Sei sulla pagina 1di 3

1262 Federal Register / Vol. 70, No.

4 / Thursday, January 6, 2005 / Notices

authoritative directory service for the office by the individual to whom the requesting access must provide their full
purpose of ensuring the security of DOI record pertains. name and social security number. The
computer networks, resources and request must be in writing and signed
POLICIES AND PRACTICES FOR STORING,
information and protecting them from by the requester. (See 43 CFR 2.63).
RETRIEVING, ACCESSING, RETAINING, AND
unauthorized access, tampering or DISPOSING OF RECORDS IN THE SYSTEM: CONTESTING RECORD PROCEDURES:
destruction, (2) to authenticate and
verify that all persons accessing DOI STORAGE: An individual requesting amendment
computer networks, resources and Records are stored in electronic media of a record maintained on him or herself
information are authorized to access on hard disks, magnetic tapes. should address his/her request to the
them, (3) to ensure that persons signing office above. Individuals requesting an
RETRIEVABILITY: amendment must provide their full
official documents are indeed the
person represented and to provide for Records are retrievable from EACS by name and social security number. The
non-repudiation of the use of an name, digital certificate and personal request must be in writing and signed
electronic signature, and (4) to enable an identification number (PIN), and Web by the requester. (See 43 CFR 2.71).
individual to encrypt and decrypt home address.
RECORD SOURCE CATEGORIES:
documents for secure transmission. ACCESS SAFEGUARDS: Information in this system is obtained
Disclosures outside the DOI may be The computer servers in which from individuals covered by the system
made: records are stored are located in supervisors, designated approving
(a) To an expert, consultant, or officials, certificate issuing authority,
computer facilities that are secured by
contractor (including employees of the and network system administrators.
alarm systems and off-master key
contractor) of DOI that performs, on
access. EACS access granted to
DOI’s behalf, services requiring access EXEMPTIONS CLAIMED FOR THE SYSTEM:
individuals is password-protected.
to these records. None.
(b) To the Federal Protective Service Access to the certificate issuance
and appropriate Federal, State, local or portion of this system of records is [FR Doc. 05–289 Filed 1–5–05; 8:45 am]
foreign agencies responsible for controlled by a digital certificate in BILLING CODE 4310–RK–P

investigating emergency response combination with a PIN. Each person


situations or investigating or granted access to the system must be
individually authorized to use the DEPARTMENT OF THE INTERIOR
prosecuting the violation of or for
enforcing or implementing a statute, system. A Privacy Act Warning Notice
appears on the monitor screen when Office of the Secretary
rule, regulation, order or license, when
DOI becomes aware of a violation or first displayed. Backup tapes are stored
Privacy Act of 1974, as Amended;
potential violation of a statute, rule, in a locked and controlled room in a
Addition of a New System of Records
regulation, order or license. secure, off-site location. A Privacy
(c) To another agency with a similar Impact Assessment was completed to AGENCY: U.S. Department of the Interior.
smart card system when a person with ensure that Privacy Act requirements ACTION:Proposed addition of a new
a DOI SmartCard desires access to that and safeguard requirements are met. system of records.
other agency’s facility. RETENTION AND DISPOSAL: SUMMARY: The Department of the
(d) To the Department of Justice, or to Records relating to persons covered Interior (DOI) is issuing public notice of
a court, adjudicative or other by this system are retained in its intent to create a Privacy Act (PA)
administrative body, or to a party in accordance with General Records system of records in its inventory of
litigation before a court or adjudicative Schedule. records systems subject to the Privacy
or administrative body, when:
Act of 1974 (5 U.S.C. 552a). This action
(1) One of the following is a party to SYSTEM MANAGER(S) AND ADDRESS:
is necessary to meet the requirements of
the proceeding or has an interest in the Office of the Chief Information the Privacy Act to publish in the
proceeding: Officer, Office of the Secretary,
(i) The Department or any component Federal Register notice of the existence
Department of the Interior, 625 Herndon and character of records systems
of the Department; Parkway, Herndon, VA 20170.
(ii) Any Departmental employee maintained by the agency (5 U.S.C.
acting in his or her official capacity; or NOTIFICATION PROCEDURES: 552a(e)(4)). The new system of records
(iii) Any Departmental employee An individual requesting notification is captioned, ‘‘Interior—DOI–15,’’ and is
acting in his or her individual capacity of the existence of records on him or titled, ‘‘Authenticated Computer Access
where the Department or the herself should address his/her request to and Signature System (ACASS).’’
Department of Justice has agreed to the local Bureau/office IT computer EFFECTIVE DATE: 5 U.S.C. 552a(e)(11)
represent the employee; and administrators or help desk. Individuals requires that the public be provided a
(2) We deem the disclosure to be: requesting notification must provide 30-day period in which to comment on
(i) Relevant and necessary to the their full name and social security the agency’s intended use of the
proceeding; and number. Interior bureaus/offices are information in the system of records.
(ii) Compatible with the purpose for listed at the Department of the Interior The Office of Management and Budget,
which we compiled the information. Web site at http://www.doi.gov. The in its Circular A–130, requires an
(e) To the appropriate Federal agency request must be in writing and signed additional 10-day period (for a total of
that is responsible for investigating, by the requester. (See 43 CFR 2.60). 40 days) in which to make these
prosecuting, enforcing or implementing comments. Any persons interested in
a statute, rule, regulation or order, when RECORDS ACCESS PROCEDURES: commenting on this proposed
we become aware of an indication of a An individual requesting access to amendment may do so by submitting
violation or potential violation of the records maintained on him or herself comments in writing to the Department
statute, rule, regulation, or order. should address his/her request to the of the Interior, Privacy Act Officer,
(f) To a congressional office in office listed in the ‘‘Notification Marilyn Legnini, U.S. Department of the
response to a written inquiry to that procedures’’ section above. Individuals Interior, Mail Stop (MS)–5312—Main

