83 FR 12345 - Privacy Act of 1974; System of Records
DEPARTMENT OF DEFENSE
Office of the Secretary Federal Register Volume 83, Issue 55 (March 21, 2018)
Office of the Secretary
Federal Register Volume 83, Issue 55 (March 21, 2018)
| Page Range | 12345-12350 | |
| FR Document | 2018-05699 |
[Federal Register Volume 83, Number 55 (Wednesday, March 21, 2018)] [Notices] [Pages 12345-12350] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-05699] ----------------------------------------------------------------------- DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2018-OS-0012] Privacy Act of 1974; System of Records AGENCY: Office of the Secretary of Defense, DoD. ACTION: Notice of a modified system of records. ----------------------------------------------------------------------- SUMMARY: The Office of the Secretary of Defense proposes to modify a system of records, DUSDI 01-DoD, entitled the ``Department of Defense (DoD) Insider Threat Management and Analysis Center (DITMAC) and DoD Component Insider Threat Records System.'' This system enables DoD to implement the requirements of an Executive Order published on October 7, 2011, and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs published on November 21, 2012. The system is used to analyze, monitor, and audit insider threat information for insider threat detection and mitigation within DoD on threats that insiders may pose to DoD and U.S. Government installations, facilities, personnel, missions, or resources. The system supports the DITMAC and DoD Component insider threat programs, enables the identification of systemic insider threat issues and challenges, provides a basis for the development and recommendation of solutions to mitigate potential insider threats, and assists in identifying best practices amongst other Federal Government insider threat programs. DATES: Comments will be accepted on or before April 20, 2018. This proposed action will be effective the date following the end of the comment period unless comments are received which result in a contrary determination. ADDRESSES: You may submit comments, identified by docket number and title, by any of the following methods: * Federal Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. * Mail: Department of Defense, Office of the Chief Management Officer, Directorate for Oversight and Compliance, 4800 Mark Center Drive, Mailbox #24, Suite 08D09B, Alexandria, VA 22350-1700. Instructions: All submissions received must include the agency name and docket number for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the internet at http://www.regulations.gov as they are received without change, including any personal identifiers or contact information. FOR FURTHER INFORMATION CONTACT: Dr. Brad Millick, Director, DoD Insider Threat Program, Office of the Under Secretary of Defense for Intelligence, 5000 Defense Pentagon, Washington, DC 20301-5000 or by phone at (703) 692-3721. SUPPLEMENTARY INFORMATION: E.O. 13587 directs the implementation of a Department-wide insider threat detection and prevention program. The DoD Insider Threat Program is decentralized to enable DoD component insider threat programs and the DITMAC to analyze, monitor, and audit threat information for insider threat detection and mitigation within DoD. The Program deters insider activity that endangers DoD and U.S. Government installations, facilities, personnel, missions, or resources. Section 951 of the National Defense Authorization Act for Fiscal Year 2017 (NDAA for FY17) expanded the definition of an insider threat to anyone who has, or once had, authorized access to information, a facility, a network, a person, or a resource of the Department. In keeping with this expansion, the Department is taking a measured approach and expanding the ability of its Component insider threat programs and the DITMAC to store inside threat related information on those personnel with a DoD Common Access Card (CAC). This expansion strengthens the intent of E.O. 13587 and maintains a responsive posture to the NDAA for FY17. This modification to the system of records enables the Department to comply with E.O. 13587 by expanding the population to include personnel who have been issued an active DoD CAC to authenticate physical access to DoD installations or logical access to DoD controlled information systems. This revision leverages existing federal laws, statutes, authorities, policies, programs, systems, [[Page 12346]] architectures and resources in order to counter the threat of those insiders who may use their authorized access to compromise or degrade the operations of the Department. The Department and its insider threat programs employ risk management principles, tailored to meet the distinct needs, mission, and systems of its agencies, and include appropriate protections for privacy, civil rights, and civil liberties. The change captures this large community of persons in a phased and reasonable manner, by enabling the DoD population to include those with CACs in addition to those who have or are granted eligibility for access to classified information or eligibility to hold a sensitive position The Office of the Secretary of Defense notices for systems of records subject to the Privacy Act of 1974, as amended, have been published in the Federal Register and are available from the address in FOR FURTHER INFORMATION CONTACT or at the Defense Privacy, Civil Liberties, and Transparency Division website at http://dpcld.defense.gov/. The proposed systems reports, as required by of the Privacy Act, as amended, were submitted on November 17, 2017, to the House Committee on Oversight and Government Reform, the Senate Committee on Homeland Security and Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to Section 6 to OMB Circular No. A-108, ``Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act,'' revised December 23, 2016 (December 23, 2016, 81 FR 94424). Dated: March 16, 2018. Aaron Siegel, Alternate OSD Federal Register Liaison Officer, Department of Defense. SYSTEM NAME AND NUMBER Department of Defense (DoD) Insider Threat Management and Analysis Center (DITMAC) and DoD Component Insider Threat Records System, DUSDI 01-DoD. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Primary location: Defense Security Service (DSS), 27130 Telegraph Rd., Quantico, VA 22134-2253. Secondary and Decentralized locations: Each of the DoD Components including the Departments of the Army, Air Force, and Navy and staffs, field operating agencies, major commands, installations, and activities. Official mailing addresses are published with each Component's compilation of systems of records notices. SYSTEM MANAGER(S): Mr. Charles Washington, Program Manager, Department of Defense Insider Threat Management and Analysis Center, Defense Security Service, 27130 Telegraph Road, Quantico, VA 22134-2253, (571) 357-6850, dss.ncr.dss-ci.mbx.ditmac@mail.mil. DoD Components including the Departments of the Army, Air Force, and Navy and staffs, field operating agencies, major commands, installations, and activities. Official mailing addresses are published as an appendix to each Service's compilation of systems of records notices. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 10 U.S.C. 137, Under Secretary of Defense for Intelligence; 44 U.S.C. 3554, Federal agency responsibilities; 44 U.S.C. 3557, National security systems; Public Law 112-81, Section 922, National Defense Authorization Act for Fiscal Year 2012 (NDAA for FY12), Insider Threat Detection (10 U.S.C. 2224 note); Public Law 113-66, Section 907(c)(4)(H) (NDAA for FY14), Personnel security (10 U.S.C. 1564 note); Public Law 114-92, Section 1086 (NDAA for FY16), Reform and improvement of personnel security, insider threat detection and prevention, and physical security (10 U.S.C. 1564 note); Public Law 114-328, Section 951 (NDAA for FY17) Enhanced security programs for Department of Defense personnel and innovation initiatives (10 U.S.C. 1564 note); E.O. 12829, as amended, National Industrial Security Program; E.O. 12968, as amended, Access to Classified Information; E.O. 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information; E.O. 9397, as amended, Numbering System for Federal Accounts Relating to Individual Persons; E.O. 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information; National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs; and DoD Directive 5205.16, The DoD Insider Threat Program; DoD Instruction 5205.83, DoD Insider Threat Management and Analysis Center (DITMAC), Directive-type Memorandum 09-012, Interim Policy Guidance for DoD Physical Access Control, as amended. PURPOSE(S) OF THE SYSTEM: The DITMAC was established by the Undersecretary of Defense for Intelligence to consolidate and analyze insider threat information reported by the DoD Component insider threat programs. The DoD maintains this system of records to assist in the management of the DoD Component insider threat programs and the DITMAC in accordance with E.O. 13587 and Section 951 of the FY 2017 National Defense Authorization Act (NDAA for FY17). E.O. 13587 requires Federal agencies to establish an insider threat detection and prevention program to ensure the security of classified networks and the responsible sharing and safeguarding of classified information consistent with appropriate protections for privacy and civil liberties. Section 951 of the NDAA for FY17 requires that DoD insider threat programs collect, store, and retain information from various data sources, including personnel security, physical security, information security, law enforcement, counterintelligence, user activity monitoring, information assurance, and other appropriate data sources to detect and mitigate potential insider threats. Insider threats can contribute damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, including protected and sensitive information, or through the loss or degradation of departmental resources or capabilities. The system will be used to analyze, monitor, and audit insider threat information for insider threat detection and mitigation within DoD on threats that persons who have or had been granted eligibility for access to classified information or eligibility to hold a sensitive position and those who have been issued an active DoD Common Access Card (CAC) to obtain physical or logical access to a DoD installation or controlled information system may pose to DoD and U.S. Government installations, facilities, personnel, missions, or resources. The system will support DoD Component insider threat programs, enable the identification of systemic insider threat issues and challenges, provide a basis for the development and recommendation of solutions to deter, detect, and/or mitigate potential insider threats. It will assist in identifying best practices among other Federal Government insider threat programs, through the use of existing DoD resources and functions and by leveraging existing authorities, policies, programs, systems, and architectures. [[Page 12347]] CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The following categories of individuals are covered: Individuals who had or have been granted eligibility for access to classified information or eligibility to hold a sensitive position. These individuals include active and reserve component (including National Guard) military personnel; civilian employees (including non- appropriated fund employees); DoD contractor personnel, and officials or employees from Federal, state, Local, Tribal and Private Sector entities affiliated with or working with DoD who have been granted access to classified information by DoD based on an eligibility determination made by DoD or by another Federal agency authorized to do so. Individuals or persons embedded with DoD units operating abroad who had or have been granted eligibility for access to classified information or eligibility to hold a sensitive positions. Current members of the U.S. Coast Guard and mobilized retired military personnel, when activated, who had or have been granted eligibility for access to classified information or eligibility to hold a sensitive positions by DoD and when operating with the military services or DoD Components, and Limited Access Authorization grantees. Individuals who have been issued an active DoD CAC by a DoD Organization to authenticate physical access to DoD installations or logical access to DoD controlled information systems. CATEGORIES OF RECORDS IN THE SYSTEM: Records containing information can be derived from the DoD Components and the DITMAC, to include: Responses to information requested by official questionnaires and applications (e.g., SF 86 Questionnaire for National Security Positions, DD 1172-2 Application for Identification Card/DEERS Enrollment) that include: Individual's full name, former names and aliases; date and place of birth; Social Security Number (SSN); height and weight; hair and eye color; gender; ethnicity and race; biometric data; mother's maiden name; DoD identification number (DoD ID Number); current and former home and work addresses, phone numbers, and email addresses; employment history; military record information; branch