[Federal Register: January 6, 2005 (Volume 70, Number 4)]
[Notices]
[Page 1261-1262]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr06ja05-67]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Office of the Secretary
Privacy Act of 1974, as Amended; Addition of a New System of
Records
AGENCY: Office of the Secretary, Department of the Interior.
ACTION: Proposed addition of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The Department of the Interior is issuing public notice of its
intent to add a new Privacy Act system of records to its inventory of
records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a).
This action is necessary to meet the requirements of the Privacy Act to
publish in the Federal Register notice of the existence and character
of records systems maintained by the agency (5 U.S.C. 552a(e)(4)). The
new system of records is called the Enterprise Access Control Service
(EACS)--Interior, DOI-30.
EFFECTIVE DATE: 5 U.S.C. 552a(e)(11) requires that the public be
provided a 30-day period in which to comment on the intended use of the
information in the system of records. Any persons interested in
commenting on this proposed system of records may do so by submitting
comments in writing to the Departmental Privacy Act Officer, U.S.
Department of the Interior, Office of the Chief Information Officer, MS
5312 MIB, 1849 C Street NW., Washington, DC 20240. Comments received
within 30 days of publication in the Federal Register will be
considered. The system will be effective as proposed at the end of the
comment period unless comments are received which would require a
contrary determination. In that case the Department will publish any
changes to the routine uses.
FOR FURTHER INFORMATION CONTACT: For information on the Enterprise
Access Control Service (EACS)--Interior, DOI-30, please contact Richard
A. Delph, Office of the Chief Information Officer, Office of the
Secretary, Department of the Interior, 625 Herndon Parkway, Herndon, VA
20170, (703) 487-8555.
SUPPLEMENTARY INFORMATION: The purpose of the Enterprise Access Control
Service is to streamline DOI bureau/office information technology (IT)
user management and administration by providing an enterprise Directory
structure. It will provide an enhanced control of user identification,
authentication, and authorization. This improvement will enable DOI to
centrally manage network resources and support multiple processes.
Direct results of this initiative will include enhanced sharing of
information and resources and an overall improved level of security for
IT systems.
Dated: January 3, 2005.
Marilyn Legnini,
Departmental Privacy Act Officer, Department of the Interior.
INTERIOR/DOI-30
System name:
Enterprise Access Control Service (EACS)--Interior, DOI-30.
System location:
Information covered by this system is located in three primary
master sites at the following locations under the Department of the
Interior (DOI), Office of the Secretary, Office of the Chief
Information Officer at: (a) The Enterprise Service Center, Herndon,
Virginia, (b) Anchorage, Alaska, and (c) the National Business Center,
Lakewood, Colorado. DOI bureau and office replicas of the master
database of the EACS are located at strategic Departmental locations.
Categories of individuals covered by the system:
All current DOI employees and contractors who use DOI computer
networks and e-mail.
Categories of records in the system:
The information retained in EACS contains: User name, address, and
contact information, Web home page address, user access and permission
rights, authentication certificates along with the date and time of
signature retained on the signed document, and supervisor's name.
Authority for maintenance of the system:
This system of records is maintained under the authority of 5
U.S.C. 301; the Paperwork Reduction Act of 1995, 44 U.S.C. 3501; and
the Government Paperwork Elimination Act, 44 U.S.C. 3504.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
The primary purposes of the system are: (1) To provide a common
[[Page 1262]]
authoritative directory service for the purpose of ensuring the
security of DOI computer networks, resources and information and
protecting them from unauthorized access, tampering or destruction, (2)
to authenticate and verify that all persons accessing DOI computer
networks, resources and information are authorized to access them, (3)
to ensure that persons signing official documents are indeed the person
represented and to provide for non-repudiation of the use of an
electronic signature, and (4) to enable an individual to encrypt and
decrypt documents for secure transmission.
Disclosures outside the DOI may be made:
(a) To an expert, consultant, or contractor (including employees of
the contractor) of DOI that performs, on DOI's behalf, services
requiring access to these records.
(b) To the Federal Protective Service and appropriate Federal,
State, local or foreign agencies responsible for investigating
emergency response situations or investigating or prosecuting the
violation of or for enforcing or implementing a statute, rule,
regulation, order or license, when DOI becomes aware of a violation or
potential violation of a statute, rule, regulation, order or license.
(c) To another agency with a similar smart card system when a
person with a DOI SmartCard desires access to that other agency's
facility.
(d) To the Department of Justice, or to a court, adjudicative or
other administrative body, or to a party in litigation before a court
or adjudicative or administrative body, when:
(1) One of the following is a party to the proceeding or has an
interest in the proceeding:
(i) The Department or any component of the Department;
(ii) Any Departmental employee acting in his or her official
capacity; or
(iii) Any Departmental employee acting in his or her individual
capacity where the Department or the Department of Justice has agreed
to represent the employee; and
(2) We deem the disclosure to be:
(i) Relevant and necessary to the proceeding; and
(ii) Compatible with the purpose for which we compiled the
information.
(e) To the appropriate Federal agency that is responsible for
investigating, prosecuting, enforcing or implementing a statute, rule,
regulation or order, when we become aware of an indication of a
violation or potential violation of the statute, rule, regulation, or
order.
(f) To a congressional office in response to a written inquiry to
that office by the individual to whom the record pertains.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records are stored in electronic media on hard disks, magnetic
tapes.
Retrievability:
Records are retrievable from EACS by name, digital certificate and
personal identification number (PIN), and Web home address.
Access Safeguards:
The computer servers in which records are stored are located in
computer facilities that are secured by alarm systems and off-master
key access. EACS access granted to individuals is password-protected.
Access to the certificate issuance portion of this system of records is
controlled by a digital certificate in combination with a PIN. Each
person granted access to the system must be individually authorized to
use the system. A Privacy Act Warning Notice appears on the monitor
screen when first displayed. Backup tapes are stored in a locked and
controlled room in a secure, off-site location. A Privacy Impact
Assessment was completed to ensure that Privacy Act requirements and
safeguard requirements are met.
Retention and disposal:
Records relating to persons covered by this system are retained in
accordance with General Records Schedule.
System manager(s) and address:
Office of the Chief Information Officer, Office of the Secretary,
Department of the Interior, 625 Herndon Parkway, Herndon, VA 20170.
Notification procedures:
An individual requesting notification of the existence of records
on him or herself should address his/her request to the local Bureau/
office IT computer administrators or help desk. Individuals requesting
notification must provide their full name and social security number.
Interior bureaus/offices are listed at the Department of the Interior
Web site at http://www.doi.gov. The request must be in writing and
signed by the requester. (See 43 CFR 2.60).
Records access procedures:
An individual requesting access to records maintained on him or
herself should address his/her request to the office listed in the
``Notification procedures'' section above. Individuals requesting
access must provide their full name and social security number. The
request must be in writing and signed by the requester. (See 43 CFR
2.63).
Contesting record procedures:
An individual requesting amendment of a record maintained on him or
herself should address his/her request to the office above. Individuals
requesting an amendment must provide their full name and social
security number. The request must be in writing and signed by the
requester. (See 43 CFR 2.71).
Record source categories:
Information in this system is obtained from individuals covered by
the system supervisors, designated approving officials, certificate
issuing authority, and network system administrators.
Exemptions claimed for the system:
None.
[FR Doc. 05-289 Filed 1-5-05; 8:45 am]