AGENCY:

General Services Administration (GSA), Office of Government-Wide Policy (OGP).

ACTION:

Notice of a new system of records.

SUMMARY:

GSA is publishing this system of records notice (SORN) as the new managing partner of the e-Rulemaking Program, effective October 1, 2019. The e-Rulemaking Program includes the Federal Docket Management System (FDMS) and Regulations.gov. Regulations.gov allows the public to search, view, download, and comment on Federal agencies' rulemaking documents in one central location on-line. FDMS provides each participating Federal agency with the ability to electronically access and manage its own rulemaking dockets, or other dockets, including comments or supporting materials submitted by individuals or organizations. GSA is establishing the GSA/OGP-1, e-Rulemaking Program Administrative System to manage regulations.gov and partner agency access to the Federal Docket Management System (FDMS).

DATES:

The System of Records Notice (SORN) is applicable on October 8, 2019, with the exception of the routine uses. The routine uses will not be effective until November 7, 2019, pending public comment. Comments on the routine uses or other aspects of the SORN must be submitted by November 7, 2019.

ADDRESSES:

Submit comments identified by “Notice-ID-2019-01, Notice of a New System of Records” by any of the following methods:

• Regulations.gov: https://www.regulations.gov. Submit comments via the Federal e-Rulemaking portal by searching for Notice-ID-2019-01, Notice of New System of Records. Select the link “Comment Now” that corresponds with “Notice-ID-2019-01, Notice of New System of Records.” Follow the instructions provided on the screen. Please include your name, company name (if any), and “Notice-ID-2019-01, Notice of New System of Records” on your attached document.
• Mail: General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405. ATTN: Ms. Mandell/Notice-ID-2019-01, Notice of New System of Records.

FOR FURTHER INFORMATION CONTACT:

Call or email GSA's Chief Privacy Officer: telephone 202-322-8246, or email gsa.privacyact@gsa.gov.

SUPPLEMENTARY INFORMATION:

The e-Rulemaking Program has been managed by the Environmental Protection Agency (EPA). However, based on direction from the Office of Management and Budget (OMB), GSA will be the managing partner of the Program, effective October 1, 2019.

GSA is assuming the role of managing partner and is establishing this system of records to support GSA's management of regulations.gov and partner agency access to FDMS. This notice describes how GSA, as managing partner, manages partner agencies' users' credentials. This system of records does not include records pertaining to agency rulemakings (e.g., comments received); partner agencies are responsible for any Privacy Act Notices relevant to their rulemaking materials.

SYSTEM NAME AND NUMBER:

GSA/OGP-1, e-Rulemaking Program Administrative System.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

National Computer Center in Research Triangle Park, North Carolina.

SYSTEM MANAGER(S):

The system manager is the Associate Chief Information Officer of Corporate IT Services in GSA-IT. The business address is: General Services Administration—IC, 1800 F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

e-Government Act of 2002, see 44 U.S.C. 3602(f)(6); see also id § 3501, note.Start Printed Page 53729

PURPOSE(S) OF THE SYSTEM:

The purpose of the e-Rulemaking Program Administrative System is to support GSA's management of regulations.gov and partner agency access to FDMS. FDMS is used by participating Federal agencies that conduct rulemakings and regulations.gov enables Federal agencies to accept public comments electronically. This system of records notice governs the records pertaining to GSA's issuance and management of user credentials to access FDMS.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Covered individuals are partner agency users who register to access FDMS including those agency users who serve as designated partner agency account managers.

CATEGORIES OF RECORDS IN THE SYSTEM:

GSA maintains partner agencies' users' names, government issued email addresses, telephone numbers, and passwords as credentials. In addition, users provide their supervisor's name, telephone number, and government issued email address.

RECORD SOURCE CATEGORIES:

The information in the system may be submitted by users and then approved by partner agencies' designated account manager or directly submitted and approved by a partner agency's designated account manager on behalf of a user.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or portions of the records or information contained in this system may be disclosed to authorized entities on a need to know basis outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

a. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations.

b. To the Office of Personnel Management (OPM), OMB, and the Government Accountability Office (GAO) in accordance with their responsibilities for evaluating Federal programs.

c. To a Member of Congress or his or her staff in response to a request made on behalf of and at the request of the individual who is the subject of the record.

d. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) GSA or any component thereof, or (b) any employee of GSA in his/her official capacity, or (c) any employee of GSA in his/her individual capacity where DOJ or GSA has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and GSA determines that the records are both relevant and necessary to the litigation.

e. To the National Archives and Records Administration (NARA) for records management purposes.

f. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.

g. In connection with any litigation or settlement discussions regarding claims by or against the GSA, including public filing with a court, to the extent that GSA determines the disclosure of the information is relevant and necessary to the litigation or discussions.

h. To an appeal or grievance examiner, formal complaints examiner, equal opportunity investigator, arbitrator, or other authorized official engaged in investigation or settlement of matters and investigations involving the Merit Systems Protection Board or the Office of Special Counsel.

i. To appropriate agencies, entities, and persons when (1) GSA suspects or has confirmed that there has been a breach of the system of records, (2) GSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, GSA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

j. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

k. To a partner agency when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency in managing its access to the system.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

User credentials and associated documentation are stored on secure servers approved by GSA Office of the Chief Information Security Officer (OCISO) and accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The e-Rulemaking Program Administrative System retrieves partner agency user credentials using the government-issued email addresses.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records relating to user credentials are subject to GSA's Records Management Program and NARA-approved retention and disposal procedures. When a user account is terminated, records pertaining to that account are maintained for a period of 6 years before disposal.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:

The e-Rulemaking Program Administrative System is in a facility protected by physical walls, security guards, and requiring identification badges. Rooms housing the system infrastructure are locked, as are the individual server racks. All security controls are reviewed on a periodic basis by external assessors. The controls themselves include measures for access control, security awareness training, audits, configuration management, contingency planning, incident response, and maintenance.

There are a limited number of GSA system administrator accounts for the e-Rulemaking Program Administrative System that allow GSA to manage regulations.gov and partner agency access to FDMS. Partner agency access to FDMS is managed through designated partner agency account managers, who in turn have access to the system to manage their own agency's user accounts within FDMS.

Each designated partner agency account manager has access to FDMS. This level of access enables them to Start Printed Page 53730establish, manage, and terminate user accounts limited to their own agency.

The GSA system administrator accounts are an additional level of security and management in that they oversee all partner agency accounts, including both designated partner agency account managers and agency users. The GSA system administrator accounts require additional tokens that meet multi-factor authentication standards in accordance with National Institute of Standards and Technology (NIST) standards. The controls assist in restricting access to authorized users who require it for official business purposes. Records in FDMS are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intrusion detection, encryption, identification and authentication of users.

RECORD ACCESS PROCEDURES:

Partner agency users can access and manage their user credentials through their designated partner agency account manager. If an access inquiry is not resolved by the designated partner agency account manager, the partner agency user may contact the GSA system manager listed above. Procedures for requesting access from GSA can be found at 41 CFR part 105-64.4.

CONTESTING RECORD PROCEDURES:

If partner agency users have questions or concerns about their account records, they can contact their designated partner agency account manager. If a question or concern is not resolved by the designated partner agency account manager, a partner agency user may contact the GSA system manager listed above. Procedures for contesting records stored by GSA can be found at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:

If partner agency users wish to receive notice about their account records, they can contact their designated partner agency account manager. If not resolved by the designated partner agency account manager, the partner agency user may contact the GSA system manager listed above. Procedures for requesting notice of records stored by GSA can be found at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

N/A.