Implementation of the Privacy Act of 1974, as Amended; New System of Records Notice, Digital Identity Access Management System, 58372-58374 [2014-23117]

Download as PDF 58372 Federal Register / Vol. 79, No. 188 / Monday, September 29, 2014 / Notices Dated: September 22, 2014. Clifford Taffet, General Deputy Assistant Secretary for Community Planning and Development. FOR FURTHER INFORMATION CONTACT: [FR Doc. 2014–23116 Filed 9–26–14; 8:45 am] BILLING CODE 4210–67–P DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR–5763–N–09] Implementation of the Privacy Act of 1974, as Amended; New System of Records Notice, Digital Identity Access Management System Office of the Chief Information Officer. ACTION: Notification. AGENCY: Pursuant to the Privacy Act of 1974 (U.S.C. 552a (e)(4)), as amended, and Office of Management and Budget (OMB), Circular No. A–130, notice is hereby given that the Department of Housing and Urban Development (HUD), Office of the Chief Information Officer (OCIO) proposes to establish a new system of records, the Digital Identity Access Management System (DIAMS). DIAMS will manage core digital identification, credential and access management (ICAM) data elements. The system will support the administration of the Homeland Security Presidential Directive 12 (HSPD–12) program that directs the use of a common identification credential for both logical and physical access to Federally controlled facilities and information systems. This system will enhance security, increase efficiency, protect personal privacy, and provide synchronization of core identity management data for Departmental systems. SUMMARY: Effective Date: This action shall be effective without further notice on October 29, 2014 unless comments are received that would result in a contrary determination. Comments Due Date: October 29, 2014. DATES: Interested persons are invited to submit comments regarding this notice to the Rules Docket Clerk, Office of the General Counsel, Department of Housing and Urban Development, 451 Seventh Street SW., Room 10276, Washington, DC 20410– 0500. Communication should refer to the above docket number and title. A copy of each communication submitted will be available for public inspection and copying between 8:00 a.m. and 5:00 p.m. weekdays at the above address. tkelley on DSK3SPTVN1PROD with NOTICES ADDRESSES: VerDate Sep<11>2014 16:44 Sep 26, 2014 Jkt 232001 Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street SW., Washington, DC 20410 (Attention: Capitol View Building, 4th Floor), telephone number: (202) 402–8073. [The above telephone number is not a toll free number.] A telecommunications device for hearing- and speech-impaired persons (TTY) is available by calling the Federal Information Relay Service’s tollfree telephone number (800) 877–8339. SUPPLEMENTARY INFORMATION: This system of records is maintained by HUD’s Office of the Chief Information Officer, and includes users of HUD’s information technology personally identifiable information that is retrieved by a name or unique identifier. The new system encompasses programs and services of the Department’s data collection and management practices. Publication of this notice allows HUD to satisfy its reporting requirement and keep an up-to-date accounting of its system of records publication. The new system proposal will incorporate Federal privacy requirements and HUD policy requirements. The Privacy Act provides certain safeguards for an individual against an invasion of personal privacy by requiring Federal agencies to protect records contained in an agency system of records from unauthorized disclosure, by ensuring that information is current and collected only for its intended use, and by providing adequate safeguards to prevent misuse of such information. Additionally, this notice demonstrates the Department’s focus on industry best practices in protecting the personal privacy of the individuals covered by each system notification. This notice states the name and location of the record system, the authority for and manner of its operations, the categories of individuals that it covers, the type of records that it contains, the sources of the information for those records, the routine uses made of the records, and the type of exemption in place for the records. In addition, this notice includes the business address of the HUD officials who will inform interested persons of the procedures whereby they may gain access to and/or request amendments to records pertaining to them. This publication does meet the threshold requirements for a new system and a report was submitted to the Office of Management and Budget (OMB), the Senate Committee on Homeland Security and Governmental Affairs, and the House Committee on Government Reform as instructed by Paragraph 4c of Appendix l to OMB PO 00000 Frm 00060 Fmt 4703 Sfmt 4703 Circular No. A–130, ‘‘Federal Agencies Responsibilities for Maintaining Records About Individuals,’’ July 25, 1994 (59 FR 37914). Authority: 5 U.S.C. 552a; 88 Stat. 1896; 42 U.S.C. 3535(d). Dated: September 19, 2014. Rafael C. Diaz, Chief Information Officer. [Docket No. FR–5763–N–09] SYSTEM OF RECORDS NO.: OCIO/QN.01 SYSTEM NAME: Digital Identity Access Management System (DIAMS)—P281 SYSTEM LOCATION: U.S. Department of Housing and Urban Development, 451 Seventh Street SW., Washington DC 20410; HewlettPackard Enterprise Services, Building 6000, 2020 Union Carbide Drive, South Charleston, WV 25303. Backup, recovery, and archived digital media is stored in secure facilities located with Iron Mountain, 1545 Hansford St., Charleston, WV 25311. The DIAMS is accessible from all systems connected to the HUD Intranet nationwide at HUD Field and Regional offices. 1 SECURITY CLASSIFICATION: Most identity records are not classified. However, in some cases, records of a few individuals, or portions of some records, may potentially be classified in the interest of national security. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The following are covered by the DIAMS: all users of HUD information technology systems including HUD employees and supporting contractors, students, interns, volunteers; affiliates of, and users from, State and local governments, non-profit organizations, academia, and third party business partners. The system does not apply to occasional visitors or short-term guests to whom HUD will issue temporary identification and credentials. CATEGORIES OF RECORDS IN THE SYSTEM: DIAMS will collect and store the First Name, Last Name, Address, City, State, Country, Date of Birth, Social Security Number, Agency Rank, Agency, U.S. Citizen Status, User Principal Name (UPN), AD Identifier, Distinguished Name, Common Name, Display Name, User Password, Email Address and Unique User ID (e.g., H or C ID numbers). 1 http://portal.hud.gov/hudportal/HUD?src=/ localoffices E:\FR\FM\29SEN1.SGM 29SEN1 Federal Register / Vol. 79, No. 188 / Monday, September 29, 2014 / Notices AUTHORITY FOR MAINTENANCE OF THE SYSTEM: The authority for maintenance of the system and authorizes the collection of information is the Federal Information Processing Standards, 201 Personal Identity Verification (PIV) of Federal Employees and Contractors (44 U.S.C. 3542(b)(2)). Other governing laws and regulations for managing and processing Federal credentials are as follows: 5 U.S.C. 301; Federal Information Security Act (P.L.104–106, sec. 5113); Electronic Government Act (P.L. 104–347, sec. 203); Paperwork Reduction Act of 1995 (44 U.S.C. 3501); Government Paperwork Elimination Act (P.L. 105– 277, 44 U.S.C. 3504); Homeland Security Presidential Directive 12 (HSPD–12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004; and Federal Property and Administrative Act of 1949, as amended OMB Circular No. A–130, Management of Federal Information Resources (11/ 28/2000) and Federal Agency Responsibilities for Maintaining Records about Individuals, dated June 25, 1993 (58 FR 36075, July 2, 1993); OMB Memo M–05–24, Federal Information Systems Management Act of 2002; and Executive Order— Improving Critical Infrastructure Cyber Security (February 12, 2013). tkelley on DSK3SPTVN1PROD with NOTICES PURPOSE(S): DIAMS will provide centralized, automated functionality to manage the many digital identities that interact with HUD’s information technology environment. DIAMS will provide a central repository and web-based portal that stores and allows central management of core digital identification, credential and access management (ICAM) data elements. DIAMS captures and stores information about persons and non-person entities that are granted access into HUD’s business applications. DIAMS also provides HUD with a platform to centrally and actively manage the identity life-cycle of persons and nonperson entities from account creation through account removal. DIAMS will integrate with HUD’s authoritative data sources including HUD’s human resource management system, physical access control system including USAccess operated by the General Services Administration, personnel clearance system, and multiple internal Directory Services to ensure synchronization of identities across HUD’s digital landscape. DIAMS will use batch files and IdM’s (Identity Management’s) connector to synchronize data from and to authorized data sources. The connection pipe will VerDate Sep<11>2014 16:44 Sep 26, 2014 Jkt 232001 be secured with Public Key Infrastructure exchange. A feed from HUD’s Human Resource (HR) system for employees and Sponsor initiation of Contractors in IdM will start the onboarding process for a HUD Identity. The on-boarding process will require notifications to the responsible manager or sponsor during all stages of the workflow. During employment, application access will be requested through the IdM application provisioning and de-provisioning functions by authorized HUD personnel. When personnel are off-boarded, HR and Sponsors will initiate off-boarding disabling accounts and removing privileges. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. Section 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside HUD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: 1. To HUD contractors, grantees, or volunteers who have been engaged to assist the agency in the performance of a contract service, grant, cooperative agreement with HUD, when necessary to accomplish an agency function or other activity related to this system of records, limited to only those data elements considered relevant to accomplishing an agency function. Individuals provided information under this routine use is subject to the same Privacy Act requirements and limitations on disclosure as are applicable to HUD officers and employees; 2. To appropriate agencies, entities, and persons to the extent such disclosures are compatible with the purpose for which the records in this system were collected, as set forth by Appendix I 2—HUD’s Library of Routine Uses published in the Federal Register on (77 FR 41996, July 17, 2012); 3. To USAccess operated by the General Services Administration, personnel clearance system, and multiple internal Directory Services to ensure synchronization of identities across HUD’s digital landscape. DIAMS will share UPN and Email with USAccess; 4. To appropriate agencies, entities, and persons when: a) HUD suspects or has confirmed that the security or confidentiality of information in a system of records has been 2 http://portal.hud.gov/hudportal/documents/ huddoc?id=append1.pdf PO 00000 Frm 00061 Fmt 4703 Sfmt 4703 58373 compromised; b) HUD has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of systems or programs (whether maintained by HUD or another agency or entity) that rely upon the compromised information; and c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HUD’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm for purposes of facilitating responses and remediation efforts in the event of a data breach; 5. To the National Archives and Records Administration (NARA) or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906; and 6. To other agencies to notify them when a PIV Card is no longer valid. The full system of records notice covering categories of DIAMS with complete description of other routine uses was published in the Federal Register: GSA GOVT–7, Federal Personal Identity Verification Identity Management System (PIV IDMS), 71 FR 56983 (September 28, 2006). STORAGE: All data are stored at a secured data center on the production DIAMS database servers. Backup, recovery and archived digital media is stored in secure facilities located with Iron Mountain. There are no hardcopy records produced that require additional storage. RETRIEVABILITY: Personnel information within the system is retrieved based on Name, Date of Birth and Social Security Numbers (SSNs), HUD Network ID, Home Address, U.S. Citizenship. There are no hardcopy records produced that require additional retrieval. SAFEGUARDS: The data in DIAMs records are backed up regularly in accordance with HUD policy 4.3.9 as documented in HUD Handbook 2400.25 Rev.3, August 2013. Strict access controls are governed for electronic records by the use of a user ID and password that require authentication before access is granted to DIAMS. Multi-factor authentication, once implementation is completed will require the use of PIV cards to access the system. Personnel who have access to the data are vetted by Personnel Security Division prior to being granted E:\FR\FM\29SEN1.SGM 29SEN1 58374 Federal Register / Vol. 79, No. 188 / Monday, September 29, 2014 / Notices access to systems where sensitive Personally Identifiable Information (PII) resides, are provided PII training, and have access to all policies regarding PII and its safeguarding requirements. All database systems are housed in a secure data center that is protected by security personnel. Accessing computer systems within the data center requires appropriate credentials to physically enter the facility and access the systems. All data is protected via encryption both at rest and in motion. There are no hardcopy records produced that require additional protections. RETENTION AND DISPOSAL: Records retention and disposal are per Policy in HUD Handbook 2225.6 Rev 1 HUD Records Disposition Schedules Handbook (2225.6) Under General Records Schedule 24, Information Technology Operations and Management Records, Section 6—User Identification, Profiles, Authorizations, and Password Files. Section 6 requires that files be destroyed/deleted 6 years after the user account is terminated or password is altered, or when no longer needed for investigative or security purposes, whichever is later. Backup and Recovery digital media will be destroyed or otherwise rendered irrecoverable per NIST SP 800–88 ‘‘Guidelines for Media Sanitization’’ (September 2006). This complies with all Federal regulations. There are no hardcopy records produced that require additional archival. SYSTEM MANAGER(S) AND ADDRESS: Joseph Milazzo, Deputy Chief Information Officer for IT Operations, Department of Housing and Urban Development, 451 Seventh Street SW., Room 4178, Washington, DC 20410. tkelley on DSK3SPTVN1PROD with NOTICES NOTIFICATION AND RECORD ACCESS PROCEDURES: For Information, assistance, or inquiries about the existence of records, contact the Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street SW. Washington, DC 20410 (Attention: Capitol View Building, 4th Floor), telephone number: (202) 402– 8073. Verification of your identity must include original signature and be notarized. Written request must include the full name, Social Security Number, date of birth, current address, and telephone number of the individual making the request. CONTESTING RECORD PROCEDURES The Department’s rules for contesting contents of records and appealing initial denials appear in 24 CFR Part 16. Additional assistance may be obtained by contacting: U.S. Department of VerDate Sep<11>2014 18:41 Sep 26, 2014 Jkt 232001 Housing and Urban Development, Chief Privacy Officer, 451 Seventh Street SW., Washington, DC 20410 or the HUD Departmental Privacy Appeals Officers, Office of General Counsel, Department of Housing and Urban Development, 451 Seventh Street SW., Washington DC 20410. RECORD SOURCE CATEGORIES The source of DIAMS records are Internal and External both. Internally sourced records come from HUD’s Human Resource Systems, HUD’s Physical Access Control System commonly referred to as Hirsch Velocity, HUD’s systems maintaining personnel security records, and HUD’s multiple Directory Services including Active Directory. Externally sourced records are from the General Service Administration’s USAccess system. SYSTEMS EXEMPTED FROM CERTAIN PROVIOSIONS OF THE ACT None. [FR Doc. 2014–23117 Filed 9–26–14; 8:45 a.m.] BILLING CODE 4210–67–P DEPARTMENT OF THE INTERIOR Office of the Secretary [XXXD5198NI DS61100000 DNINR0000.000000 DX61104] Exxon Valdez Oil Spill Public Advisory Committee Office of the Secretary, Interior. ACTION: Notice of renewal. AGENCY: The U.S. Department of the Interior announces the charter renewal of the Exxon Valdez Oil Spill Public Advisory Committee. SUPPLEMENTARY INFORMATION: The Court Order establishing the Exxon Valdez Oil Spill Trustee Council also requires a public advisory committee. The Public Advisory Committee was established to advise the Trustee Council, and began functioning in October 1992. The Public Advisory Committee consists of 10 members representing the following principal interests: aquaculturists/ mariculturists, commercial fishers, commercial tourism, recreation users, conservationists/environmentalists, Native landowners, sport hunters/ fishers, subsistence users, scientists/ technologists, and public-at-large. In order to ensure that a broad range of public viewpoints continues to be available to the Trustee Council, and in keeping with the settlement agreement, the continuation of the Public Advisory Committee is recommended. In order to ensure that a broad range of public viewpoints continues to be SUMMARY: PO 00000 Frm 00062 Fmt 4703 Sfmt 4703 available to the Exxon Valdez Oil Spill Trustee Council, and in keeping with the settlement agreement, the continuation of the Exxon Valdez Public Advisory Committee is recommended. In accordance with the provisions of the Federal Advisory Committee Act, as amended (5 U.S.C., App. 2), following the recommendation and approval of the Exxon Valdez Oil Spill Trustee Council, and in consultation with the General Services Administration, the Secretary of the Interior hereby renews the charter for the Exxon Valdez Oil Spill public Advisory Committee. FOR FURTHER INFORMATION CONTACT: Philip Johnson, Department of the Interior, Office of Environmental Policy and Compliance, 1689 C Street, Suite 119, Anchorage, Alaska, 99501–5126, 907–271–5011. Certification Statement: I hereby certify that the renewal of the Charter Of The Exxon Valdez Oil Spill Public Advisory Committee is necessary and in the public interest in connection with the performance of duties mandated by the settlement of United States v. State of Alaska, No. A91–081 CV, and is in accordance with the Comprehensive Environmental Response, Compensation and Liability Act of 1980, as amended and supplemented. Dated: September 23, 2014. Sally Jewell, Secretary of the Interior. [FR Doc. 2014–23125 Filed 9–26–14; 8:45 am] BILLING CODE 4310–RG–P DEPARTMENT OF THE INTERIOR Fish and Wildlife Service [FWS–HQ–WSFR–2014–N205; FVWF58520900000] Information Collection Request Sent to the Office of Management and Budget (OMB) for Approval; Coastal Impact Assistance Program Fish and Wildlife Service, Interior. ACTION: Notice; request for comments. AGENCY: We (U.S. Fish and Wildlife Service) have sent an Information Collection Request (ICR) to OMB for review and approval. We summarize the ICR below and describe the nature of the collection and the estimated burden and cost. This information collection is scheduled to expire on September 30, 2014. We may not conduct or sponsor and a person is not required to respond to a collection of information unless it displays a currently valid OMB control number. However, under OMB SUMMARY: E:\FR\FM\29SEN1.SGM 29SEN1

Agencies

[Federal Register Volume 79, Number 188 (Monday, September 29, 2014)]
[Notices]
[Pages 58372-58374]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-23117]


-----------------------------------------------------------------------

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

[Docket No. FR-5763-N-09]


Implementation of the Privacy Act of 1974, as Amended; New System 
of Records Notice, Digital Identity Access Management System

AGENCY: Office of the Chief Information Officer.

ACTION: Notification.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 (U.S.C. 552a (e)(4)), as 
amended, and Office of Management and Budget (OMB), Circular No. A-130, 
notice is hereby given that the Department of Housing and Urban 
Development (HUD), Office of the Chief Information Officer (OCIO) 
proposes to establish a new system of records, the Digital Identity 
Access Management System (DIAMS). DIAMS will manage core digital 
identification, credential and access management (ICAM) data elements. 
The system will support the administration of the Homeland Security 
Presidential Directive 12 (HSPD-12) program that directs the use of a 
common identification credential for both logical and physical access 
to Federally controlled facilities and information systems. This system 
will enhance security, increase efficiency, protect personal privacy, 
and provide synchronization of core identity management data for 
Departmental systems.

DATES: Effective Date: This action shall be effective without further 
notice on October 29, 2014 unless comments are received that would 
result in a contrary determination.
    Comments Due Date: October 29, 2014.

ADDRESSES: Interested persons are invited to submit comments regarding 
this notice to the Rules Docket Clerk, Office of the General Counsel, 
Department of Housing and Urban Development, 451 Seventh Street SW., 
Room 10276, Washington, DC 20410-0500. Communication should refer to 
the above docket number and title. A copy of each communication 
submitted will be available for public inspection and copying between 
8:00 a.m. and 5:00 p.m. weekdays at the above address.

FOR FURTHER INFORMATION CONTACT: Donna Robinson-Staton, Chief Privacy 
Officer, 451 Seventh Street SW., Washington, DC 20410 (Attention: 
Capitol View Building, 4th Floor), telephone number: (202) 402-8073. 
[The above telephone number is not a toll free number.] A 
telecommunications device for hearing- and speech-impaired persons 
(TTY) is available by calling the Federal Information Relay Service's 
toll-free telephone number (800) 877-8339.

SUPPLEMENTARY INFORMATION: This system of records is maintained by 
HUD's Office of the Chief Information Officer, and includes users of 
HUD's information technology personally identifiable information that 
is retrieved by a name or unique identifier. The new system encompasses 
programs and services of the Department's data collection and 
management practices. Publication of this notice allows HUD to satisfy 
its reporting requirement and keep an up-to-date accounting of its 
system of records publication. The new system proposal will incorporate 
Federal privacy requirements and HUD policy requirements. The Privacy 
Act provides certain safeguards for an individual against an invasion 
of personal privacy by requiring Federal agencies to protect records 
contained in an agency system of records from unauthorized disclosure, 
by ensuring that information is current and collected only for its 
intended use, and by providing adequate safeguards to prevent misuse of 
such information. Additionally, this notice demonstrates the 
Department's focus on industry best practices in protecting the 
personal privacy of the individuals covered by each system 
notification. This notice states the name and location of the record 
system, the authority for and manner of its operations, the categories 
of individuals that it covers, the type of records that it contains, 
the sources of the information for those records, the routine uses made 
of the records, and the type of exemption in place for the records. In 
addition, this notice includes the business address of the HUD 
officials who will inform interested persons of the procedures whereby 
they may gain access to and/or request amendments to records pertaining 
to them.
    This publication does meet the threshold requirements for a new 
system and a report was submitted to the Office of Management and 
Budget (OMB), the Senate Committee on Homeland Security and 
Governmental Affairs, and the House Committee on Government Reform as 
instructed by Paragraph 4c of Appendix l to OMB Circular No. A-130, 
``Federal Agencies Responsibilities for Maintaining Records About 
Individuals,'' July 25, 1994 (59 FR 37914).

    Authority:  5 U.S.C. 552a; 88 Stat. 1896; 42 U.S.C. 3535(d).

    Dated: September 19, 2014.
Rafael C. Diaz,
Chief Information Officer.
    [Docket No. FR-5763-N-09]
SYSTEM OF RECORDS NO.:

OCIO/QN.01

SYSTEM NAME:
    Digital Identity Access Management System (DIAMS)--P281

SYSTEM LOCATION:
    U.S. Department of Housing and Urban Development, 451 Seventh 
Street SW., Washington DC 20410; Hewlett-Packard Enterprise Services, 
Building 6000, 2020 Union Carbide Drive, South Charleston, WV 25303. 
Backup, recovery, and archived digital media is stored in secure 
facilities located with Iron Mountain, 1545 Hansford St., Charleston, 
WV 25311. The DIAMS is accessible from all systems connected to the HUD 
Intranet nationwide at HUD Field and Regional offices. \1\
---------------------------------------------------------------------------

    \1\ http://portal.hud.gov/hudportal/HUD?src=/localoffices
---------------------------------------------------------------------------

SECURITY CLASSIFICATION:
    Most identity records are not classified. However, in some cases, 
records of a few individuals, or portions of some records, may 
potentially be classified in the interest of national security.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The following are covered by the DIAMS: all users of HUD 
information technology systems including HUD employees and supporting 
contractors, students, interns, volunteers; affiliates of, and users 
from, State and local governments, non-profit organizations, academia, 
and third party business partners. The system does not apply to 
occasional visitors or short-term guests to whom HUD will issue 
temporary identification and credentials.

CATEGORIES OF RECORDS IN THE SYSTEM:
    DIAMS will collect and store the First Name, Last Name, Address, 
City, State, Country, Date of Birth, Social Security Number, Agency 
Rank, Agency, U.S. Citizen Status, User Principal Name (UPN), AD 
Identifier, Distinguished Name, Common Name, Display Name, User 
Password, Email Address and Unique User ID (e.g., H or C ID numbers).

[[Page 58373]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for maintenance of the system and authorizes the 
collection of information is the Federal Information Processing 
Standards, 201 Personal Identity Verification (PIV) of Federal 
Employees and Contractors (44 U.S.C. 3542(b)(2)). Other governing laws 
and regulations for managing and processing Federal credentials are as 
follows: 5 U.S.C. 301; Federal Information Security Act (P.L.104-106, 
sec. 5113); Electronic Government Act (P.L. 104-347, sec. 203); 
Paperwork Reduction Act of 1995 (44 U.S.C. 3501); Government Paperwork 
Elimination Act (P.L. 105-277, 44 U.S.C. 3504); Homeland Security 
Presidential Directive 12 (HSPD-12), Policy for a Common Identification 
Standard for Federal Employees and Contractors, August 27, 2004; and 
Federal Property and Administrative Act of 1949, as amended OMB 
Circular No. A-130, Management of Federal Information Resources (11/28/
2000) and Federal Agency Responsibilities for Maintaining Records about 
Individuals, dated June 25, 1993 (58 FR 36075, July 2, 1993); OMB Memo 
M-05-24, Federal Information Systems Management Act of 2002; and 
Executive Order--Improving Critical Infrastructure Cyber Security 
(February 12, 2013).

PURPOSE(S):
    DIAMS will provide centralized, automated functionality to manage 
the many digital identities that interact with HUD's information 
technology environment. DIAMS will provide a central repository and 
web-based portal that stores and allows central management of core 
digital identification, credential and access management (ICAM) data 
elements. DIAMS captures and stores information about persons and non-
person entities that are granted access into HUD's business 
applications. DIAMS also provides HUD with a platform to centrally and 
actively manage the identity life-cycle of persons and non-person 
entities from account creation through account removal. DIAMS will 
integrate with HUD's authoritative data sources including HUD's human 
resource management system, physical access control system including 
USAccess operated by the General Services Administration, personnel 
clearance system, and multiple internal Directory Services to ensure 
synchronization of identities across HUD's digital landscape. DIAMS 
will use batch files and IdM's (Identity Management's) connector to 
synchronize data from and to authorized data sources. The connection 
pipe will be secured with Public Key Infrastructure exchange. A feed 
from HUD's Human Resource (HR) system for employees and Sponsor 
initiation of Contractors in IdM will start the on-boarding process for 
a HUD Identity. The on-boarding process will require notifications to 
the responsible manager or sponsor during all stages of the workflow. 
During employment, application access will be requested through the IdM 
application provisioning and de-provisioning functions by authorized 
HUD personnel. When personnel are off-boarded, HR and Sponsors will 
initiate off-boarding disabling accounts and removing privileges.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
Section 552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside HUD as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. To HUD contractors, grantees, or volunteers who have been 
engaged to assist the agency in the performance of a contract service, 
grant, cooperative agreement with HUD, when necessary to accomplish an 
agency function or other activity related to this system of records, 
limited to only those data elements considered relevant to 
accomplishing an agency function. Individuals provided information 
under this routine use is subject to the same Privacy Act requirements 
and limitations on disclosure as are applicable to HUD officers and 
employees;
    2. To appropriate agencies, entities, and persons to the extent 
such disclosures are compatible with the purpose for which the records 
in this system were collected, as set forth by Appendix I \2\--HUD's 
Library of Routine Uses published in the Federal Register on (77 FR 
41996, July 17, 2012);
---------------------------------------------------------------------------

    \2\ http://portal.hud.gov/hudportal/documents/huddoc?id=append1.pdf
---------------------------------------------------------------------------

    3. To USAccess operated by the General Services Administration, 
personnel clearance system, and multiple internal Directory Services to 
ensure synchronization of identities across HUD's digital landscape. 
DIAMS will share UPN and Email with USAccess;
    4. To appropriate agencies, entities, and persons when: a) HUD 
suspects or has confirmed that the security or confidentiality of 
information in a system of records has been compromised; b) HUD has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or harm to the security or integrity of systems or 
programs (whether maintained by HUD or another agency or entity) that 
rely upon the compromised information; and c) the disclosure made to 
such agencies, entities, and persons is reasonably necessary to assist 
in connection with HUD's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm for 
purposes of facilitating responses and remediation efforts in the event 
of a data breach;
    5. To the National Archives and Records Administration (NARA) or to 
the General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906; and
    6. To other agencies to notify them when a PIV Card is no longer 
valid. The full system of records notice covering categories of DIAMS 
with complete description of other routine uses was published in the 
Federal Register: GSA GOVT-7, Federal Personal Identity Verification 
Identity Management System (PIV IDMS), 71 FR 56983 (September 28, 
2006).

STORAGE:
    All data are stored at a secured data center on the production 
DIAMS database servers. Backup, recovery and archived digital media is 
stored in secure facilities located with Iron Mountain. There are no 
hardcopy records produced that require additional storage.

RETRIEVABILITY:
    Personnel information within the system is retrieved based on Name, 
Date of Birth and Social Security Numbers (SSNs), HUD Network ID, Home 
Address, U.S. Citizenship. There are no hardcopy records produced that 
require additional retrieval.

SAFEGUARDS:
    The data in DIAMs records are backed up regularly in accordance 
with HUD policy 4.3.9 as documented in HUD Handbook 2400.25 Rev.3, 
August 2013. Strict access controls are governed for electronic records 
by the use of a user ID and password that require authentication before 
access is granted to DIAMS. Multi-factor authentication, once 
implementation is completed will require the use of PIV cards to access 
the system. Personnel who have access to the data are vetted by 
Personnel Security Division prior to being granted

[[Page 58374]]

access to systems where sensitive Personally Identifiable Information 
(PII) resides, are provided PII training, and have access to all 
policies regarding PII and its safeguarding requirements. All database 
systems are housed in a secure data center that is protected by 
security personnel. Accessing computer systems within the data center 
requires appropriate credentials to physically enter the facility and 
access the systems. All data is protected via encryption both at rest 
and in motion. There are no hardcopy records produced that require 
additional protections.

RETENTION AND DISPOSAL:
    Records retention and disposal are per Policy in HUD Handbook 
2225.6 Rev 1 HUD Records Disposition Schedules Handbook (2225.6) Under 
General Records Schedule 24, Information Technology Operations and 
Management Records, Section 6--User Identification, Profiles, 
Authorizations, and Password Files. Section 6 requires that files be 
destroyed/deleted 6 years after the user account is terminated or 
password is altered, or when no longer needed for investigative or 
security purposes, whichever is later. Backup and Recovery digital 
media will be destroyed or otherwise rendered irrecoverable per NIST SP 
800-88 ``Guidelines for Media Sanitization'' (September 2006). This 
complies with all Federal regulations. There are no hardcopy records 
produced that require additional archival.

SYSTEM MANAGER(s) AND ADDRESS:
    Joseph Milazzo, Deputy Chief Information Officer for IT Operations, 
Department of Housing and Urban Development, 451 Seventh Street SW., 
Room 4178, Washington, DC 20410.

NOTIFICATION AND RECORD ACCESS PROCEDURES:
    For Information, assistance, or inquiries about the existence of 
records, contact the Donna Robinson-Staton, Chief Privacy Officer, 451 
Seventh Street SW. Washington, DC 20410 (Attention: Capitol View 
Building, 4th Floor), telephone number: (202) 402-8073. Verification of 
your identity must include original signature and be notarized. Written 
request must include the full name, Social Security Number, date of 
birth, current address, and telephone number of the individual making 
the request.

CONTESTING RECORD PROCEDURES
    The Department's rules for contesting contents of records and 
appealing initial denials appear in 24 CFR Part 16. Additional 
assistance may be obtained by contacting: U.S. Department of Housing 
and Urban Development, Chief Privacy Officer, 451 Seventh Street SW., 
Washington, DC 20410 or the HUD Departmental Privacy Appeals Officers, 
Office of General Counsel, Department of Housing and Urban Development, 
451 Seventh Street SW., Washington DC 20410.

RECORD SOURCE CATEGORIES
    The source of DIAMS records are Internal and External both. 
Internally sourced records come from HUD's Human Resource Systems, 
HUD's Physical Access Control System commonly referred to as Hirsch 
Velocity, HUD's systems maintaining personnel security records, and 
HUD's multiple Directory Services including Active Directory. 
Externally sourced records are from the General Service 
Administration's USAccess system.

SYSTEMS EXEMPTED FROM CERTAIN PROVIOSIONS OF THE ACT
    None.
[FR Doc. 2014-23117 Filed 9-26-14; 8:45 a.m.]
BILLING CODE 4210-67-P