Notice of Request for Approval of an Information Collection; National Animal Health Monitoring System; Data Security Requirements for Accessing Confidential Data

Issuing agencies

Abstract

In accordance with the Paperwork Reduction Act of 1995, this notice announces the Animal and Plant Health Inspection Service's (APHIS') intention to request approval of a new information collection associated with the National Animal Health Monitoring System's (NAHMS') data security requirements when providing access to confidential data. NAHMS' data security agreements and other paperwork along with the corresponding security protocols allow NAHMS to maintain careful controls on confidentiality and privacy, as required by law.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 160 (Monday, August 19, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 160 (Monday, August 19, 2024)]
[Notices]
[Pages 67058-67061]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-18514]


-----------------------------------------------------------------------

DEPARTMENT OF AGRICULTURE

Animal and Plant Health Inspection Service

[Docket No. APHIS-2024-0031]


Notice of Request for Approval of an Information Collection; 
National Animal Health Monitoring System; Data Security Requirements 
for Accessing Confidential Data

AGENCY: Animal and Plant Health Inspection Service, USDA.

ACTION: New information collection; comment request.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Paperwork Reduction Act of 1995, this 
notice announces the Animal and Plant Health Inspection Service's 
(APHIS')

[[Page 67059]]

intention to request approval of a new information collection 
associated with the National Animal Health Monitoring System's (NAHMS') 
data security requirements when providing access to confidential data. 
NAHMS' data security agreements and other paperwork along with the 
corresponding security protocols allow NAHMS to maintain careful 
controls on confidentiality and privacy, as required by law.

DATES: We will consider all comments that we receive on or before 
October 18, 2024.
    Comments: Comments are invited on (a) whether the proposed 
collection of information is necessary for the proper performance of 
the functions of the National Animal Health Monitoring System (NAHMS), 
including whether the information will have practical utility; (b) the 
accuracy of NAHMS' estimate of the burden of the proposed collection of 
information; (c) ways to enhance the quality, use, and clarity of the 
information on respondents, including through the use of automated 
collection techniques or other forms of information technology; and (d) 
ways to minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology.

ADDRESSES: You may submit comments by either of the following methods:
    <bullet> Federal eRulemaking Portal: Go to <a href="http://www.regulations.gov">www.regulations.gov</a>. 
Enter APHIS-2024-0031 in the Search field. Select the Documents tab, 
then select the Comment button in the list of documents.
    <bullet> Postal Mail/Commercial Delivery: Send your comment to 
Docket No. APHIS-2024-0031, Regulatory Analysis and Development, PPD, 
APHIS, Station 3A-03.8, 4700 River Road, Unit 118, Riverdale, MD 20737-
1238.
    Any comments we receive on this docket may be viewed at 
<a href="http://regulations.gov">regulations.gov</a> or in our reading room, which is located in room 1620 
of the USDA South Building, 14th Street and Independence Avenue SW, 
Washington, DC. Normal reading room hours are 8 a.m. to 4:30 p.m., 
Monday through Friday, except holidays. To be sure someone is there to 
help you, please call (202) 799-7039 before coming.