VerDate jul<14>2003 15:45 Jan 05, 2005 Jkt 205001 PO 00000 Frm 00043 Fmt 4703 Sfmt 4703 E:\FR\FM\06JAN1.SGM 06JAN1
Federal Register / Vol. 70, No. 4 / Thursday, January 6, 2005 / Notices 1263

Interior Building (MIB), 1849 C Street, Computer Access and Signature System operating system used by DOI that
NW., Washington, DC 20240. Comments (ACASS), follows. performs network management
received within 40 days of publication Dated: January 3, 2005. functions and is the repository for the
in the Federal Register will be Marilyn Legnini, computer access data. A contracted
considered. The system will be effective Departmental Privacy Act Officer,
certification authority provides the
as proposed at the end of the comment Department of the Interior. digital certificates and encryption
period unless comments are received services necessary for secure
which would require a contrary INTERIOR/DOI–15 authentication and verification. The
determination. The Department will SYSTEM NAME:
collected data will contain the
publish a revised notice if changes are individual’s user ID/e-mail address. The
Authenticated Computer Access and
made based upon a review of comments Active Directory will generate the date
Signature System—Interior, DOI–15
received. of entry to the computer network/
FOR FURTHER INFORMATION CONTACT: Bob SYSTEM LOCATION: system, time of entry, location of entry,
Donelson, Senior Property Manager, (1) Data covered by this system are time of exit, security access category,
Bureau of Land Management, maintained in the following locations: and access status which will also
Department of the Interior, 1620 L U.S. Department of the Interior (DOI), become part of the record. The collected
Street, NW., MS LS, Washington, DC Bureau of Land Management (BLM), data retained in Active Directory may
20036; 202–452–5190. National Information Resources also contain: office telephone number,
SUPPLEMENTARY INFORMATION: The Management Center, Denver Federal supervisor’s name and Web home page
primary purpose of ACASS is: (1) To Center, Lakewood, Colorado. A address. Records on former agency
ensure the security of DOI computer redundant, fail-over, server is located at employees are maintained in
networks in order to maintain BLM’s Network Operations Center in accordance with the proscribed records
continuous communications and protect Portland, Oregon. A repository of digital schedule.
the information attached to the certificates included in this system is AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
networks from unauthorized access, maintained by the certificate authority.
However, only the Department of 5 U.S.C. 301; Presidential
tampering or destruction; (2) To verify Memorandum on Upgrading Security at
that all persons accessing DOI networks Interior maintains a listing of
individuals to whom the certificates are Federal Facilities, June 28, 1995.
with ‘‘smart card’’ systems are Federal Information Security Act
authorized to access them; (3) To ensure issued.
(2) Limited access to data covered by (Pub.L. 104–106), section 5113.
that persons signing official documents E-Government Act (Pub.L. 104–347),
are indeed the person represented and this system is available at DOI locations,
section 203.
to provide assurance to the recipient both Federal buildings and Federally-
Government Paperwork Elimination
that the signature is authentic; and (4) leased space, where DOI computer
Act (Pub.L. 105–277).
To enable an individual to encrypt and systems are located. System
decrypt documents for secure Administrators at those locations have ROUTINE USES OF RECORDS MAINTAINED IN THE
