Privacy Act of 1974; System of Records, 58475-58477 [2017-26750]

Download as PDF Federal Register / Vol. 82, No. 237 / Tuesday, December 12, 2017 / Notices Commission, 100 F Street NE, Washington, DC 20549–1090. All submissions should refer to File Number SR–NYSE–2017–42. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s internet website (http://www.sec.gov/ rules/sro.shtml). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549 on official business days between the hours of 10:00 a.m. and 3:00 p.m. Copies of the filing also will be available for inspection and copying at the principal office of the Exchange. All comments received will be posted without change. Persons submitting comments are cautioned that we do not redact or edit personal identifying information from comment submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SR–NYSE–2017–42 and should be submitted on or before January 2, 2018. For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.10 Eduardo A. Aleman, Assistant Secretary. control access to Department of State networks and computer systems. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records takes effect upon publication, with the exception of the routine uses (a) and (b) that are subject to a 30-day period during which interested persons may submit comments to the Department. Please submit any comments by January 11, 2018. ADDRESSES: Questions can be submitted by mail or email. If mail, please write to: U.S. Department of State; Office of Global Information Systems, Privacy Staff; A/GIS/PRV; SA–2, Suite 8100; Washington, DC 20522–0208. If email, please address the email to the Chief Privacy Officer, Margaret P. Grafeld, at Privacy@state.gov. Please write ‘‘Network User Account Records, State56’’ on the envelope or the subject line of your email. FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy Officer; U.S. Department of State; Office of Global Information Services, A/GIS/ PRV; SA–2, Suite 8100; Washington, DC 20522–0208 or 202–261–8300. SUPPLEMENTARY INFORMATION: The purpose of this modification is to make substantive and administrative changes to the previously published notice. This notice modifies the following sections of State-56, Network User Account Records: System Location, Categories of Individuals, Routine Uses, Storage, Safeguards. In addition, this notice makes administrative updates to the following sections: Policies and Procedures for Retrieval of Records, Record Access Procedures, Notification Procedures, and History. These changes reflect the Department’s move to cloud storage, new OMB guidance, access by contractors, updated contact information, and a notice publication history. [FR Doc. 2017–26687 Filed 12–11–17; 8:45 am] SYSTEM NAME AND NUMBER: BILLING CODE 8011–01–P Network User Account Records, State56. SECURITY CLASSIFICATION: DEPARTMENT OF STATE Unclassified. [Public Notice: 10225] SYSTEM LOCATION: Privacy Act of 1974; System of Records Department of State. Notice of a Modified System of Records. ethrower on DSK3G9T082PROD with NOTICES AGENCY: ACTION: This System of Records compiles information about Department of State user accounts to monitor and SUMMARY: 10 17 20:03 Dec 11, 2017 SYSTEM MANAGER(S): Chief Information Officer, Bureau of Information Resource Management, CFR 200.30–3(a)(12). VerDate Sep<11>2014 Department of State (‘‘Department’’), located at 2201 C Street NW, Washington, DC 20520, and within a government cloud provided, implemented, and overseen by the Department’s Enterprise Server Operations Center (ESOC), 2201 C Street NW, Washington, DC 20520. Jkt 244001 PO 00000 Frm 00098 Fmt 4703 Sfmt 4703 58475 Department of State, 2201 C Street, NW, Washington, DC 20520 and can be reached at either ITServiceCenter@ state.gov or (202) 647–2000. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 5 U.S.C. 301; 44 U.S.C. 3544. PURPOSE(S) OF THE SYSTEM: To administer Department network user accounts; to help document and/or control access to computer systems, platforms, services, applications, and databases within a Department network and Department-authorized cloud services and applications; to monitor security of computer systems; to investigate and make referrals for disciplinary or other actions if unauthorized access or inappropriate usage is suspected or detected; and to identify the need for training programs. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Department of State employees and other organizational users (examples include eligible family members, locally employed staff, contractors, and personal services contractors) who have access to Department of State computer networks and access to cloud computing applications that are authorized for processing Department information. The Privacy Act defines an individual at 5 U.S.C.552a(a)(2) as a United States citizen or lawful permanent resident. CATEGORIES OF RECORDS IN THE SYSTEM: This system of records consists of the network and application user account records that Department information technology systems, applications, and services compile and maintain about users of a network and application. These records include user data such as the user’s name, system-assigned username; email address; employee or other user identification number; organization code; job title; business affiliation; work contact information; systems, applications, or services to which the individual has access; systems, applications, or services used; dates, times, and durations of use; profile photo; user profile; and IP address of access. The records also include system usage files and directories when they contain information about specific users. RECORD SOURCE CATEGORIES: Individuals about whom the network user account record is maintained; information technology systems, applications, and services within a Department network that record usage by individuals assigned a user account on that network. E:\FR\FM\12DEN1.SGM 12DEN1 58476 Federal Register / Vol. 82, No. 237 / Tuesday, December 12, 2017 / Notices ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: Records may be disclosed: (a) To appropriate agencies, entities, and persons when (1) the Department of State suspects or has confirmed that there has been a breach of the system of records; (2) the Department of State has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department of State (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department of State efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (b) To another Federal agency or Federal entity, when the Department of State determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. The Department of State periodically publishes in the Federal Register its standard routine uses which apply to many of its Privacy Act systems of records. These notices appear in the form of a Prefatory Statement (published in Volume 73, Number 136, Public Notice 6290, on July 15, 2008). All these standard routine uses apply to Network User Account Records, State-56. ethrower on DSK3G9T082PROD with NOTICES POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are stored both in hard copy and on electronic media. A description of standard Department of State policies concerning storage of electronic records is found in the Department’s Foreign Affairs Manual (https://fam.state.gov/ FAM/05FAM/05FAM0440.html). All hard copies of records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are indexed by the name; system-assigned username; email address; or other searchable data fields or codes. VerDate Sep<11>2014 20:03 Dec 11, 2017 Jkt 244001 POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records maintained in this system of records are generally destroyed three to six years after the user account is terminated. These records are retired and destroyed in accordance with published Department of State Records Disposition Schedules as approved by the National Archives and Records Administration (NARA), and a complete list of the Department’s schedules can be found on our Freedom of Information Act (FOIA) program’s website (https:// foia.state.gov/Learn/ RecordsDisposition.aspx). More specific information may be obtained by writing to the following address: Director, Office of Information Programs and Services, A/GIS/IPS; SA–2, Department of State; 515 22nd Street NW, Washington, DC 20522–8100. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: All users are given cyber security awareness training that covers the procedures for handling Sensitive but Unclassified information, including personally identifiable information (PII). Annual refresher training is mandatory. In addition, all Foreign Service and Civil Service employees and those Locally Engaged Staff who handle PII are required to take the Foreign Service Institute distance learning course instructing employees on privacy and security requirements, including the rules of behavior for handling PII and the potential consequences if it is handled improperly. Access to the Department of State, its annexes and posts abroad is controlled by security guards and admission is limited to those individuals possessing a valid identification card or individuals under proper escort. While the majority of records covered in the Network User Account Records are electronic, all paper records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel. Access to computerized files is password-protected and under the direct supervision of the system manager. The system manager has the capability of printing audit trails of access from the computer media, thereby permitting regular and ad hoc monitoring of computer usage. When it is determined that a user no longer needs access, the user account is disabled. Before being granted access to Network User Account Records, a user must first be granted access to the Department of State computer system. Remote access to the Department of PO 00000 Frm 00099 Fmt 4703 Sfmt 4703 State network from non-Department owned systems is authorized only through a Department approved access program. Remote access to the network is configured with the authentication requirements contained in the Office of Management and Budget Circular Memorandum A–130. All Department of State employees and contractors with authorized access have undergone a background security investigation. The Department of State will store records maintained in this system of records in cloud systems. All cloud systems that provide IT services and process Department of State information must be authorized to operate by the Department of State Authorizing Official and Senior Agency Official for Privacy. Only information that conforms with Department-specific definitions for FISMA low or moderate categorization are permissible for cloud usage unless specifically authorized by the Department’s Cloud Computing Governance Board. Prior to operation, all Cloud systems must comply with applicable security measures that are outlined in FISMA, FedRAMP, OMB guidance, NIST Federal Information Processing Standards (FIPS) and Special Publications, and Department of State policy and standards. RECORD ACCESS PROCEDURES: Individuals who wish to gain access to or to amend records pertaining to themselves should write to U.S. Department of State; Director, Office of Information Programs and Services; A/ GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. The individual must specify that he or she wishes the Network User Account Records to be checked. At a minimum, the individual must include: Full name (including maiden name, if appropriate) and any other names used; current mailing address and zip code; date and place of birth; notarized signature or statement under penalty of perjury; a brief description of the circumstances that caused the creation of the record (including the city and/or country and the approximate dates) which gives the individual cause to believe that the Network User Account Records include records pertaining to him or her. Detailed instructions on Department of State procedures for accessing and amending records can be found at the Department’s FOIA website (https:// foia.state.gov/Request/Guide.aspx). CONTESTING RECORD PROCEDURES: Individuals who wish to contest record procedures should write to U.S. Department of State; Director, Office of Information Programs and Services; A/ E:\FR\FM\12DEN1.SGM 12DEN1 Federal