AGENCY:

Defense Information Systems Agency, DoD.

ACTION:

Notice to add a system of records.

SUMMARY:

The Defense Information Systems Agency proposes to add a system of records notice to its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES:

This action will be effective on November 8, 2001 unless comments are received that would result in a contrary determination.

ADDRESSES:

Send comments to the Defense Information Systems Agency, CIO/D03A, 3701 N. Fairfax Drive, Arlington, VA 22203-1713.

FOR FURTHER INFORMATION CONTACT:

Mr. Tommie Gregg at (703) 696-1891.

SUPPLEMENTARY INFORMATION:

The Defense Information Systems Agency's record system notices for records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address above.

The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act, was submitted on September 26, 2001, to the House Committee on Government Reform, the Senate Committee on Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, ‘Federal Agency Responsibilities for Maintaining Records About Individuals,’ dated February 8, 1996, (61 FR 6427, February 20, 1996).

K270-01,

System name:

DoD Digital Certificate Records.

System location:

Defense Enterprise Computing Center-Chambersburg, Letterkenny Army Depot, Building 3, Chambersburg, PA 17201-4186; and

Defense Enterprise Computing Center-C-DE, 6760 East Irvington Place, Denver, CO 80279-8000.

Categories of individuals covered by the system:

DoD military and civilian personnel, selected reservists; eligible DoD contractor personnel who have been assigned a digital certificate or have had their existing certificates renewed, replaced, revoked, or denied.

Categories of records in the system:

The system contains information needed to establish accountability and audit control of digital certificates that have been assigned to DoD personnel who transmit electronic data that requires protection by enabling the use of public key cryptography.

Records include operator's/user's name, organization, work telephone number, Social Security Number, date of birth, Electronic Identification Number, work e-mail address, username and password. Records on the creation, renewal, replacement, or revocation of digital certificates under the DoD Public Key Infrastructure, including evidence provided by applicants for proof of identity and authority, sources used to verify an applicant's identity and authority, and the certificates issued, denied, and revoked, including reasons for denial, and revocation.

Authority for maintenance of the system:

5 U.S.C. 301, Departmental Regulations; The Electronic Signatures in Global and National Commerce Act, Pub. L. 106-229; Presidential Directive on Electronic Commerce, July 1, 1997; OASD(C3I) Policy Memorandum dated Start Printed Page 51405August 12, 2000, subject: Department of Defense (DoD) Public Key Infrastructure (PKI) and, OASD(C3I) Memorandum dated Jan 2001, subject: Common Access Card (CAC), and Government Paperwork Elimination Act; and E.O. 9397 (SSN).

Purpose(s):

This system of records is being maintained in order to issue digital certificates to DoD personnel who transmit electronic data that requires protection by enabling the use of public key cryptography.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

The DoD ‘Blanket Routine Uses’ set forth at the beginning of DISA's compilation of systems of records notices apply to this system.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Records are stored on paper files and electronic media.

Retrievability:

Name, Social Security Number, date of birth, and the electronic identification number.

Safeguards:

Facilities where the systems are maintained are locked when not occupied. Paper records are kept in filing cabinets and other storage places that are locked when office is not occupied. Computerized records maintained in a controlled area are accessible only to authorized personnel. Physical and electronic access is restricted to individuals having a need for the record in the performance of their official duties.

Retention and disposal:

Disposition pending (until NARA has approved the retention and disposition schedule for these records, treat records as permanent).

System manager(s) and address:

DoD Public Key Infrastructure and Directory Service Project Officer, 5111 Leesburg Pike, Suite 900, Falls Church, VA 22041-3205.

Notification procedure:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the DoD Public Key Infrastructure and Directory Service Project Officer, 5111 Leesburg Pike, Suite 900, Falls Church, VA 22041-3205.

Requests should contain the individual's full name, Social Security Number, and date of birth.

Record access procedures:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the DoD Public Key Infrastructure and Directory Service Project Officer, 5111 Leesburg Pike, Suite 900, Falls Church, VA 22041-3205.

Requests should contain the individual's full name, Social Security Number, and date of birth.

Contesting record procedures:

DISA's rules for accessing records, for contesting contents and appealing initial agency determinations are published in DISA Instruction 210-225-2; 32 CFR part 316; or may be obtained from the system manager.

Record source categories:

The information is obtained from the subject individual, the Defense Manpower Data Center, and other official personnel documents.

Exemptions claimed for the system:

None.