Privacy Act of 1974; System of Records, 53728-53730 [2019-21885]
Download as PDF
<![CDATA[
53728
Federal Register / Vol. 84, No. 195 / Tuesday, October 8, 2019 / Notices
0129, Cost Accounting Standards
Administration. Comments received
generally will be posted without change
to https://www.regulations.gov, including
any personal and/or business
confidential information provided. To
confirm receipt of your comment(s),
please check www.regulations.gov,
approximately two-to-three days after
submission to verify posting (except
allow 30 days for posting of comments
submitted by mail).
FOR FURTHER INFORMATION CONTACT:
Zenaida Delgado, Procurement Analyst,
at telephone 202–969–7207, or
zenaida.delgado@gsa.gov.
SUPPLEMENTARY INFORMATION:
A. OMB Control Number, Title, and
Any Associated Form(s)
9000–0129, Cost Accounting
Standards Administration.
jbell on DSK3GLQ082PROD with NOTICES
C. Annual Burden
Respondents: 599.
Total Annual Responses: 1,797.
Total Burden Hours: 314,475.
D. Public Comment
A 60-day notice was published in the
Federal Register at 84 FR 37875, on
August 2, 2019. No comments were
received.
Obtaining Copies: Requesters may
obtain a copy of the information
collection documents from the General
Services Administration, Regulatory
Secretariat Division (MVCB), 1800 F
Street NW, Washington, DC 20405,
21:50 Oct 07, 2019
Jkt 250001
Dated: October 2, 2019.
Janet Fry,
Director, Federal Acquisition Policy Division,
Office of Governmentwide Acquisition Policy,
Office of Acquisition Policy, Office of
Governmentwide Policy.
[FR Doc. 2019–21887 Filed 10–7–19; 8:45 am]
BILLING CODE 6820–EP–P
GENERAL SERVICES
ADMINISTRATION
[Notice–ID–2019–01; Docket No. 2019–0002;
Sequence No. 27]
Privacy Act of 1974; System of
Records
B. Need and Uses
This clearance covers the information
that contractors must submit to comply
with the Cost Accounting Standards
(CAS) under the Federal Acquisition
Regulation (FAR). FAR clause 52.230–6,
Administration of Cost Accounting
Standards, requires contractors
performing CAS-covered contracts to
submit notifications and descriptions of
certain cost accounting practice
changes, including revisions to their
Disclosure Statements, if applicable.
The threshold for CAS applicability is
required by 41 U.S.C. 1502(b)(1)(B) to be
the same as the threshold for requesting
certified cost or pricing data at FAR
15.403–4(a)(1). The burden was
calculated with data from the Federal
Procurement Data System for Fiscal
Year 2016 through 2018 using the
increased threshold for requesting
certified cost or pricing data of $2
million as proposed by FAR Case 2018–
005, Modifications to Cost or Pricing
Data Reporting Requirements (84 FR
52428), per section 811 of the National
Defense Authorization Act for Fiscal
Year 2018.
VerDate Sep<11>2014
telephone 202–501–4755. Please cite
OMB Control No. 9000–0129, Cost
Accounting Standards Administration,
in all correspondence.
General Services
Administration (GSA), Office of
Government-Wide Policy (OGP).
ACTION: Notice of a new system of
records.
AGENCY:
GSA is publishing this system
of records notice (SORN) as the new
managing partner of the e-Rulemaking
Program, effective October 1, 2019. The
e-Rulemaking Program includes the
Federal Docket Management System
(FDMS) and Regulations.gov.
Regulations.gov allows the public to
search, view, download, and comment
on Federal agencies’ rulemaking
documents in one central location online. FDMS provides each participating
Federal agency with the ability to
electronically access and manage its
own rulemaking dockets, or other
dockets, including comments or
supporting materials submitted by
individuals or organizations. GSA is
establishing the GSA/OGP–1, eRulemaking Program Administrative
System to manage regulations.gov and
partner agency access to the Federal
Docket Management System (FDMS).
DATES: The System of Records Notice
(SORN) is applicable on October 8,
2019, with the exception of the routine
uses. The routine uses will not be
effective until November 7, 2019,
pending public comment. Comments on
the routine uses or other aspects of the
SORN must be submitted by November
7, 2019.
