AGENCY:

Office of the Secretary, Department of the Interior.

ACTION:

Proposed addition of a new system of records.

SUMMARY:

The Department of the Interior is issuing public notice of its intent to add a new Privacy Act system of records to its inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a). This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records systems maintained by the agency (5 U.S.C. 552a(e)(4)). The new system of records is called the Enterprise Access Control Service (EACS)—Interior, DOI-30.

EFFECTIVE DATE:

5 U.S.C. 552a(e)(11) requires that the public be provided a 30-day period in which to comment on the intended use of the information in the system of records. Any persons interested in commenting on this proposed system of records may do so by submitting comments in writing to the Departmental Privacy Act Officer, U.S. Department of the Interior, Office of the Chief Information Officer, MS 5312 MIB, 1849 C Street NW., Washington, DC 20240. Comments received within 30 days of publication in the Federal Register will be considered. The system will be effective as proposed at the end of the comment period unless comments are received which would require a contrary determination. In that case the Department will publish any changes to the routine uses.

FOR FURTHER INFORMATION CONTACT:

For information on the Enterprise Access Control Service (EACS)—Interior, DOI-30, please contact Richard A. Delph, Office of the Chief Information Officer, Office of the Secretary, Department of the Interior, 625 Herndon Parkway, Herndon, VA 20170, (703) 487-8555.

SUPPLEMENTARY INFORMATION:

The purpose of the Enterprise Access Control Service is to streamline DOI bureau/office information technology (IT) user management and administration by providing an enterprise Directory structure. It will provide an enhanced control of user identification, authentication, and authorization. This improvement will enable DOI to centrally manage network resources and support multiple processes. Direct results of this initiative will include enhanced sharing of information and resources and an overall improved level of security for IT systems.

INTERIOR/DOI-30

System name:

Enterprise Access Control Service (EACS)—Interior, DOI-30.

System location:

Information covered by this system is located in three primary master sites at the following locations under the Department of the Interior (DOI), Office of the Secretary, Office of the Chief Information Officer at: (a) The Enterprise Service Center, Herndon, Virginia, (b) Anchorage, Alaska, and (c) the National Business Center, Lakewood, Colorado. DOI bureau and office replicas of the master database of the EACS are located at strategic Departmental locations.

Categories of individuals covered by the system:

All current DOI employees and contractors who use DOI computer networks and e-mail.

Categories of records in the system:

The information retained in EACS contains: User name, address, and contact information, Web home page address, user access and permission rights, authentication certificates along with the date and time of signature retained on the signed document, and supervisor's name.

Authority for maintenance of the system:

This system of records is maintained under the authority of 5 U.S.C. 301; the Paperwork Reduction Act of 1995, 44 U.S.C. 3501; and the Government Paperwork Elimination Act, 44 U.S.C. 3504.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

The primary purposes of the system are: (1) To provide a common Start Printed Page 1262authoritative directory service for the purpose of ensuring the security of DOI computer networks, resources and information and protecting them from unauthorized access, tampering or destruction, (2) to authenticate and verify that all persons accessing DOI computer networks, resources and information are authorized to access them, (3) to ensure that persons signing official documents are indeed the person represented and to provide for non-repudiation of the use of an electronic signature, and (4) to enable an individual to encrypt and decrypt documents for secure transmission.

Disclosures outside the DOI may be made:

(a) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs, on DOI's behalf, services requiring access to these records.

(b) To the Federal Protective Service and appropriate Federal, State, local or foreign agencies responsible for investigating emergency response situations or investigating or prosecuting the violation of or for enforcing or implementing a statute, rule, regulation, order or license, when DOI becomes aware of a violation or potential violation of a statute, rule, regulation, order or license.

(c) To another agency with a similar smart card system when a person with a DOI SmartCard desires access to that other agency's facility.

(d) To the Department of Justice, or to a court, adjudicative or other administrative body, or to a party in litigation before a court or adjudicative or administrative body, when:

(1) One of the following is a party to the proceeding or has an interest in the proceeding:

(i) The Department or any component of the Department;

(ii) Any Departmental employee acting in his or her official capacity; or

(iii) Any Departmental employee acting in his or her individual capacity where the Department or the Department of Justice has agreed to represent the employee; and

(2) We deem the disclosure to be:

(i) Relevant and necessary to the proceeding; and

(ii) Compatible with the purpose for which we compiled the information.

(e) To the appropriate Federal agency that is responsible for investigating, prosecuting, enforcing or implementing a statute, rule, regulation or order, when we become aware of an indication of a violation or potential violation of the statute, rule, regulation, or order.

(f) To a congressional office in response to a written inquiry to that office by the individual to whom the record pertains.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records are stored in electronic media on hard disks, magnetic tapes.

Retrievability:

Records are retrievable from EACS by name, digital certificate and personal identification number (PIN), and Web home address.

Access Safeguards:

The computer servers in which records are stored are located in computer facilities that are secured by alarm systems and off-master key access. EACS access granted to individuals is password-protected. Access to the certificate issuance portion of this system of records is controlled by a digital certificate in combination with a PIN. Each person granted access to the system must be individually authorized to use the system. A Privacy Act Warning Notice appears on the monitor screen when first displayed. Backup tapes are stored in a locked and controlled room in a secure, off-site location. A Privacy Impact Assessment was completed to ensure that Privacy Act requirements and safeguard requirements are met.

Retention and disposal:

Records relating to persons covered by this system are retained in accordance with General Records Schedule.

System manager(s) and address:

Office of the Chief Information Officer, Office of the Secretary, Department of the Interior, 625 Herndon Parkway, Herndon, VA 20170.

Notification procedures:

An individual requesting notification of the existence of records on him or herself should address his/her request to the local Bureau/office IT computer administrators or help desk. Individuals requesting notification must provide their full name and social security number. Interior bureaus/offices are listed at the Department of the Interior Web site at http://www.doi.gov. The request must be in writing and signed by the requester. (See 43 CFR 2.60).

Records access procedures:

An individual requesting access to records maintained on him or herself should address his/her request to the office listed in the “Notification procedures” section above. Individuals requesting access must provide their full name and social security number. The request must be in writing and signed by the requester. (See 43 CFR 2.63).

Contesting record procedures:

An individual requesting amendment of a record maintained on him or herself should address his/her request to the office above. Individuals requesting an amendment must provide their full name and social security number. The request must be in writing and signed by the requester. (See 43 CFR 2.71).

Record source categories:

Information in this system is obtained from individuals covered by the system supervisors, designated approving officials, certificate issuing authority, and network system administrators.

Exemptions claimed for the system:

None.