Register / Vol. 82, No. 237 / Tuesday, December 12, 2017 / Notices GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. NOTIFICATION PROCEDURES: Individuals who have reason to believe that this system of records may contain information pertaining to them may write to U.S. Department of State; Director, Office of Information Programs and Services; A/GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. The individual must specify that he or she wishes the Network User Account Records to be checked. At a minimum, the individual must include: Full name (including maiden name, if appropriate) and any other names used; current mailing address and zip code; date and place of birth; notarized signature or statement under penalty of perjury; a brief description of the circumstances that caused the creation of the record (including the city and/or country and the approximate dates) which gives the individual cause to believe that the Network User Account Records include records pertaining to him or her. Comments can be submitted by mail or email. If mail, please write to: U.S. Department of State; Office of Global Information Systems, Privacy Staff; A/GIS/PRV; SA–2, Suite 8100; Washington, DC 20522–0208. If email, please address the email to the Chief Privacy Officer, Margaret P. Grafeld, at Privacy@state.gov. Please write ‘‘Email Archive Management Records, State-01’’ on the envelope or the subject line of your email. FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy Officer; U.S. Department of State; Office of Global Information Services, A/GIS/ PRV; SA–2, Suite 8100; Washington, DC 20522–0208 or 202–261–8300. SUPPLEMENTARY INFORMATION: None. ADDRESSES: SECURITY CLASSIFICATION: RECORD SOURCE CATEGORIES: Unclassified and Classified. SYSTEM LOCATION: [FR Doc. 2017–26750 Filed 12–11–17; 8:45 am] SYSTEM MANAGER(S): BILLING CODE 4710–24–P Division Chief, Office of Information Resource Management, Messaging Systems Office, Messaging Design Division; U.S. Department of State, 7049 Newington Rd; Lorton, VA 22079. The System Manager can be reached at (703) 746–2113. HISTORY: This SORN was previously published at 75 FR 7210. DEPARTMENT OF STATE [Public Notice: 10226] Privacy Act of 1974; System of Records AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Department of State. ACTION: Notice of a New System of Records. AGENCY: The purpose of the Email Archive Management Records system is to capture all emails and attachments that interact with a Department of State email account and to store them in a secure repository that allows for search, retrieval, and view when necessary. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records takes effect upon publication, with the exception of the routine uses that are subject to a 30-day period during which interested persons may submit comments to the Department. Please submit any comments by January 11, 2018. ethrower on DSK3G9T082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 20:03 Dec 11, 2017 Jkt 244001 CATEGORIES OF RECORDS IN THE SYSTEM: Email Archive Management Records, State-01. SYSTEM NAME AND NUMBER: Mary R. Avery, Senior Agency Official for Privacy, Senior Advisor, Office of Global Information Services, Bureau of Administration, Department of State. None. is archived in the system. The system may also include information about individuals who interact with a Department of State email account, as well as individuals who are mentioned in a Department of State email message or attachment. The Privacy Act defines an individual at 5 U.S.C.552a(a)(2) as a United States citizen or lawful permanent resident. The records in this system include email messages and attachments associated with a Department of State email account, including any information that may be included in such messages or attachments. The system may also include biographic and contact information of individuals who maintain a Department of State email account, including name, address, email address, and phone number. Department of State (‘‘Department’), located at 2201 C Street NW, Washington, DC 20520; Department of State annexes, U.S. Embassies, U.S. Consulates General, and U.S. Consulates. Information may also be stored within a government-certified cloud, implemented, and overseen by the Department’s Messaging Systems Office (MSO), 2025 E. St. NW, Washington, DC 20006. EXEMPTIONS PROMULGATED FOR THE SYSTEM: 58477 (a) 5 U.S.C. 301 (b) Federal Records Act, 44 U.S.C. Ch. 31; (c) Freedom of Information Act, 5 U.S.C. 552. (d) Privacy Act of 1974, 5 U.S.C.552a(d). (e) 22 CFR part 171. PURPOSE(S) OF THE SYSTEM: The purpose of the system is to capture all emails and attachments that interact with a Department of State email account and to store them in a secure repository that allows for search, retrieval, and view when necessary. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals who maintain a Department of State email account that PO 00000 Frm 00100 Fmt 4703 Sfmt 4703 These records contain information obtained from individuals who maintain a Department of State email account, as well as those who interact with such individuals. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: The information in the system may be shared with: (a) Other federal agencies, foreign governments, and private entities where relevant and necessary for them to review or consult on documents that implicate their equities; (b) a contractor of the Department having need for the information in the performance of the contract, but not operating a system of records within the meaning of 5 U.S.C. 552a(m). (c) appropriate agencies, entities, and persons when (1) the Department of State suspects or has confirmed that there has been a breach of the system of records; (2) the Department of State has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department of State (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department of State efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (d) another Federal agency or Federal entity, when the Department of State determines that information from this system of records is reasonably necessary to assist the recipient agency E:\FR\FM\12DEN1.SGM 12DEN1

Agencies

[Federal Register Volume 82, Number 237 (Tuesday, December 12, 2017)]
[Notices]
[Pages 58475-58477]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-26750]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF STATE

[Public Notice: 10225]


Privacy Act of 1974; System of Records

AGENCY: Department of State.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: This System of Records compiles information about Department 
of State user accounts to monitor and control access to Department of 
State networks and computer systems.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records takes effect upon publication, with the exception of the 
routine uses (a) and (b) that are subject to a 30-day period during 
which interested persons may submit comments to the Department. Please 
submit any comments by January 11, 2018.

ADDRESSES: Questions can be submitted by mail or email. If mail, please 
write to: U.S. Department of State; Office of Global Information 
Systems, Privacy Staff; A/GIS/PRV; SA-2, Suite 8100; Washington, DC 
20522-0208. If email, please address the email to the Chief Privacy 
Officer, Margaret P. Grafeld, at [email protected]. Please write 
``Network User Account Records, State-56'' on the envelope or the 
subject line of your email.

FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy 
Officer; U.S. Department of State; Office of Global Information 
Services, A/GIS/PRV; SA-2, Suite 8100; Washington, DC 20522-0208 or 
202-261-8300.

SUPPLEMENTARY INFORMATION: The purpose of this modification is to make 
substantive and administrative changes to the previously published 
notice. This notice modifies the following sections of State-56, 
Network User Account Records: System Location, Categories of 
Individuals, Routine Uses, Storage, Safeguards. In addition, this 
notice makes administrative updates to the following sections: Policies 
and Procedures for Retrieval of Records, Record Access Procedures, 
Notification Procedures, and History. These changes reflect the 
Department's move to cloud storage, new OMB guidance, access by 
contractors, updated contact information, and a notice publication 
history.
SYSTEM NAME AND NUMBER:
    Network User Account Records, State-56.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Department of State (``Department''), located at 2201 C Street NW, 
Washington, DC 20520, and within a government cloud provided, 
implemented, and overseen by the Department's Enterprise Server 
Operations Center (ESOC), 2201 C Street NW, Washington, DC 20520.

SYSTEM MANAGER(S):
    Chief Information Officer, Bureau of Information Resource 
Management, Department of State, 2201 C Street, NW, Washington, DC 
20520 and can be reached at either [email protected] or (202) 
647-2000.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; 44 U.S.C. 3544.

PURPOSE(S) OF THE SYSTEM:
    To administer Department network user accounts; to help document 
and/or control access to computer systems, platforms, services, 
applications, and databases within a Department network and Department-
authorized cloud services and applications; to monitor security of 
computer systems; to investigate and make referrals for disciplinary or 
other actions if unauthorized access or inappropriate usage is 
suspected or detected; and to identify the need for training programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Department of State employees and other organizational users 
(examples include eligible family members, locally employed staff, 
contractors, and personal services contractors) who have access to 
Department of State computer networks and access to cloud computing 
applications that are authorized for processing Department information. 
The Privacy Act defines an individual at 5 U.S.C.552a(a)(2) as a United 
States citizen or lawful permanent resident.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system of records consists of the network and application user 
account records that Department information technology systems, 
applications, and services compile and maintain about users of a 
network and application. These records include user data such as the 
user's name, system-assigned username; email address; employee or other 
user identification number; organization code; job title; business 
affiliation; work contact information; systems, applications, or 
services to which the individual has access; systems, applications, or 
services used; dates, times, and durations of use; profile photo; user 
profile; and IP address of access. The records also include system 
usage files and directories when they contain information about 
specific users.

RECORD SOURCE CATEGORIES:
    Individuals about whom the network user account record is 
maintained; information technology systems, applications, and services 
within a Department network that record usage by individuals assigned a 
user account on that network.

[[Page 58476]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Records may be disclosed:
    (a) To appropriate agencies, entities, and persons when (1) the 
Department of State suspects or has confirmed that there has been a 
breach of the system of records; (2) the Department of State has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, the Department of State (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the Department of State efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (b) To another Federal agency or Federal entity, when the 
Department of State determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    The Department of State periodically publishes in the Federal 
Register its standard routine uses which apply to many of its Privacy 
Act systems of records. These notices appear in the form of a Prefatory 
Statement (published in Volume 73, Number 136, Public Notice 6290, on 
July 15, 2008). All these standard routine uses apply to Network User 
Account Records, State-56.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored both in hard copy and on electronic media. A 
description of standard Department of State policies concerning storage 
of electronic records is found in the Department's Foreign Affairs 
Manual (https://fam.state.gov/FAM/05FAM/05FAM0440.html). All hard 
copies of records containing personal information are maintained in 
secured file cabinets in restricted areas, access to which is limited 
to authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are indexed by the name; system-assigned username; email 
address; or other searchable data fields or codes.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records maintained in this system of records are generally 
destroyed three to six years after the user account is terminated. 
These records are retired and destroyed in accordance with published 
Department of State Records Disposition Schedules as approved by the 
National Archives and Records Administration (NARA), and a complete 
list of the Department's schedules can be found on our Freedom of 
Information Act (FOIA) program's website (https://foia.state.gov/Learn/RecordsDisposition.aspx). More specific information may be obtained by 
writing to the following address: Director, Office of Information 
Programs and Services, A/GIS/IPS; SA-2, Department of State; 515 22nd 
Street NW, Washington, DC 20522-8100.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All users are given cyber security awareness training that covers 
the procedures for handling Sensitive but Unclassified information, 
including personally identifiable information (PII). Annual refresher 
training is mandatory. In addition, all Foreign Service and Civil 
Service employees and those Locally Engaged Staff who handle PII are 
required to take the Foreign Service Institute distance learning course 
instructing employees on privacy and security requirements, including 
the rules of behavior for handling PII and the potential consequences 
if it is handled improperly.
    Access to the Department of State, its annexes and posts abroad is 
controlled by security guards and admission is limited to those 
individuals possessing a valid identification card or individuals under 
proper escort. While the majority of records covered in the Network 
User Account Records are electronic, all paper records containing 
personal information are maintained in secured file cabinets in 
restricted areas, access to which is limited to authorized personnel. 
Access to computerized files is password-protected and under the direct 
supervision of the system manager. The system manager has the 
capability of printing audit trails of access from the computer media, 
thereby permitting regular and ad hoc monitoring of computer usage. 
When it is determined that a user no longer needs access, the user 
account is disabled.
    Before being granted access to Network User Account Records, a user 
must first be granted access to the Department of State computer 
system. Remote access to the Department of State network from non-
Department owned systems is authorized only through a Department 
approved access program. Remote access to the network is configured 
with the authentication requirements contained in the Office of 
Management and Budget Circular Memorandum A-130. All Department of 
State employees and contractors with authorized access have undergone a 
background security investigation.
    The Department of State will store records maintained in this 
system of records in cloud systems. All cloud systems that provide IT 
services and process Department of State information must be authorized 
to operate by the Department of State Authorizing Official and Senior 
Agency Official for Privacy. Only information that conforms with 
Department-specific definitions for FISMA low or moderate 
categorization are permissible for cloud usage unless specifically 
authorized by the Department's Cloud Computing Governance Board. Prior 
to operation, all Cloud systems must comply with applicable security 
measures that are outlined in FISMA, FedRAMP, OMB guidance, NIST 
Federal Information Processing Standards (FIPS) and Special 
Publications, and Department of State policy and standards.

RECORD ACCESS PROCEDURES:
    Individuals who wish to gain access to or to amend records 
pertaining to themselves should write to U.S. Department of State; 
Director, Office of Information Programs and Services; A/GIS/IPS; SA-2, 
Suite 8100; Washington, DC 20522-0208. The individual must specify that 
he or she wishes the Network User Account Records to be checked. At a 
minimum, the individual must include: Full name (including maiden name, 
if appropriate) and any other names used; current mailing address and 
zip code; date and place of birth; notarized signature or statement 
under penalty of perjury; a brief description of the circumstances that 
caused the creation of the record (including the city and/or country 
and the approximate dates) which gives the individual cause to believe 
that the Network User Account Records include records pertaining to him 
or her. Detailed instructions on Department of State procedures for 
accessing and amending records can be found at the Department's FOIA 
website (https://foia.state.gov/Request/Guide.aspx).

CONTESTING RECORD PROCEDURES:
    Individuals who wish to contest record procedures should write to 
U.S. Department of State; Director, Office of Information Programs and 
Services; A/

[[Page 58477]]

GIS/IPS; SA-2, Suite 8100; Washington, DC 20522-0208.

NOTIFICATION PROCEDURES:
    Individuals who have reason to believe that this system of records 
may contain information pertaining to them may write to U.S. Department 
of State; Director, Office of Information Programs and Services; A/GIS/
IPS; SA-2, Suite 8100; Washington, DC 20522-0208. The individual must 
specify that he or she wishes the Network User Account Records to be 
checked. At a minimum, the individual must include: Full name 
(including maiden name, if appropriate) and any other names used; 
current mailing address and zip code; date and place of birth; 
notarized signature or statement under penalty of perjury; a brief 
description of the circumstances that caused the creation of the record 
(including the city and/or country and the approximate dates) which 
gives the individual cause to believe that the Network User Account 
Records include records pertaining to him or her.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This SORN was previously published at 75 FR 7210.

Mary R. Avery,
Senior Agency Official for Privacy, Senior Advisor, Office of Global 
Information Services, Bureau of Administration, Department of State.
[FR Doc. 2017-26750 Filed 12-11-17; 8:45 am]
 BILLING CODE 4710-24-P