Justification for the Non-Substantive Changes for
Social Security Administration’s Public Credentialing and Authentication Process
20 CFR 401.45 & 20 CFR 402
OMB No. 0960-0789
Background
Since we established it in May of 2012, SSA uses the Social Security Administration’s Public Credentialing and Authentication Process (hereafter-called “electronic access”) to provide a secure, centralized gateway to Social Security’s public-facing electronic services. We currently allow users to register both through our eAccess Internet process, and through a personal interview process using the Registration and Customer Support (RCS) screens for in-person or telephone interviews.
Due to the current COVID-19 situation, we are unable to conduct in-person interviews using RCS, and can only conduct the telephone interviews. Our current RCS process requires face‑to‑face transactions when we require higher level of confidence in the respondent’s identity. To alleviate that need, effective September 26, 2020 we are implementing a new function available in RCS for telephone users. This allows RCS users to verify and confirm a customer’s mailing address, email address, or mobile phone number externally with an Identity Services Provider (ISP). Using the new function, prior to processing a transaction where we require a higher level of confidence in the customer's identity, we will issue and verify a confirmation code. This new function allows customers who would otherwise have to complete the transaction face-to-face in a field office the ability to obtain assistance over the phone.
SSA will provide the customer a confirmation code if we can verify the address. The customer will then contact SSA to enter the confirmation code into RCS. Such verification provides us with a higher level of confidence in the customer’s identity.
As always, we continue to update authentication requirements for my Social Security customers to ensure continued security and to enhance the system. We are also making the above changes to allow the agency to move towards compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-63-3 guidelines.
Revisions to the Collection Instrument
Change #1: We will collect a customer’s physical or digital address (email address or cell phone number) in Registration and Customer Support (RCS) for verification using an ISP.
Justification #1: This enhancement improves security for our users, and allows us to remove the need for in-person transactions.
Change #2: We will issue a confirmation code to the customer for verification.
Justification #2: This verification provides us with a higher level of confidence in the customer’s identity, and allows us to remove the need for in-person transactions.
Change #3: We will also have the ability to cancel an existing confirmation code.
Justification #3: This enhancement improves security for our users.
We will implement these revisions on September 26, 2020, after OMB approves them. These revisions will not affect the current burden for this collection.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |