AGENCY:

Department of Transportation (DOT), Office of the Secretary.

ACTION:

DOT intends to establish a system of records under the Privacy Act of 1974.

SUMMARY:

The Privacy Act of 1974, as amended, 5 U.S.C. 552a, requires that agencies that maintain a system of records publish a notice in the Federal Register of the existence and character of the system. In accordance with the Privacy Act, DOT is giving notice of a system of records to enhance its ability to manage information sharing and employee access to various information systems of its Federal Highway Administration (FHWA).

DATES:

Effective Date: This notice will be effective, without further notice, on June 12, 2006, unless modified by a subsequent notice to incorporate comments received from the public. Comments must be received by June 2, 2006 to be assured consideration.

ADDRESSES:

Send comments to James Kabel, Privacy Officer, Department of Transportation, Federal Highway Administration, 400 7th Street, SW., Room 4428, Washington, DC 20590 or James.Kabel@fhwa.dot.gov.

FOR FURTHER INFORMATION CONTACT:

Cheryl Ledbetter, Department of Transportation, Federal Highway Administration, HAIM-42, 400 7th Street, SW., Washington, DC 20590, (202) 366-9030 (voice), (202) 366-9030 (fax), or Cheryl.Ledbetter@fhwa.dot.gov.

SUPPLEMENTARY INFORMATION:

DOT intends to establish a system of records that will enable the FHWA to adequately monitor and identify possible unauthorized access incidents or security breaches of FHWA's electronic systems.

DOT/FHWA 219

System name:

User Profile and Access Control System (UPACS).

Security classification:

Sensitive, Unclassified.

System location:

This system is located in the Federal Highway Administration (FHWA), Office of Information and Management Services, 400 7th Street SW., Room 4331, Washington, DC 20590.

Categories of individuals covered by the system of records:

Employees and contractors of DOT's FHWA and Federal Motor Carrier Safety Administration, State DOT employees and contractors who require access to UPACS for their job duties, as well as other external users with specific needs. Start Printed Page 26168

Categories of records in the system:

This system of records may include user's general profile information that identifies the user, i.e., name, work address, work email address, and the full Social Security Number for FHWA employees, user's application rights records, State, organization and routing symbol records, application information, log and session records and user-base review records.

Authority for maintenance of the system:

Federal Managers Financial Integrity Act of 1982 as codified in 31 U.S.C. 3512.

Purposes:

The User Profile and Access Control System (UPACS) is the security control system that manages user authentication and associated access rights for individuals needing entry into any of FHWA's applications.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

(1) Respond to user complaints; (2) reply to user feedback comments; (3) manage access to restricted applications; (4) manage access rights to information within an application; (5) provide information to any person(s) authorized to assist in an approved investigation of improper access or usage of FHWA computer systems; (6) provide access to other government agencies when required by law; and (7) fulfill requests for reports and other similar information. These reports would be generated for auditing purposes and consist of the following information (any combination thereof): user account approvals and removals, account transfers, failed login attempts, locked passwords and PINs, all resets of passwords and PINs, after-hour activity, a user's successful or unsuccessful access and what FHWA application the user has accessed. See also the Prefatory Statement of General Routine Uses.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

All UPACS data is stored on a secure FHWA server. Database tables are setup to detect unauthorized access. FHWA employees and contractors who have access to UPACS information must protect sensitive FHWA data residing on any media, such as tapes, disks, and printouts. UPACS information is provided to only those who have a need to know and access to the information is controlled by the user's level of access rights.

Retrievability:

These records of access may be retrieved by a user's name or Social Security Number.

Safeguards:

Access to the system of records is restricted to authorized users.

Each user is granted access with his or her user name and security password. The user privileges of each user are based on his or her assigned access rights. User access to sensitive data is granted only to limited individuals with the approval of FHWA management.

Retention and disposal:

The records in this system of records are retained and disposed of in accordance with the approved records disposition schedules in FHWA Order M 1324.1A, Files Management and Records Disposition Manual.

System manager and address:

Director, Office of Information and Management Services, Federal Highway Administration, 400 7th Street, SW., Room 4423, Washington, DC 20590.

Notification procedure:

Write to the System Manager.

Record access procedures:

Write to the System Manager. Provide full name and a description of the information that you seek, including the time frame during which the records may have been generated. Individuals requesting access must comply with the Department of Transportation's Privacy Act regulations on verification of identity (49 CFR 10.37).

Contesting record procedures:

Write to the System Manager. Identify the information being contested, the reason for contesting it, and the correction being requested. Individuals requesting access must comply with the Department of Transportation's Privacy Act regulations on verification of identity (49 CFR 10.37).

Record source categories:

Information contained in this system is obtained from users when they register for or change UPACS profile information and when they access different applications through UPACS.

Exemptions claimed for the system:

None.

OMB Control Number:

None.