of Service; selective service registration record; residential history; education history and degrees earned; names of associates and references with their contact information; citizenship information; passport information; driver's license information; identifying numbers from access control passes or identification cards; alien registration number; criminal history; civil court actions; prior personnel security eligibility, investigative, and adjudicative information, including information collected through continuous evaluation; mental health history; records related to drug and/or alcohol use; financial record information; credit reports; the name, date and place of birth, social security number, and citizenship information for spouse or cohabitant; the name and marriage information for current and former spouse(s); the citizenship, name, date and place of birth, and address for relatives. Information on foreign contacts and activities; association records; information on loyalty to the United States; and other agency reports furnished to DoD or collected by DoD in connection with personnel security investigations, continuous evaluation for eligibility for access to classified information, and insider threat detection programs operated by DoD Components pursuant to Federal laws and Executive Orders and DoD regulations. These records can include, but are not limited to: Reports of personnel security investigations completed by investigative service providers (such as the Office of Personnel Management). Polygraph examination reports; nondisclosure agreements; document control registries; courier authorization requests; derivative classification unique identifiers; requests for access to sensitive compartmented information (SCI); facility access records; security violation files; travel records; foreign contact reports; briefing and debriefing statements for special programs, positions designated as sensitive, other information and documents required in connection with personnel security adjudications; and financial disclosure filings. DoD Component information, summaries or reports, and full reports, about potential insider threats from: Payroll information, travel vouchers, benefits information, credit reports, equal employment opportunity complaints, performance evaluations, disciplinary files, training records, substance abuse and mental health records of individuals undergoing law enforcement action or presenting an identifiable imminent threat, counseling statements, outside work and activities requests, and personal contact records; Particularly sensitive or protected information, including information held by special access programs, law enforcement, inspector general, or other investigative sources or programs. Access to such information may require additional approval by the senior DoD official who is responsible for managing and overseeing the program; Reports of investigation regarding security violations, including but not limited to: Statements, declarations, affidavits and correspondence; incident reports; investigative records of a criminal, civil or administrative nature; letters, emails, memoranda, and reports; exhibits and evidence; and, recommended remedial or corrective actions for security violations; Information containing personnel user names and aliases, levels of network access, audit data, information regarding misuse of a DoD device, information regarding unauthorized use of removable media, and logs of printer, copier, and facsimile machine use; Information collected through user activity monitoring, which is the technical capability to observe and record the actions and activities of all users, at any time, on a computer network controlled by DoD or a component thereof in order to deter, detect, and/or mitigate insider threats as well as to support authorized investigations. Such information may include key strokes, screen captures, and content transmitted via email, chat, or data import or export. DoD Component summaries of reports, and full reports, about potential insider threats from records of usage of government telephone systems, including the telephone number initiating the call, the telephone number receiving the call, and the date and time of the call; Information obtained from other Federal Government sources, such as information regarding U.S. border crossings and financial information obtained from the Financial Crimes Enforcement Network; Information specific to the management and operation of each DoD Component insider threat program, including information related to investigative or analytical efforts by DoD insider threat program personnel to identify threats to DoD personnel, property, facilities, and information, and information obtained from Intelligence Community members, the Federal Bureau of Investigation, or from other agencies or organizations about individuals known or suspected of being engaged in conduct constituting, preparing for, aiding, or relating to an insider threat, including but not limited to espionage or unauthorized disclosure of classified national security information; [[Page 12348]] Publicly available information, such as information regarding: Arrests and detentions; real property; bankruptcy; liens or holds on property; vehicles; licensure (including professional and pilot's licenses, firearms and explosive permits); business licenses and filings; Publicly available social media information, including electronic social media information that has been published or broadcast for public consumption, is available on request to the public, is accessible on-line to the public, is available to the public by subscription or purchase, or is otherwise lawfully accessible to the public. It includes social media information generally available to persons in a military community even though the military community is not open to the civilian general public. Publicly available social media information does not include information that can be accessed only by logging into a private account of the individual about whom the record pertains or by requiring the individual to provide a password to social media information that is not publicly available; Workplace performance information, including performance management and appraisal reviews and other performance based measures. Information collected from the DoD Defense Performance Management and Appraisal Program, and Information related to reports regarding harassment, discrimination, and drug testing violations or results, including but not limited to: Statements, declarations, affidavits and correspondence; incident reports; investigative records of a criminal, civil or administrative nature; letters, emails, memoranda, and reports; exhibits and evidence; and, recommended remedial or corrective actions. RECORD SOURCE CATEGORIES: Information in the system is received from the individual as they complete official questionnaires and applications. Information is also received from DoD Components and program offices throughout DoD and DoD contractor databases, internal and external sources, including counterintelligence and security databases and files; personnel security databases and files; DoD Component human resources databases and files; Office of the Chief Information Officer and information assurance databases and files; information collected through user activity monitoring; DoD telephone usage records; Federal, state, tribal, territorial, and local law enforcement and investigatory records; Inspector General records; available U.S. Government intelligence and counterintelligence reporting information and analytic products pertaining to adversarial threats; other Federal agencies; and publicly available information, including commercially available subscription databases containing public records. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: In addition to disclosures permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, these records may be disclosed outside DoD as a routine use pursuant to 5 U.S.C. 552(b)(3) as follows: (a) To an appropriate federal, state, local, tribal, territorial, foreign, or international agency, if the information is relevant and necessary to a requesting agency's decision concerning the hiring or retention of an individual, or issuance of a security clearance, license, contract, grant, delegation or designation of authority, or other benefit, or if the information is relevant and necessary to a DoD decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, delegation or designation of authority, or other benefit and disclosure is appropriate to the proper performance of the official duties of the person making the request. (b) A record consisting of, or relating to, terrorism information, homeland security information, counterintelligence, or law enforcement information may be disclosed to a Federal, state, local, tribal, territorial, foreign government, multinational agency, and to a private sector agent either in response to its request or upon the initiative of the DoD Component, for purposes of sharing such information as is necessary and relevant to the agency's investigations and inquiries related to the detection, prevention, disruption, preemption, and mitigation of the effects of terrorist activities against the territory, people, and interests of the United States of America as contemplated by the Intelligence Reform and Terrorism Protection Act of 2004. (c) To any person, organization or governmental entity (e.g., local governments, first responders, American Red Cross, etc.), in order to notify them of or respond to a serious and imminent terrorist or homeland security threat or natural or manmade disaster as is necessary and relevant for the purpose of guarding against or responding to such threat or disaster. (d) To complainants and/or victims to the extent necessary to provide such persons with information and explanations concerning the progress and/or results of the investigation or case arising from the matters of which they complained and/or of which they were a victim. (e) To officials and agencies of the Executive Branch of government, federal contractors and grantees, for purposes of conducting studies, research and analyses of insider threat programs or issues. (f) To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government when necessary to accomplish an agency function related to this system of records. (g) To designated officers and employees of Federal, State, local, territorial or tribal, international, or foreign agencies maintaining civil, criminal, enforcement, or other pertinent information, such as current licenses, if necessary to obtain information relevant and necessary to a DoD Component decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit. (h) To foreign law enforcement, security, investigatory, or administrative authorities to comply with requirements imposed by, or to claim rights conferred in, international agreements and arrangements, including those regulating the stationing and status in foreign countries of DoD military and civilian personnel. (i) To any agency, organization, or individual for the purposes of performing audit or oversight of the DoD Insider Threat Program as authorized by law and as necessary and relevant to such audit or oversight functions. (j) To such recipients and under such circumstances and procedures as are mandated by Federal statute or treaty. (k) To third parties during the course of an investigation to the extent necessary to obtain information pertinent to the investigation, provided disclosure is appropriate to the proper performance of the official duties of the individual making the disclosure. (l) To a Federal agency or entity that may have information relevant to an allegation or investigation or was consulted regarding an insider threat for purposes of obtaining guidance, additional information, or advice from [[Page 12349]] such Federal agency or entity regarding the handling of an insider threat matter. (m) To the news media or the general public, factual information the disclosure of which would be in the public interest and which would not constitute an unwarranted invasion of personal privacy. (n) To a Federal, state, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable an intelligence agency to carry out its responsibilities under the National Security Act of 1947 as amended, the Central Intelligence Act of 1949 as amended, E.O. 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders or directives. (o) To the appropriate Federal, State, local, territorial, tribal, foreign, or international law enforcement authority or other appropriate entity where a record, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether criminal, civil, or regulatory in nature. (p) To the Department of Justice for the purpose of representing the Department of Defense, or its components, officers, employees, or members in pending or potential litigation to which the record is pertinent. (q) To appropriate agencies, entities, and persons when (1) the DoD suspects or has confirmed that there has been a breach of the system of records; (2) the DoD has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the DoD (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the DoD's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (r) To another Federal agency or Federal entity, when the DoD determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. (s) To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record. (t) To the National Archives and Records Administration for the purpose of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906. (u) In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body or official, when the DoD or other Agency representing the DoD determines that the records are relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are maintained in paper and electronic storage media, in accordance with the safeguards mentioned below. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Information in this system may be retrieved by name, SSN, and/or DoD identification number. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: System records are retained and disposed of according to DoD records maintenance and disposition schedules and the requirements of the National Archives and Records Administration (General Records Schedule 5.6: Security Records Transmittal No. 28 July 2017, item 210- 240). ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Information technology systems are protected by military personnel, civilian employee, or contract security personnel guards. Physical access to rooms is controlled by combination lock and by identification badges that are issued only to authorized individuals. Electronic authorization and authentication of users is required at all points before any system information can be accessed. All data transfers and information retrievals that use remote communication facilities are required to be encrypted. Paper records are contained and stored in safes and filing cabinets that are located in a secure area with access only by authorized personnel. RECORD ACCESS PROCEDURES: Individuals seeking information about themselves contained in the DITMAC system of record should address written inquires to the Defense Security Service, Office of FOIA and PA, 27130 Telegraph Road, Quantico, VA 22134-2253. Individuals seeking information about themselves contained in any specific DoD Component's insider threat program system of records should address written inquiries to the official mailing address for that Component, which is published with each Component's compilation of systems of records notices. DoD Component addresses are also listed at: http://dpcld.defense.gov/Privacy/Privacy-Contacts/. Individuals seeking information about themselves contained in the DITMAC system of records that originated in another DoD Component may be directed to the originating DoD Component that maintains the records being sought. Individuals should provide their full name (and any alias and/or alternate name), SSN, and date and place of birth, and the address where the records are to be returned. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format: If executed outside of the United States: ``I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).'' If executed within the United States, its territories, possessions, or commonwealths: ``I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).'' Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. CONTESTING RECORD PROCEDURES: The DoD rules for accessing records and for contesting or appealing agency determinations are published in DoD Regulation 5400.11; 32 CFR 310; or may be obtained from the Defense Privacy, Civil Liberties, and Transparency Division, 4800 Mark Center Drive; ATTN: DPCLTD, Mailbox #24; Alexandria, VA 22350-1700. NOTIFICATION PROCEDURES: Individuals seeking to determine whether information about themselves [[Page 12350]] is contained in the DITMAC system of records should address written inquires to the Defense Security Service, Office of FOIA and PA, 27130 Telegraph Road, Quantico, VA 22134-2253. Individuals seeking to determine whether information about themselves is contained in any specific DoD Component's insider threat program system of records should address written inquiries to the official mailing address for that Component, which is published with each Component's compilation of systems of records notices. DoD Component addresses are also listed at: http://dpcld.defense.gov/Privacy/Privacy-Contacts/. Signed, written requests must contain the full name (and any alias and/or alternate names used), SSN, and date and place of birth. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format: If executed outside of the United States: ``I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).'' If executed within the United States, its territories, possessions, or commonwealths: ``I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).'' EXEMPTIONS PROMULGATED FOR THE SYSTEM: The DoD is exempting records maintained in DUSDI 01-DoD, the ``Department of Defense (DoD) Insider Threat Management and Analysis Center (DITMAC) and DoD Component Insider Threat Records System,'' from subsections (c)(3) and (4); (d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G), (H), and (I), (5), and (8); (f); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j)(2) and (k)(1), (2), (4), (5), (6), (7). In addition, exempt records received from other systems of records in the course of DITMAC or Component record checks may, in turn, become part of the case records in this system. When records are exempt from disclosure in systems of records for record sources accessed by this system, DoD also claims the same exemptions for any copies of such records received by and stored in this system. An exemption rule for this system has been promulgated in accordance with requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) and (e) and published in 32 CFR part 310. For additional information contact the system manager. HISTORY: September 23, 2016, 81 FR 65631; May 19, 2016, 81 FR 31614. [FR Doc. 2018-05699 Filed 3-20-18; 8:45 am] BILLING CODE 5001-06-P
![Federal Register / Vol. 83, No. 55 / Wednesday, March 21, 2018 / Notices 12345
ADDRESSES: The meeting will be held in prior to the meeting for information on * Mail: Department of Defense, Office
the Air University Commander’s base entry procedures. of the Chief Management Officer,
Conference Room located in Building Directorate for Oversight and
Henry Williams,
800 at Maxwell Air Force Base, AL. Compliance, 4800 Mark Center Drive,
Acting Air Force Federal Register Liaison Mailbox #24, Suite 08D09B, Alexandria,
FOR FURTHER INFORMATION CONTACT: Dr. Officer.
