DEFENSE PRIVACY AND CIVIL LIBERTIES OFFICE

SYSTEM OF RECORDS NOTICES (SORNs)

DoD-Wide Notices

K890.15 DoD

SYSTEM NAME:

Active Directory Enterprise Application and Services Forest (AD EASF) (December 8, 2010, 75 FR 76426).

SYSTEM LOCATION:

System locations may be obtained from the systems manager at the Defense Information Systems Agency (DISA), Computing Services Division (CSD), 5600 Columbia Pike, Falls Church, VA 22204-4502.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Department of Defense (DoD) personnel who have been issued DoD Common Access Cards (CAC) or a DoD Class 3 Public Key Infrastructure (PKI) certificate to include civilian employees, military personnel, contractors and other individuals detailed or assigned to DoD Components.

CATEGORIES OF RECORDS IN THE SYSTEM:

These include individual's name (last name, first name, middle initial); unique identifiers including Electronic Data Interchange Person Identifier (EDI PI), other unique identifier (not Social Security Number), Federal Agency Smart Credential Number (FASC-N), login name, legacy login name, and persona username; object class; rank; title; job title; persona type code (PTC); primary and other work e-mail addresses; persona display name (PDN); work contact information, including administrative organization, duty organization, department, company (derived), building, address, mailing address, country, organization, phone, fax, mobile, pager, Defense Switched Network (DSN) phone, other fax, other mobile, other pager, city, zip code, post office box, street address, state, room number, assigned unit name, code and location, attached unit name, code and location, major geographical location, major command, assigned major command, and base, post, camp, or station; US government agency code; service code; personnel category code; non-US government agency object common name; user account control; information technology service entitlements; and Public Key Infrastructure (PKI) certificate information, including Personal Identity Verification Authentication (PIV Auth) certificate issuer, PIV Auth certificate serial number, PIV Auth certificate principal name, PIV Auth Subject Alternative Name, PIV Auth Thumbprint, PIV Auth Issuer, PIV Auth Common name, Identity (ID) certificate issuer, ID certificate serial number, ID certificate principal name, ID Thumbprint, ID Common Name (CN), signature certificate e-mail address, Signature Subject Alternative Name UPN, Signature Thumbprint, Signature Issuer, Signature serial number, Signature CN, Encryption (Public Binary Certificate), Encryption Thumbprint, Certificate Issuer, Encryption Serial Number, Encryption CN, distinguished name, PKI login identity, e-mail encryption certificate, and other certificate information, Country of Citizenship, US Citizenship Status Indicator Code, Cadency of name (e.g. Sr, Jr, III), Identity Certificate Serial Number, Persona E-Mail Address, Administrative Organization Code, DoD component, DoD sub-component, Non-DoD agency, Directory publishing restrictions, Reserve component code, Billet code and Pay grade.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, Departmental Regulation; DoD Directive 5105.19, Defense Information Systems Agency (DISA).

PURPOSE(S):

The AD EASF will control access and provide contact information for users of DoD Enterprise E-Mail, workspace and collaboration tools, file storage, and office applications.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

The `Blanket Routine Uses' set forth at the beginning of the DISA's compilation of systems of records notices apply to this system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Electronic storage media.

RETRIEVABILITY:

By individuals name.

Safeguards:

Access to the type and amount of data is governed by privilege management software and policies developed and enforced by Federal government personnel. Defense-in-Depth methodology is used to protect the repository and interfaces, including (but not limited to) multi-layered firewalls, Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections, access control lists, file system permissions, intrusion detection and prevention systems and log monitoring. Complete access to all records is restricted to and controlled by certified system management personnel, who are responsible for maintaining the AD EASF system integrity and the data confidentiality.

RETENTION AND DISPOSAL:

Disposition pending (until the National Archives and Records Administration approves retention and disposal schedule, records will be treated as permanent).

System Manager(s) and Address:

Defense Information Systems Agency (DISA), Computing Services Division (CSD), 5600 Columbia Pike, Falls Church, VA 22204-4502.

Notification Procedure:

Individuals seeking to determine whether information about themselves is contained in this system of records should address written inquiries to the appropriate system manager.

The full name of the requesting individual will be required to determine if the system contains a record about him or her. The requester may also visit one of the system managers listed. As proof of identity the requester must present a current DISA identification badge or a driver's license.

Record Access Procedures: