AGENCY:

Office of the Chief Information Officer, Department of Education.

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended (Privacy Act), the Department of Education (Department) publishes this notice of a new system of records entitled “Department of Education Cybersecurity Excellence Award” (18-04-05). Pursuant to Executive Order 13870 of May 2, 2019, as published in the Federal Register on May 9, 2019 (Executive Order 13870), the Department has developed and implemented, consistent with applicable law, an annual Department of Education Cybersecurity Excellence Award to recognize Department employees and contractors for outstanding performance and achievements in the areas of cybersecurity and cyber-operations. The Department will solicit applications and nominations for one individual or team of individuals to be annually awarded the Department of Education Cybersecurity Excellence Award.

DATES:

Submit your comments on this new system of records notice on or before September 3, 2020.

This new system of records will become applicable upon publication in the Federal Register on August 4, 2020, unless the new system of records notice needs to be changed as a result of public comment. All proposed routine uses in the paragraph entitled “ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES” will become applicable on September 3, 2020, unless the new system of records notice needs to be changed as a result of public comment. The Department will publish any significant changes to the system of records or routine uses that result from public comment.

ADDRESSES:

Submit your comments through the Federal eRulemaking Portal or via postal mail, commercial delivery, or hand delivery. We will not accept comments submitted by fax or by email or those submitted after the comment period. To ensure that we do not receive duplicate copies, please submit your comments only once. In addition, please include the Docket ID at the top of your comments.

• Federal eRulemaking Portal: Go to www.regulations.gov to submit your comments electronically. Information on using Regulations.gov, including instructions for accessing agency documents, submitting comments, and viewing the docket, is available on the site under the “Help” tab.
• Postal Mail, Commercial Delivery, or Hand Delivery: If you mail or deliver your comments about this new system of records, address them to: Peter Hoang, Information Assurance Services, Office of the Chief Information Officer, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202.

Privacy Note: The Department's policy is to make all comments received from members of the public available for public viewing in their entirety on the Federal eRulemaking Portal at www.regulations.gov. Therefore, commenters should be careful to include in their comments only information that they wish to make publicly available.

Assistance to Individuals with Disabilities in Reviewing the Rulemaking Record: On request, we will provide an appropriate accommodation or auxiliary aid to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT:

Peter Hoang, Information Assurance Services, Office of the Chief Information Officer, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202. Email: Peter.Hoang@ed.gov. Phone: (202)245-6923.

If you use a telecommunications device for the deaf (TDD) or a text telephone (TTY), you may call the Federal Relay Service at 1-800-877-8339.

SUPPLEMENTARY INFORMATION:

The information maintained in this system will be used to (1) review and evaluate applications and nominations of individual candidates and teams including, but not limited to, assessing individual candidate and team eligibility in order to select one individual candidate or team of indivuals to whom the Department will present, on an annual basis, the Department of Education Cybersecurity Excellence Award, and two individual candidates or teams of individuals to whom the Department will present, on an annual basis, honorable mentions; (2) develop and implement the Department of Education Cybersecurity Excellence Award program's annual recognition component; and, (3) carry out the responsibilities set forth in section 2(d) of Executive Order 13870.

Accessible Format: Individuals with disabilities can obtain this document in an accessible format (e.g., braille, large print, audiotape, or compact disc) on request to the person listed under FOR FURTHER INFORMATION CONTACT.

Electronic Access to This Document: The official version of this document is the document published in the Federal Register. You may access the official edition of the Federal Register and the Code of Federal Regulations at www.govinfo.gov. At this site you can view this document, as well as all other documents of this Department published in the Federal Register, in text or Portable Document Format (PDF). To use PDF, you must have Adobe Acrobat Reader, which is available free at the site.

You may also access documents of the Department published in the Federal Register by using the article search feature at www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department.

For the reasons discussed in the preamble, the Chief Information Office, U.S. Department of Education (Department), publishes a notice of a new system of records to read as follows:

SYSTEM NAME AND NUMBER:

Department of Education Cybersecurity Excellence Award (18-04-05).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Information Assurance Services, Office of the Chief Information Officer, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202.

SYSTEM MANAGER(S):

Chief Information Security Officer, Information Assurance Services, Office of the Chief Information Office, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Executive Order 13870 of May 2, 2019, entitled, “America's Cybersecurity Workforce,” as published in the Federal Register at 84 FR 20523 (May 9, 2019) (Executive Order 13870).Start Printed Page 47196

PURPOSE(S) OF THE SYSTEM:

The records maintained in this system will be used to (1) review and evaluate applications and nominations of individual candidates and teams including, but not limited to, assessing individual candidate and team eligibility in order to select one individual candidate or team of individuals to whom the Department will present, on an annual basis, the Department of Education Cybersecurity Excellence Award, and two individual candidates or teams of individuals to whom the Department will present, on an annual basis, honorable mentions; (2) develop and implement the Department of Education Cybersecurity Excellence Award program's annual recognition component; and, (3) carry out the responsibilities set forth in section 2(d) of Executive Order 13870.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains records on employees and contractors of the Department who apply for or are nominated for the Department of Education Cybersecurity Excellence Award.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system consists of records about each applicant or nominee, including those who are part of a team that applies or is nominated, for the Department of Education Cybersecurity Excellence Award including, but not limited to, their: (1) Name; (2) organization and/or branch name; (3) job title; (4) narrative statement of accomplishments in cybersecurity innovations, team (stakeholder) collaboration, tool implementation, process development, cybersecurity training, and cybersecurity market research and product solutions; and, (5) work address, work email address, and work contact number.

RECORD SOURCE CATEGORIES:

Information in this system is obtained from Department employees and contractors who apply or are nominated, individually or as part of a group (team), by their Department peers or Department leadership for the Department of Education Cybersecurity Excellence Award. Information also may be obtained from other persons or entities from which data is obtained under the routine uses set forth below.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The Department may disclose information contained in a record in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with the purpose(s) for which the record was collected. The Department may make these disclosures on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act), under a computer matching agreement.

(1) Programmatic Purposes. The Department may disclose information from this system of records as part of the Department's review and evaluation of candidate applications and nominations, and in order to promote the selection and recognition of recipients of the Department of Education Cybersecurity Excellence Award and honorable mentions, along with the visibility of the award program itself, to the following entities for the purposes specified:

(a) Disclosures to the General Public Announcing each Awardee and Honorable Mention Recipient. The Department may disclose to the general public, via the Department's website, the name and accomplishments of each awardee and honorable mention recipient.

(b) Disclosures to Individuals and Entities Assisting the Department in Arranging Awardee and Honorable Mention Recipient Accommodations, Transportation, and Other Services. The Department may provide information from this system of records to individuals and entities, such as vendors, in preparation for and in connection with the awards ceremony held, annually, by the Department in Washington, DC, and related educational and celebratory activities.

(c) Disclosures to the White House and Federal Agencies for Briefings, Speechwriting, or to Obtain Security Clearances. The Department may disclose awardee and honorable mention recipient information from this system of records to the White House and Federal agencies for any speechwriting and briefings for officials addressing the awardees, honorable mention recipients, or guests at recognition events, or to permit awardees and honorable mention recipients to obtain security clearances to attend such events or to gain entry into buildings with limited access, as appropriate.

(2) Enforcement Disclosure. In the event that information in this system of records indicates, either on its face or in connection with other information, a violation or potential violation of any applicable statute, regulation, or order of a competent authority, the Department may disclose the relevant records to the appropriate agency, whether foreign, Federal, State, Tribal, or local, charged with the responsibility of investigating or prosecuting that violation or charged with enforcing or implementing the statute, Executive Order, rule, regulation, or order issued pursuant thereto.

(3) Litigation and Alternative Dispute Resolution (ADR) Disclosure.

(a) Introduction. In the event that one of the parties listed in sub-paragraphs (i) through (v) is involved in judicial or administrative litigation or ADR, or has an interest in judicial or administrative litigation or ADR, the Department may disclose certain records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs:

(i) The Department, or any component of the Department;

(ii) Any Department employee in his or her official capacity;

(iii) Any Department employee in his or her individual capacity if the Department of Justice (DOJ) has agreed or has been requested to provide or arrange for representation for the employee;

(iv) Any Department employee in his or her individual capacity if the agency has agreed to represent the employee; or

(v) The United States if the Department determines that the litigation is likely to affect the Department or any of its components.

(b) Disclosure to the DOJ. If the Department determines that disclosure of certain records to the DOJ is relevant and necessary to litigation or ADR, the Department may disclose those records as a routine use to the DOJ.

(c) Adjudicative Disclosures. If the Department determines that it is relevant and necessary to the litigation or ADR to disclose certain records to an adjudicative body, whether judicial or administrative, before which the Department is authorized to appear or to a person or an entity designated by the Department or otherwise empowered to resolve or mediate disputes, the Department may disclose those records as a routine use to the adjudicative body, person, or entity.

(d) Disclosure to Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records to a party, counsel, representative, or witness is relevant and necessary to the litigation or ADR, the Department may disclose those records as a routine use to the party, counsel, representative, or witness.

(4) Freedom of Information Act (FOIA) and Privacy Act Advice Disclosure. The Department may Start Printed Page 47197disclose records from this system of records to the DOJ or the Office of Management and Budget (OMB) if the Department concludes that disclosure is desirable or necessary in determining whether particular records are required to be disclosed under the FOIA or the Privacy Act.

(5) Disclosure to the DOJ. The Department may disclose records from this system of records to the DOJ to the extent necessary for obtaining DOJ advice on any matter relevant to an audit, inspection, or other inquiry related to the Department of Education Cybersecurity Excellence Award.

(6) Contract Disclosure. If the Department contracts with an entity for the purposes of performing any function that requires disclosure of records in this system to employees of the contractor, the Department may disclose the records to those employees. As part of such a contract, the Department shall require the contractor to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records.

(7) Research Disclosure. The Department may disclose records to a researcher if an appropriate official of the Department determines that the individual or organization to which the disclosure would be made is qualified to carry out specific research related to functions or purposes of this system of records. The official may disclose records from this system of records to that researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The researcher shall be required to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records.

(8) Congressional Member Disclosure. The Department may disclose information from the record of an individual to a member of Congress and to his or her staff in response to an inquiry from the member (or from the member's staff) made at the written request of that individual. The member's right to access the information is no greater than the right of the individual who made the written request to such member.

(9) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system of records to appropriate agencies, entities, and persons when: (a) The Department suspects or has confirmed that there has been a breach of the system of records; (b) the Department has determined that as a result of the suspected or confirmed breach, there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(10) Disclosure in Assisting Another Agency in Responding to a Breach of Data. The Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The records are maintained on an access-controlled electronic system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The records are retrieved by the applicant's or nominee's name and year of application or nomination, as applicable.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The Department shall submit a retention and disposition schedule that covers the records contained in this system to the National Archives and Records Administration (NARA) for review. The records will not be destroyed until such time as NARA approves said schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

All physical access to the Department site where this system of records is maintained and the sites of the Department's staff and contractors with access to the system is controlled and monitored by security personnel who check each individual entering the building for his or her employee or visitor badge.

The computer systems employed by the Department and its contractors offer a high degree of security against tampering and circumvention. These security systems limit data access to Department and contract personnel on a “need to know” basis and control individual users' ability to access and alter records within the system.

RECORD ACCESS PROCEDURES:

If you wish to gain access to a record regarding you in the system of records, contact the system manager at the address listed above. You must provide necessary particulars, such as your name and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:

If you wish to contest the content of a record regarding you in the system of records, contact the system manager. You must provide necessary particulars, such as your name and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of 34 CFR 5b.7.

NOTIFICATION PROCEDURES:

If you wish to determine whether a record exists regarding you in the system of records, contact the system manager at the address listed above. You must provide necessary particulars, such as your name and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of 34 CFR 5b.5, including proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.