FOR FURTHER INFORMATION CONTACT: For information on the NAHMS SAP Data 
Security Requirements, contact Ms. Nia Washington-Plaskett, Program 
Analyst, Center for Epidemiology and Animal Health, VS, APHIS, 2150 
Centre Ave., Bldg. B, Fort Collins, CO 80524; (866) 907-8190; email: 
<a href="/cdn-cgi/l/email-protection#d6b8bfb7f8a1b7a5bebfb8b1a2b9b8fba6bab7a5bdb3a2a296a3a5b2b7f8b1b9a0"><span class="__cf_email__" data-cfemail="67090e06491006140f0e09001308094a170b06140c021313271214030649000811">[email&#160;protected]</span></a> or <a href="/cdn-cgi/l/email-protection#9ceaefb2efecb2fff9fdf4b2ecfff5dce9eff8fdb2fbf3ea"><span class="__cf_email__" data-cfemail="4e383d603d3e602d2b2f26603e2d270e3b3d2a2f60292138">[email&#160;protected]</span></a>. For more 
detailed information on the information collection process, contact Mr. 
Joseph Moxey, APHIS' Paperwork Reduction Act Coordinator, at (301) 851-
2533 or email: <a href="/cdn-cgi/l/email-protection#fc96938f998c94d29193849985bc898f989dd29b938a"><span class="__cf_email__" data-cfemail="d4bebba7b1a4bcfab9bbacb1ad94a1a7b0b5fab3bba2">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: 
    Title: National Animal Health Monitoring System; Data Security 
Requirements for Accessing Confidential Data.
    OMB Control Number: 0579-XXXX.
    Type of Request: Approval of a new information collection to 
collect information from the public to fulfill the Animal and Plant 
Health Inspection Service's National Animal Health Monitoring System's 
security requirements prior to allowing individuals to access 
confidential data assets for the purposes of building evidence.
    Abstract: Title III of the Foundations for Evidence-Based 
Policymaking Act of 2018 (hereafter referred to as the Evidence Act) 
mandates that the Office of Management and Budget (OMB) establish a 
Standard Application Process (SAP) for requesting access to certain 
confidential data assets. Specifically, the Evidence Act requires OMB 
to establish a common application process through which agencies, the 
Congressional Budget Office, State, local, and Tribal governments, 
researchers, and other individuals, as appropriate, may apply for 
access to confidential data assets collected, accessed, or acquired by 
a Federal statistical agency or unit. This new process will be 
implemented while maintaining stringent controls to protect 
confidentiality and privacy, as required by law.
    The Evidence Act requires that each statistical agency or unit 
establish an identical application process. The Evidence Act further 
requires that Federal statistical agencies establish common criteria 
for determining whether to approve an application for confidential 
data, timeframes for prompt determination, an appeals process for 
adverse determinations, and standards for transparency. In response to 
these requirements, the statistical agencies and units will operate a 
web-based portal (referred to as the SAP Portal) on behalf of OMB to 
provide the common application form to applicants. The objective of the 
SAP Portal is to increase public access to confidential data for the 
purposes of evidence building and reduce the burden of applying for 
confidential data, which currently involves separate processes with 
each of the Federal statistical agencies and units. Data discovery, the 
SAP application process, and the submission for review are planned to 
take place within the web-based SAP Portal as described below.
    Data collected, accessed, or acquired by the Federal statistical 
agencies and units is vital for developing evidence on conditions, 
characteristics, and behaviors of the public and on the operations and 
outcomes of public programs and policies. This evidence can benefit the 
stakeholders in the programs, the broader public, as well as 
policymakers and program managers at the local, State, Tribal, and 
National levels. The many benefits of access to data for evidence 
building notwithstanding, the U.S. Department of Agriculture's 
(USDA's), Animal and Plant Health Inspection Service's (APHIS'), 
National Animal Health Monitoring System (NAHMS) is required by law to 
maintain careful controls that allow it to minimize disclosure risk 
while protecting confidentiality and privacy. The fulfillment of NAHMS' 
data security requirements places a degree of burden on the public, 
which is outlined further in this notice.
    The SAP Portal is a web-based application for the public to request 
access to confidential data assets from the Federal statistical 
agencies and units. The objective of the SAP Portal is to increase 
public access to confidential data for the purposes of evidence 
building and reduce the burden of applying for confidential data. Once 
an individual's application in the SAP Portal has received a positive 
determination, the data-owning agency(ies) or unit(s) will begin the 
process of collecting information to fulfill their data security 
requirements.
    The paragraphs below outline the SAP Policy, the steps to complete 
an application through the SAP Portal, and the process for agencies, 
such as APHIS, to collect information fulfilling their data security 
requirements.

The SAP Policy

    At the recommendation of the Interagency Council on Statistical 
Policy (ICSP), the SAP Policy establishes the SAP to be implemented by 
the Federal statistical agencies and units and incorporates directives 
from the Evidence Act. The policy is intended to provide guidance as to 
the application and review processes using the SAP Portal, setting 
forth clear standards that enable Federal statistical agencies and 
units to implement a common application form and a uniform review 
process. The SAP Policy was submitted

[[Page 67060]]

to the public for comment in January 2022 (87 FR 2459). The policy was 
finalized and published on December 8, 2022.\1\
---------------------------------------------------------------------------

    \1\ <a href="https://www.whitehouse.gov/wp-content/uploads/2022/12/M-23-04.pdf">https://www.whitehouse.gov/wp-content/uploads/2022/12/M-23-04.pdf</a>.
_____________________________________-

The SAP Portal

    The SAP Portal is an application interface connecting applicants 
seeking data with a catalog of data assets owned by the Federal 
statistical agencies and units and is hosted at 
<a href="http://www.researchdatagov.org">www.researchdatagov.org</a>. The SAP Portal is not a new data repository or 
warehouse; confidential data assets will continue to be stored in 
secure data access facilities owned and hosted by the Federal 
statistical agencies and units. The SAP Portal will provide a 
streamlined application process across agencies, reducing redundancies 
in the application process. This single SAP Portal will improve the 
process for applicants, tracking and communicating the application 
process throughout its lifecycle. This reduces redundancies and burden 
on applicants who request access to data from multiple agencies. The 
SAP Portal will automate key tasks to save resources and time and will 
bring agencies into compliance with the Evidence Act statutory 
requirements.

Data Discovery

    Individuals begin the process of accessing restricted use data by 
discovering confidential data assets through the SAP data catalog, 
maintained by Federal statistical agencies at <a href="http://www.researchdatagov.org">www.researchdatagov.org</a>. 
Potential applicants can search by agency, topic, or keyword to 
identify data of interest or relevance. Once they have identified data 
of interest, applicants can view metadata outlining the title, 
description or abstract, scope and coverage, and detailed methodology 
related to a specific data asset to determine its relevance to their 
research.
    While Federal statistical agencies and units shall endeavor to 
include metadata in the SAP data catalog on all confidential data 
assets for which they accept applications, it may not be feasible to 
include metadata for some data assets (e.g., potential curated versions 
of administrative data). A Federal statistical agency or unit may still 
accept an application through the SAP Portal even if the requested data 
asset is not listed in the SAP data catalog.

SAP Application Process

    Individuals who have identified and wish to access confidential 
data assets are able to apply for access through the SAP Portal, which 
was released to the public in late 2022 (<a href="http://www.researchdatagov.org">www.researchdatagov.org</a>). 
Applicants must create an account and follow all steps to complete the 
application. Applicants begin by entering their personal, contact, and 
institutional information, as well as the personal, contact, and 
institutional information of all individuals on their research team. 
Applicants proceed to provide summary information about their proposed 
project, to include project title, duration, funding, timeline, and 
other details including the data asset(s) they are requesting and any 
proposed linkages to data not listed in the SAP data catalog, including 
non-Federal data sources. Applicants then proceed to enter detailed 
information regarding their proposed project, including a project 
abstract, research question(s), literature review, project scope, 
research methodology, project products, and anticipated output. 
Applicants must demonstrate a need for confidential data, outlining why 
their research question cannot be answered using publicly available 
information.

Submission for Review

    Upon submission of their application, applicants will receive a 
notification that their application has been received and is under 
review by the data-owning agency or agencies (in the event where data 
assets are requested from multiple agencies). At this point, applicants 
will also be notified that application approval does not alone grant 
access to confidential data, and that, if approved, applicants must 
comply with the data-owning agency's security requirements outside of 
the SAP Portal, which may include a background check.
    In accordance with the Evidence Act and the direction of the ICSP, 
Federal agencies will approve or reject an application within a prompt 
timeframe. In some cases, Federal agencies may determine that 
additional clarity, information, or modification is needed and request 
the applicant to ``revise and resubmit'' their application.
    Data discovery, the SAP application process, and the submission for 
review are planned to take place within the web-based SAP Portal. As 
noted above, the notice announcing plans to collect information through 
the SAP Portal was published separately in the Federal Register (87 FR 
53793-53795) \2\ on September 1, 2022. (See footnote 1 for more 
information about the SAP Policy.)
---------------------------------------------------------------------------

    \2\ <a href="https://www.regulations.gov/document/NSF_FRDOC_0001-2997">https://www.regulations.gov/document/NSF_FRDOC_0001-2997</a>.
---------------------------------------------------------------------------

Access to Restricted Use Data

    In the event of a positive determination, the applicant will be 
notified that their proposal has been accepted. The positive or final 
adverse determination concludes the SAP Portal process. In the instance 
of a positive determination, the data-owning agency (or agencies) will 
contact the applicant to provide instructions on the agency's security 
requirements that must be completed to gain access to the confidential 
data. The completion and submission of the agency's security 
requirements will take place outside of the SAP Portal.

