AGENCY:

National Aeronautics and Space Administration (NASA).

ACTION:

Notice of a modified system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, the National Aeronautics and Space Administration is issuing public notice of its proposal to modify an existing system of records Security Records System/NASA 10SECR. Modifications are described below under the caption SUPPLEMENTARY INFORMATION .

DATES:

Submit comments within 30 calendar days from the date of this publication. The changes will take effect at the end of that period, if no adverse comments are received.

ADDRESSES:

Bill Edwards-Bodmer, Privacy Act Officer, Office of the Chief Information Officer, National Aeronautics and Space Administration Headquarters, Washington, DC 20546–0001, (757) 864–7998, NASA-PAOfficer@nasa.gov.

FOR FURTHER INFORMATION CONTACT:

NASA Privacy Act Officer, Bill Edwards-Bodmer, (757) 864–7998, NASA-PAOfficer@nasa.gov.

SUPPLEMENTARY INFORMATION:

The AUTHORITY FOR MAINTENANCE OF THE SYSTEM section has been updated to remove reference to Executive Order 10450 and add reference to Executive Orders 13764 and 13467. This also notice incorporates minor textual edits to NASA Standard Routine Uses and minor formatting revisions to align with OMB guidance.

SYSTEM NAME AND NUMBER:

Security Records System, NASA 10SECR.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The centralized data system is located at George C. Marshall Space Flight Center (NASA), Marshall Space Flight Center, AL 35812–0001.

Records are also located at:

• Mary W. Jackson NASA Headquarters (NASA), Washington, DC 20546–0001;
• Ames Research Center (NASA), Moffett Field, CA 94035–1000;
• Armstrong Flight Research Center (NASA), PO Box 273, Edwards, CA 93523–0273;
• John H. Glenn Research Center at Lewis Field (NASA), 21000 Brookpark Road, Cleveland, OH 44135–3191;
• Goddard Space Flight Center (NASA), Greenbelt, MD 20771–0001;
• Lyndon B. Johnson Space Center (NASA), Houston, TX 77058–3696;
• John F. Kennedy Space Center (NASA), Kennedy Space Center, FL 32899–0001;
• Langley Research Center (NASA), Hampton, VA 23681–2199;
• George C. Marshall Space Flight Center (NASA), Marshall Space Flight Center, AL 35812–0001;
• John C. Stennis Space Center (NASA), Stennis Space Center, MS 39529–6000;
• Michoud Assembly Facility (NASA), PO Box 29300, New Orleans, LA 70189; and
• White Sands Test Facility (NASA), PO Drawer MM, Las Cruces, NM 88004–0020.

SYSTEM MANAGER(S):

System Manager: Deputy Assistant Administrator of the Office of Protective Services, NASA Headquarters (see System Location above for address).

Subsystem Managers: Chief of Security/Protective Services at each subsystem location at:

• NASA Headquarters (see System Location above for address);
• NASA Ames Research Center (see System Location above for address);
• NASA Armstrong Flight Research Center (see System Location above for address);
• NASA Glenn Research Center (see System Location above for address);
• NASA Goddard Space Flight Center (see System Location above for address);
• NASA Johnson Space Center (see System Location above for address);
• NASA Kennedy Space Center (see System Location above for address);
• NASA Langley Research Center (see System Location above for address);
• NASA Marshall Space Flight Center (see System Location above for address);
• NASA Stennis Space Center (see System Location above for address); and

• Michoud Assembly Facility (see System Location above for address); Start Printed Page 53529

• White Sands Test Facility (see System Location above for address).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

• 18 U.S.C. 202–208—Bribery, graft, and conflicts of interest;
• 18 U.S.C. 371—Conspiracy to commit offense or to defraud United States;
• 18 U.S.C. 793–799—Espionage and Information Control Statutes;
• 18 U.S.C. 2151–2157—Sabotage statutes;
• 18 U.S.C. 3056—Powers, authorities, and duties of United States Secret Service;
• 40 U.S.C. 1441—Responsibilities regarding efficiency, security, and privacy of Federal computer systems;

• 42 U.S.C. 2011 et seq. —Development and control of atomic energy; congressional declaration of policy;

• 44 U.S.C. 3101—Records management by agency heads; general duties;
• 50 U.S.C.—McCarran Internal Security Act;
• 51 U.S.C. 20101—National and commercial space programs; short title;
• Exec. Order No. 9397, as amended—Numbering system for Federal accounts relating to individual persons;
• Executive Order 13764—Amending the Civil Service Rules, Executive Order 13488, and Executive Order 13467 To Modernize the Executive Branch-Wide Governance Structure and Processes for Security Clearances, Suitability and Fitness for Employment, and Credentialing, and Related Matters;
• Exec. Order No. 10865—Safeguarding classified information within industry;
• Exec. Order No. 12968, as amended—Access to classified information;
• Exec. Order No. 13526, as amended—Classified national security information;
• Executive Order 13587, Structural Reform to Improve the Security of Classified Networks and Responsible Sharing and Safeguarding of Classified Information;
• Pub. L. 81–733—Summary suspension of employment of civilian officers and employees;
• Pub. L. 107–347—Federal Information Security Management Act 2002;
• HSPD 12—Policy for a common identification standard for Federal employees and contractors;
• 14 CFR 1203(b)—National Aeronautics and Space Administration; information security program;
• 14 CFR 1213—Release of information to news and information media;
• 15 CFR pt. 744—Export administration regulations; control policy: end-user and end-use based;
• 22 CFR pt. 62—Department of State; exchange visitor program;
• 22 CFR 120–130—Foreign Relations Export Control;
• 41 CFR pt. 101—Federal property management regulations.

PURPOSE(S) OF THE SYSTEM:

The maintenance of these records supports NASA protective services and security operations as well as the establishment of identities, processing of access requests, and issuance of credentials in NASA's authoritative identity source.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system maintains information on NASA (1) civil servant employees and applicants; (2) committee members; (3) consultants; (4) experts; (5) Resident Research Associates; (6) guest workers; (7) contractor employees; (8) detailees; (9) visitors; (10) correspondents (written and telephonic); (11) Faculty Fellows; (12) Intergovernmental Personnel Mobility Act (IPA) Employees, interns, Grantees, and Cooperative Employees; and (13) Remote Users of NASA Non-Public Information Technology Resources. This system also maintains information on all non-U.S. citizens, to include Lawful Permanent Residents seeking access to NASA facilities, resources, laboratories, contractor sites, Federally Funded Research and Development Centers or NASA sponsored events for unclassified purposes to include employees of NASA or NASA contractors; prospective NASA or NASA contractor employees; employees of other U.S. Government agencies or their contractors; foreign students at U.S. institutions; officials or other persons employed by foreign governments or other foreign institutions who may or may not be involved in cooperation with NASA under international agreements; foreign media representatives; and representatives or agents of foreign national governments seeking access to NASA facilities, to include high-level protocol visits; or international relations. While not considered `individuals' under The Privacy Act, this system maintains records on international individuals when applicable.

CATEGORIES OF RECORDS IN THE SYSTEM:

Personnel Security Records, Personal Identity Records including NASA visitor files, Emergency Data Records, Criminal Matters, Traffic Management Records, and Access Management Records. Specific records fields include, but are not limited to: Name, former names, date of birth, place of birth, social security number, home address, phone numbers, email address, citizenship, duty Center, traffic infraction, security violation, security incident, security violation discipline status, action taken, access permissions, area accessed, and date accessed.

RECORD SOURCE CATEGORIES:

Information is obtained from a variety of sources including from the employee, contractor, or applicant directly or via use of the Standard Form (SF) SF–85, SF–85P, or SF–86 and personal interviews; employers' and former employers' records; FBI criminal history records and other databases; financial institutions and credit reports; medical records and health care providers; educational institutions; interviews of witnesses such as neighbors, friends, coworkers, business associates, teachers, landlords, or family members; tax records; and other public records. Security violation information is obtained from a variety of sources, such as guard reports, security inspections, witnesses, supervisor's reports, audit reports.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

Any disclosures of information will be compatible with the purpose for which the Agency collected the information. Under the following routine uses that are unique to this system of records, information in this system may be disclosed:

1. to the Department of Justice (DOJ) when: (a) The agency or any component thereof; (b) any employee of the agency in his or her official capacity; (c) any employee of the agency in his or her individual capacity where agency or the DOJ has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records by DOJ is therefore deemed by the agency to be for a purpose compatible with the purpose for which the agency collected the records.

2. to a court or adjudicative body in a proceeding when: (a) The agency or any component thereof; (b) any employee of the agency in his or her official capacity; (c) any employee of the agency in his or her individual capacity Start Printed Page 53530 where agency or the Department of Justice has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records is therefore deemed by the agency to be for a purpose that is compatible with the purpose for which the agency collected the records.

3. to an Agency in order to provide a basis for determining preliminary visa eligibility.

4. to a staff member of the Executive Office of the President in response to an inquiry from the White House.

5. to the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906.

6. to agency contractors, grantees, or volunteers who have been engaged to assist the agency in the performance of a contract service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.

7. to other Federal agencies and relevant contractor facilities to determine eligibility of individuals to access classified National Security information.

8. to any official investigative or judicial source from which information is requested in the course of an investigation, to the extent necessary to identify the individual, inform the source of the nature and purpose of the investigation, and to identify the type of information requested.

9. to the news media or the general public, factual information the disclosure of which would be in the public interest and which would not constitute an unwarranted invasion of personal privacy, consistent with Freedom of Information Act standards.

10. to a Federal, State, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable an intelligence agency to carry out its responsibilities under the National Security Act of 1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders or directives.

11. in order to notify an employee's next-of-kin or contractor in the event of a mishap involving that employee or contractor.

12. to notify another Federal agency when, or verify whether, a PIV card is valid.

13. to provide relevant information to an internal or external organization or element thereof conducting audit activities of a NASA contractor or subcontractor.

14. to a NASA contractor, subcontractor, grantee, or other Government organization information developed in an investigation or administrative inquiry concerning a violation of a Federal or state statute or regulation on the part of an officer or employee of the contractor, subcontractor, grantee, or other Government organization.

15. to foreign governments or international organizations if required by treaties, international conventions, or executive agreements.

16. to members of a NASA Advisory Committee or Committees and interagency boards charged with responsibilities pertaining to international visits and assignments and/or national security when authorized by the individual or to the extent the committee(s) is so authorized and such disclosure is required by law.

17. to the following individuals for the purpose of providing information on traffic accidents, personal injuries, or the loss or damage of property: (a) Individuals involved in such incidents; (b) persons injured in such incidents; (c) owners of property damaged, lost or stolen in such incidents; and/or (d) these individuals' duly verified insurance companies, personal representatives, employers, and/or attorneys. The release of information under these circumstances should only occur when it will not: (a) interfere with ongoing law enforcement proceedings, (b) risk the health or safety of an individual, or (c) reveal the identity of an informant or witness that has received an explicit assurance of confidentiality. Social security numbers should not be released under these circumstances unless the social security number belongs to the individual requester. The intent of this use is to facilitate information flow to parties who need the information to adjudicate a claim.

18. to the Transportation Security Administration, with consent of the individual on whom the records are maintained, to establish eligibility for the TSA Pre✓ program.

In addition, information may be disclosed under the following NASA Standard Routine Uses:

1. Law Enforcement —When a record on its face, or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order, disclosure may be made to the appropriate agency, whether Federal, foreign, State, local, or tribal, or other public authority responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order, if NASA determines by careful review that the records or information are both relevant and necessary to any enforcement, regulatory, investigative or prosecutive responsibility of the receiving entity.

2. Certain Disclosures to Other Agencies —A record from this SOR may be disclosed to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary, to obtain information relevant to an NASA decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

3. Certain Disclosures to Other Federal Agencies —A record from this SOR may be disclosed to a Federal agency, in response to its request, for a matter concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

4. Department of Justice —A record from this SOR may be disclosed to the Department of Justice when (a) NASA, or any component thereof; or (b) any employee of NASA in his or her official capacity; or (c) any employee of NASA in his or her individual capacity where the Department of Justice has agreed to represent the employee; or (d) the United States, where NASA determines that litigation is likely to affect NASA or any of its components, is a party to litigation or has an interest in such litigation, and by careful review, the use of such records by the Department of Justice is deemed by NASA to be relevant and necessary to the litigation. Start Printed Page 53531

5. Courts —A record from this SOR may be disclosed in an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when NASA determines that the records are relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant and necessary to the proceeding.

6. Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information —A record from this SOR may be disclosed to appropriate agencies, entities, and persons when (1) NASA suspects or has confirmed that there has been a breach of the system of records; (2) NASA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NASA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NASA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

7. Contractors —A record from this SOR may be disclosed to contractors, grantees, experts, consultants, students, volunteers, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish a NASA function related to this SOR. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to NASA employees.

8. Members of Congress —A record from this SOR may be disclosed to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent about whom the record is maintained.

9. Disclosures to Other Federal Agencies in Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information —A record from this SOR may be disclosed to another Federal agency or Federal entity, when NASA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

10. National Archives and Records Administration —A record from this SOR may be disclosed as a routine use to the officers and employees of the National Archives and Records Administration (NARA) pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

11. Audit —A record from this SOR may be disclosed to another agency, or organization for purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system are maintained electronically and in hard-copy documents.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved from the system by individual's name, file number, badge number, decal number, payroll number, Agency-specific unique personal identification code, and/or Social Security Number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Personnel Security Records are maintained in Agency files and destroyed in accordance with NASA Records Retention Schedules (NRRS), Schedule 1 Item 103. Foreign national files are maintained and destroyed in accordance with NRRS, Schedule 1 Item 35.

Personal Identity Records are maintained in Agency files and destroyed in accordance with NRRS, Schedule 1 Item 103. Visitor files are maintained and destroyed in accordance with NRRS, Schedule 1 Item 114.

Emergency Data Records are maintained and destroyed in accordance with NRRS 1, Item 100B.

Criminal Matter Records are maintained and destroyed in accordance with NRRS 1, Schedule 97.5, Items A and B.

Traffic Management Records are maintained and destroyed in accordance with NRRS 1, Schedule 97.5, Item C.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records are maintained on secure NASA servers and protected in accordance with all Federal standards and those established in NASA regulations at 14 CFR 1212.605. Additionally, server and data management environments employ infrastructure encryption technologies both in data transmission and at rest on servers. Approved security plans are in place for information systems containing the records in accordance with the Federal Information Security Management Act of 2002 (FISMA) and OMB Circular A–130, Management of Federal Information Resources (OA–9999–M–MSF–2712, OA–9999–M–MSF–2707, IE–999–M–MSF–1654). Only authorized personnel requiring information in the official discharge of their duties are authorized access to records through approved access or authentication methods. Access to electronic records is achieved only by utilizing NASA agency managed authentication mechanisms. Non-electronic records are secured in access-controlled rooms with electronic security countermeasures and agency managed, PIV enabled, physical authentication mechanisms.

RECORD ACCESS PROCEDURES:

In accordance with 14 CFR part 1212, Privacy Act—NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at the location where the records are created and/or maintained. Requests must contain the identifying data concerning the requester, e.g., first, middle and last name; date of birth; description and time periods of the records desired. NASA Regulations also address contesting contents and appealing initial determinations regarding records access.

Personnel Security Records compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information have been exempted by the Administrator under 5 U.S.C. 552a(k)(5) from the access provisions of the Act.

Personal Identity Records: Requests from individuals should be addressed to the cognizant system or subsystem manager listed above.

Emergency Data Records: Requests from individuals should be addressed to the cognizant system or subsystem manager listed above.

Criminal Matter Records compiled for civil or criminal law enforcement purposes have been exempted by the Administrator under 5 U.S.C. 552a(k)(2) from the access provision of the Act.

Traffic Management Records: Requests from individuals should be addressed to the cognizant system or subsystem manager listed above. Start Printed Page 53532

CONTESTING RECORD PROCEDURES:

In accordance with 14 CFR part 1212, Privacy Act—NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at the location where the records are created and/or maintained. Requests must contain the identifying data concerning the requester, e.g., first, middle and last name; date of birth; description and time periods of the records desired. NASA Regulations also address contesting contents and appealing initial determinations regarding records access.

NOTIFICATION PROCEDURES:

In accordance with 14 CFR part 1212, Privacy Act—NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at the location where the records are created and/or maintained. Requests must contain the identifying data concerning the requester, e.g., first, middle and last name; date of birth; description and time periods of the records desired. NASA Regulations also address contesting contents and appealing initial determinations regarding records access.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Personnel Security Records compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information, but only to the extent that the disclosure of such material would reveal the identity of a confidential source, are exempt from the following sections of the Privacy Act of 1974, 5 U.S.C. 552a(c)(3) relating to access to the disclosure accounting; (d) relating to access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4)(G), (H) and (I) relating to publishing in the annual system notice information as to agency procedures for access and correction and information as to the categories of sources of records; and (f) relating to developing agency rules for gaining access and making corrections. The determination to exempt the Personnel Security Records portion of the Security Records System has been made by the Administrator of NASA in accordance with 5 U.S.C. 552a(k)(5) and Subpart 5 of the NASA regulations appearing in 14 CFR part 1212.

Criminal Matter Records to the extent they constitute investigatory material compiled for law enforcement purposes are exempt from the following sections of the Privacy Act of 1974, 5 U.S.C. 552a(c)(3) relating to access to the disclosure accounting; (d) relating to access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4)(G), (H) and (I) relating to publishing in the annual system notice information as to agency procedures for access and correction and information as to the categories of sources of records; and (f) relating to developing agency rules for gaining access and making corrections. The determination to exempt the Criminal Matter Records portion of the Security Records System has been made by the Administrator of NASA in accordance with 5 U.S.C. 552a(k)(2) and subpart 5 of the NASA regulations appearing in 14 CFR part 1212.

Records subject to the provisions of 5 U.S.C. 552(b)(1) required by Executive Order to be kept secret in the interest of national defense or foreign policy are exempt from the following sections of the Privacy Act of 1974, 5 U.S.C. 552a:(c)(3) relating to access to the disclosure accounting; (d) relating to the access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4)(G), (H) and (I) relating to publishing in the annual system notice information as to agency procedures for access and correction and information as to the categories of sources of records; and (f) relating to developing agency rules for gaining access and making corrections.

The determination to exempt this portion of the Security Records System has been made by the Administrator of NASA in accordance with 5 U.S.C. 552a(k)(1) and subpart 5 of the NASA regulations appearing in 14 CFR part 1212.

HISTORY:

88 FR 30166

86 FR 71093

80 FR 79937

80 FR 72745

76 FR 78050

74 FR 50247

72 FR 55817

71 FR 45859

64 FR 69556

63 FR 4298