DoD Identity Management, 59303-59307 [2018-25500]

Agencies

• DEPARTMENT OF DEFENSE
• Office of the Secretary

[Federal Register Volume 83, Number 226 (Friday, November 23, 2018)]
[Rules and Regulations]
[Pages 59303-59307]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-25500]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 221

[Docket ID: DOD-2015-OS-0054]
RIN 0790-AJ36


DoD Identity Management

AGENCY: Under Secretary of Defense for Personnel and Readiness 
(USD(P&R)), DoD.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This rulemaking establishes implementation guidelines for DoD 
Self-Service (DS) Logon to provide a secure means of authentication to 
applications containing personally identifiable information (PII) and 
personal health information (PHI). This will allow beneficiaries and 
other individuals with a continuing affiliation with DoD to update pay 
or health-care information in a secure environment. This service can be 
accessed by active duty, National Guard and Reserve, and Commissioned 
Corps members of the uniformed services when separating from active 
duty or from the uniformed service.

DATES: This rule is effective on December 24, 2018.

FOR FURTHER INFORMATION CONTACT: Mr. Robert Eves, Defense Human 
Resources Activity, 571-372-1956.

SUPPLEMENTARY INFORMATION:

Public Comments and Responses

    On Thursday, November 3, 2016 (81 FR 76325-76330), the Department 
of Defense (DoD) published a proposed rule titled, ``DoD Identity 
Management'' for a 60-day public comment period. When the comment 
period ended on January 3, 2017, no comments were received.

Discussion of Changes Made Based on Internal Review

    While in final internal review, it was discovered, based on 
existing DoD instructions, that only certain retired DoD civilians 
should be included among the populations eligible for the DS Logon 
credential as identified in DoD Instruction 1330.17, ``DoD Commissary 
Program,'' and DoD Instruction 1330.21, ``Armed Services Exchange 
Regulations.'' Only those retired DoD civilians who are eligible for 
DoD commissary and exchange benefits are eligible for the DS Logon 
credential. Compliance with existing DoD policy and current 
instructions required modification of Sec.  221.6(b)(1)(ii) of the 
final rule, which was amended to read ``Eligible retired DoD civilian 
employees in accordance with DoD Instruction 1330.17, ``DoD Commissary 
Program'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/133017p.pdf) and DoD Instruction 1330.21, ``Armed 
Services Exchange Regulations'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/133021p.pdf).'' This amendment 
was made to reflect current Department policy and clarifies that only 
certain retired DoD civilians (not all retired DoD civlians) are 
eligible for access to these programs.

Background

    This final rule establishes implementation guidelines for DS Logon 
and describes procedures for obtaining a DS Logon credential. All 
active duty, National Guard and Reserve, and Commissioned Corps members 
of the uniformed services must obtain a DS Logon credential when 
separating from active duty or from the uniformed service. The DS Logon 
credential is also available to all beneficiaries that are eligible for 
DoD-related benefits or entitlements to facilitate secure 
authentication to critical websites, to include members of the 
uniformed services, veterans with a continuing affiliation to the DoD, 
spouses, dependent children aged 18 and over, certain retired DoD 
civilians, surrogates and other eligible individuals. It discusses how 
credential holders may maintain and update their credentials and manage 
their personal settings. Finally, it discusses the permissions 
credential holders have to access their information, who has access to 
view and edit their information, and who is eligible to act on their 
behalf.
    DoD collects and maintains information on Service members, 
beneficiaries, DoD employees, and other individuals affiliated with the 
DoD in order to issue DoD identification (ID) cards that facilitate 
access to DoD benefits, DoD installations, and DoD information systems. 
This action formally establishes DoD policy requirements for DS Logon 
credentials that are used to facilitate logical access to self-service 
websites. This regulatory action will update the CFR for DoD Manual 
(DoDM) 1341.02, Volume 1, ``DoD Identity Management: DoD Self-Service 
(DS) Logon Program and Credential.''

Authorities

    The DoD Personal Identity Protection (PIP) Program uses emerging 
technologies to support the protection of individual identity and to 
assist with safeguarding DoD physical assets, networks, and systems 
from unauthorized access based on fraudulent or fraudulently obtained 
credentials. DEERS is the authoritative data source for identity and 
verification of affiliation with the DoD in accordance with the DoD PIP 
Program. Specific authorities are listed below.
     Title 10 U.S.C. 1044a. This section establishes the 
authority for a Judge Advocate, other members of the armed forces 
designated by law and regulations, or other eligible persons to have 
the powers to act as a notary. The persons identified in Title 10 
U.S.C. 1044a subsection (b) have the general power of a notary and may 
notarize a completed and signed DD Form 3005, ``Application for 
Surrogate Association for DoD Self-Service (DS) Logon.''
     DoD Instruction 1000.25, ``DoD Personnel Identity 
Protection (PIP) Program'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/100025p.pdf). This issuance 
establishes minimum acceptable criteria for the establishment and 
confirmation of personal identity and for the issuance of DoD personnel 
identity verification credentials.
     DoD Instruction 1341.2, ``Defense Enrollment Eligibility 
Reporting System (DEERS) Procedures'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/134102p.pdf). 
This issuance establishes DEERS as the authoritative data source for 
identity and verification of affiliation

[[Page 59304]]

with the DoD, and benefit eligibility to include medical, dental, and 
pharmacy.
     Office of Management and Budget M-04-04, ``E-
Authentication Guidance for Federal Agencies'' (available at https://georgewbush-whitehouse.archives.gov/omb/memoranda/fy04/m04-04.pdf). 
This memorandum requires agencies to review new and existing electronic 
transactions to ensure that authentication processes provide the 
appropriate level of assurance, establishing and describing four levels 
of identity assurance for electronic transactions requiring 
authentication.
     32 CFR part 310. This CFR part established the DoD Privacy 
Program in accordance with the provisions of the Privacy Act of 1974, 
and prescribes uniform procedures for the implementation of and 
compliance with the DoD Privacy Program.

Expected Impact of the Final Rule

    The annual operating costs for the DS Logon program are 
approximately $1,700,000.00. Based on 6.8 million active users, the 
cost to the Department per user is about $0.25. This rule is not 
anticipated to change the population of individuals able to receive a 
DS Logon account. As part of the proposed rule, DoD requested comments 
on a new information collection request for this program. No public 
comment was received. Additional information on the collection can be 
found in the Paperwork Reduction Act section of this rule.

Regulatory Procedures

Executive Order 12866, ``Regulatory Planning and Review'' and Executive 
Order 13563, ``Improving Regulation and Regulatory Review''

    Executive Orders 13563 and 12866 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distribute impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. It has been determined that this rule is not a significant 
regulatory action. The rule does not: (1) Have an annual effect on the 
economy of $100 million or more or adversely affect in a material way 
the economy; a section of the economy; productivity; competition; jobs; 
the environment; public health or safety; or State, local, or tribal 
governments or communities; (2) Create a serious inconsistency or 
otherwise interfere with an action taken or planned by another Agency; 
(3) Materially alter the budgetary impact of entitlements, grants, user 
fees, or loan programs, or the rights and obligations of recipients 
thereof; or (4) Raise novel legal or policy issues arising out of legal 
mandates, the President's priorities, or the principles set forth in 
these Executive Orders.

Executive Order 13771, ``Reducing Regulation and Controlling Regulatory 
Costs''

    This final rule is not an E.O. 13771 regulatory action because this 
rule is not significant under E.O. 12866.

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) 
(Pub. L. 104-4) requires agencies assess anticipated costs and benefits 
before issuing any rule whose mandates require spending in any 1 year 
of $100 million in 1995 dollars, updated annually for inflation. In 
2014, that threshold is approximately $141 million. This final rule 
would not mandate any requirements for State, local, or tribal 
governments, nor will it affect private sector costs.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)

    The Department of Defense certifies that this final rule is not 
subject to the Regulatory Flexibility Act (5 U.S.C. 601) because it 
would not, if promulgated, have a significant economic impact on a 
substantial number of small entities. Therefore, the Regulatory 
Flexibility Act, as amended, does not require us to prepare a 
regulatory flexibility analysis.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been certified that 32 CFR part 221 does impose reporting or 
recordkeeping requirements under the Paperwork Reduction Act of 1995. 
These requirements have been approved by OMB and assigned OMB Control 
Number 0704-0559, Application for Surrogate Association for DoD Self-
Service (DS) Logon.

Executive Order 13132, ``Federalism''

    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct effects on the States, the 
relationship between the National Government and the states, or the 
distribution of power and responsibilities among the various levels of 
government. This final rule will not impose such substantial direct 
effects.

List of Subjects in 32 CFR Part 221

    Identity management, Identification cards, Logon credentials.

0
Accordingly, 32 CFR part 221 is added to read as follows:

PART 221--DOD IDENTITY MANAGEMENT

Sec.
221.1 Purpose.
221.2 Applicability.
221.3 Definitions.
221.4 Policy.
221.5 Responsibilities.
221.6 Procedures.

    Authority: 10 U.S.C. 1044a.


Sec.  221.1  Purpose.

    (a) The purpose of the overall part is to implement policy, assign 
responsibilities, and provide procedures for DoD personnel 
identification.
    (b) This part establishes implementation guidelines for DoD Self-
Service (DS) Logon Program.


Sec.  221.2  Applicability.

    This part applies to:
    (a) The Office of the Secretary of Defense, the Military 
Departments (including the Coast Guard at all times, including when it 
is a Service in the Department of Homeland Security, by agreement with 
that Department), the Office of the Chairman of the Joint Chiefs of 
Staff and the Joint Staff, the Combatant Commands, the Office of the 
Inspector General of the Department of Defense, the Defense Agencies, 
the DoD Field Activities, and all other organizational entities within 
the DoD (referred to collectively in this part as the ``DoD 
Components'').
    (b) The Commissioned Corps of the U.S. Public Health Service 
(USPHS), under agreement with the Department of Health and Human 
Services, and the National Oceanic and Atmospheric Administration 
(NOAA), under agreement with the Department of Commerce.


Sec.  221.3  Definitions.

    Unless otherwise noted, the following terms and their definitions 
are for the purposes of this part:
    Beneficiary. Individuals affiliated with the DoD and any of the 
uniformed Services identified in Sec.  221.2 Applicability, that may be 
eligible for benefits or entitlements.
    Certified copy. A copy of a document that is certified as a true 
original and:
    (1) Conveys the appropriate seal or markings of the issuer;

[[Page 59305]]

    (2) Has a means to validate the authenticity of the document by a 
reference or source number;
    (3) Is a notarized legal document or other document approved by a 
judge advocate, member of any of the armed forces, or other eligible 
person in accordance with 10 U.S.C. 1044a; or
    (4) Has the appropriate certificate of authentication by a U.S. 
Consular Officer in the foreign country of issuance which attests to 
the authenticity of the signature and seal.
    DoD beneficiary (DB). Beneficiaries who qualify for DoD benefits or 
entitlements who may be credentialed in accordance with National 
Institute of Science and Technology Special Publication 800-63-2, 
``Electronic Authentication Guideline'' (available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf). 
This population may include widows, widowers, and eligible former 
spouses.
    Dependent. An individual whose relationship to the sponsor leads to 
entitlement to benefits and privileges.
    DS Logon credential. A username and password to allow Service 
members, beneficiaries, and other individuals affiliated with the DoD 
secure access to self-service websites.
    DS Logon credential holder. A Service member, beneficiary, and 
other individual affiliated with the DoD who has applied for and 
received a DS Logon credential.
    Former member. An individual who is eligible for, or entitled to, 
retired pay for non-regular service in accordance with 31 U.S.C. 
chapter 1223, but who has been discharged from the Service and who 
maintains no military affiliation.
    Former spouse. An individual who was married to a uniformed 
services member for at least 20 years, and the member had at least 20 
years of service creditable toward retirement, and the marriage 
overlapped as follows:
    (1) Twenty years marriage, 20 years creditable service for 
retirement, and 20 years overlap between the marriage and the service 
(referred to as 20/20/20). The benefits eligibility begins on the date 
of divorce;
    (2) Twenty years marriage, 20 years creditable service for 
retirement, and 15 years overlap between the marriage and the service 
(referred to as 20/20/15). The benefits eligibility begins on the date 
of divorce; or
    (3) A spouse whose marriage was terminated from a uniformed Service 
member who has their eligibility to receive retired pay terminated as a 
result of misconduct based on Service-documented abuse of the spouse 
and has 10 years of marriage, 20 years of creditable service for 
retirement, 10 years of overlap between the marriage and the service 
(referred to as 10/20/10). The benefits eligibility begins on the date 
of divorce.
    Legal guardian (LG). The terms ``guardian'' and ``conservator'' are 
used synonymously. Some States may limit the authority of a guardian to 
specific types of health care decisions; a court may also impose 
limitations on the health care decisions.
    Surrogate. A person who has been delegated authority, either by an 
eligible individual who is at least 18 years of age and mentally 
competent to consent or by a court of competent jurisdiction in the 
United States (or possession of the United States), to act on behalf of 
the eligible individual in a specific role.
    Widow. The female spouse of a deceased member of the uniformed 
services.
    Widower. The male spouse of a deceased member of the uniformed 
services.


Sec.  221.4  Policy.

    In accordance with DoD Instruction 1000.25, ``DoD Personnel 
Identity Protection (PIP) Program'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/100025p.pdf), 
DoD Instruction 1341.02, ``Defense Enrollment Eligibility Reporting 
System (DEERS) Procedures'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/134102p.pdf), Office of 
Management and Budget M-04-04, ``E-Authentication Guidance for Federal 
Agencies'' (available at www.whitehouse.gov/sites/default/files/omb/memoranda/fy04/m04-04.pdf) and 32 CFR part 310, it is DoD policy that 
DoD will provide a secure means of authentication to PII and personal 
health information (PHI) for all beneficiaries and other individuals 
with a continuing affiliation with DoD.


Sec.  221.5  Responsibilities.

    (a) The Under Secretary of Defense for Personnel and Readiness 
(USD(P&R)) oversees implementation of the procedures within this part.
    (b) Under the authority, direction, and control of the USD(P&R), 
and in addition to the responsibilities in paragraph (c) of this 
section, the Director, DoDHRA, through the Director, DMDC:
    (1) Approves the addition or elimination of population categories 
for DS Logon eligibility.
    (2) Develops and fields the required Defense Enrollment Eligibility 
Reporting System (DEERS) and RAPIDS infrastructure and all elements of 
field support required to support the management of the DS Logon 
credential including, but not limited to, issuance, storage, 
maintenance, and customer service.
    (3) Obtains and distributes DS Logon credentials, and provides a 
secure means for delivery.
    (c) The DoD Component heads:
    (1) Comply with this part and distribute this guidance to 
applicable stakeholders.
    (2) Provide manpower for issuance of DS Logon credentials and 
instruction for use to all eligible individuals who are requesting a DS 
Logon credential in conjunction with the issuance of a DoD 
identification (ID) card or who are applying for a DS Logon credential 
as a surrogate, when responsible for a DoD ID card site(s).
    (d) The Secretaries of the Military Departments, in addition to the 
responsibilities in paragraph (c) of this section, and the heads of the 
non-DoD uniformed services:
    (1) Comply with this part and distribute this guidance to 
applicable stakeholders.
    (2) Provide manpower for issuance of DS Logon credentials and 
instruction for use to all eligible individuals who are requesting a DS 
Logon credential in conjunction with the issuance of a DoD ID card or 
who are applying for a DS Logon credential as a surrogate.
    (3) Ensure all Active Duty, National Guard and Reserve, and 
Commissioned Corps members of their uniformed services obtain a DS 
Logon credential when separating from active duty or from the uniformed 
service.


Sec.  221.6  Procedures.

    (a) General. A DS Logon credential will be made available to all 
beneficiaries that are eligible for DoD-related benefits or 
entitlements to facilitate secure authentication to critical websites. 
This includes members of the uniformed services, veterans with a 
continuing affiliation to the DoD, spouses, dependent children aged 18 
and over, and other eligible individuals identified in paragraph (b) of 
this section.
    (b) Overview. Only one DS Logon credential may exist for an 
individual, regardless of the number of affiliations an individual may 
have to the DoD.
    (1) Eligibility. Beneficiaries of DoD-related benefits or 
entitlements and other individuals with a continuing affiliation with 
the DoD may be eligible for a DS Logon credential. Eligible populations 
include:
    (i) Veterans, including former members, retirees, Medal of Honor

[[Page 59306]]

recipients, disabled American veterans, and other veterans with a 
continuing affiliation to the DoD.
    (ii) Eligible retired DoD civilian employees in accordance with DoD 
Instruction 1330.17, ``DoD Commissary Program'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/133017p.pdf), 
and DoD Instruction 1330.21, ``Armed Services Exchange Regulations'' 
(available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/133021p.pdf).
    (iii) Eligible dependents in accordance with Volume 2 of DoD Manual 
1000.13, ``DoD Identification (ID) Cards: Benefits for Members of the 
Uniformed Services, Their Dependents, and Other Eligible Individuals'' 
(available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/100013_vol2.pdf), including spouses, dependent children aged 18 or 
older, and dependent parents.
    (iv) DBs, including eligible widows, widowers, and former spouses, 
in accordance with Volume 2 of DoD Manual 1000.13.
    (v) Surrogates, as described in paragraph (d) of this section.
    (vi) Other populations as determined by the Director, DMDC.
    (2) [Reserved].
    (c) Lifecycle--(1) Application. Eligible individuals, as identified 
in paragraph (b)(1) of this section, may apply for a DS Logon 
credential:
    (i) Online. Individuals with internet access may apply for a 
sponsor or dependent DS Logon by submitting a:
    (A) My Access Center website request. This type of request supports 
the provisioning of a Basic DS Logon credential. The My Access Center 
website can be accessed at https://myaccess.dmdc.osd.mil/.
    (B) CAC request. Individuals with a CAC, a computer with internet 
access and a CAC reader may apply for either a sponsor or a dependent 
DS Logon credential via the My Access Center website or any application 
that has implemented DS Logon.
    (1) A sponsor DS Logon credential is provisioned immediately upon 
request. This type of request supports the provisioning of a Premium DS 
Logon credential.
    (2) A request for a DS Logon credential on behalf of a dependent 
generates an activation letter with an activation code that is mailed 
to the sponsor at his or her home address in DEERS. Once complete, this 
type of request supports the provisioning of a Premium DS Logon 
credential.
    (C) Request using a Defense Finance and Accounting Services (DFAS) 
myPay account. Eligible individuals may apply for a sponsor or 
dependent DS Logon credential using a DFAS myPay personal 
identification number via the My Access Center website. A request for a 
DS Logon credential generates an activation letter with an activation 
code that is mailed to the sponsor at his or her home address in DEERS. 
Once complete, this type of request supports the provisioning of a 
Premium DS Logon credential.
    (ii) Via remote proofing. Eligible individuals with an existing 
DEERS record may apply for a sponsor or dependent DS Logon credential 
using remote proofing via the My Access Center website. Individuals 
requesting a DS Logon credential via remote proofing must correctly 
answer a number of system-generated questions. Once remote proofing is 
completed, a Premium DS Logon credential is provisioned immediately.
    (iii) Via in-person proofing. Eligible individuals may apply for a 
sponsor or dependent DS Logon credential using in-person proofing. In-
person proofing is performed at Department of Veterans Affairs regional 
offices where the DS access station application is implemented, and at 
DoD ID card sites when a DS Logon credential is requested either in 
conjunction with DoD ID card issuance or during initial enrollment of a 
surrogate. Once in-person proofing is completed, a Premium DS Logon 
credential is provisioned immediately. Individuals requesting a DS 
Logon credential via in-person proofing must present:
    (A) Identity documents. DS Logon credential applicants must satisfy 
the identity verification criteria in paragraph 4a of Volume 1 of DoD 
Manual 1000.13, ``DoD Identification (ID) Cards: ID Card Life-Cycle'' 
(available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/100013_vol1.pdf), by presenting two forms of government-issued ID, 
one of which must contain a photograph. The requirement for the primary 
ID to have a photo cannot be waived. Identity documents must be 
original or a certified copy. All documentation not in English must 
have a certified English translation.
    (B) Proof of address. DS Logon credential applicants must present 
proof of address, if address on the presented ID is different than the 
address in DEERS.
    (C) DD Form 214, ``Certificate of Release or Discharge from Active 
Duty.'' DS Logon credential applicants must present a DD Form 214 if a 
veteran who was separated before 1982. If separated from the Reserve 
Component, a DS Logon credential applicant may present a Reserve 
Component separation document in lieu of a DD Form 214.
    (2) Use. DS Logon credential holders may use their DS Logon 
credential at the My Access Center website and any other DoD self-
service website that accepts DS Logon.
    (3) Maintenance. DS Logon credential holders may use the My Access 
Center website to maintain and update their DS Logon credential and 
manage their personal settings. The DS Logon credential holder may:
    (i) Activate or deactivate an account.
    (ii) Reset password.
    (iii) Update challenge questions and answers.
    (iv) Upgrade from a Basic DS Logon to a Premium DS Logon 
credential.
    (v) Select or update preferred sponsor, if a dependent of two 
sponsors.
    (vi) Manage personal and advanced security settings.
    (vii) Manage contact information.
    (viii) Manage relationships and access granting.
    (ix) Manage the DS Logon credential using additional capabilities 
as implemented by the Director, DMDC.
    (4) Decommissioning. DS Logon credentials may be decommissioned by 
the DS Logon credential holder, via self-service; by an operator, at 
the request of the DS Logon credential holder; or by the system, when 
the credential holder no longer has an affiliation to the DoD or is 
identified as deceased in DEERS.
    (5) Reactivation. DS Logon credentials may be reactivated if the 
person is living and still eligible for the credential.
    (d) Associations. DS Logon supports several types of associations, 
including DEERS-identified family relationships and operator-initiated 
and -approved surrogates.
    (1) Family. Individuals are connected to one another based on their 
family relationship information in DEERS. A family relationship must 
exist in DEERS before the relationship can exist in DS Logon.
    (i) Multiple sponsors. An individual has only one DS Logon 
credential, regardless of the number of sponsors the individual has 
(e.g., a dependent child whose parents are both Service members).
    (ii) Transferring families. If an individual has a second family in 
DEERS, the individual can move their DS Logon credential to the second 
family. This changes the assignment of the DS Logon credential from the 
first family to the second family and removes any granted permissions 
from the first family.

[[Page 59307]]

    (2) Surrogacy. Surrogacy is a feature that allows an individual who 
may not be affiliated with the DoD and who may not be related to the DS 
Logon credential holder or eligible individual by a DoD-recognized 
family relationship to be granted access to a DS Logon credential 
holder's or an eligible individual's information. A surrogate may be 
established as the custodian of a deceased Service member's unmarried 
minor child(ren) who is under 18, who is at least 18 but under 23 and 
attending school full-time, or who is incapacitated. A surrogate may 
also be established as the agent of an incapacitated dependent (e.g., 
spouse, parent) or of a wounded, ill, or incapacitated Service member.
    (i) Eligibility. An operator must first establish an identity in 
DEERS before establishing the surrogacy association in DS Logon. To 
establish a surrogate association, the surrogate must present to an 
operator for approval:
    (A) A completed and signed DD Form 3005, ``Application for 
Surrogate Association for DoD Self-Service (DS) Logon.''
    (B) Any additional eligibility documents required by the DD Form 
3005 which describe the scope of the surrogate's authority.
    (C) Proof of identity, in accordance with the requirements for in-
person proofing in paragraph (c)(1)(iii) of this section.
    (ii) Types of surrogates--(A) Financial agent (FA). An eligible 
individual names an FA to assist with specific financial matters.
    (B) Legal agent (LA). An eligible individual names an LA to assist 
with legal matters.
    (C) Caregiver (CG). An eligible individual names a CG to assist 
with general health care requirements (example, viewing general health-
care related information, scheduling appointments, refilling 
prescriptions, and tracking medical expenses), but does not make health 
care decisions.
    (D) Health care agent (HA). An eligible individual (the patient) 
names an HA in a durable power of attorney for health care documents to 
make health care decisions.
    (E) Legal guardian (LG). An LG is appointed by a court of competent 
jurisdiction in the United States (or jurisdiction of the United 
States) to make legal decisions for an eligible individual.
    (F) Special guardian (SG). An SG is appointed by a court of 
competent jurisdiction in the United States (or jurisdiction of the 
United States) for the specific purpose of making health care-related 
decisions for an eligible individual.
    (e) Permissions. A sponsor, a sponsor's spouse, and a sponsor's 
dependent over the age of 18 can manage who has access to their 
information (i.e., who has access to view and edit their information 
and who is eligible to act on their behalf). The provisions of this 
section may be superseded by order of a court of competent 
jurisdiction.
    (1) Sponsor access. Sponsors will automatically have access to the 
information of all dependents under the age of 18.
    (2) Spousal access--(i) Automatic. A sponsor's spouse will 
automatically have access to the information of all dependent children 
under the age of 18 whose relationship to the sponsor began on or after 
the date of marriage of the sponsor and sponsor's spouse.
    (ii) Sponsor-granted. The sponsor may grant the sponsor's spouse 
access to the information of dependent children under the age of 18 
whose relationship to the sponsor began before the date of marriage of 
the sponsor and the sponsor's spouse.
    (3) Granted access. A sponsor, a sponsor's spouse, and a sponsor's 
dependent over the age of 18 may grant access to their information via 
the My Access Center website in accordance with paragraph (c)(3) of 
this section. Surrogate access to the information of a sponsor, a 
sponsor's spouse, and a sponsor's dependent (regardless of age) must be 
granted via in-person proofing, including the submission of eligibility 
documents to an operator for approval in accordance with paragraph 
(d)(2) of this section.
    (i) Access granting by a sponsor. Sponsors may grant their spouse 
access to the sponsor's information and the information of any 
sponsor's dependents under the age of 18. Access to the sponsor's 
information and the information of any sponsor's dependents under the 
age of 18 may not be granted to any other sponsor's dependent, unless 
that dependent has been identified as a surrogate.
    (ii) Access granting by a spouse. Spouses may grant the sponsor 
access to the spouse's information. Access to the spouse's information 
may not be granted to any other sponsor's dependent, unless that 
sponsor's dependent has been identified as a surrogate.
    (iii) Access granting by a dependent over 18. A sponsor's dependent 
over the age of 18 may grant the sponsor and the sponsor's spouse 
access to the dependent's information. Access to the information of a 
sponsor's dependent over the age of 18 may not be granted to any other 
sponsor's dependent, unless that sponsor's dependent has been 
identified as a surrogate.

    Dated: November 19, 2018.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2018-25500 Filed 11-21-18; 8:45 am]
BILLING CODE 5001-06-P