ADDRESSES: Submit comments
identified by ‘‘Notice–ID–2019–01,
Notice of a New System of Records’’ by
any of the following methods:
• Regulations.gov: https://
www.regulations.gov. Submit comments
via the Federal e-Rulemaking portal by
searching for Notice–ID–2019–01,
SUMMARY:
PO 00000
Frm 00057
Fmt 4703
Sfmt 4703
Notice of New System of Records. Select
the link ‘‘Comment Now’’ that
corresponds with ‘‘Notice–ID–2019–01,
Notice of New System of Records.’’
Follow the instructions provided on the
screen. Please include your name,
company name (if any), and ‘‘Notice–
ID–2019–01, Notice of New System of
Records’’ on your attached document.
• Mail: General Services
Administration, Regulatory Secretariat
Division (MVCB), 1800 F Street NW,
Washington, DC 20405. ATTN: Ms.
Mandell/Notice–ID–2019–01, Notice of
New System of Records.
FOR FURTHER INFORMATION CONTACT: Call
or email GSA’s Chief Privacy Officer:
telephone 202–322–8246, or email
gsa.privacyact@gsa.gov.
SUPPLEMENTARY INFORMATION: The eRulemaking Program has been managed
by the Environmental Protection Agency
(EPA). However, based on direction
from the Office of Management and
Budget (OMB), GSA will be the
managing partner of the Program,
effective October 1, 2019.
GSA is assuming the role of managing
partner and is establishing this system
of records to support GSA’s
management of regulations.gov and
partner agency access to FDMS. This
notice describes how GSA, as managing
partner, manages partner agencies’
users’ credentials. This system of
records does not include records
pertaining to agency rulemakings (e.g.,
comments received); partner agencies
are responsible for any Privacy Act
Notices relevant to their rulemaking
materials.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy
Chief Information Officer, General Services
Administration.
SYSTEM NAME AND NUMBER:
GSA/OGP–1, e-Rulemaking Program
Administrative System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
National Computer Center in Research
Triangle Park, North Carolina.
SYSTEM MANAGER(S):
The system manager is the Associate
Chief Information Officer of Corporate
IT Services in GSA–IT. The business
address is: General Services
Administration—IC, 1800 F Street NW,
Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
e-Government Act of 2002, see 44
U.S.C. 3602(f)(6); see also id § 3501,
note.
E:\FR\FM\08OCN1.SGM
08OCN1
Federal Register / Vol. 84, No. 195 / Tuesday, October 8, 2019 / Notices
PURPOSE(S) OF THE SYSTEM:
The purpose of the e-Rulemaking
Program Administrative System is to
support GSA’s management of
regulations.gov and partner agency
access to FDMS. FDMS is used by
participating Federal agencies that
conduct rulemakings and
regulations.gov enables Federal agencies
to accept public comments
electronically. This system of records
notice governs the records pertaining to
GSA’s issuance and management of user
credentials to access FDMS.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Covered individuals are partner
agency users who register to access
FDMS including those agency users
who serve as designated partner agency
account managers.
CATEGORIES OF RECORDS IN THE SYSTEM:
GSA maintains partner agencies’
users’ names, government issued email
addresses, telephone numbers, and
passwords as credentials. In addition,
users provide their supervisor’s name,
telephone number, and government
issued email address.
RECORD SOURCE CATEGORIES:
The information in the system may be
submitted by users and then approved
by partner agencies’ designated account
manager or directly submitted and
approved by a partner agency’s
designated account manager on behalf
of a user.
jbell on DSK3GLQ082PROD with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or
portions of the records or information
contained in this system may be
disclosed to authorized entities on a
need to know basis outside GSA as a
routine use pursuant to 5 U.S.C.
552a(b)(3) as follows:
a. To an appropriate Federal, State,
tribal, local, international, or foreign law
enforcement agency or other appropriate
authority charged with investigating or
prosecuting a violation or enforcing or
implementing a law, rule, regulation, or
order, where a record, either on its face
or in conjunction with other
information, indicates a violation or
potential violation of law, which
includes criminal, civil, or regulatory
violations.
b. To the Office of Personnel
Management (OPM), OMB, and the
Government Accountability Office
(GAO) in accordance with their
VerDate Sep<11>2014
21:50 Oct 07, 2019
Jkt 250001
responsibilities for evaluating Federal
programs.
c. To a Member of Congress or his or
her staff in response to a request made
on behalf of and at the request of the
individual who is the subject of the
record.
d. To the Department of Justice or
other Federal agency conducting
litigation or in proceedings before any
court, adjudicative or administrative
body, when: (a) GSA or any component
thereof, or (b) any employee of GSA in
his/her official capacity, or (c) any
employee of GSA in his/her individual
capacity where DOJ or GSA has agreed
to represent the employee, or (d) the
United States or any agency thereof, is
a party to the litigation or has an interest
in such litigation, and GSA determines
that the records are both relevant and
necessary to the litigation.
e. To the National Archives and
Records Administration (NARA) for
records management purposes.
f. To an expert, consultant, or
contractor of GSA in the performance of
a Federal duty to which the information
is relevant.
g. In connection with any litigation or
settlement discussions regarding claims
by or against the GSA, including public
filing with a court, to the extent that
GSA determines the disclosure of the
information is relevant and necessary to
the litigation or discussions.
h. To an appeal or grievance
examiner, formal complaints examiner,
equal opportunity investigator,
arbitrator, or other authorized official
engaged in investigation or settlement of
matters and investigations involving the
Merit Systems Protection Board or the
Office of Special Counsel.
i. To appropriate agencies, entities,
and persons when (1) GSA suspects or
has confirmed that there has been a
breach of the system of records, (2) GSA
has determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, GSA
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with GSA’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
j. To another Federal agency or
Federal entity, when GSA determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
PO 00000
Frm 00058
Fmt 4703
Sfmt 4703
53729
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
k. To a partner agency when GSA
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
in managing its access to the system.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
User credentials and associated
documentation are stored on secure
servers approved by GSA Office of the
Chief Information Security Officer
(OCISO) and accessed only by
authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
The e-Rulemaking Program
Administrative System retrieves partner
agency user credentials using the
government-issued email addresses.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records relating to user credentials
are subject to GSA’s Records
Management Program and NARAapproved retention and disposal
procedures. When a user account is
terminated, records pertaining to that
account are maintained for a period of
6 years before disposal.
ADMINISTRATIVE, TECHNICAL AND PHYSICAL
SAFEGUARDS:
The e-Rulemaking Program
Administrative System is in a facility
protected by physical walls, security
guards, and requiring identification
badges. Rooms housing the system
infrastructure are locked, as are the
individual server racks. All security
controls are reviewed on a periodic
basis by external assessors. The controls
themselves include measures for access
control, security awareness training,
audits, configuration management,
contingency planning, incident
response, and maintenance.
There are a limited number of GSA
system administrator accounts for the eRulemaking Program Administrative
System that allow GSA to manage
regulations.gov and partner agency
access to FDMS. Partner agency access
to FDMS is managed through designated
partner agency account managers, who
in turn have access to the system to
manage their own agency’s user
accounts within FDMS.
Each designated partner agency
account manager has access to FDMS.
This level of access enables them to
E:\FR\FM\08OCN1.SGM
08OCN1
53730
Federal Register / Vol. 84, No. 195 / Tuesday, October 8, 2019 / Notices
establish, manage, and terminate user
accounts limited to their own agency.
The GSA system administrator
accounts are an additional level of
security and management in that they
oversee all partner agency accounts,
including both designated partner
agency account managers and agency
users. The GSA system administrator
accounts require additional tokens that
meet multi-factor authentication
standards in accordance with National
Institute of Standards and Technology
(NIST) standards. The controls assist in
restricting access to authorized users
who require it for official business
purposes. Records in FDMS are
maintained in a secure, password
protected electronic system that utilizes
security hardware and software to
include multiple firewalls, active
intrusion detection, encryption,
identification and authentication of
users.
RECORD ACCESS PROCEDURES:
Partner agency users can access and
manage their user credentials through
their designated partner agency account
manager. If an access inquiry is not
resolved by the designated partner
agency account manager, the partner
agency user may contact the GSA
system manager listed above.
Procedures for requesting access from
GSA can be found at 41 CFR part 105–
64.4.
CONTESTING RECORD PROCEDURES:
If partner agency users have questions
or concerns about their account records,
they can contact their designated
partner agency account manager. If a
question or concern is not resolved by
the designated partner agency account
manager, a partner agency user may
contact the GSA system manager listed
above. Procedures for contesting records
stored by GSA can be found at 41 CFR
part 105–64.4.
jbell on DSK3GLQ082PROD with NOTICES
NOTIFICATION PROCEDURES:
If partner agency users wish to receive
notice about their account records, they
can contact their designated partner
agency account manager. If not resolved
by the designated partner agency
account manager, the partner agency
user may contact the GSA system
manager listed above. Procedures for
requesting notice of records stored by
GSA can be found at 41 CFR part 105–
64.4.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
VerDate Sep<11>2014
21:50 Oct 07, 2019
Jkt 250001
HISTORY:
N/A.
[FR Doc. 2019–21885 Filed 10–7–19; 8:45 am]
BILLING CODE 6820–34–P
DEPARTMENT OF DEFENSE
GENERAL SERVICES
ADMINISTRATION
NATIONAL AERONAUTICS AND
SPACE ADMINISTRATION
[OMB Control No. 9000–0032; Docket No.
2019–0003; Sequence No. 30]
Information Collection; Contractor Use
of Interagency Fleet Management
System Vehicles
Department of Defense (DOD),
General Services Administration (GSA),
and National Aeronautics and Space
Administration (NASA).
ACTION: Notice and request for
comments.
AGENCY:
In accordance with section
3506(c)(2)(A) of the Paperwork
Reduction Act of 1995, and the Office of
Management and Budget (OMB)
regulations, DoD, GSA, and NASA
invite the public to comment on a
revision and renewal concerning
contractor use of Interagency Fleet
Management System Vehicles. DoD,
GSA, and NASA invite comments on:
Whether the proposed collection of
information is necessary for the proper
performance of the functions of Federal
Government acquisitions, including
whether the information will have
practical utility; the accuracy of the
estimate of the burden of the proposed
information collection; ways to enhance
the quality, utility, and clarity of the
information to be collected; and ways to
minimize the burden of the information
collection on respondents, including the
use of automated collection techniques
or other forms of information
technology. OMB has approved this
information collection for use through
January 31, 2020. DoD, GSA, and NASA
propose that OMB extend its approval
for use for three additional years beyond
the current expiration date.
DATES: DoD, GSA, and NASA will
consider all comments received by
December 9, 2019.
ADDRESSES: DoD, GSA, and NASA
invite interested persons to submit
comments on this collection by either of
the following methods:
• Federal eRulemaking Portal: This
website provides the ability to type
short comments directly into the
comment field or attach a file for
SUMMARY:
PO 00000
Frm 00059
Fmt 4703
Sfmt 4703
lengthier comments. Go to https://
www.regulations.gov and follow the
instructions on the site.
• Mail: General Services
Administration, Regulatory Secretariat
Division (MVCB), 1800 F Street NW,
Washington, DC 20405. ATTN: Lois
Mandell/IC 9000–0032, Contractor Use
of Interagency Fleet Management
System Vehicles.
Instructions: All items submitted
must cite Information Collection 9000–
0032, Contractor Use of Interagency
Fleet Management System Vehicles.
Comments received generally will be
posted without change to https://
www.regulations.gov, including any
personal and/or business confidential
information provided. To confirm
receipt of your comment(s), please
check www.regulations.gov,
approximately two-to-three days after
submission to verify posting (except
allow 30 days for posting of comments
submitted by mail).
FOR FURTHER INFORMATION CONTACT: Mr.
Michael O. Jackson, Procurement
Analyst, at telephone 202–208–4949, or
email at michaelo.jackson@gsa.gov.
SUPPLEMENTARY INFORMATION:
A. OMB Control number, Title, and Any
Associated Form(s)
9000–0032, Contractor Use of
Interagency Fleet Management System
Vehicles.
B. Needs and Uses
Federal Acquisition Regulation (FAR)
51.203 and the clause at FAR 52.251–2,
Interagency Fleet Management System
(IFMS) Vehicles and Related Services,
are to be used in solicitations and
contracts when a cost-reimbursement
contract is contemplated and the
contracting officer may authorize, if in
the best interest of the Government, the
contractor to use IFMS vehicles and
related services. Before such an
authorization, the contracting officer
must have, among other requirements:
(1) A written statement that the
contractor will assume, without the
right of reimbursement from the
Government, the cost or expense of any
use of the IFMS vehicles and services
not related to the performance of the
contract; (2) Evidence that the
contractor has obtained motor vehicle
liability insurance covering bodily
injury and property damage, with limits
of liability as required or approved by
the agency, protecting the contractor
and the Government against third-party
claims arising from the ownership,
maintenance, or use of an IFMS vehicle;
and (3) Considered any
recommendations of the contractor.