transmission. access only to the information for SYSTEM INCLUDING CATEGORIES OF USERS AND
employees who attempt to access THE PURPOSES OF SUCH USES:
The new ‘‘smart card’’ access control
system is based on digitally encrypted computer systems at their location. The primary purposes of the system
certificates. The DOI is adding the are:
CATEGORIES OF INDIVIDUALS COVERED BY THE
capability for users to electronically sign (1) To ensure the security of DOI
SYSTEM:
documents and encrypt documents computer networks to maintain
All individuals who have ‘‘smart continuous communications and protect
using digital certificates. The current card’’ IDs with authentication capability
password access control system is used the information attached to the
who are granted access to DOI computer networks from unauthorized access,
to maintain access control to the various networks or certain isolated systems at
computer networks and computer tampering or destruction.
facilities that have the ‘‘smart card’’ (2) To verify that all persons accessing
systems in the DOI. The new access access control system installed and
control system will be used to maintain DOI networks with ‘‘smart card’’
individuals authorized to sign official systems are authorized to access them.
access control to all DOI computer DOI documents. These include, but are
networks and systems that have (3) To ensure that persons signing
not limited to, the following groups: official documents are indeed the
installed ‘‘smart card’’ access controls. current agency employees, former
In addition to the information collected person represented and to provide for
agency employees until the records are non-repudiation of the use of an
under the current access control system, disposed of in accordance with the
the new access control system will electronic signature.
proscribed records schedule, agency (4) To enable an individual to encrypt
record the personal identification contractors, other Government
numbers (PIN) of the ‘‘smart card’’ and decrypt documents for secure
employees from agencies with ‘‘smart transmission.
holder onto the ‘‘smart card’’. The PIN card’’ systems and volunteers.
will not be recorded elsewhere in the DISCLOSURES OF RECORDS WITHIN DOI:
system. The data will be stored on a CATEGORIES OF RECORDS IN THE SYSTEM:
Disclosure of these records may be
server located in the U.S. Department of Records maintained on current agency made: (1) To those officers and
the Interior, Bureau of Land employees and agency contractors employees of DOI who have a need for
Management, National Information include the following data fields: Name, the record in the performance of their
Resources Management Center, Denver organization/office of assignment, duties, or (2) when required by the
Federal Center, Lakewood, Colorado. A personal identification number (PIN), Freedom of Information Act, 5 U.S.C.
redundant, fail-over, server is located at number of ID security cards issued, ID 552.
BLM’s Network Operations Center in security card issue date, ID security card
Portland, Oregon. expiration date, and ID security card DISCLOSURES OUTSIDE THE DOI MAY BE MADE:
A copy of the system notice for serial number. The Active Directory is a (1) To an expert, consultant, or
Interior—DOI–15, Authenticated component of the computer network contractor (including employees of the

VerDate jul<14>2003 15:45 Jan 05, 2005 Jkt 205001 PO 00000 Frm 00044 Fmt 4703 Sfmt 4703 E:\FR\FM\06JAN1.SGM 06JAN1
1264 Federal Register / Vol. 70, No. 4 / Thursday, January 6, 2005 / Notices

contractor) of DOI that performs, on POLICIES AND PRACTICES FOR STORING, Building 40, P.O. Box 25047, Denver,
DOI’s behalf, services requiring access RETRIEVING, ACCESSING, RETAINING, AND Colorado 80225–0047.
to these records. DISPOSING OF RECORDS IN THE SYSTEM:
(2) To another agency with a similar NOTIFICATION PROCEDURES:
STORAGE:
‘‘smart card’’ system when a person An individual requesting notification
Records are stored in electronic media
with a ‘‘smart card’’ requires access to of the existence of records on himself or
on hard disks, magnetic tapes and the ID
that agency’s facilities on a ‘‘need-to- herself should address his/her request to
authentication card itself and on paper
know’’ basis. the local office Information Technology
records stored in file cabinets in secured
(3) To the Federal Protective Service Security Manager. The individual
locations.
and appropriate Federal, State, or local requesting notification must provide
agencies responsible for investigating RETRIEVABILITY: their full name and social security
emergency response situations or Records are retrievable from Active number. Interior bureaus/offices are
investigating or prosecuting the Directory by organization, agency point listed at the Department of the Interior
violation of or for enforcing or of contact, security access category that Web site at http://www.doi.gov. The
implementing a statute, rule, regulation, describes the type of access the user is request must be in writing and signed
order or license, when DOI becomes allowed, date of system entry, time of by the requester. (See 43 CFR 2.60.)
aware of a violation or potential entry, location of entry, time of exit, RECORDS ACCESS PROCEDURES:
violation of a statute, rule, regulation, location of exit, ID security card issue
order or license. An individual requesting access to
date, ID security card expiration date,
(4)(a) To any of the following entities records maintained on himself or herself
and ID security card serial number.
or individuals, when the circumstances should address his/her request to the
set forth in (b) are met: ACCESS SAFEGUARDS: local office Information Technology
(i) The Department of Justice (DOJ); The computer servers in which Security Manager. The individual
(ii) A court, adjudicative or other records are stored are located in requesting access must provide their full
administrative body; computer facilities that are secured by name and social security number. The
(iii) A party in litigation before a court alarm systems and off-master key request must be in writing and signed
or adjudicative or administrative body; access. Active Directory access granted by the requester. (See 43 CFR 2.63.)
or to individuals is password-protected.
(iv) Any DOI employee acting in his CONTESTING RECORD PROCEDURES:
Access to the certificate issuance
or her individual capacity if DOI or DOJ An individual requesting amendment
portion of this system of records is
has agreed to represent that employee or of a record maintained on himself or
controlled by a digital certificate in
pay for private representation of the herself should address his/her request to
employee; combination with a personal
the local office IT Security Manager.
(b) When identification number (PIN). Each
The individual requesting the
(i) One of the following is a party to person granted access to the system
amendment must provide their full
the proceeding or has an interest in the must be individually authorized to use
name and social security number. The
proceeding: the system. A Privacy Act Warning
request must be in writing and signed
(A) DOI or any component of DOI; Notice appears on the monitor screen
by the requester. (See 43 CFR 2.71.)
(B) Any DOI employee acting in his or when records containing information on
her official capacity; individuals are first displayed. Backup RECORD SOURCE CATEGORIES:
(C) Any DOI employee acting in his or tapes are stored in a locked and Individuals covered by the system,
her individual capacity if DOI or DOJ controlled room in a secure, off-site supervisors, and designated approving
has agreed to represent that employee or location. A Privacy Impact Assessment officials, certificate issuing authority,
pay for private representation of the was used to ensure that Privacy Act network system administrators.
employee; requirements and safeguard
(D) The United States, when DOJ requirements were met. EXEMPTIONS CLAIMED FOR THE SYSTEM:
determines that DOI is likely to be None.
RETENTION AND DISPOSAL:
affected by the proceeding; and
(ii) DOI deems the disclosure to be: Records relating to persons covered [FR Doc. 05–292 Filed 1–5–05; 8:45 am]
(A) Relevant and necessary to the by this system are retained in BILLING CODE 4310–RK–P

proceeding; and accordance with General Records


(B) Compatible with the purposes for Schedule 18, Item No. 17. Unless
which the records were compiled. retained for specific, ongoing security DEPARTMENT OF THE INTERIOR
(5) To a congressional office in investigations:
response to a written inquiry an Bureau of Indian Affairs
(1) Records relating to individuals
individual covered by the system has other than employees are destroyed two Privacy Act of 1974, as Amended;
made to the congressional office about years after the ID security card Amendment of an Existing System of
him or herself. expiration date. Records
(6) To an official of another Federal (2) Records relating to date and time
agency to provide information needed of system entry and exit of employees AGENCY: Bureau of Indian Affairs,
in the performance of official duties are destroyed two years after the date of Interior.
related to reconciling or reconstructing entry and exit. ACTION: Proposed amendment of an
data files, in support of the functions for (3) All other records relating to existing system of records.
which the records were collected and employees are destroyed two years after
maintained. the ID security card expiration date. SUMMARY: Under the Privacy Act of
(7) To representatives of the National 1974, as amended (5 U.S.C. 552a), the
Archives and Records Administration to SYSTEM MANAGER(S) AND ADDRESS: Office of the Secretary is issuing public
conduct records management Director, Information Resources notice of our intent to change an
inspections under the authority of 44 Management Center, Bureau of Land existing Privacy Act system of records
U.S.C. 2903 and 2904. Management, Denver Federal Center, notice entitled, Interior BIA–18 ‘‘Law

VerDate jul<14>2003 15:45 Jan 05, 2005 Jkt 205001 PO 00000 Frm 00045 Fmt 4703 Sfmt 4703 E:\FR\FM\06JAN1.SGM 06JAN1