VA 22350–1700.
Shawn O’Mailia, Designated Federal [FR Doc. 2018–05723 Filed 3–20–18; 8:45 am] Instructions: All submissions received
Officer, Air University Headquarters, 55 BILLING CODE 5001–10–P must include the agency name and
LeMay Plaza South, Maxwell Air Force docket number for this Federal Register
Base, Alabama 36112–6335, telephone document. The general policy for
(334) 953–4547. DEPARTMENT OF DEFENSE comments and other submissions from
SUPPLEMENTARY INFORMATION: Under the Office of the Secretary members of the public is to make these
submissions available for public
provisions of the Federal Advisory
[Docket ID DOD–2018–OS–0012] viewing on the internet at http://
Committee Act of 1972 (5 U.S.C.,
www.regulations.gov as they are
Appendix, as amended), the received without change, including any
Privacy Act of 1974; System of
Government in the Sunshine Act of personal identifiers or contact
Records
1976 (5 U.S.C. 552b, as amended), and information.
41 CFR 102–3.150, the Department of AGENCY: Office of the Secretary of
FOR FURTHER INFORMATION CONTACT: Dr.
Defense announces that the Air Defense, DoD.
University Board of Visitors’ spring Brad Millick, Director, DoD Insider
ACTION: Notice of a modified system of
Threat Program, Office of the Under
meeting. The agenda will include topics records. Secretary of Defense for Intelligence,
relating to the policies, programs, and
SUMMARY: The Office of the Secretary of 5000 Defense Pentagon, Washington, DC
initiatives of Air University educational
Defense proposes to modify a system of 20301–5000 or by phone at (703) 692–
programs and will include an out brief 3721.
from the Air Force Institute of records, DUSDI 01–DoD, entitled the
‘‘Department of Defense (DoD) Insider SUPPLEMENTARY INFORMATION: E.O.
Technology and Community College of
Threat Management and Analysis 13587 directs the implementation of a
the Air Force Subcommittees. Department-wide insider threat
Center (DITMAC) and DoD Component
Pursuant to 5 U.S.C. 552b, as Insider Threat Records System.’’ This detection and prevention program. The
amended, and 41 CFR 102–3.155 all system enables DoD to implement the DoD Insider Threat Program is
sessions of the Air University Board of requirements of an Executive Order decentralized to enable DoD component
Visitors’ meetings’ will be open to the published on October 7, 2011, and the insider threat programs and the
public. Any member of the public National Insider Threat Policy and DITMAC to analyze, monitor, and audit
wishing to provide input to the Air Minimum Standards for Executive threat information for insider threat
University Board of Visitors’ should Branch Insider Threat Programs detection and mitigation within DoD.
submit a written statement in published on November 21, 2012. The The Program deters insider activity that
accordance with 41 CFR 102–3.140(c) system is used to analyze, monitor, and endangers DoD and U.S. Government
and section 10(a)(3) of the Federal audit insider threat information for installations, facilities, personnel,
Advisory Committee Act and the insider threat detection and mitigation missions, or resources.
procedures described in this paragraph. within DoD on threats that insiders may Section 951 of the National Defense
pose to DoD and U.S. Government Authorization Act for Fiscal Year 2017
Written statements can be submitted to
installations, facilities, personnel, (NDAA for FY17) expanded the
the Designated Federal Officer at the
missions, or resources. The system definition of an insider threat to anyone
address detailed below at any time.
supports the DITMAC and DoD who has, or once had, authorized access
Statements being submitted in Component insider threat programs, to information, a facility, a network, a
response to the agenda mentioned in enables the identification of systemic person, or a resource of the Department.
this notice must be received by the insider threat issues and challenges, In keeping with this expansion, the
Designated Federal Officer at the provides a basis for the development Department is taking a measured
address listed below at least ten and recommendation of solutions to approach and expanding the ability of
calendar days prior to the meeting mitigate potential insider threats, and its Component insider threat programs
which is the subject of this notice. assists in identifying best practices and the DITMAC to store inside threat
Written statements received after this amongst other Federal Government related information on those personnel
date may not be provided to or insider threat programs. with a DoD Common Access Card
considered by the Air University Board (CAC). This expansion strengthens the
DATES: Comments will be accepted on or
of Visitors until its next meeting. The intent of E.O. 13587 and maintains a
before April 20, 2018. This proposed
Designated Federal Officer will review responsive posture to the NDAA for
action will be effective the date
all timely submissions with the Air FY17.
following the end of the comment
University Board of Visitors’ Board This modification to the system of
period unless comments are received
records enables the Department to
Chairperson and ensure they are which result in a contrary
comply with E.O. 13587 by expanding
provided to members of the Board determination.
sradovich on DSK3GMQ082PROD with NOTICES
the population to include personnel
before the meeting that is the subject of ADDRESSES: You may submit comments, who have been issued an active DoD
this notice. Any member of the public identified by docket number and title, CAC to authenticate physical access to
wishing to attend this meeting should by any of the following methods: DoD installations or logical access to
contact the Designated Federal Officer * Federal Rulemaking Portal: http:// DoD controlled information systems.
listed below at least ten calendar days www.regulations.gov. This revision leverages existing
Follow the instructions for submitting federal laws, statutes, authorities,
comments. policies, programs, systems,
VerDate Sep<11>2014 18:34 Mar 20, 2018 Jkt 244001 PO 00000 Frm 00013 Fmt 4703 Sfmt 4703 E:\FR\FM\21MRN1.SGM 21MRN1](https://thefederalregister.org/doc/83_FR_12400/page/1.svg)
![12350 Federal Register / Vol. 83, No. 55 / Wednesday, March 21, 2018 / Notices
is contained in the DITMAC system of CFR part 310. For additional personal identifiers or contact
records should address written inquires information contact the system manager. information.
to the Defense Security Service, Office Any associated form(s) for this
HISTORY:
of FOIA and PA, 27130 Telegraph Road, collection may be located within this
Quantico, VA 22134–2253. September 23, 2016, 81 FR 65631;
May 19, 2016, 81 FR 31614. same electronic docket and downloaded
Individuals seeking to determine for review/testing. Follow the
whether information about themselves [FR Doc. 2018–05699 Filed 3–20–18; 8:45 am]
instructions at http://
is contained in any specific DoD BILLING CODE 5001–06–P
www.regulations.gov for submitting
Component’s insider threat program comments. Please submit comments on
system of records should address any given form identified by docket
written inquiries to the official mailing DEPARTMENT OF DEFENSE
number, form number, and title.
address for that Component, which is
published with each Component’s Office of the Secretary FOR FURTHER INFORMATION CONTACT: To
compilation of systems of records [Docket ID DOD–2018–OS–0011] request more information on this
notices. DoD Component addresses are proposed information collection or to
also listed at: http://dpcld.defense.gov/ Proposed Collection; Comment obtain a copy of the proposal and
Privacy/Privacy-Contacts/. Request associated collection instruments,
Signed, written requests must contain AGENCY: Office of the Assistant please write to the Defense Civilian
the full name (and any alias and/or Secretary of Defense for Manpower and Personnel Advisory Service (DCPAS),
alternate names used), SSN, and date Reserve Affairs, DoD. ATTN: Dakhalfani Boyd, 4800 Mark
and place of birth. Center Drive, Alexandria, VA 22350–
ACTION: Information collection notice.