E:\FR\FM\08OCN1.SGM
08OCN1
]]>Agencies
[Federal Register Volume 84, Number 195 (Tuesday, October 8, 2019)]
[Notices]
[Pages 53728-53730]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-21885]
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
[Notice-ID-2019-01; Docket No. 2019-0002; Sequence No. 27]
Privacy Act of 1974; System of Records
AGENCY: General Services Administration (GSA), Office of Government-
Wide Policy (OGP).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: GSA is publishing this system of records notice (SORN) as the
new managing partner of the e-Rulemaking Program, effective October 1,
2019. The e-Rulemaking Program includes the Federal Docket Management
System (FDMS) and Regulations.gov. Regulations.gov allows the public to
search, view, download, and comment on Federal agencies' rulemaking
documents in one central location on-line. FDMS provides each
participating Federal agency with the ability to electronically access
and manage its own rulemaking dockets, or other dockets, including
comments or supporting materials submitted by individuals or
organizations. GSA is establishing the GSA/OGP-1, e-Rulemaking Program
Administrative System to manage regulations.gov and partner agency
access to the Federal Docket Management System (FDMS).
DATES: The System of Records Notice (SORN) is applicable on October 8,
2019, with the exception of the routine uses. The routine uses will not
be effective until November 7, 2019, pending public comment. Comments
on the routine uses or other aspects of the SORN must be submitted by
November 7, 2019.
ADDRESSES: Submit comments identified by ``Notice-ID-2019-01, Notice of
a New System of Records'' by any of the following methods:
Regulations.gov: https://www.regulations.gov. Submit
comments via the Federal e-Rulemaking portal by searching for Notice-
ID-2019-01, Notice of New System of Records. Select the link ``Comment
Now'' that corresponds with ``Notice-ID-2019-01, Notice of New System
of Records.'' Follow the instructions provided on the screen. Please
include your name, company name (if any), and ``Notice-ID-2019-01,
Notice of New System of Records'' on your attached document.
Mail: General Services Administration, Regulatory
Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405.
ATTN: Ms. Mandell/Notice-ID-2019-01, Notice of New System of Records.
FOR FURTHER INFORMATION CONTACT: Call or email GSA's Chief Privacy
Officer: telephone 202-322-8246, or email [email protected].
SUPPLEMENTARY INFORMATION: The e-Rulemaking Program has been managed by
the Environmental Protection Agency (EPA). However, based on direction
from the Office of Management and Budget (OMB), GSA will be the
managing partner of the Program, effective October 1, 2019.
GSA is assuming the role of managing partner and is establishing
this system of records to support GSA's management of regulations.gov
and partner agency access to FDMS. This notice describes how GSA, as
managing partner, manages partner agencies' users' credentials. This
system of records does not include records pertaining to agency
rulemakings (e.g., comments received); partner agencies are responsible
for any Privacy Act Notices relevant to their rulemaking materials.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer,
General Services Administration.
SYSTEM NAME AND NUMBER:
GSA/OGP-1, e-Rulemaking Program Administrative System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
National Computer Center in Research Triangle Park, North Carolina.
SYSTEM MANAGER(S):
The system manager is the Associate Chief Information Officer of
Corporate IT Services in GSA-IT. The business address is: General
Services Administration--IC, 1800 F Street NW, Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
e-Government Act of 2002, see 44 U.S.C. 3602(f)(6); see also id
Sec. 3501, note.
[[Page 53729]]
PURPOSE(S) OF THE SYSTEM:
The purpose of the e-Rulemaking Program Administrative System is to
support GSA's management of regulations.gov and partner agency access
to FDMS. FDMS is used by participating Federal agencies that conduct
rulemakings and regulations.gov enables Federal agencies to accept
public comments electronically. This system of records notice governs
the records pertaining to GSA's issuance and management of user
credentials to access FDMS.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Covered individuals are partner agency users who register to access
FDMS including those agency users who serve as designated partner
agency account managers.
CATEGORIES OF RECORDS IN THE SYSTEM:
GSA maintains partner agencies' users' names, government issued
email addresses, telephone numbers, and passwords as credentials. In
addition, users provide their supervisor's name, telephone number, and
government issued email address.
RECORD SOURCE CATEGORIES:
The information in the system may be submitted by users and then
approved by partner agencies' designated account manager or directly
submitted and approved by a partner agency's designated account manager
on behalf of a user.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or portions of the records or
information contained in this system may be disclosed to authorized
entities on a need to know basis outside GSA as a routine use pursuant
to 5 U.S.C. 552a(b)(3) as follows:
a. To an appropriate Federal, State, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face or in conjunction with other information, indicates a
violation or potential violation of law, which includes criminal,
civil, or regulatory violations.
b. To the Office of Personnel Management (OPM), OMB, and the
Government Accountability Office (GAO) in accordance with their
responsibilities for evaluating Federal programs.
c. To a Member of Congress or his or her staff in response to a
request made on behalf of and at the request of the individual who is
the subject of the record.
d. To the Department of Justice or other Federal agency conducting
litigation or in proceedings before any court, adjudicative or
administrative body, when: (a) GSA or any component thereof, or (b) any
employee of GSA in his/her official capacity, or (c) any employee of
GSA in his/her individual capacity where DOJ or GSA has agreed to
represent the employee, or (d) the United States or any agency thereof,
is a party to the litigation or has an interest in such litigation, and
GSA determines that the records are both relevant and necessary to the
litigation.
e. To the National Archives and Records Administration (NARA) for
records management purposes.
f. To an expert, consultant, or contractor of GSA in the
performance of a Federal duty to which the information is relevant.
g. In connection with any litigation or settlement discussions
regarding claims by or against the GSA, including public filing with a
court, to the extent that GSA determines the disclosure of the
information is relevant and necessary to the litigation or discussions.
h. To an appeal or grievance examiner, formal complaints examiner,
equal opportunity investigator, arbitrator, or other authorized
official engaged in investigation or settlement of matters and
investigations involving the Merit Systems Protection Board or the
Office of Special Counsel.
i. To appropriate agencies, entities, and persons when (1) GSA
suspects or has confirmed that there has been a breach of the system of
records, (2) GSA has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, GSA (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with GSA's efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm.
j. To another Federal agency or Federal entity, when GSA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the Federal
Government, or national security, resulting from a suspected or
confirmed breach.
k. To a partner agency when GSA determines that information from
this system of records is reasonably necessary to assist the recipient
agency in managing its access to the system.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
User credentials and associated documentation are stored on secure
servers approved by GSA Office of the Chief Information Security
Officer (OCISO) and accessed only by authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The e-Rulemaking Program Administrative System retrieves partner
agency user credentials using the government-issued email addresses.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records relating to user credentials are subject to GSA's Records
Management Program and NARA-approved retention and disposal procedures.
When a user account is terminated, records pertaining to that account
are maintained for a period of 6 years before disposal.
ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
The e-Rulemaking Program Administrative System is in a facility
protected by physical walls, security guards, and requiring
identification badges. Rooms housing the system infrastructure are
locked, as are the individual server racks. All security controls are
reviewed on a periodic basis by external assessors. The controls
themselves include measures for access control, security awareness
training, audits, configuration management, contingency planning,
incident response, and maintenance.
There are a limited number of GSA system administrator accounts for
the e-Rulemaking Program Administrative System that allow GSA to manage
regulations.gov and partner agency access to FDMS. Partner agency
access to FDMS is managed through designated partner agency account
managers, who in turn have access to the system to manage their own
agency's user accounts within FDMS.
Each designated partner agency account manager has access to FDMS.
This level of access enables them to
[[Page 53730]]
establish, manage, and terminate user accounts limited to their own
agency.
The GSA system administrator accounts are an additional level of
security and management in that they oversee all partner agency
accounts, including both designated partner agency account managers and
agency users. The GSA system administrator accounts require additional
tokens that meet multi-factor authentication standards in accordance
with National Institute of Standards and Technology (NIST) standards.
The controls assist in restricting access to authorized users who
require it for official business purposes. Records in FDMS are
maintained in a secure, password protected electronic system that
utilizes security hardware and software to include multiple firewalls,
active intrusion detection, encryption, identification and
authentication of users.
RECORD ACCESS PROCEDURES:
Partner agency users can access and manage their user credentials
through their designated partner agency account manager. If an access
inquiry is not resolved by the designated partner agency account
manager, the partner agency user may contact the GSA system manager
listed above. Procedures for requesting access from GSA can be found at
41 CFR part 105-64.4.
CONTESTING RECORD PROCEDURES:
If partner agency users have questions or concerns about their
account records, they can contact their designated partner agency
account manager. If a question or concern is not resolved by the
designated partner agency account manager, a partner agency user may
contact the GSA system manager listed above. Procedures for contesting
records stored by GSA can be found at 41 CFR part 105-64.4.
NOTIFICATION PROCEDURES:
If partner agency users wish to receive notice about their account
records, they can contact their designated partner agency account
manager. If not resolved by the designated partner agency account
manager, the partner agency user may contact the GSA system manager
listed above. Procedures for requesting notice of records stored by GSA
can be found at 41 CFR part 105-64.4.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
N/A.
[FR Doc. 2019-21885 Filed 10-7-19; 8:45 am]
BILLING CODE 6820-34-P
