Privacy Act; System of Records: Digital Outreach and Communications, State-79, 4736-4738 [2016-01648]
Download as PDF
<![CDATA[
4736
Federal Register / Vol. 81, No. 17 / Wednesday, January 27, 2016 / Notices
Physical Loan Application Deadline
Date: 03/15/2016.
Economic Injury (EIDL) Loan
Application Deadline DATE: 10/17/
2016.
ADDRESSES: Submit completed loan
applications to: U.S. Small Business
Administration, Processing and
Disbursement Center, 14925 Kingsport
Road, Fort Worth, TX 76155.
FOR FURTHER INFORMATION CONTACT: A.
Escobar, Office of Disaster Assistance,
U.S. Small Business Administration,
409 3rd Street SW., Suite 6050,
Washington, DC 20416.
SUPPLEMENTARY INFORMATION: Notice is
hereby given that as a result of the
President’s major disaster declaration on
01/15/2016, Private Non-Profit
organizations that provide essential
services of governmental nature may file
disaster loan applications at the address
listed above or other locally announced
locations.
The following areas have been
determined to be adversely affected by
the disaster:
Primary Counties: Chelan, Clallam,
Garfield Island, Jefferson, Kittitas,
Lewis, Lincoln, Mason, Pend, Oreille,
Skamania, Snohomish, Spokane,
Stevens, Wahkiakum, Whitman.
The Interest Rates are:
Percentage
For Physical Damage:
Non-Profit Organizations With
Credit Available Elsewhere ...
Non-Profit Organizations Without Credit Available Elsewhere .....................................
For Economic Injury:
Non-Profit Organizations Without Credit Available Elsewhere .....................................
2.625
2.625
2.625
The number assigned to this disaster
for physical damage is 14597B and for
economic injury is 14598B.
(Catalog of Federal Domestic Assistance
Numbers 59008)
James E. Rivera,
Associate Administrator for Disaster
Assistance.
[FR Doc. 2016–01598 Filed 1–26–16; 8:45 am]
asabaliauskas on DSK5VPTVN1PROD with NOTICES
BILLING CODE 8025–01–P
DEPARTMENT OF STATE
amend an existing system of records,
Digital Outreach and Communications,
State–79, pursuant to the provisions of
the Privacy Act of 1974, as amended (5
U.S.C. 552a) and Office of Management
and Budget Circular No. A–130,
Appendix I.
DATES: This system of records will be
effective on March 7, 2016, unless we
receive comments that will result in a
contrary determination.
ADDRESSES: Any persons interested in
commenting on the amended system of
records may do so by writing to the
Director; Office of Information Programs
and Services, A/GIS/IPS; Department of
State, SA–2; 515 22nd Street NW.;
Washington, DC 20522–8100.
FOR FURTHER INFORMATION CONTACT: John
Hackett, Director; Office of Information
Programs and Services, A/GIS/IPS;
Department of State, SA–2; 515 22nd
Street NW.; Washington, DC 20522–
8100, or at Privacy@state.gov.
SUPPLEMENTARY INFORMATION: The
Department of State proposes that the
current system retain the name ‘‘Digital
Outreach and Communications’’
(previously published at 78 FR 54946).
The purpose of the system is to extend
outreach, engagement, and collaboration
efforts with the public, and to facilitate
transparency and accountability with
regard to Department activities; to
conduct and administer contests,
challenges, and other competitions; and
to track aggregate activity and analytics
to determine the effectiveness of email
campaigns. The proposed system will
include modifications to the following
sections: System location, Categories of
individuals, Categories of records,
Authority for maintenance of the
system, Purpose, Routine uses,
Retrievability, Safeguards, and
Notification procedure. The
modifications will allow the contact
information to be stored in a FEDRAMP
Certified Cloud provider, and will allow
the Department to collect aggregate
activity and analytics of email
campaigns.
The Department’s report was filed
with the Office of Management and
Budget. The amended system
description, ‘‘Digital Outreach and
Communications, State–79,’’ will read
as set forth below.
[Public Notice: 9425]
Joyce A. Barr,
Assistant Secretary for Administration, U.S.
Department of State.
Privacy Act; System of Records:
Digital Outreach and Communications,
State–79
STATE–79
Notice is hereby given that
the Department of State proposes to
Digital Outreach and
Communications.
SUMMARY:
VerDate Sep<11>2014
19:41 Jan 26, 2016
Jkt 238001
SYSTEM NAME:
PO 00000
Frm 00129
Fmt 4703
Sfmt 4703
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Department of State domestic
locations, posts abroad, and within a
government cloud, implemented by
State Department as a cloud-based cloud
software as a service (SaaS) provider.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Individuals who interact with the
Department through a social media
outlet, or other electronic means
including by submitting feedback,
subscription (RSS), email, requesting
more information from the Department.
Individuals participating in a contest,
challenge, or other competition.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system may contain information
passed through a social media site or
cloud service provider to facilitate
interaction with the Department such
as, but not limited to the following:
Name, username, email address, home
or work address, contact information,
phone numbers, date of birth, age,
security questions, IP addresses, login
credentials, topical interests, and
educational, business, or volunteer
affiliation. The system will also contain
information on the topics about which
users wish to receive communications,
as well as input and feedback from the
public, such as comments, emails,
videos, and images, which may include
tags, geotags, or geographical metadata.
The system may also include
information that does not meet the
definition of a ‘‘record’’ under the
Privacy Act, such as aggregate metrics
on user click rates, open rates, non-read
rates, unsubscribes, and link activity.
In addition to the information listed
above, individuals who enter a contest,
challenge, or other competition may be
asked to provide certain specific
information including financial data,
passport and visa information, and other
information necessary to authenticate
qualifications for participation or for
prize issuance.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Presidential Memorandum to the
Heads of Executive Departments and
Agencies on Transparency and Open
Government, January 21, 2009. OMB M–
10–06, Open Government Directive,
December 8, 2009. OMB M–10–23,
Guidance for Agency Use of Third-Party
Web sites and Applications, June 25,
2010. 5 U.S.C. 301, Management of
Executive Agencies. 22 U.S.C. 2651a,
Organization of the Department of State.
E:\FR\FM\27JAN1.SGM
27JAN1
Federal Register / Vol. 81, No. 17 / Wednesday, January 27, 2016 / Notices
PURPOSE:
To extend outreach, engagement, and
collaboration efforts with the public,
and to facilitate transparency and
accountability with regard to
Department activities. To conduct and
administer contests, challenges, and
other competitions. To track aggregate
activity and analytics to determine the
effectiveness of email campaigns.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
Information in this system may be
shared with the news media and the
public, with the approval of the Chief of
Mission or Bureau Assistant Secretary
who supervises the office responsible
for the outreach effort, except to the
extent that release of the information
would constitute an unwarranted
invasion of personal privacy;
To Government agencies and the
White House for purposes of planning
and coordinating public engagement
activities;
To a contractor of the Department
having need for the information in the
performance of the contract, but not
operating a system of records within the
meaning of 5 U.S.C. 552a(m);
And to Federal, state, and city
governments which are issued tax
reports, the Internal Revenue Service
and the Social Security Administration
which are sent tax and withholding
data.
The Department of State periodically
publishes in the Federal Register its
standard routine uses which apply to all
of its Privacy Act systems of records.
These notices appear in the form of a
Prefatory Statement. These standard
routine uses apply to Digital Outreach
and Communications, State–79.
DISCLOSURE TO CONSUMER REPORTING
AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Electronic media.
RETRIEVABILITY:
Username; email; name.
asabaliauskas on DSK5VPTVN1PROD with NOTICES
SAFEGUARDS:
All users are given cyber security
awareness training which covers the
procedures for handling Sensitive But
Unclassified (SBU) information,
including personally identifiable
information (PII). Annual refresher
training is mandatory. In addition, all
Foreign Service and Civil Service
employees and those Locally Engaged
VerDate Sep<11>2014
19:41 Jan 26, 2016
Jkt 238001
Staff who handle PII are required to take
the Foreign Service Institute distance
learning course, PA 459, instructing
employees on privacy and security
requirements, including the rules of
behavior for handling PII and the
potential consequences if it is handled
improperly.
Access to the Department of State, its
annexes and posts abroad is controlled
by security guards and admission is
limited to those individuals possessing
a valid identification card or individuals
under proper escort. All paper records
containing personal information are
maintained in secured file cabinets in
restricted areas, access to which is
limited to authorized personnel only.
Access to computerized files is
password-protected and under the
direct supervision of the system
manager. The system manager has the
capability of printing audit trails of
access from the computer media,
thereby permitting regular and ad hoc
monitoring of computer usage. When it
is determined that a user no longer
needs access, the user account is
disabled.
Before being granted access to
Protocol Records, a user must first be
granted access to the Department of
State computer system. Remote access
to the Department of State network from
non-Department owned systems is
authorized only to unclassified systems
and only through a Department
approved access program. Remote
access to the network is configured with
the Office of Management and Budget
Memorandum M–07–16 security
requirements which include but are not
limited to two-factor authentication and
time out function. All Department of
State employees and contractors with
authorized access have undergone a
thorough background security
investigation.
The safeguards in the following
paragraphs apply only to records that
are maintained in cloud systems. All
cloud systems that provide IT services
and process Department of State
information must be: (1) Provisionally
authorized to operate by the Federal
Risk and Authorization Management
Program (FedRAMP), and (2)
specifically authorized by the
Department of State Authorizing Official
and Senior Agency Official for Privacy.
Only information that conforms with
Department-specific definitions for
Federal Information Security
Management Act (FISMA) low or
moderate categorization are permissible
for cloud usage. Specific security
measures and safeguards will depend on
the FISMA categorization of the
information in a given cloud system. In
PO 00000
Frm 00130
Fmt 4703
Sfmt 4703
4737
accordance with Department policy,
systems that process more sensitive
information will require more stringent
controls and review by Department
cybersecurity experts prior to approval.
Prior to operation, all Cloud systems
must comply with applicable security
measures that are outlined in FISMA,
FedRAMP, OMB regulations, NIST
Federal Information Processing
Standards (FIPS) and Special
Publication (SP), and Department of
State policy and standards.
All data stored in cloud environments
categorized above a low FISMA impact
risk level must be encrypted at rest and
in-transit using a federally approved
encryption mechanism. The encryption
keys shall be generated, maintained, and
controlled in a Department data center
by the Department key management
authority. Deviations from these
encryption requirements must be
approved in writing by the Authorizing
Official.
RETENTION AND DISPOSAL:
Records are retired and destroyed in
accordance with published Department
of State Records Disposition Schedules
as approved by the National Archives
and Records Administration (NARA).
More specific information may be
obtained by writing to the Director;
Office of Information Programs and
Services, A/GIS/IPS; SA–2, Department
of State; 515 22nd Street NW.;
Washington, DC 20522–8100.
SYSTEM MANAGER(S) AND ADDRESS:
The Under Secretary for Public
Diplomacy and Public Affairs;
Department of State; 2201 C Street NW.;
Washington, DC 20520.
NOTIFICATION PROCEDURE:
Individuals who have cause to believe
that the Department may have outreach
records pertaining to him or her should
write to the Director; Office of
Information Programs and Services, A/
GIS/IPS; SA–2, Department of State; 515
22nd Street NW.; Washington, DC
20522–8100. The individual must
specify that he or she wishes the
outreach records of the Department to
be checked. At a minimum, the
individual must include the following:
Name; email address; current mailing
address and zip code; signature; and
other information helpful in identifying
the record.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access
to or amend records pertaining to
themselves should write to the Director;
Office of Information Programs and
Services (address above).
E:\FR\FM\27JAN1.SGM
27JAN1
4738
Federal Register / Vol. 81, No. 17 / Wednesday, January 27, 2016 / Notices
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest
records pertaining to themselves should
write to the Director; Office of
Information Programs and Services
(address above).
RECORD SOURCE CATEGORIES:
These records contain information
obtained directly from individuals who
interact with the Department of State
through social media sites or who
communicate electronically with the
Department in response to public
outreach.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
OF THE ACT:
None.
[FR Doc. 2016–01648 Filed 1–26–16; 8:45 am]
BILLING CODE 4710–45–P
SURFACE TRANSPORTATION BOARD
[Docket No. EP 526 (Sub-No. 7)]
Decision; Notice of Railroad-Shipper
Transportation Advisory Council
Vacancy
Surface Transportation Board
(Board).
ACTION: Notice of vacancy on the
Railroad-Shipper Transportation
Advisory Council (RSTAC) and
solicitation of nominations.
AGENCY:
The Board hereby gives notice
of a vacancy for a small railroad
representative on RSTAC. The Board is
soliciting suggestions for candidates to
fill this vacancy.
DATES: Nominations are due on
February 22, 2016.
ADDRESSES: Suggestions may be
submitted either via the Board’s e-filing
format or in the traditional paper
format. Any person using e-filing should
attach a document and otherwise
comply with the instructions at the E–
FILING link on the Board’s Web site, at
https://www.stb.dot.gov. Any person
submitting a filing in the traditional
paper format should send an original
and 10 copies to: Surface Transportation
Board, Attn: Docket No. EP 526 (SubNo. 7), 395 E Street SW., Washington,
DC 20423–0001 (if sending via express
company or private courier, please use
zip code 20024). Please note that
submissions will be available to the
public at the Board’s offices and posted
on the Board’s Web site under Docket
No. EP 526 (Sub-No. 7).
FOR FURTHER INFORMATION CONTACT:
Stephanie Lyons at 202–245–0536.
Assistance for the hearing impaired is
available through the Federal
asabaliauskas on DSK5VPTVN1PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
19:41 Jan 26, 2016
Jkt 238001
Information Relay Service (FIRS) at 1–
800–877–8339.
SUPPLEMENTARY INFORMATION: The
Board, created in 1996 to take over
many of the functions previously
performed by the Interstate Commerce
Commission, exercises broad authority
over transportation by rail carriers,
including regulation of railroad rates
and service (49 U.S.C. 10701–47,
11101–24), as well as the construction,
acquisition, operation, and
abandonment of rail lines (49 U.S.C.
10901–07) and railroad line sales,
consolidations, mergers, and common
control arrangements (49 U.S.C. 10902,
11323–27).
RSTAC was established upon the
enactment of the ICC Termination Act of
1995 (ICCTA), on December 29, 1995, to
advise the Board’s Chairman, the
Secretary of Transportation, the
Committee on Commerce, Science, and
Transportation of the Senate, and the
Committee on Transportation and
Infrastructure of the House of
Representatives with respect to rail
transportation policy issues RSTAC
considers significant. RSTAC focuses on
issues of importance to small shippers
and small railroads, including car
supply, rates, competition, and
procedures for addressing claims.
ICCTA directs RSTAC to develop
private-sector mechanisms to prevent,
or identify and address, obstacles to the
most effective and efficient
transportation system practicable.
RSTAC also prepares an annual report
concerning its activities and
recommendations on whatever
regulatory or legislative relief it
considers appropriate. RSTAC is not
subject to the Federal Advisory
Committee Act.
Nine members of RSTAC are voting
members and are appointed from senior
executive officers of organizations
engaged in the railroad and rail
shipping industries. At least four of the
voting members must be representatives
of small shippers as determined by the
Chairman, and at least four of the voting
members must be representatives of
Class II or III railroads. The remaining
six members to be appointed—three
representing Class I railroads and three
representing large shipper
organizations—serve in a nonvoting,
advisory capacity, but are entitled to
participate in RSTAC deliberations.
RSTAC is required by statute to meet
at least semi-annually. In recent years,
RSTAC has met four times a year.
Meetings are generally held at the
Board’s headquarters in Washington,
DC, although some are held in other
locations.
PO 00000
Frm 00131
Fmt 4703
Sfmt 4703
RSTAC members receive no
compensation for their services and are
required to provide for the expenses
incidental to their service, including
travel expenses, as the Board cannot
provide for these expenses. RSTAC may
solicit and use private funding for its
activities, again subject to certain
restrictions in ICCTA. RSTAC members
currently have elected to submit annual
dues to pay for RSTAC expenses.
RSTAC members must be citizens of
the United States and represent as
broadly as practicable the various
segments of the railroad and rail shipper
industries. They may not be full-time
employees of the United States.
According to revised guidance issued by
the Office of Management and Budget,
it is permissible for federally registered
lobbyists to serve on advisory
committees, such as RSTAC, as long as
they do so in a representative capacity,
rather than an individual capacity. See
Revised Guidance on Appointment of
Lobbyists to Federal Advisory
Committees, Boards, and Commissions,
79 FR 47482 (Aug. 13, 2014). Members
of RSTAC are appointed to serve in a
representative capacity.
RSTAC members are appointed for
three-year terms. A member may serve
after the expiration of his or her term
until a successor has taken office. No
member will be eligible to serve in
excess of two consecutive terms.
Due to the expiration of one RSTAC
member’s second term, a vacancy exists
for a small railroad representative. Upon
appointment by the Chairman, the new
representative will serve for three years,
and may be eligible to serve a second
three-year term following the end of
their first term.
Suggestions for candidates to fill the
vacancy should be submitted in letter
form, identify the name of the
candidate, provide a summary of why
the candidate is qualified to serve on
RSTAC, and contain a representation
that the candidate is willing to serve as
a member of RSTAC effective
immediately upon appointment. RSTAC
candidate suggestions should be filed
with the Board by February 22, 2016.
Members selected to serve on RSTAC
are chosen at the discretion of the
Board’s Chairman. Please note that
submissions will be available to the
public at the Board’s offices and posted
on the Board’s Web site under Docket
No. EP 526 (Sub-No. 7).
Authority: 49 U.S.C. 726.
Decided: January 22, 2016.
E:\FR\FM\27JAN1.SGM
27JAN1
]]>Agencies
[Federal Register Volume 81, Number 17 (Wednesday, January 27, 2016)]
[Notices]
[Pages 4736-4738]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-01648]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF STATE
[Public Notice: 9425]
Privacy Act; System of Records: Digital Outreach and
Communications, State-79
SUMMARY: Notice is hereby given that the Department of State proposes
to amend an existing system of records, Digital Outreach and
Communications, State-79, pursuant to the provisions of the Privacy Act
of 1974, as amended (5 U.S.C. 552a) and Office of Management and Budget
Circular No. A-130, Appendix I.
DATES: This system of records will be effective on March 7, 2016,
unless we receive comments that will result in a contrary
determination.
ADDRESSES: Any persons interested in commenting on the amended system
of records may do so by writing to the Director; Office of Information
Programs and Services, A/GIS/IPS; Department of State, SA-2; 515 22nd
Street NW.; Washington, DC 20522-8100.
FOR FURTHER INFORMATION CONTACT: John Hackett, Director; Office of
Information Programs and Services, A/GIS/IPS; Department of State, SA-
2; 515 22nd Street NW.; Washington, DC 20522-8100, or at
Privacy@state.gov.
SUPPLEMENTARY INFORMATION: The Department of State proposes that the
current system retain the name ``Digital Outreach and Communications''
(previously published at 78 FR 54946). The purpose of the system is to
extend outreach, engagement, and collaboration efforts with the public,
and to facilitate transparency and accountability with regard to
Department activities; to conduct and administer contests, challenges,
and other competitions; and to track aggregate activity and analytics
to determine the effectiveness of email campaigns. The proposed system
will include modifications to the following sections: System location,
Categories of individuals, Categories of records, Authority for
maintenance of the system, Purpose, Routine uses, Retrievability,
Safeguards, and Notification procedure. The modifications will allow
the contact information to be stored in a FEDRAMP Certified Cloud
provider, and will allow the Department to collect aggregate activity
and analytics of email campaigns.
The Department's report was filed with the Office of Management and
Budget. The amended system description, ``Digital Outreach and
Communications, State-79,'' will read as set forth below.
Joyce A. Barr,
Assistant Secretary for Administration, U.S. Department of State.
STATE-79
SYSTEM NAME:
Digital Outreach and Communications.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Department of State domestic locations, posts abroad, and within a
government cloud, implemented by State Department as a cloud-based
cloud software as a service (SaaS) provider.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who interact with the Department through a social media
outlet, or other electronic means including by submitting feedback,
subscription (RSS), email, requesting more information from the
Department. Individuals participating in a contest, challenge, or other
competition.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system may contain information passed through a social media
site or cloud service provider to facilitate interaction with the
Department such as, but not limited to the following: Name, username,
email address, home or work address, contact information, phone
numbers, date of birth, age, security questions, IP addresses, login
credentials, topical interests, and educational, business, or volunteer
affiliation. The system will also contain information on the topics
about which users wish to receive communications, as well as input and
feedback from the public, such as comments, emails, videos, and images,
which may include tags, geotags, or geographical metadata. The system
may also include information that does not meet the definition of a
``record'' under the Privacy Act, such as aggregate metrics on user
click rates, open rates, non-read rates, unsubscribes, and link
activity.
In addition to the information listed above, individuals who enter
a contest, challenge, or other competition may be asked to provide
certain specific information including financial data, passport and
visa information, and other information necessary to authenticate
qualifications for participation or for prize issuance.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Presidential Memorandum to the Heads of Executive Departments and
Agencies on Transparency and Open Government, January 21, 2009. OMB M-
10-06, Open Government Directive, December 8, 2009. OMB M-10-23,
Guidance for Agency Use of Third-Party Web sites and Applications, June
25, 2010. 5 U.S.C. 301, Management of Executive Agencies. 22 U.S.C.
2651a, Organization of the Department of State.
[[Page 4737]]
PURPOSE:
To extend outreach, engagement, and collaboration efforts with the
public, and to facilitate transparency and accountability with regard
to Department activities. To conduct and administer contests,
challenges, and other competitions. To track aggregate activity and
analytics to determine the effectiveness of email campaigns.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Information in this system may be shared with the news media and
the public, with the approval of the Chief of Mission or Bureau
Assistant Secretary who supervises the office responsible for the
outreach effort, except to the extent that release of the information
would constitute an unwarranted invasion of personal privacy;
To Government agencies and the White House for purposes of planning
and coordinating public engagement activities;
To a contractor of the Department having need for the information
in the performance of the contract, but not operating a system of
records within the meaning of 5 U.S.C. 552a(m);
And to Federal, state, and city governments which are issued tax
reports, the Internal Revenue Service and the Social Security
Administration which are sent tax and withholding data.
The Department of State periodically publishes in the Federal
Register its standard routine uses which apply to all of its Privacy
Act systems of records. These notices appear in the form of a Prefatory
Statement. These standard routine uses apply to Digital Outreach and
Communications, State-79.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Electronic media.
RETRIEVABILITY:
Username; email; name.
SAFEGUARDS:
All users are given cyber security awareness training which covers
the procedures for handling Sensitive But Unclassified (SBU)
information, including personally identifiable information (PII).
Annual refresher training is mandatory. In addition, all Foreign
Service and Civil Service employees and those Locally Engaged Staff who
handle PII are required to take the Foreign Service Institute distance
learning course, PA 459, instructing employees on privacy and security
requirements, including the rules of behavior for handling PII and the
potential consequences if it is handled improperly.
Access to the Department of State, its annexes and posts abroad is
controlled by security guards and admission is limited to those
individuals possessing a valid identification card or individuals under
proper escort. All paper records containing personal information are
maintained in secured file cabinets in restricted areas, access to
which is limited to authorized personnel only. Access to computerized
files is password-protected and under the direct supervision of the
system manager. The system manager has the capability of printing audit
trails of access from the computer media, thereby permitting regular
and ad hoc monitoring of computer usage. When it is determined that a
user no longer needs access, the user account is disabled.
Before being granted access to Protocol Records, a user must first
be granted access to the Department of State computer system. Remote
access to the Department of State network from non-Department owned
systems is authorized only to unclassified systems and only through a
Department approved access program. Remote access to the network is
configured with the Office of Management and Budget Memorandum M-07-16
security requirements which include but are not limited to two-factor
authentication and time out function. All Department of State employees
and contractors with authorized access have undergone a thorough
background security investigation.
The safeguards in the following paragraphs apply only to records
that are maintained in cloud systems. All cloud systems that provide IT
services and process Department of State information must be: (1)
Provisionally authorized to operate by the Federal Risk and
Authorization Management Program (FedRAMP), and (2) specifically
authorized by the Department of State Authorizing Official and Senior
Agency Official for Privacy. Only information that conforms with
Department-specific definitions for Federal Information Security
Management Act (FISMA) low or moderate categorization are permissible
for cloud usage. Specific security measures and safeguards will depend
on the FISMA categorization of the information in a given cloud system.
In accordance with Department policy, systems that process more
sensitive information will require more stringent controls and review
by Department cybersecurity experts prior to approval. Prior to
operation, all Cloud systems must comply with applicable security
measures that are outlined in FISMA, FedRAMP, OMB regulations, NIST
Federal Information Processing Standards (FIPS) and Special Publication
(SP), and Department of State policy and standards.
All data stored in cloud environments categorized above a low FISMA
impact risk level must be encrypted at rest and in-transit using a
federally approved encryption mechanism. The encryption keys shall be
generated, maintained, and controlled in a Department data center by
the Department key management authority. Deviations from these
encryption requirements must be approved in writing by the Authorizing
Official.
RETENTION AND DISPOSAL:
Records are retired and destroyed in accordance with published
Department of State Records Disposition Schedules as approved by the
National Archives and Records Administration (NARA). More specific
information may be obtained by writing to the Director; Office of
Information Programs and Services, A/GIS/IPS; SA-2, Department of
State; 515 22nd Street NW.; Washington, DC 20522-8100.
SYSTEM MANAGER(S) AND ADDRESS:
The Under Secretary for Public Diplomacy and Public Affairs;
Department of State; 2201 C Street NW.; Washington, DC 20520.
NOTIFICATION PROCEDURE:
Individuals who have cause to believe that the Department may have
outreach records pertaining to him or her should write to the Director;
Office of Information Programs and Services, A/GIS/IPS; SA-2,
Department of State; 515 22nd Street NW.; Washington, DC 20522-8100.
The individual must specify that he or she wishes the outreach records
of the Department to be checked. At a minimum, the individual must
include the following: Name; email address; current mailing address and
zip code; signature; and other information helpful in identifying the
record.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access to or amend records pertaining
to themselves should write to the Director; Office of Information
Programs and Services (address above).
[[Page 4738]]
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest records pertaining to themselves
should write to the Director; Office of Information Programs and
Services (address above).
RECORD SOURCE CATEGORIES:
These records contain information obtained directly from
individuals who interact with the Department of State through social
media sites or who communicate electronically with the Department in
response to public outreach.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. 2016-01648 Filed 1-26-16; 8:45 am]
BILLING CODE 4710-45-P