In addition, the requester must 1100, or call DCPAS, Enterprise
provide either a notarized statement or SUMMARY: In compliance with the Solutions and Integration, at 571–372–
an unsworn declaration made in Paperwork Reduction Act of 1995, the 2120.
accordance with 28 U.S.C. 1746, in the Office of the Assistant Secretary of
following format: SUPPLEMENTARY INFORMATION:
Defense for Manpower and Reserve
If executed outside of the United Affairs announces a proposed public Title; Associated Form; and OMB
States: information collection and seeks public Number: Department of Defense New
‘‘I declare (or certify, verify, or state) comment on the provisions thereof. Hire Forms; DD X735, DD X739, DD
under penalty of perjury under the laws Comments are invited on: whether the X741; OMB Control Number 0704–
of the United States of America that the proposed collection of information is XXXX.
foregoing is true and correct. Executed necessary for the proper performance of Needs and Uses: This information
on (date). (Signature).’’ the functions of the agency, including collection is necessary to ensure that all
If executed within the United States, whether the information shall have new hires across the Department of
its territories, possessions, or practical utility; the accuracy of the Defense meet the basic requirements of
commonwealths: agency’s estimate of the burden of the civil service. The New Hire Forms, DD
‘‘I declare (or certify, verify, or state) proposed information collection; ways X735, ‘‘Release/Consent Statement,’’ DD
under penalty of perjury that the to enhance the quality, utility, and X739, ‘‘Civilian Employee’s Military
foregoing is true and correct. Executed clarity of the information to be Reserve, Guard, or Retiree Data,’’ and
on (date). (Signature).’’ collected; and ways to minimize the DD X741, ‘‘Term Employment
burden of the information collection on Statement of Understanding,’’ supplant
EXEMPTIONS PROMULGATED FOR THE SYSTEM: respondents, including through the use and standardize the paperwork used
The DoD is exempting records of automated collection techniques or throughout the Department of Defense
maintained in DUSDI 01–DoD, the other forms of information technology. to verify the eligibility of onboarding
‘‘Department of Defense (DoD) Insider DATES: Consideration will be given to all employees.
Threat Management and Analysis comments received by May 21, 2018.
Center (DITMAC) and DoD Component Affected Public: Individuals or
ADDRESSES: You may submit comments,
Insider Threat Records System,’’ from Households.
identified by docket number and title,
subsections (c)(3) and (4); (d)(1), (2), (3), by any of the following methods: Annual Burden Hours: 6,833.35.
and (4); (e)(1), (2), (3), (4)(G), (H), and • Federal eRulemaking Portal: http:// Number of Respondents: 80,000.
(I), (5), and (8); (f); and (g) of the Privacy www.regulations.gov. Follow the
Act pursuant to 5 U.S.C. 552a(j)(2) and Responses per Respondent: 80,000
instructions for submitting comments.
(k)(1), (2), (4), (5), (6), (7). In addition, • Mail: Department of Defense, Office respondents fill out DD X739;
exempt records received from other of the Chief Management Officer, approximately 1000 respondents drawn
systems of records in the course of Directorate for Oversight and from that population will each fill out
DITMAC or Component record checks Compliance, 4800 Mark Center Drive, DD X735 and DD X741 as required.
may, in turn, become part of the case Mailbox #24, Suite 08D09B, Alexandria, Annual Responses: 82,000.
records in this system. When records are VA 22350–1700. Average Burden per Response: 5
exempt from disclosure in systems of Instructions: All submissions received minutes.
records for record sources accessed by must include the agency name, docket
this system, DoD also claims the same number and title for this Federal Frequency: On occasion.
sradovich on DSK3GMQ082PROD with NOTICES
exemptions for any copies of such Register document. The general policy For all forms, the purpose is to
records received by and stored in this for comments and other submissions transmit new hire and onboarding data
system. from members of the public is to make between the DoD civilian personnel
An exemption rule for this system has these submissions available for public system of record, the Defense Civilian
been promulgated in accordance with viewing on the internet at http:// Personnel Data System, and the OPM
requirements of 5 U.S.C. 553(b)(1), (2), www.regulations.gov as they are hiring systems, namely USA Staffing
and (3), (c) and (e) and published in 32 received without change, including any Upgrade, and eOPF.
VerDate Sep<11>2014 18:34 Mar 20, 2018 Jkt 244001 PO 00000 Frm 00018 Fmt 4703 Sfmt 4703 E:\FR\FM\21MRN1.SGM 21MRN1](https://thefederalregister.org/doc/83_FR_12400/page/6.svg)
Document Created: 2018-03-21 00:45:55
Document Modified: 2018-03-21 00:45:55
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of a modified system of records. | |
| Dates | Comments will be accepted on or before April 20, 2018. This proposed action will be effective the date following the end of the comment period unless comments are received which result in a contrary determination. | |
| Contact | Dr. Brad Millick, Director, DoD Insider Threat Program, Office of the Under Secretary of Defense for Intelligence, 5000 Defense Pentagon, Washington, DC 20301-5000 or by phone at (703) 692-3721. | |
| FR Citation | 83 FR 12345 |
2024 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR