Privacy Act of 1974; System of Records, 35763-35766 [2021-14409]

Download as PDF Federal Register / Vol. 86, No. 127 / Wednesday, July 7, 2021 / Notices DEPARTMENT OF EDUCATION [Docket ID ED–2021–OCIO–0026] Privacy Act of 1974; System of Records Office of the Chief Information Officer, U.S. Department of Education. ACTION: Notice of a new system of records. AGENCY: In accordance with the Privacy Act of 1974, as amended (Privacy Act), the U.S. Department of Education (Department) publishes this notice of a new system of records entitled ‘‘Education Enterprise Identity, Credential, and Access Management (ED ICAM) System’’ (18–04–05). The ED ICAM System contains identifying information about individual Department employees and contractors. DATES: Submit your comments on this new system of records notice on or before August 6, 2021. This new system of records will become effective upon publication in the Federal Register on July 7, 2021, unless the new system of records notice needs to be changed as a result of public comment. The routine uses listed in the paragraph entitled ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES will become effective on August 6, 2021, unless the new system of records notice needs to be changed as a result of public comment. The Department will publish any significant changes to the system of records or routine uses resulting from public comment. ADDRESSES: Submit your comments through the Federal eRulemaking Portal or via postal mail, commercial delivery, or hand delivery. We will not accept comments submitted by fax or by email or those submitted after the comment period. To ensure that we do not receive duplicate copies, please submit your comments only once. In addition, please include the Docket ID at the top of your comments. • Federal eRulemaking Portal: Go to www.regulations.gov to submit your comments electronically. Information on using Regulations.gov, including instructions for accessing agency documents, submitting comments, and viewing the docket, is available on the site under the ‘‘Help’’ tab. • Postal Mail, Commercial Delivery, or Hand Delivery: If you mail or deliver your comments about this new system of records notice, address them to: Roman Kulbashny, Branch Chief, Security Engineering and Architecture, Information Assurance Services, Office khammond on DSKJM1Z7X2PROD with NOTICES SUMMARY: VerDate Sep<11>2014 17:44 Jul 06, 2021 Jkt 253001 of the Chief Information Officer, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202. Privacy Note: The Department’s policy is to make all comments received from members of the public available for public viewing in their entirety on the Federal eRulemaking Portal at www.regulations.gov. Therefore, commenters should be careful to include in their comments only information that they wish to make publicly available. Assistance to Individuals with Disabilities in Reviewing the Rulemaking Record: On request, we will supply an appropriate accommodation or auxiliary aid to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT. FOR FURTHER INFORMATION CONTACT: Roman Kulbashny, Branch Chief, Security Engineering and Architecture, Information Assurance Services, Office of the Chief Information Officer, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202. Telephone: (202) 245–6848. If you use a telecommunications device for the deaf (TDD) or a text telephone (TTY), you may call the Federal Relay Service at 1–800–877–8339. The records maintained in this system establish a central and authoritative identity management data repository for the Department’s enterprise identities. The system of records is maintained to provide authorized individuals access to, or to interact with, the Department’s information technology resources. The system will be utilized to support identity management data activities including, but limited to: (1) The management and governance of digital identity lifecycle activities; (2) the full auditing of all digital identities; and, (3) the management of application and system access. Accessible Format: On request to the program contact person listed under FOR FURTHER INFORMATION CONTACT, individuals with disabilities can obtain this document and a copy of the application package in an accessible format. The Department will provide the requestor with an accessible format that may include Rich Text Format (RTF) or text format (txt), a thumb drive, an MP3 file, braille, large print, audiotape, or compact disc, or other accessible format. SUPPLEMENTARY INFORMATION: PO 00000 Frm 00035 Fmt 4703 Sfmt 4703 35763 Electronic Access to This Document: The official version of this document is the document published in the Federal Register. You may access the official edition of the Federal Register and the Code of Federal Regulations at www.govinfo.gov. At this site, you can view this document, as well as all other documents of this Department published in the Federal Register, in text or Portable Document Format (PDF). To use PDF, you must have Adobe Acrobat Reader. You may also access documents of the Department published in the Federal Register by using the article search feature at: www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department. Jason Gray, Chief Information Officer. For the reasons discussed in the preamble, the Office of the Chief Information Officer of the U.S. Department of Education publishes a notice of a new system of records to read as follows: SYSTEM NAME AND NUMBER: Education Enterprise Identity, Credential, and Access Management (ED ICAM) System (18–04–05). SECURITY CLASSIFICATION: Controlled Unclassified. SYSTEM LOCATION: Office of the Chief Information Officer, Information Assurance, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202. Oracle Corporation, 1501 4th Avenue, Suite #1800/Century Square Building, Seattle, WA 98101 (provides the infrastructure on which the ED ICAM System runs). IBM SmartCloud for Government, 6300 Diagonal Hwy., B001, 1st Floor, Boulder, CO 80301–3292 (provides the infrastructure on which the ED ICAM System runs). SYSTEM MANAGER(S): Branch Chief, Office of the Chief Information Officer, U.S. Department of Education, 550 12th Street SW, Washington, DC 20202. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.; Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors (Aug. 2015); Federal Information E:\FR\FM\07JYN1.SGM 07JYN1 35764 Federal Register / Vol. 86, No. 127 / Wednesday, July 7, 2021 / Notices Processing Standards (FIPS) 201–2, Personal Identity Verification (PIV) of Federal Employees and Contractors (Aug. 2013); Office of Management and Budget (OMB) Circular A–130, Managing Information as a Strategic Resource (July 2016); OMB Memorandum 10–28, Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (July 6, 2010); OMB Memorandum 14–03, Enhancing the Security of Federal Information and Information Systems (Nov. 18, 2013); and OMB Memorandum 19–17, Enabling Mission Delivery through Improved Identity, Credential, and Access Management (May 21, 2019). PURPOSE(S) OF THE SYSTEM: The records maintained in this system establish a central and authoritative identity management data repository for the Department’s enterprise identities. The system of records is maintained to provide authorized individuals with access to, or to interact with, the Department’s information technology resources. The system will be utilized to support identity management data activities including, but not limited to: (1) The management and governance of digital identity lifecycle activities; (2) the full auditing of all digital identities; and, (3) the management of application and system access. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: This system contains records on Department employees and contractors who apply for, and were granted access to, the Department’s information technology resources. khammond on DSKJM1Z7X2PROD with NOTICES CATEGORIES OF RECORDS IN THE SYSTEM: This system of records contains records for employees and contractors related to digital identity, credential, access management, and identity governance including, but not limited to: Name; unique numerical/ alphanumerical identification numbers; work address; date of birth (DOB); country of citizenship; credential information; contact information; organizational data; identity investigation and summary adjudication information; verification of training requirements or other prerequisite requirements for access to Department information technology resources; and system access data such as account data, roles, privileges, and entitlements. RECORD SOURCE CATEGORIES: Information in this system is obtained from official Department information VerDate Sep<11>2014 17:44 Jul 06, 2021 Jkt 253001 technology systems and is fed into the system of records from the following source systems: The Department’s system of records entitled ‘‘Investigatory Material Compiled for Personnel Security, Suitability, Positive Identification Verification and Access Control for the Department of Education Security Tracking and Reporting System (EDSTAR),’’ (18–05–17), which was last published in full in the Federal Register at 72 FR 66158 (Nov. 27, 2007); and the General Services Administration’s system of records entitled ‘‘HSPD–12 USAccess,’’ (GSA/GOVT–7), which was last published in full in the Federal Register at 80 FR 64416 (Oct. 23, 2015). ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: The Department may disclose individually identifiable information contained in a record in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with the purpose(s) for which the record was collected. The Department may make these disclosures on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act), under a computer matching agreement. (1) Congressional Member Disclosure. The Department may disclose information to a member of Congress and to his or her staff from the records of an individual in response to an inquiry from the member made at the written request of that individual. The member’s right to the information is no greater than the right of the individual who requested the inquiry. (2) Litigation and Alternative Dispute Resolution (ADR) Disclosure. (a) Introduction. In the event that one of the parties listed in sub-paragraphs (i) through (v) is involved in judicial or administrative litigation or ADR, or has an interest in judicial or administrative litigation or ADR, the Department may disclose certain records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs: (i) The Department or any of its components; (ii) Any Department employee in his or her official capacity; (iii) Any Department employee in his or her individual capacity if the U.S. Department of Justice (DOJ) agrees to or has been requested to provide or arrange for representation for the employee; (iv) Any Department employee in his or her individual capacity where the PO 00000 Frm 00036 Fmt 4703 Sfmt 4703 Department has agreed to represent the employee; or (v) The United States where the Department determines that the litigation is likely to affect the Department or any of its components. (b) Disclosure to the DOJ. If the Department determines that disclosure of certain records to the DOJ is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to DOJ. (c) Adjudicative Disclosure. If the Department determines that disclosure of certain records to an adjudicative body before which the Department is authorized to appear, to a person or entity designated by the Department or otherwise empowered to resolve or mediate disputes, is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the adjudicative body, person, or entity. (d) Disclosure to Parties, Counsel, Representatives, or Witnesses. If the Department determines that disclosure of certain records is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the party, counsel, representative, or witness. (3) Enforcement Disclosure. If information in this system of records, alone or in connection with other information, indicates a violation or potential violation of any applicable statutory, regulatory, or legally binding requirement, the Department may disclose records to an entity charged with investigating or prosecuting such violation or potential violation. (4) Employment, Benefit, and Contracting Disclosure. (a) For Decisions by the Department. The Department may disclose a record to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement or other pertinent records, or to another public authority or professional organization, if necessary to obtain information relevant to a Department decision concerning the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit. (b) For Decisions by Other Public Agencies and Professional Organizations. The Department may disclose a record to a Federal, State, local, or foreign agency or other public authority or professional organization, in connection with its decision concerning the hiring or retention of an E:\FR\FM\07JYN1.SGM 07JYN1 khammond on DSKJM1Z7X2PROD with NOTICES Federal Register / Vol. 86, No. 127 / Wednesday, July 7, 2021 / Notices employee or other personnel action, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit, to the extent that the record is relevant and necessary to the receiving entity’s decision on the matter. (5) Employee Grievance, Complaint, or Conduct Disclosure. If a record is relevant and necessary to an employee grievance, complaint, or disciplinary action involving a present or former employee of the Department, the Department may disclose a record in this system of records in the course of investigation, fact-finding, or adjudication, to any party to the grievance, complaint, or action; to the party’s counsel or representative; to a witness; or to a designated fact-finder, mediator, or other person designated to resolve issues or decide the matter. (6) Labor Organization Disclosure. The Department may disclose records from this system of records to an arbitrator to resolve disputes under a negotiated grievance procedure or to officials of labor organizations recognized under 5 U.S.C. chapter 71 when relevant and necessary to their duties of exclusive representation. (7) Freedom of Information Act (FOIA) or Privacy Act Advice Disclosure. The Department may disclose records to DOJ or OMB if the Department concludes that disclosure is desirable or necessary in determining whether particular records are required to be disclosed under FOIA or the Privacy Act. (8) Contract Disclosure. If the Department contracts with an entity for the purposes of performing any function that requires disclosure of records in this system to the employees of the contractor, the Department may disclose the records to those employees. As part of such a contract, the Department shall require the contractor to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records. (9) Research Disclosure. The Department may disclose records to a researcher if an appropriate official of the Department determines that the individual or organization to which the disclosure would be made is qualified to carry out specific research related to functions or purposes of this system of records. The official may disclose records from this system of records to that researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The researcher shall be required to agree to establish and maintain safeguards to protect the VerDate Sep<11>2014 17:44 Jul 06, 2021 Jkt 253001 security and confidentiality of the disclosed records. (10) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system to appropriate agencies, entities, and persons when (a) the Department suspects or has confirmed that there has been a breach of the system of records; (b) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (11) Disclosure in Assisting another Agency in Responding to a Breach of Data. The Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. (12) Disclosure in the Course of Responding to a Security Incident. The Department may disclose records to appropriate governmental agencies, entities, and persons when (a) the Department suspects or has confirmed that there has been a security incident involving the system of records; (b) the Department has determined that as a result of the suspected or confirmed security incident, there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such governmental agencies, entities, and persons is necessary to assist in connection with the Department’s efforts to respond to such suspected or confirmed security incident or to prevent, minimize, or remedy such harm. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are stored on an encrypted server within a secured and controlled PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 35765 environment. There are no hardcopy records that require additional storage. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by a combination of name and other unique personal identifiers. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records are retained and disposed of in accordance with General Records Schedule (GRS) 3.2, Item 030 (DAA– GRS–2013–0006–0003) and Item 031 (DAA–GRS–2013–0006–0004). GRS 3.2, Item 030, requires destruction of records when business use ceases; and, GRS 3.2, Item 031, requires destruction of records 6 years after password is altered or user account is terminated, but longer retention is authorized if required for business use. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: All physical access to the Department site, and the sites of Department contractors where this system of records is maintained, is controlled and monitored by security personnel who check each individual entering the building for his or her employee or visitor badge. The computer systems employed by the Department offer a high degree of resistance to tampering and circumvention. These security systems limit data access to Department and contract staff on a ‘‘need to know’’ basis and control individual users’ ability to access and alter records within the system. All users of this system of records are given a unique user ID with personal identifiers. All interactions by individual users with the system are recorded. RECORD ACCESS PROCEDURES: If you wish to gain access to a record regarding you in this system of records, contact the system manager at the address listed above. You must provide the system manager with the necessary particulars such as your full, legal name, date of birth, work address, country of citizenship, and any other identifying information requested by the Department while processing the request in order to distinguish between individuals with the same name. Requesters must also reasonably specify the record contents sought. Your request must meet the requirements of the regulations at 34 CFR 5b.5, including proof of identity. CONTESTING RECORD PROCEDURES: If you wish to contest the content of a record regarding you in this system of records, contact the system manager at E:\FR\FM\07JYN1.SGM 07JYN1 35766 Federal Register / Vol. 86, No. 127 / Wednesday, July 7, 2021 / Notices the address listed above. You must provide your full, legal name, and any other identifying information requested by the Department while processing the request in order to distinguish between individuals with the same name. You must also specify the information to be contested. Your request must meet the requirements of the regulations at 34 CFR 5b.7. NOTIFICATION PROCEDURES: If you wish to determine whether a record exists regarding you in this system of records, contact the system manager at the address listed above. You must provide necessary particulars such as your full, legal name, date of birth, work address, country of citizenship, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of the regulations at 34 CFR 5b.5, including proof of identity. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: None. [FR Doc. 2021–14409 Filed 7–6–21; 8:45 am] BILLING CODE 4000–01–P DEPARTMENT OF ENERGY [Case Number 2021–004; EERE–2021–BT– WAV–0009] Energy Conservation Program: Notification of Petition for Waiver of GE Appliances, a Haier Company From the Department of Energy Miscellaneous Refrigeration Products Test Procedure and Notification of Denial of Interim Waiver Office of Energy Efficiency and Renewable Energy, Department of Energy. ACTION: Notification of petition for waiver and denial of an interim waiver; request for comments. AGENCY: This notification announces receipt of and publishes a petition for waiver and interim waiver from GE Appliances, a Haier Company, which seeks a waiver for a specified miscellaneous refrigeration product basic model from the U.S. Department of Energy (‘‘DOE’’) test procedure used for determining the energy consumption of these products. This notice also announces that DOE is declining to grant the request for an interim waiver from the test procedure for the reasons khammond on DSKJM1Z7X2PROD with NOTICES SUMMARY: VerDate Sep<11>2014 17:44 Jul 06, 2021 Jkt 253001 described in this notification. DOE solicits comments, data, and information concerning the petition and its suggested alternate test procedure so as to inform DOE’s final decision on the waiver request. DATES: Written comments and information are requested and will be accepted on or before August 6, 2021. ADDRESSES: Interested persons are encouraged to submit comments using the Federal eRulemaking Portal at www.regulations.gov. Alternatively, interested persons may submit comments, identified by docket number EERE–2021–BT–WAV–0009, by any of the following methods: 1. Federal eRulemaking Portal: www.regulations.gov. Follow the instructions for submitting comments. 2. Email: To AS_Waiver_Requests@ ee.doe.gov. Include docket number EERE–2021–BT–WAV–0009 in the subject line of the message. No telefacsimiles (‘‘faxes’’) will be accepted. For detailed instructions on submitting comments and additional information on this process, see the SUPPLEMENTARY INFORMATION section of this document. Although DOE has routinely accepted public comment submissions through a variety of mechanisms, including postal mail and hand delivery/courier, the Department has found it necessary to make temporary modifications to the comment submission process in light of the ongoing COVID–19 pandemic. DOE is currently suspending receipt of public comments via postal mail and hand delivery/courier. If a commenter finds that this change poses an undue hardship, please contact Appliance Standards Program staff at (202) 586– 1445 to discuss the need for alternative arrangements. Once the COVID–19 pandemic health emergency is resolved, DOE anticipates resuming all of its regular options for public comment submission, including postal mail and hand delivery/courier. Docket: The docket, which includes Federal Register notices, comments, and other supporting documents/ materials, is available for review at www.regulations.gov. All documents in the docket are listed in the www.regulations.gov index. However, some documents listed in the index, such as those containing information that is exempt from public disclosure, may not be publicly available. The docket web page can be found at www.regulations.gov/docket/EERE2021-BT-WAV-0009. The docket web page contains instruction on how to access all documents, including public comments, in the docket. See the PO 00000 Frm 00038 Fmt 4703 Sfmt 4703 SUPPLEMENTARY INFORMATION section for information on how to submit comments through www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Ms. Lucy deButts, U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy, Building Technologies Office, Mailstop EE–5B, 1000 Independence Avenue SW, Washington, DC 20585–0121. Email: AS_Waiver_Request@ee.doe.gov. Mr. Michael Kido, U.S. Department of Energy, Office of the General Counsel, Mail Stop GC–33, Forrestal Building, 1000 Independence Avenue SW, Washington, DC 20585–0103. Telephone: (202) 586–8145. Email: Michael.Kido@hq.doe.gov. SUPPLEMENTARY INFORMATION: DOE is publishing GEA’s petition for waiver in its entirety, pursuant to 10 CFR 430.27(b)(1)(iv).1 DOE invites all interested parties to submit in writing by August 6, 2021, comments and information on all aspects of the petition, including the alternate test procedure. Pursuant to 10 CFR 430.27(d), any person submitting written comments to DOE must also send a copy of such comments to the petitioner. The contact information for the petitioner is: Bill A. Brown, GE Appliances, A Haier Company, Appliance Park—AP5– 1S–86, Louisville, KY 40225. Email: b.brown@geappliances.com. Submitting comments via www.regulations.gov. The www.regulations.gov web page will require you to provide your name and contact information. Your contact information will be viewable to DOE Building Technologies staff only. Your contact information will not be publicly viewable except for your first and last names, organization name (if any), and submitter representative name (if any). If your comment is not processed properly because of technical difficulties, DOE will use this information to contact you. If DOE cannot read your comment due to technical difficulties and cannot contact you for clarification, DOE may not be able to consider your comment. However, your contact information will be publicly viewable if you include it in the comment or in any documents attached to your comment. Any information that you do not want to be publicly viewable should not be included in your comment, nor in any document attached to your comment. If this instruction is followed, persons 1 The petition did not identify any of the information contained therein as confidential business information. E:\FR\FM\07JYN1.SGM 07JYN1

Agencies

[Federal Register Volume 86, Number 127 (Wednesday, July 7, 2021)]
[Notices]
[Pages 35763-35766]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-14409]



[[Page 35763]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION

[Docket ID ED-2021-OCIO-0026]


Privacy Act of 1974; System of Records

AGENCY: Office of the Chief Information Officer, U.S. Department of 
Education.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the U.S. Department of Education (Department) publishes 
this notice of a new system of records entitled ``Education Enterprise 
Identity, Credential, and Access Management (ED ICAM) System'' (18-04-
05). The ED ICAM System contains identifying information about 
individual Department employees and contractors.

DATES: Submit your comments on this new system of records notice on or 
before August 6, 2021. This new system of records will become effective 
upon publication in the Federal Register on July 7, 2021, unless the 
new system of records notice needs to be changed as a result of public 
comment. The routine uses listed in the paragraph entitled ROUTINE USES 
OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND 
PURPOSES OF SUCH USES will become effective on August 6, 2021, unless 
the new system of records notice needs to be changed as a result of 
public comment. The Department will publish any significant changes to 
the system of records or routine uses resulting from public comment.

ADDRESSES: Submit your comments through the Federal eRulemaking Portal 
or via postal mail, commercial delivery, or hand delivery. We will not 
accept comments submitted by fax or by email or those submitted after 
the comment period. To ensure that we do not receive duplicate copies, 
please submit your comments only once. In addition, please include the 
Docket ID at the top of your comments.
     Federal eRulemaking Portal: Go to www.regulations.gov to 
submit your comments electronically. Information on using 
Regulations.gov, including instructions for accessing agency documents, 
submitting comments, and viewing the docket, is available on the site 
under the ``Help'' tab.
     Postal Mail, Commercial Delivery, or Hand Delivery: If you 
mail or deliver your comments about this new system of records notice, 
address them to: Roman Kulbashny, Branch Chief, Security Engineering 
and Architecture, Information Assurance Services, Office of the Chief 
Information Officer, U.S. Department of Education, 550 12th Street SW, 
Washington, DC 20202.
    Privacy Note: The Department's policy is to make all comments 
received from members of the public available for public viewing in 
their entirety on the Federal eRulemaking Portal at 
www.regulations.gov. Therefore, commenters should be careful to include 
in their comments only information that they wish to make publicly 
available.
    Assistance to Individuals with Disabilities in Reviewing the 
Rulemaking Record: On request, we will supply an appropriate 
accommodation or auxiliary aid to an individual with a disability who 
needs assistance to review the comments or other documents in the 
public rulemaking record for this notice. If you want to schedule an 
appointment for this type of accommodation or auxiliary aid, please 
contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Roman Kulbashny, Branch Chief, 
Security Engineering and Architecture, Information Assurance Services, 
Office of the Chief Information Officer, U.S. Department of Education, 
550 12th Street SW, Washington, DC 20202. Telephone: (202) 245-6848. If 
you use a telecommunications device for the deaf (TDD) or a text 
telephone (TTY), you may call the Federal Relay Service at 1-800-877-
8339.