Collection of Information for Data Security Requirements

    In the instance of a positive determination for an application 
requesting access to NAHMS-owned confidential data asset, NAHMS will 
contact the applicant(s) to initiate the process of collecting 
information to fulfill its data security requirements. This process 
allows NAHMS to place the applicant(s) in a trusted access category and 
includes the collection of the following information from applicant(s):
    <bullet> Training requirements:
    [cir] For datasets owned by NAHMS, completion of a NAHMS Data 
Access Security Briefing, which will include CIPSEA Training and a 
NAHMS CIPSEA Quiz will be required prior to accessing the restricted 
use data. CIPSEA stands for Confidential Information Protection and 
Statistical Efficiency Act of 2018, Title III of Public Law 115-435, 
codified in 44 U.S.C. Ch. 35.
    [cir] For datasets owned by USDA's National Agricultural Statistics 
Service (NASS) and NAHMS, NASS personnel will provide a NASS Data 
Access Security Briefing to all applicants who were approved access to 
restricted use data. The briefing will include information on CIPSEA 
and other applicable Federal laws that protect the restricted use data 
as well as preparing and submitting disclosure reviews.
    [cir] For datasets owned by NASS and NAHMS, applicants will be 
provided with the USDA NASS Data Lab Handbook that explains the 
policies and procedures associated with accessing unpublished NASS data 
in a NASS Data Lab (including data enclaves). Each researcher approved 
to access unpublished NASS data is required to sign the NASS ADM-044: 
User Attestation to acknowledge they were provided with the USDA NASS 
Data Lab Handbook and agree to abide by its provisions.
    <bullet> Appointment of agency:

[[Page 67061]]

    [cir] Applicants will complete and sign the NAHMS Agent Agreement 
form. This form appoints the approved applicant as an agent of NAHMS, 
specifies the data to which the agreement applies and the conditions by 
which the agent must adhere to protect the confidentiality of the data, 
provides citations and excerpts from applicable laws under which data 
are protected, and requires a signature by the applicant.
    [cir] For datasets owned by NASS and NAHMS, the applicants will 
complete and sign the NASS ADM-043: Certification and Restrictions on 
Use of Unpublished Data. This form is required to be signed by 
researchers who have been approved to access unpublished NASS data. The 
form contains excerpts of the various laws that apply to the 
unpublished data being provided to the applicant. The form explains the 
restrictions associated with the unpublished data and includes a place 
for the applicant to sign the form, thereby acknowledging the 
restrictions and agreeing to abide by them.
    <bullet> Physical or virtual Data Lab security requirement:
    [cir] If physical Data Lab access is requested, the applicant will 
be required to take the NAHMS Data Lab Training and USDA Information 
Security Awareness Training. The NAHMS Data Lab Training outlines the 
processes and procedures regarding gaining access to, working within, 
and requesting output from the physical NAHMS Data Lab in Fort Collins, 
CO, and the USDA Information Security Awareness Training is required of 
all personnel who are given access to USDA information technology 
systems.
    [cir] If virtual enclave access is requested, the applicant will be 
required to complete a site inspection with NAHMS personnel (using the 
NAHMS Site Inspection Checklist) or NASS personnel (using the NASS ADM-
045: Site Inspection Checklist), which gathers information about the 
physical environment and the computer that the applicant will use to 
gain access to the virtual enclave.
    Note that the training requirements and security agreements listed 
above are for researchers requesting access to NAHMS-owned data or NASS 
and NAHMS co-owned data. The burden and cost estimates associated with 
this information collection request (ICR) account for both. NAHMS and 
NASS have agreed to report the burden and cost estimates for the NASS 
activities above under this ICR, and the NASS activities will be merged 
into the NASS ICR (0535-0274) upon its next renewal.
    We are asking OMB to approve our use of this information collection 
activity for 3 years.
    The purpose of this notice is to solicit comments from the public 
(as well as affected agencies) concerning our information collection. 
These comments will help us:
    (1) Evaluate whether the collection of information is necessary for 
the proper performance of the functions of the Agency, including 
whether the information will have practical utility;
    (2) Evaluate the accuracy of our estimate of the burden of the 
collection of information, including the validity of the methodology 
and assumptions used;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, through use, as appropriate, of automated, 
electronic, mechanical, and other collection technologies; e.g., 
permitting electronic submission of responses.
    Estimate of burden: The public burden for this collection of 
information is estimated to average 0.50 hours per response.
    Respondents: State, local, and Tribal governments, researchers, and 
other individuals, as appropriate.
    Estimated annual number of respondents: 10.
    Estimated annual number of responses per respondent: 6.
    Estimated annual number of responses: 52.
    Estimated total annual burden on respondents: 26 hours. (Due to 
averaging, the total annual burden hours may not equal the product of 
the annual number of responses multiplied by the reporting burden per 
response.)
    All responses to this notice will be summarized and included in the 
request for OMB approval. All comments will also become a matter of 
public record.

    Done in Washington, DC, this 14th day of August, 2024.
Michael Watson,
Administrator, Animal and Plant Health Inspection Service.
[FR Doc. 2024-18514 Filed 8-16-24; 8:45 am]
BILLING CODE 3410-34-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>