Privacy Impact Assessment (PIA) Summary
Date of this Submission:
NASA Center: Goddard Space Flight Center
Application Name: User Administration Online Forms
Is this application or information collection new or is an existing one being modified? New
Does this application collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes
Mission Program/Project Supported: NASA Center for Computational Sciences
Identifying Numbers (Use N/A, where appropriate)
Privacy Act System of Records Number:TBD
OMB Information Collection Approval Number and Expiration Date:
Other Identifying Number(s): 026-00-01-02-01-1502-00-109-026
Description
1. The NASA Center for Computational Sciences (NCCS) is one of NASA's two high-performance computing (HPC) resources and serves a diverse community including NASA headquarters, Agency scientists, the NASA research community, university partners and the greater science community. The NCCS User Administration Online Forms were created to facilitate the process of authorizing access to NCCS computing systems for researchers from these HPC communities. Potential new users of NCCS computing resources are directed to the publicly available online interface by their Principal Investigators (PIs) to apply for access to NCCS systems, IIF data entered by applicants is temporarily stored until the applicants can be vetted by the PIs.
These PIs, who already have formal, documented designation within the NCCS, then login to the system via secure, strong authentication means to either 1) authorize these applicants and specify their resource allocations, upon which the applicants cease to be public citizens and instead become official NCCS users or 2) disapprove the applicants, whereupon the applicants' information is discarded from the system.
Therefore, IIF data are collected in the User Administration Online Forms only for the following purposes:
2. To comply with NPR 2810.1 (Security of Information Technology) Section 4.7.7 (System Administrators Guidelines for Granting Access), to be authorized to use NCCS computing systems, applicants must provide the following information in the User Administration Online Forms:
Individuals may optionally provide the following information:
3. IIF data collected in the User Administration Online Forms is the minimum necessary to satisfy the requirements of NPR 2810.1 Section 4.7.7 and to enable the members of the NCCS User Services Group to authenticate and assist users and administer their accounts on NCCS computing systems.
4. IIF data is collected in the User Administration Online Forms is collected and maintained to 1) enable PIs to identify and authorize applicants to charge to their Computational Projects on NCCS computing systems (name, requested userid, and e-mail address), 2) satisfy the requirements of NPR 2810.1 Section 4.7.7 (name, address, telephone number, employment affiliation, citizenship), and 3) enable NCCS User Services Group personnel to authenticate and assist users and administer their accounts on NCCS computing systems.
5. IIF data collected in the User Administration Online Forms will not be shared; access is limited to PI (name, requested userid, e-mail address only) and to system administrators and NCCS User Services Group personnel on a need-to-know basis (all IIF data collected).
6. IIF data will be collected online from all applicants wishing to be authorized to use NCCS computing systems via a publicly accessible web site. Applicants will be directed to the web site by their PIs and instructed to complete the form as part of the application process.
7. Information will not be collected from children under age 13.
8. IIF data will be secured with a combination of technical, physical, and administrative controls.
Technical controls: Applicants entering information via the web site are the only individuals permitted to write to the tables that hold this information. Subsequently, PIs will authenticate to the NCCS system using strong authentication before accessing a list of applicants (identified only by name, requested userid, and e-mail address) to their Computational Projects. Once applicants are approved by PIs, their information will be passed to permanent tables. Information from applicants who are not approved will be discarded. Members of the NCCS User Services Group will login using a password to access and change information in the database temporary tables, as necessary, from their workstations.
Physical controls: The servers on which the IIF data will be stored are secured in a room accessible only by key and key card.
Administrative controls: NCCS User Services Group personnel and NCCS system administrators may access user IIF data only on an as-needed basis in the performance of their job duties.
9. If an applicant is approved by a PI (who will view only that applicant's name, requested userid, and e-mail address), then that applicant will become an NCCS user, and his or her IIF data will be moved to a secure database that is not accessible via the web, and the IIF data will be audited annually to determine whether it should be preserved or discarded. If an applicant is not approved by a PI, then his or her IIF data are destroyed.
10. A system of records is being created under the Privacy Act, and we are seeking guidance from Center Privacy Act managers to ensure compliance.
Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it: __NCCS User Services__301-286-9120_______.
______________________________________
W. Phillip Webster
High Performance Computing Lead
Date ____________
Concur: Concur:
__________________________ __________________________
Caroline E. Ardolini Dorothy C. Perkins
Center Privacy Act Manager Center Chief Information Officer
Date: _________________ Date: _________________
Concur: Approved for Publication:
__________________________ __________________________
Patti F. Stockman Patricia L. Dunnington
NASA Privacy Act Officer Chief Information Officer
Date: _________________ Date: _________________