page.
Display additional information by clicking on the following:
All
Brief and OIRA conclusion
Abstract/Justification
Legal Statutes
Rulemaking
FR Notices/Comments
IC List
Burden
Misc.
Common Form Info.
Certification
View Information Collection (IC) List
View Supporting Statement and Other Documents
Please note that the OMB number and expiration date may not have been determined when this Information Collection Request and associated Information Collection forms were submitted to OMB. The approved OMB number and expiration date may be found by clicking on the Notice of Action link below.
View ICR - OIRA Conclusion
OMB Control No:
0960-0789
ICR Reference No:
201105-0960-011
Status:
Historical Active
Previous ICR Reference No:
Agency/Subagency:
SSA
Agency Tracking No:
Title:
SSA's Public Credentialing and Authentication Process
Type of Information Collection:
New collection (Request for a new OMB Control Number)
Common Form ICR:
No
Type of Review Request:
Regular
OIRA Conclusion Action:
Approved without change
Conclusion Date:
09/30/2011
Retrieve Notice of Action (NOA)
Date Received in OIRA:
08/01/2011
Terms of Clearance:
Inventory as of this Action
Requested
Previously Approved
Expiration Date
09/30/2014
36 Months From Approved
Responses
23,700,000
0
0
Time Burden (Hours)
3,160,000
0
0
Cost Burden (Dollars)
0
0
0
Abstract:
The Social Security Administration (SSA)is introducing a stronger citizen authentication process that will enable a new user experience and access to more electronic services. Authentication is the foundation for secure, online transactions. Identity authentication is the process of determining, with confidence, that someone is who he or she claims to be during a remote, automated session. It comprises three distinct factors: something you know, something you have, and something you are . Single-factor authentication uses one of the factors, and multi-factor authentication uses two or more of the factors. Social Security's new process features credential issuance, account management, and single- and multi-factor authentication. With this process, we are working towards offering consistent authentication across Social Security's secured online services, and eventually, Social Security's automated telephone services. We will allow our users to maintain one User ID, which will consist of a self-selected Username and Password, to access multiple Social Security electronic services. This new process provides the means for authenticating users of Social Security's sensitive electronic services and streamlines access to those services. SSA's new process will include the following key components: registration and identity verification; enhancement of the user ID; as well as authentication. The registration process is a one-time activity for the respondents. After the respondents register and receive their User ID (Username & Password), they will log in with their User ID each time they access SSA's online services. SSA will use this collection of identity proofing and authentication information to verify the identity of the individuals attempting to access our automated services. After we verify individuals' identities, we allow them to create a credential (Username and Password) they can use to log into and gain access to our automated services. We will also allow them to chose a second factor authentication credential. SSA will ask for an individual's personal information, which may include: Name, SSN, Date of Birth, Address, Telephone number, Email address, Financial information, Cell phone number, Responses to Out-of-Wallet Questions (multiple choice format questions keyed to specific data that identity thieves will not be able to answer), and Password Reset Questions. This collection of information, or a subset of it, is required for respondents who want to do business with Social Security via the Internet or automated 800 number. We will collect this information via the Internet, on SSA's public-facing website. We also offer an in-person identification verification process for individuals who cannot, or are not willing to, register online. We do not ask for financial information with the in-person process. In addition, if individuals opt for the enhanced, or upgraded, account, they will also receive a text message on their cell phones (this serves as the second factor for authentication) each time they log into SSA's online services. This new authentication strategy will provide a user-friendly way for the public to conduct extended business with Social Security online instead of visiting the local servicing office or requesting information over the phone. Individuals will have real time access to their sensitive Social Security information in a safe and secured web environment. The respondents are individuals who choose to use the Internet or Automated Telephone Response System to conduct business with SSA.
Authorizing Statute(s):
US Code:
5 USC 552a
Name of Law: The Privacy Act of 1974
US Code:
5 USC 552
Name of Law: Freedom of Information Act
US Code:
42 USC 405
Name of Law: The Social Security Act
US Code:
26 USC 6103(l)(1)(A)
Name of Law: Internal Revenue Code
PL:
Pub.L. 107 - 347 301
Name of Law: E-Government Act of 2002
Citations for New Statutory Requirements:
None
Associated Rulemaking Information
RIN:
Stage of Rulemaking:
Federal Register Citation:
Date:
Not associated with rulemaking
Federal Register Notices & Comments
60-day Notice:
Federal Register Citation:
Citation Date:
76 FR 31671
06/01/2011
30-day Notice:
Federal Register Citation:
Citation Date:
76 FR 45902
08/01/2011
Did the Agency receive public comments on this ICR?
No
Number of Information Collection (IC) in this ICR:
2
IC Title
Form No.
Form Name
In-Person (Intranet) Requestors
Internet Requestors
ICR Summary of Burden
Total Approved
Previously Approved
Change Due to New Statute
Change Due to Agency Discretion
Change Due to Adjustment in Estimate
Change Due to Potential Violation of the PRA
Annual Number of Responses
23,700,000
0
0
23,700,000
0
0
Annual Time Burden (Hours)
3,160,000
0
0
3,160,000
0
0
Annual Cost Burden (Dollars)
0
0
0
0
0
0
Burden increases because of Program Change due to Agency Discretion:
Yes
Burden Increase Due to:
Miscellaneous Actions
Burden decreases because of Program Change due to Agency Discretion:
No
Burden Reduction Due to:
Short Statement:
This new information collection will increase the public reporting burden. See ICR Summary of Burden section above for estimated burden figures.
Annual Cost to Federal Government:
$7,475,012
Does this IC contain surveys, censuses, or employ statistical methods?
No
Is the Supporting Statement intended to be a Privacy Impact Assessment required by the E-Government Act of 2002?
No
Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]?
No
Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]?
No
Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)?
No
Is this ICR related to the Pandemic Response?
Uncollected
Agency Contact:
Faye Lipsky 410 965-8783 faye.lipsky@ssa.gov
Common Form ICR:
No
On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
(a) It is necessary for the proper performance of agency functions;
(b) It avoids unnecessary duplication;
(c) It reduces burden on small entities;
(d) It uses plain, coherent, and unambiguous language that is understandable to respondents;
(e) Its implementation will be consistent and compatible with current reporting and recordkeeping practices;
(f) It indicates the retention periods for recordkeeping requirements;
(g) It informs respondents of the information called for under 5 CFR 1320.8 (b)(3) about:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control number;
(h) It was developed by an office that has planned and allocated resources for the efficient and effective management and use of the information to be collected.
(i) It uses effective and efficient statistical survey methodology (if applicable); and
(j) It makes appropriate use of information technology.
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
Certification Date:
08/01/2011
An official website of the United States government
The .gov means it's official.
The site is secure.
