82 FR 58475 - Privacy Act of 1974; System of Records
DEPARTMENT OF STATE Federal Register Volume 82, Issue 237 (December 12, 2017)
Federal Register Volume 82, Issue 237 (December 12, 2017)
| Page Range | 58475-58477 | |
| FR Document | 2017-26750 |
[Federal Register Volume 82, Number 237 (Tuesday, December 12, 2017)] [Notices] [Pages 58475-58477] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2017-26750] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF STATE [Public Notice: 10225] Privacy Act of 1974; System of Records AGENCY: Department of State. ACTION: Notice of a Modified System of Records. ----------------------------------------------------------------------- SUMMARY: This System of Records compiles information about Department of State user accounts to monitor and control access to Department of State networks and computer systems. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records takes effect upon publication, with the exception of the routine uses (a) and (b) that are subject to a 30-day period during which interested persons may submit comments to the Department. Please submit any comments by January 11, 2018. ADDRESSES: Questions can be submitted by mail or email. If mail, please write to: U.S. Department of State; Office of Global Information Systems, Privacy Staff; A/GIS/PRV; SA-2, Suite 8100; Washington, DC 20522-0208. If email, please address the email to the Chief Privacy Officer, Margaret P. Grafeld, at [email protected]. Please write ``Network User Account Records, State-56'' on the envelope or the subject line of your email. FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy Officer; U.S. Department of State; Office of Global Information Services, A/GIS/PRV; SA-2, Suite 8100; Washington, DC 20522-0208 or 202-261-8300. SUPPLEMENTARY INFORMATION: The purpose of this modification is to make substantive and administrative changes to the previously published notice. This notice modifies the following sections of State-56, Network User Account Records: System Location, Categories of Individuals, Routine Uses, Storage, Safeguards. In addition, this notice makes administrative updates to the following sections: Policies and Procedures for Retrieval of Records, Record Access Procedures, Notification Procedures, and History. These changes reflect the Department's move to cloud storage, new OMB guidance, access by contractors, updated contact information, and a notice publication history. SYSTEM NAME AND NUMBER: Network User Account Records, State-56. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Department of State (``Department''), located at 2201 C Street NW, Washington, DC 20520, and within a government cloud provided, implemented, and overseen by the Department's Enterprise Server Operations Center (ESOC), 2201 C Street NW, Washington, DC 20520. SYSTEM MANAGER(S): Chief Information Officer, Bureau of Information Resource Management, Department of State, 2201 C Street, NW, Washington, DC 20520 and can be reached at either [email protected] or (202) 647-2000. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 5 U.S.C. 301; 44 U.S.C. 3544. PURPOSE(S) OF THE SYSTEM: To administer Department network user accounts; to help document and/or control access to computer systems, platforms, services, applications, and databases within a Department network and Department- authorized cloud services and applications; to monitor security of computer systems; to investigate and make referrals for disciplinary or other actions if unauthorized access or inappropriate usage is suspected or detected; and to identify the need for training programs. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Department of State employees and other organizational users (examples include eligible family members, locally employed staff, contractors, and personal services contractors) who have access to Department of State computer networks and access to cloud computing applications that are authorized for processing Department information. The Privacy Act defines an individual at 5 U.S.C.552a(a)(2) as a United States citizen or lawful permanent resident. CATEGORIES OF RECORDS IN THE SYSTEM: This system of records consists of the network and application user account records that Department information technology systems, applications, and services compile and maintain about users of a network and application. These records include user data such as the user's name, system-assigned username; email address; employee or other user identification number; organization code; job title; business affiliation; work contact information; systems, applications, or services to which the individual has access; systems, applications, or services used; dates, times, and durations of use; profile photo; user profile; and IP address of access. The records also include system usage files and directories when they contain information about specific users. RECORD SOURCE CATEGORIES: Individuals about whom the network user account record is maintained; information technology systems, applications, and services within a Department network that record usage by individuals assigned a user account on that network. [[Page 58476]] ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: Records may be disclosed: (a) To appropriate agencies, entities, and persons when (1) the Department of State suspects or has confirmed that there has been a breach of the system of records; (2) the Department of State has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department of State (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department of State efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (b) To another Federal agency or Federal entity, when the Department of State determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. The Department of State periodically publishes in the Federal Register its standard routine uses which apply to many of its Privacy Act systems of records. These notices appear in the form of a Prefatory Statement (published in Volume 73, Number 136, Public Notice 6290, on July 15, 2008). All these standard routine uses apply to Network User Account Records, State-56. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are stored both in hard copy and on electronic media. A description of standard Department of State policies concerning storage of electronic records is found in the Department's Foreign Affairs Manual (https://fam.state.gov/FAM/05FAM/05FAM0440.html). All hard copies of records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are indexed by the name; system-assigned username; email address; or other searchable data fields or codes. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records maintained in this system of records are generally destroyed three to six years after the user account is terminated. These records are retired and destroyed in accordance with published Department of State Records Disposition Schedules as approved by the National Archives and Records Administration (NARA), and a complete list of the Department's schedules can be found on our Freedom of Information Act (FOIA) program's website (https://foia.state.gov/Learn/RecordsDisposition.aspx). More specific information may be obtained by writing to the following address: Director, Office of Information Programs and Services, A/GIS/IPS; SA-2, Department of State; 515 22nd Street NW, Washington, DC 20522-8100. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: All users are given cyber security awareness training that covers the procedures for handling Sensitive but Unclassified information, including personally identifiable information (PII). Annual refresher training is mandatory. In addition, all Foreign Service and Civil Service employees and those Locally Engaged Staff who handle PII are required to take the Foreign Service Institute distance learning course instructing employees on privacy and security requirements, including the rules of behavior for handling PII and the potential consequences if it is handled improperly. Access to the Department of State, its annexes and posts abroad is controlled by security guards and admission is limited to those individuals possessing a valid identification card or individuals under proper escort. While the majority of records covered in the Network User Account Records are electronic, all paper records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel. Access to computerized files is password-protected and under the direct supervision of the system manager. The system manager has the capability of printing audit trails of access from the computer media, thereby permitting regular and ad hoc monitoring of computer usage. When it is determined that a user no longer needs access, the user account is disabled. Before being granted access to Network User Account Records, a user must first be granted access to the Department of State computer system. Remote access to the Department of State network from non- Department owned systems is authorized only through a Department approved access program. Remote access to the network is configured with the authentication requirements contained in the Office of Management and Budget Circular Memorandum A-130. All Department of State employees and contractors with authorized access have undergone a background security investigation. The Department of State will store records maintained in this system of records in cloud systems. All cloud systems that provide IT services and process Department of State information must be authorized to operate by the Department of State Authorizing Official and Senior Agency Official for Privacy. Only information that conforms with Department-specific definitions for FISMA low or moderate categorization are permissible for cloud usage unless specifically authorized by the Department's Cloud Computing Governance Board. Prior to operation, all Cloud systems must comply with applicable security measures that are outlined in FISMA, FedRAMP, OMB guidance, NIST Federal Information Processing Standards (FIPS) and Special Publications, and Department of State policy and standards. RECORD ACCESS PROCEDURES: Individuals who wish to gain access to or to amend records pertaining to themselves should write to U.S. Department of State; Director, Office of Information Programs and Services; A/GIS/IPS; SA-2, Suite 8100; Washington, DC 20522-0208. The individual must specify that he or she wishes the Network User Account Records to be checked. At a minimum, the individual must include: Full name (including maiden name, if appropriate) and any other names used; current mailing address and zip code; date and place of birth; notarized signature or statement under penalty of perjury; a brief description of the circumstances that caused the creation of the record (including the city and/or country and the approximate dates) which gives the individual cause to believe that the Network User Account Records include records pertaining to him or her. Detailed instructions on Department of State procedures for accessing and amending records can be found at the Department's FOIA website (https://foia.state.gov/Request/Guide.aspx). CONTESTING RECORD PROCEDURES: Individuals who wish to contest record procedures should write to U.S. Department of State; Director, Office of Information Programs and Services; A/ [[Page 58477]] GIS/IPS; SA-2, Suite 8100; Washington, DC 20522-0208. NOTIFICATION PROCEDURES: Individuals who have reason to believe that this system of records may contain information pertaining to them may write to U.S. Department of State; Director, Office of Information Programs and Services; A/GIS/ IPS; SA-2, Suite 8100; Washington, DC 20522-0208. The individual must specify that he or she wishes the Network User Account Records to be checked. At a minimum, the individual must include: Full name (including maiden name, if appropriate) and any other names used; current mailing address and zip code; date and place of birth; notarized signature or statement under penalty of perjury; a brief description of the circumstances that caused the creation of the record (including the city and/or country and the approximate dates) which gives the individual cause to believe that the Network User Account Records include records pertaining to him or her. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: This SORN was previously published at 75 FR 7210. Mary R. Avery, Senior Agency Official for Privacy, Senior Advisor, Office of Global Information Services, Bureau of Administration, Department of State. [FR Doc. 2017-26750 Filed 12-11-17; 8:45 am] BILLING CODE 4710-24-P
![Federal Register / Vol. 82, No. 237 / Tuesday, December 12, 2017 / Notices 58475
Commission, 100 F Street NE, control access to Department of State Department of State, 2201 C Street, NW,
Washington, DC 20549–1090. networks and computer systems. Washington, DC 20520 and can be
All submissions should refer to File DATES: In accordance with 5 U.S.C. reached at either ITServiceCenter@
Number SR–NYSE–2017–42. This file 552a(e)(4) and (11), this system of state.gov or (202) 647–2000.
number should be included on the records takes effect upon publication,
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
subject line if email is used. To help the with the exception of the routine uses
Commission process and review your (a) and (b) that are subject to a 30-day 5 U.S.C. 301; 44 U.S.C. 3544.
comments more efficiently, please use period during which interested persons PURPOSE(S) OF THE SYSTEM:
only one method. The Commission will may submit comments to the
Department. Please submit any To administer Department network
post all comments on the Commission’s
comments by January 11, 2018. user accounts; to help document and/or
internet website (http://www.sec.gov/
ADDRESSES: Questions can be submitted
control access to computer systems,
rules/sro.shtml). Copies of the
by mail or email. If mail, please write to: platforms, services, applications, and
submission, all subsequent
U.S. Department of State; Office of databases within a Department network
amendments, all written statements
Global Information Systems, Privacy and Department-authorized cloud
with respect to the proposed rule
Staff; A/GIS/PRV; SA–2, Suite 8100; services and applications; to monitor
change that are filed with the
Washington, DC 20522–0208. If email, security of computer systems; to
Commission, and all written
please address the email to the Chief investigate and make referrals for
communications relating to the
Privacy Officer, Margaret P. Grafeld, at disciplinary or other actions if
proposed rule change between the
Privacy@state.gov. Please write unauthorized access or inappropriate
Commission and any person, other than
‘‘Network User Account Records, State- usage is suspected or detected; and to
those that may be withheld from the
56’’ on the envelope or the subject line identify the need for training programs.
public in accordance with the
provisions of 5 U.S.C. 552, will be of your email. CATEGORIES OF INDIVIDUALS COVERED BY THE
available for website viewing and FOR FURTHER INFORMATION CONTACT: SYSTEM:
printing in the Commission’s Public Margaret P. Grafeld, Chief Privacy Department of State employees and
Reference Room, 100 F Street NE, Officer; U.S. Department of State; Office other organizational users (examples
Washington, DC 20549 on official of Global Information Services, A/GIS/ include eligible family members, locally
business days between the hours of PRV; SA–2, Suite 8100; Washington, DC employed staff, contractors, and
10:00 a.m. and 3:00 p.m. Copies of the 20522–0208 or 202–261–8300. personal services contractors) who have
filing also will be available for SUPPLEMENTARY INFORMATION: The access to Department of State computer
inspection and copying at the principal purpose of this modification is to make networks and access to cloud computing
office of the Exchange. All comments substantive and administrative changes applications that are authorized for
received will be posted without change. to the previously published notice. This processing Department information. The
Persons submitting comments are notice modifies the following sections of Privacy Act defines an individual at 5
cautioned that we do not redact or edit State-56, Network User Account U.S.C.552a(a)(2) as a United States
personal identifying information from Records: System Location, Categories of citizen or lawful permanent resident.
comment submissions. You should Individuals, Routine Uses, Storage,
submit only information that you wish Safeguards. In addition, this notice CATEGORIES OF RECORDS IN THE SYSTEM:
to make available publicly. All makes administrative updates to the This system of records consists of the
submissions should refer to File following sections: Policies and network and application user account
Number SR–NYSE–2017–42 and should Procedures for Retrieval of Records, records that Department information
be submitted on or before January 2, Record Access Procedures, Notification technology systems, applications, and
2018. Procedures, and History. These changes services compile and maintain about
For the Commission, by the Division of reflect the Department’s move to cloud users of a network and application.
Trading and Markets, pursuant to delegated storage, new OMB guidance, access by These records include user data such as
authority.10 contractors, updated contact the user’s name, system-assigned
Eduardo A. Aleman, information, and a notice publication username; email address; employee or
Assistant Secretary. history. other user identification number;
[FR Doc. 2017–26687 Filed 12–11–17; 8:45 am] organization code; job title; business
SYSTEM NAME AND NUMBER: affiliation; work contact information;
BILLING CODE 8011–01–P
Network User Account Records, State- systems, applications, or services to
56. which the individual has access;
systems, applications, or services used;
DEPARTMENT OF STATE SECURITY CLASSIFICATION:
dates, times, and durations of use;
Unclassified. profile photo; user profile; and IP
[Public Notice: 10225]
SYSTEM LOCATION: address of access. The records also
Privacy Act of 1974; System of Department of State (‘‘Department’’), include system usage files and
Records located at 2201 C Street NW, directories when they contain
Washington, DC 20520, and within a information about specific users.
AGENCY: Department of State. government cloud provided, RECORD SOURCE CATEGORIES:
ACTION:Notice of a Modified System of implemented, and overseen by the
ethrower on DSK3G9T082PROD with NOTICES
Records. Department’s Enterprise Server Individuals about whom the network
Operations Center (ESOC), 2201 C Street user account record is maintained;
SUMMARY: This System of Records information technology systems,
NW, Washington, DC 20520.
compiles information about Department applications, and services within a
of State user accounts to monitor and SYSTEM MANAGER(S): Department network that record usage
Chief Information Officer, Bureau of by individuals assigned a user account
10 17 CFR 200.30–3(a)(12). Information Resource Management, on that network.
VerDate Sep<11>2014 20:03 Dec 11, 2017 Jkt 244001 PO 00000 Frm 00098 Fmt 4703 Sfmt 4703 E:\FR\FM\12DEN1.SGM 12DEN1](https://thefederalregister.org/doc/82_FR_58712/page/1.svg)
![Federal Register / Vol. 82, No. 237 / Tuesday, December 12, 2017 / Notices 58477
GIS/IPS; SA–2, Suite 8100; Washington, ADDRESSES: Comments can be submitted is archived in the system. The system
DC 20522–0208. by mail or email. If mail, please write to: may also include information about
U.S. Department of State; Office of individuals who interact with a
NOTIFICATION PROCEDURES:
Global Information Systems, Privacy Department of State email account, as
Individuals who have reason to Staff; A/GIS/PRV; SA–2, Suite 8100; well as individuals who are mentioned
believe that this system of records may Washington, DC 20522–0208. If email, in a Department of State email message
contain information pertaining to them please address the email to the Chief or attachment. The Privacy Act defines
may write to U.S. Department of State; Privacy Officer, Margaret P. Grafeld, at an individual at 5 U.S.C.552a(a)(2) as a
Director, Office of Information Programs Privacy@state.gov. Please write ‘‘Email United States citizen or lawful
and Services; A/GIS/IPS; SA–2, Suite Archive Management Records, State-01’’ permanent resident.
8100; Washington, DC 20522–0208. The on the envelope or the subject line of
individual must specify that he or she your email. CATEGORIES OF RECORDS IN THE SYSTEM:
wishes the Network User Account FOR FURTHER INFORMATION CONTACT: The records in this system include
Records to be checked. At a minimum, Margaret P. Grafeld, Chief Privacy email messages and attachments
the individual must include: Full name Officer; U.S. Department of State; Office associated with a Department of State
(including maiden name, if appropriate) of Global Information Services, A/GIS/ email account, including any
and any other names used; current PRV; SA–2, Suite 8100; Washington, DC information that may be included in
mailing address and zip code; date and 20522–0208 or 202–261–8300. such messages or attachments. The
place of birth; notarized signature or SUPPLEMENTARY INFORMATION: None. system may also include biographic and
statement under penalty of perjury; a contact information of individuals who
brief description of the circumstances SYSTEM NAME AND NUMBER: maintain a Department of State email
that caused the creation of the record Email Archive Management Records, account, including name, address, email
(including the city and/or country and State-01. address, and phone number.
the approximate dates) which gives the
individual cause to believe that the SECURITY CLASSIFICATION: RECORD SOURCE CATEGORIES:
Network User Account Records include Unclassified and Classified. These records contain information
records pertaining to him or her. obtained from individuals who maintain
SYSTEM LOCATION:
a Department of State email account, as
EXEMPTIONS PROMULGATED FOR THE SYSTEM: Department of State (‘‘Department’), well as those who interact with such
None. located at 2201 C Street NW, individuals.
Washington, DC 20520; Department of
HISTORY: State annexes, U.S. Embassies, U.S. ROUTINE USES OF RECORDS MAINTAINED IN THE
This SORN was previously published Consulates General, and U.S. SYSTEM, INCLUDING CATEGORIES OF USERS AND
at 75 FR 7210. Consulates. Information may also be PURPOSES OF SUCH USES:
Mary R. Avery,
stored within a government-certified The information in the system may be
cloud, implemented, and overseen by shared with:
Senior Agency Official for Privacy, Senior
Advisor, Office of Global Information
the Department’s Messaging Systems (a) Other federal agencies, foreign
Services, Bureau of Administration, Office (MSO), 2025 E. St. NW, governments, and private entities where
Department of State. Washington, DC 20006. relevant and necessary for them to
[FR Doc. 2017–26750 Filed 12–11–17; 8:45 am] review or consult on documents that
SYSTEM MANAGER(S):
implicate their equities;
BILLING CODE 4710–24–P Division Chief, Office of Information (b) a contractor of the Department
Resource Management, Messaging having need for the information in the
Systems Office, Messaging Design performance of the contract, but not
DEPARTMENT OF STATE Division; U.S. Department of State, 7049 operating a system of records within the
[Public Notice: 10226] Newington Rd; Lorton, VA 22079. The meaning of 5 U.S.C. 552a(m).
System Manager can be reached at (703)
(c) appropriate agencies, entities, and
Privacy Act of 1974; System of 746–2113.
persons when (1) the Department of
Records
AUTHORITY FOR MAINTENANCE OF THE SYSTEM: State suspects or has confirmed that
AGENCY: Department of State. (a) 5 U.S.C. 301 there has been a breach of the system of
ACTION: Notice of a New System of (b) Federal Records Act, 44 U.S.C. Ch. records; (2) the Department of State has
Records. 31; determined that as a result of the
(c) Freedom of Information Act, 5 suspected or confirmed breach there is
SUMMARY: The purpose of the Email U.S.C. 552. a risk of harm to individuals, the
Archive Management Records system is (d) Privacy Act of 1974, 5 Department of State (including its
to capture all emails and attachments U.S.C.552a(d). information systems, programs, and
that interact with a Department of State (e) 22 CFR part 171. operations), the Federal Government, or
email account and to store them in a national security; and (3) the disclosure
PURPOSE(S) OF THE SYSTEM:
secure repository that allows for search, made to such agencies, entities, and
retrieval, and view when necessary. The purpose of the system is to
persons is reasonably necessary to assist
capture all emails and attachments that
DATES: In accordance with 5 U.S.C. in connection with the Department of
interact with a Department of State
552a(e)(4) and (11), this system of State efforts to respond to the suspected
ethrower on DSK3G9T082PROD with NOTICES
email account and to store them in a
records takes effect upon publication, or confirmed breach or to prevent,
secure repository that allows for search,
with the exception of the routine uses minimize, or remedy such harm.
retrieval, and view when necessary.
that are subject to a 30-day period (d) another Federal agency or Federal
during which interested persons may CATEGORIES OF INDIVIDUALS COVERED BY THE entity, when the Department of State
submit comments to the Department. SYSTEM: determines that information from this
Please submit any comments by January Individuals who maintain a system of records is reasonably
11, 2018. Department of State email account that necessary to assist the recipient agency
VerDate Sep<11>2014 20:03 Dec 11, 2017 Jkt 244001 PO 00000 Frm 00100 Fmt 4703 Sfmt 4703 E:\FR\FM\12DEN1.SGM 12DEN1](https://thefederalregister.org/doc/82_FR_58712/page/3.svg)
Document Created: 2018-10-25 10:48:18
Document Modified: 2018-10-25 10:48:18
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of a Modified System of Records. | |
| Dates | In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records takes effect upon publication, with the exception of the routine uses (a) and (b) that are subject to a 30-day period during which interested persons may submit comments to the Department. Please submit any comments by January 11, 2018. | |
| Contact | Margaret P. Grafeld, Chief Privacy Officer; U.S. Department of State; Office of Global Information Services, A/GIS/PRV; SA-2, Suite 8100; Washington, DC 20522-0208 or 202-261-8300. | |
| FR Citation | 82 FR 58475 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR