Privacy Act of 1974; System of Records, 53728-53730 [2019-21885]

Download as PDF 53728 Federal Register / Vol. 84, No. 195 / Tuesday, October 8, 2019 / Notices 0129, Cost Accounting Standards Administration. Comments received generally will be posted without change to http://www.regulations.gov, including any personal and/or business confidential information provided. To confirm receipt of your comment(s), please check www.regulations.gov, approximately two-to-three days after submission to verify posting (except allow 30 days for posting of comments submitted by mail). FOR FURTHER INFORMATION CONTACT: Zenaida Delgado, Procurement Analyst, at telephone 202–969–7207, or zenaida.delgado@gsa.gov. SUPPLEMENTARY INFORMATION: A. OMB Control Number, Title, and Any Associated Form(s) 9000–0129, Cost Accounting Standards Administration. jbell on DSK3GLQ082PROD with NOTICES C. Annual Burden Respondents: 599. Total Annual Responses: 1,797. Total Burden Hours: 314,475. D. Public Comment A 60-day notice was published in the Federal Register at 84 FR 37875, on August 2, 2019. No comments were received. Obtaining Copies: Requesters may obtain a copy of the information collection documents from the General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405, 21:50 Oct 07, 2019 Jkt 250001 Dated: October 2, 2019. Janet Fry, Director, Federal Acquisition Policy Division, Office of Governmentwide Acquisition Policy, Office of Acquisition Policy, Office of Governmentwide Policy. [FR Doc. 2019–21887 Filed 10–7–19; 8:45 am] BILLING CODE 6820–EP–P GENERAL SERVICES ADMINISTRATION [Notice–ID–2019–01; Docket No. 2019–0002; Sequence No. 27] Privacy Act of 1974; System of Records B. Need and Uses This clearance covers the information that contractors must submit to comply with the Cost Accounting Standards (CAS) under the Federal Acquisition Regulation (FAR). FAR clause 52.230–6, Administration of Cost Accounting Standards, requires contractors performing CAS-covered contracts to submit notifications and descriptions of certain cost accounting practice changes, including revisions to their Disclosure Statements, if applicable. The threshold for CAS applicability is required by 41 U.S.C. 1502(b)(1)(B) to be the same as the threshold for requesting certified cost or pricing data at FAR 15.403–4(a)(1). The burden was calculated with data from the Federal Procurement Data System for Fiscal Year 2016 through 2018 using the increased threshold for requesting certified cost or pricing data of $2 million as proposed by FAR Case 2018– 005, Modifications to Cost or Pricing Data Reporting Requirements (84 FR 52428), per section 811 of the National Defense Authorization Act for Fiscal Year 2018. VerDate Sep<11>2014 telephone 202–501–4755. Please cite OMB Control No. 9000–0129, Cost Accounting Standards Administration, in all correspondence. General Services Administration (GSA), Office of Government-Wide Policy (OGP). ACTION: Notice of a new system of records. AGENCY: GSA is publishing this system of records notice (SORN) as the new managing partner of the e-Rulemaking Program, effective October 1, 2019. The e-Rulemaking Program includes the Federal Docket Management System (FDMS) and Regulations.gov. Regulations.gov allows the public to search, view, download, and comment on Federal agencies’ rulemaking documents in one central location online. FDMS provides each participating Federal agency with the ability to electronically access and manage its own rulemaking dockets, or other dockets, including comments or supporting materials submitted by individuals or organizations. GSA is establishing the GSA/OGP–1, eRulemaking Program Administrative System to manage regulations.gov and partner agency access to the Federal Docket Management System (FDMS). DATES: The System of Records Notice (SORN) is applicable on October 8, 2019, with the exception of the routine uses. The routine uses will not be effective until November 7, 2019, pending public comment. Comments on the routine uses or other aspects of the SORN must be submitted by November 7, 2019. ADDRESSES: Submit comments identified by ‘‘Notice–ID–2019–01, Notice of a New System of Records’’ by any of the following methods: • Regulations.gov: https:// www.regulations.gov. Submit comments via the Federal e-Rulemaking portal by searching for Notice–ID–2019–01, SUMMARY: PO 00000 Frm 00057 Fmt 4703 Sfmt 4703 Notice of New System of Records. Select the link ‘‘Comment Now’’ that corresponds with ‘‘Notice–ID–2019–01, Notice of New System of Records.’’ Follow the instructions provided on the screen. Please include your name, company name (if any), and ‘‘Notice– ID–2019–01, Notice of New System of Records’’ on your attached document. • Mail: General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405. ATTN: Ms. Mandell/Notice–ID–2019–01, Notice of New System of Records. FOR FURTHER INFORMATION CONTACT: Call or email GSA’s Chief Privacy Officer: telephone 202–322–8246, or email gsa.privacyact@gsa.gov. SUPPLEMENTARY INFORMATION: The eRulemaking Program has been managed by the Environmental Protection Agency (EPA). However, based on direction from the Office of Management and Budget (OMB), GSA will be the managing partner of the Program, effective October 1, 2019. GSA is assuming the role of managing partner and is establishing this system of records to support GSA’s management of regulations.gov and partner agency access to FDMS. This notice describes how GSA, as managing partner, manages partner agencies’ users’ credentials. This system of records does not include records pertaining to agency rulemakings (e.g., comments received); partner agencies are responsible for any Privacy Act Notices relevant to their rulemaking materials. Richard Speidel, Chief Privacy Officer, Office of the Deputy Chief Information Officer, General Services Administration. SYSTEM NAME AND NUMBER: GSA/OGP–1, e-Rulemaking Program Administrative System. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: National Computer Center in Research Triangle Park, North Carolina. SYSTEM MANAGER(S): The system manager is the Associate Chief Information Officer of Corporate IT Services in GSA–IT. The business address is: General Services Administration—IC, 1800 F Street NW, Washington, DC 20405. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: e-Government Act of 2002, see 44 U.S.C. 3602(f)(6); see also id § 3501, note. E:\FR\FM\08OCN1.SGM 08OCN1 Federal Register / Vol. 84, No. 195 / Tuesday, October 8, 2019 / Notices PURPOSE(S) OF THE SYSTEM: The purpose of the e-Rulemaking Program Administrative System is to support GSA’s management of regulations.gov and partner agency access to FDMS. FDMS is used by participating Federal agencies that conduct rulemakings and regulations.gov enables Federal agencies to accept public comments electronically. This system of records notice governs the records pertaining to GSA’s issuance and management of user credentials to access FDMS. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Covered individuals are partner agency users who register to access FDMS including those agency users who serve as designated partner agency account managers. CATEGORIES OF RECORDS IN THE SYSTEM: GSA maintains partner agencies’ users’ names, government issued email addresses, telephone numbers, and passwords as credentials. In addition, users provide their supervisor’s name, telephone number, and government issued email address. RECORD SOURCE CATEGORIES: The information in the system may be submitted by users and then approved by partner agencies’ designated account manager or directly submitted and approved by a partner agency’s designated account manager on behalf of a user. jbell on DSK3GLQ082PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or portions of the records or information contained in this system may be disclosed to authorized entities on a need to know basis outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: a. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations. b. To the Office of Personnel Management (OPM), OMB, and the Government Accountability Office (GAO) in accordance with their VerDate Sep<11>2014 21:50 Oct 07, 2019 Jkt 250001 responsibilities for evaluating Federal programs. c. To a Member of Congress or his or her staff in response to a request made on behalf of and at the request of the individual who is the subject of the record. d. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) GSA or any component thereof, or (b) any employee of GSA in his/her official capacity, or (c) any employee of GSA in his/her individual capacity where DOJ or GSA has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and GSA determines that the records are both relevant and necessary to the litigation. e. To the National Archives and Records Administration (NARA) for records management purposes. f. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant. g. In connection with any litigation or settlement discussions regarding claims by or against the GSA, including public filing with a court, to the extent that GSA determines the disclosure of the information is relevant and necessary to the litigation or discussions. h. To an appeal or grievance examiner, formal complaints examiner, equal opportunity investigator, arbitrator, or other authorized official engaged in investigation or settlement of matters and investigations involving the Merit Systems Protection Board or the Office of Special Counsel. i. To appropriate agencies, entities, and persons when (1) GSA suspects or has confirmed that there has been a breach of the system of records, (2) GSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, GSA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. j. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to PO 00000 Frm 00058 Fmt 4703 Sfmt 4703 53729 individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. k. To a partner agency when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency in managing its access to the system. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: User credentials and associated documentation are stored on secure servers approved by GSA Office of the Chief Information Security Officer (OCISO) and accessed only by authorized personnel. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: The e-Rulemaking Program Administrative System retrieves partner agency user credentials using the government-issued email addresses. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records relating to user credentials are subject to GSA’s Records Management Program and NARAapproved retention and disposal procedures. When a user account is terminated, records pertaining to that account are maintained for a period of 6 years before disposal. ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS: The e-Rulemaking Program Administrative System is in a facility protected by physical walls, security guards, and requiring identification badges. Rooms housing the system infrastructure are locked, as are the individual server racks. All security controls are reviewed on a periodic basis by external assessors. The controls themselves include measures for access control, security awareness training, audits, configuration management, contingency planning, incident response, and maintenance. There are a limited number of GSA system administrator accounts for the eRulemaking Program Administrative System that allow GSA to manage regulations.gov and partner agency access to FDMS. Partner agency access to FDMS is managed through designated partner agency account managers, who in turn have access to the system to manage their own agency’s user accounts within FDMS. Each designated partner agency account manager has access to FDMS. This level of access enables them to E:\FR\FM\08OCN1.SGM 08OCN1 53730 Federal Register / Vol. 84, No. 195 / Tuesday, October 8, 2019 / Notices establish, manage, and terminate user accounts limited to their own agency. The GSA system administrator accounts are an additional level of security and management in that they oversee all partner agency accounts, including both designated partner agency account managers and agency users. The GSA system administrator accounts require additional tokens that meet multi-factor authentication standards in accordance with National Institute of Standards and Technology (NIST) standards. The controls assist in restricting access to authorized users who require it for official business purposes. Records in FDMS are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intrusion detection, encryption, identification and authentication of users. RECORD ACCESS PROCEDURES: Partner agency users can access and manage their user credentials through their designated partner agency account manager. If an access inquiry is not resolved by the designated partner agency account manager, the partner agency user may contact the GSA system manager listed above. Procedures for requesting access from GSA can be found at 41 CFR part 105– 64.4. CONTESTING RECORD PROCEDURES: If partner agency users have questions or concerns about their account records, they can contact their designated partner agency account manager. If a question or concern is not resolved by the designated partner agency account manager, a partner agency user may contact the GSA system manager listed above. Procedures for contesting records stored by GSA can be found at 41 CFR part 105–64.4. jbell on DSK3GLQ082PROD with NOTICES NOTIFICATION PROCEDURES: If partner agency users wish to receive notice about their account records, they can contact their designated partner agency account manager. If not resolved by the designated partner agency account manager, the partner agency user may contact the GSA system manager listed above. Procedures for requesting notice of records stored by GSA can be found at 41 CFR part 105– 64.4. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. VerDate Sep<11>2014 21:50 Oct 07, 2019 Jkt 250001 HISTORY: N/A. [FR Doc. 2019–21885 Filed 10–7–19; 8:45 am] BILLING CODE 6820–34–P DEPARTMENT OF DEFENSE GENERAL SERVICES ADMINISTRATION NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [OMB Control No. 9000–0032; Docket No. 2019–0003; Sequence No. 30] Information Collection; Contractor Use of Interagency Fleet Management System Vehicles Department of Defense (DOD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA). ACTION: Notice and request for comments. AGENCY: In accordance with section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995, and the Office of Management and Budget (OMB) regulations, DoD, GSA, and NASA invite the public to comment on a revision and renewal concerning contractor use of Interagency Fleet Management System Vehicles. DoD, GSA, and NASA invite comments on: Whether the proposed collection of information is necessary for the proper performance of the functions of Federal Government acquisitions, including whether the information will have practical utility; the accuracy of the estimate of the burden of the proposed information collection; ways to enhance the quality, utility, and clarity of the information to be collected; and ways to minimize the burden of the information collection on respondents, including the use of automated collection techniques or other forms of information technology. OMB has approved this information collection for use through January 31, 2020. DoD, GSA, and NASA propose that OMB extend its approval for use for three additional years beyond the current expiration date. DATES: DoD, GSA, and NASA will consider all comments received by December 9, 2019. ADDRESSES: DoD, GSA, and NASA invite interested persons to submit comments on this collection by either of the following methods: • Federal eRulemaking Portal: This website provides the ability to type short comments directly into the comment field or attach a file for SUMMARY: PO 00000 Frm 00059 Fmt 4703 Sfmt 4703 lengthier comments. Go to http:// www.regulations.gov and follow the instructions on the site. • Mail: General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405. ATTN: Lois Mandell/IC 9000–0032, Contractor Use of Interagency Fleet Management System Vehicles. Instructions: All items submitted must cite Information Collection 9000– 0032, Contractor Use of Interagency Fleet Management System Vehicles. Comments received generally will be posted without change to http:// www.regulations.gov, including any personal and/or business confidential information provided. To confirm receipt of your comment(s), please check www.regulations.gov, approximately two-to-three days after submission to verify posting (except allow 30 days for posting of comments submitted by mail). FOR FURTHER INFORMATION CONTACT: Mr. Michael O. Jackson, Procurement Analyst, at telephone 202–208–4949, or email at michaelo.jackson@gsa.gov. SUPPLEMENTARY INFORMATION: A. OMB Control number, Title, and Any Associated Form(s) 9000–0032, Contractor Use of Interagency Fleet Management System Vehicles. B. Needs and Uses Federal Acquisition Regulation (FAR) 51.203 and the clause at FAR 52.251–2, Interagency Fleet Management System (IFMS) Vehicles and Related Services, are to be used in solicitations and contracts when a cost-reimbursement contract is contemplated and the contracting officer may authorize, if in the best interest of the Government, the contractor to use IFMS vehicles and related services. Before such an authorization, the contracting officer must have, among other requirements: (1) A written statement that the contractor will assume, without the right of reimbursement from the Government, the cost or expense of any use of the IFMS vehicles and services not related to the performance of the contract; (2) Evidence that the contractor has obtained motor vehicle liability insurance covering bodily injury and property damage, with limits of liability as required or approved by the agency, protecting the contractor and the Government against third-party claims arising from the ownership, maintenance, or use of an IFMS vehicle; and (3) Considered any recommendations of the contractor. E:\FR\FM\08OCN1.SGM 08OCN1

Agencies

[Federal Register Volume 84, Number 195 (Tuesday, October 8, 2019)]
[Notices]
[Pages 53728-53730]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-21885]


-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-ID-2019-01; Docket No. 2019-0002; Sequence No. 27]


Privacy Act of 1974; System of Records

AGENCY: General Services Administration (GSA), Office of Government-
Wide Policy (OGP).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: GSA is publishing this system of records notice (SORN) as the 
new managing partner of the e-Rulemaking Program, effective October 1, 
2019. The e-Rulemaking Program includes the Federal Docket Management 
System (FDMS) and Regulations.gov. Regulations.gov allows the public to 
search, view, download, and comment on Federal agencies' rulemaking 
documents in one central location on-line. FDMS provides each 
participating Federal agency with the ability to electronically access 
and manage its own rulemaking dockets, or other dockets, including 
comments or supporting materials submitted by individuals or 
organizations. GSA is establishing the GSA/OGP-1, e-Rulemaking Program 
Administrative System to manage regulations.gov and partner agency 
access to the Federal Docket Management System (FDMS).

DATES: The System of Records Notice (SORN) is applicable on October 8, 
2019, with the exception of the routine uses. The routine uses will not 
be effective until November 7, 2019, pending public comment. Comments 
on the routine uses or other aspects of the SORN must be submitted by 
November 7, 2019.

ADDRESSES: Submit comments identified by ``Notice-ID-2019-01, Notice of 
a New System of Records'' by any of the following methods:
     Regulations.gov: https://www.regulations.gov. Submit 
comments via the Federal e-Rulemaking portal by searching for Notice-
ID-2019-01, Notice of New System of Records. Select the link ``Comment 
Now'' that corresponds with ``Notice-ID-2019-01, Notice of New System 
of Records.'' Follow the instructions provided on the screen. Please 
include your name, company name (if any), and ``Notice-ID-2019-01, 
Notice of New System of Records'' on your attached document.
     Mail: General Services Administration, Regulatory 
Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405. 
ATTN: Ms. Mandell/Notice-ID-2019-01, Notice of New System of Records.

FOR FURTHER INFORMATION CONTACT: Call or email GSA's Chief Privacy 
Officer: telephone 202-322-8246, or email [email protected].

SUPPLEMENTARY INFORMATION: The e-Rulemaking Program has been managed by 
the Environmental Protection Agency (EPA). However, based on direction 
from the Office of Management and Budget (OMB), GSA will be the 
managing partner of the Program, effective October 1, 2019.
    GSA is assuming the role of managing partner and is establishing 
this system of records to support GSA's management of regulations.gov 
and partner agency access to FDMS. This notice describes how GSA, as 
managing partner, manages partner agencies' users' credentials. This 
system of records does not include records pertaining to agency 
rulemakings (e.g., comments received); partner agencies are responsible 
for any Privacy Act Notices relevant to their rulemaking materials.

Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.

SYSTEM NAME AND NUMBER:
    GSA/OGP-1, e-Rulemaking Program Administrative System.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    National Computer Center in Research Triangle Park, North Carolina.

SYSTEM MANAGER(S):
    The system manager is the Associate Chief Information Officer of 
Corporate IT Services in GSA-IT. The business address is: General 
Services Administration--IC, 1800 F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    e-Government Act of 2002, see 44 U.S.C. 3602(f)(6); see also id 
Sec.  3501, note.

[[Page 53729]]

PURPOSE(S) OF THE SYSTEM:
    The purpose of the e-Rulemaking Program Administrative System is to 
support GSA's management of regulations.gov and partner agency access 
to FDMS. FDMS is used by participating Federal agencies that conduct 
rulemakings and regulations.gov enables Federal agencies to accept 
public comments electronically. This system of records notice governs 
the records pertaining to GSA's issuance and management of user 
credentials to access FDMS.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Covered individuals are partner agency users who register to access 
FDMS including those agency users who serve as designated partner 
agency account managers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    GSA maintains partner agencies' users' names, government issued 
email addresses, telephone numbers, and passwords as credentials. In 
addition, users provide their supervisor's name, telephone number, and 
government issued email address.

RECORD SOURCE CATEGORIES:
    The information in the system may be submitted by users and then 
approved by partner agencies' designated account manager or directly 
submitted and approved by a partner agency's designated account manager 
on behalf of a user.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or portions of the records or 
information contained in this system may be disclosed to authorized 
entities on a need to know basis outside GSA as a routine use pursuant 
to 5 U.S.C. 552a(b)(3) as follows:
    a. To an appropriate Federal, State, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations.
    b. To the Office of Personnel Management (OPM), OMB, and the 
Government Accountability Office (GAO) in accordance with their 
responsibilities for evaluating Federal programs.
    c. To a Member of Congress or his or her staff in response to a 
request made on behalf of and at the request of the individual who is 
the subject of the record.
    d. To the Department of Justice or other Federal agency conducting 
litigation or in proceedings before any court, adjudicative or 
administrative body, when: (a) GSA or any component thereof, or (b) any 
employee of GSA in his/her official capacity, or (c) any employee of 
GSA in his/her individual capacity where DOJ or GSA has agreed to 
represent the employee, or (d) the United States or any agency thereof, 
is a party to the litigation or has an interest in such litigation, and 
GSA determines that the records are both relevant and necessary to the 
litigation.
    e. To the National Archives and Records Administration (NARA) for 
records management purposes.
    f. To an expert, consultant, or contractor of GSA in the 
performance of a Federal duty to which the information is relevant.
    g. In connection with any litigation or settlement discussions 
regarding claims by or against the GSA, including public filing with a 
court, to the extent that GSA determines the disclosure of the 
information is relevant and necessary to the litigation or discussions.
    h. To an appeal or grievance examiner, formal complaints examiner, 
equal opportunity investigator, arbitrator, or other authorized 
official engaged in investigation or settlement of matters and 
investigations involving the Merit Systems Protection Board or the 
Office of Special Counsel.
    i. To appropriate agencies, entities, and persons when (1) GSA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) GSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, GSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with GSA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    j. To another Federal agency or Federal entity, when GSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    k. To a partner agency when GSA determines that information from 
this system of records is reasonably necessary to assist the recipient 
agency in managing its access to the system.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    User credentials and associated documentation are stored on secure 
servers approved by GSA Office of the Chief Information Security 
Officer (OCISO) and accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The e-Rulemaking Program Administrative System retrieves partner 
agency user credentials using the government-issued email addresses.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records relating to user credentials are subject to GSA's Records 
Management Program and NARA-approved retention and disposal procedures. 
When a user account is terminated, records pertaining to that account 
are maintained for a period of 6 years before disposal.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    The e-Rulemaking Program Administrative System is in a facility 
protected by physical walls, security guards, and requiring 
identification badges. Rooms housing the system infrastructure are 
locked, as are the individual server racks. All security controls are 
reviewed on a periodic basis by external assessors. The controls 
themselves include measures for access control, security awareness 
training, audits, configuration management, contingency planning, 
incident response, and maintenance.
    There are a limited number of GSA system administrator accounts for 
the e-Rulemaking Program Administrative System that allow GSA to manage 
regulations.gov and partner agency access to FDMS. Partner agency 
access to FDMS is managed through designated partner agency account 
managers, who in turn have access to the system to manage their own 
agency's user accounts within FDMS.
    Each designated partner agency account manager has access to FDMS. 
This level of access enables them to

[[Page 53730]]

establish, manage, and terminate user accounts limited to their own 
agency.
    The GSA system administrator accounts are an additional level of 
security and management in that they oversee all partner agency 
accounts, including both designated partner agency account managers and 
agency users. The GSA system administrator accounts require additional 
tokens that meet multi-factor authentication standards in accordance 
with National Institute of Standards and Technology (NIST) standards. 
The controls assist in restricting access to authorized users who 
require it for official business purposes. Records in FDMS are 
maintained in a secure, password protected electronic system that 
utilizes security hardware and software to include multiple firewalls, 
active intrusion detection, encryption, identification and 
authentication of users.

RECORD ACCESS PROCEDURES:
    Partner agency users can access and manage their user credentials 
through their designated partner agency account manager. If an access 
inquiry is not resolved by the designated partner agency account 
manager, the partner agency user may contact the GSA system manager 
listed above. Procedures for requesting access from GSA can be found at 
41 CFR part 105-64.4.

CONTESTING RECORD PROCEDURES:
    If partner agency users have questions or concerns about their 
account records, they can contact their designated partner agency 
account manager. If a question or concern is not resolved by the 
designated partner agency account manager, a partner agency user may 
contact the GSA system manager listed above. Procedures for contesting 
records stored by GSA can be found at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:
    If partner agency users wish to receive notice about their account 
records, they can contact their designated partner agency account 
manager. If not resolved by the designated partner agency account 
manager, the partner agency user may contact the GSA system manager 
listed above. Procedures for requesting notice of records stored by GSA 
can be found at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    N/A.

[FR Doc. 2019-21885 Filed 10-7-19; 8:45 am]
BILLING CODE 6820-34-P