SUPPLEMENTARY INFORMATION: The records maintained in this system 
establish a central and authoritative identity management data 
repository for the Department's enterprise identities. The system of 
records is maintained to provide authorized individuals access to, or 
to interact with, the Department's information technology resources. 
The system will be utilized to support identity management data 
activities including, but limited to: (1) The management and governance 
of digital identity lifecycle activities; (2) the full auditing of all 
digital identities; and, (3) the management of application and system 
access.
    Accessible Format: On request to the program contact person listed 
under FOR FURTHER INFORMATION CONTACT, individuals with disabilities 
can obtain this document and a copy of the application package in an 
accessible format. The Department will provide the requestor with an 
accessible format that may include Rich Text Format (RTF) or text 
format (txt), a thumb drive, an MP3 file, braille, large print, 
audiotape, or compact disc, or other accessible format.
    Electronic Access to This Document: The official version of this 
document is the document published in the Federal Register. You may 
access the official edition of the Federal Register and the Code of 
Federal Regulations at www.govinfo.gov.
    At this site, you can view this document, as well as all other 
documents of this Department published in the Federal Register, in text 
or Portable Document Format (PDF). To use PDF, you must have Adobe 
Acrobat Reader. You may also access documents of the Department 
published in the Federal Register by using the article search feature 
at: www.federalregister.gov. Specifically, through the advanced search 
feature at this site, you can limit your search to documents published 
by the Department.

Jason Gray,
Chief Information Officer.

    For the reasons discussed in the preamble, the Office of the Chief 
Information Officer of the U.S. Department of Education publishes a 
notice of a new system of records to read as follows:

SYSTEM NAME AND NUMBER:
    Education Enterprise Identity, Credential, and Access Management 
(ED ICAM) System (18-04-05).

SECURITY CLASSIFICATION:
    Controlled Unclassified.

SYSTEM LOCATION:
    Office of the Chief Information Officer, Information Assurance, 
U.S. Department of Education, 550 12th Street SW, Washington, DC 20202.
    Oracle Corporation, 1501 4th Avenue, Suite #1800/Century Square 
Building, Seattle, WA 98101 (provides the infrastructure on which the 
ED ICAM System runs).
    IBM SmartCloud for Government, 6300 Diagonal Hwy., B001, 1st Floor, 
Boulder, CO 80301-3292 (provides the infrastructure on which the ED 
ICAM System runs).

SYSTEM MANAGER(S):
    Branch Chief, Office of the Chief Information Officer, U.S. 
Department of Education, 550 12th Street SW, Washington, DC 20202.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Federal Information Security Modernization Act of 2014, 44 U.S.C. 
3551 et seq.; Homeland Security Presidential Directive 12: Policy for a 
Common Identification Standard for Federal Employees and Contractors 
(Aug. 2015); Federal Information

[[Page 35764]]

Processing Standards (FIPS) 201-2, Personal Identity Verification (PIV) 
of Federal Employees and Contractors (Aug. 2013); Office of Management 
and Budget (OMB) Circular A-130, Managing Information as a Strategic 
Resource (July 2016); OMB Memorandum 10-28, Clarifying Cybersecurity 
Responsibilities and Activities of the Executive Office of the 
President and the Department of Homeland Security (July 6, 2010); OMB 
Memorandum 14-03, Enhancing the Security of Federal Information and 
Information Systems (Nov. 18, 2013); and OMB Memorandum 19-17, Enabling 
Mission Delivery through Improved Identity, Credential, and Access 
Management (May 21, 2019).

PURPOSE(S) OF THE SYSTEM:
    The records maintained in this system establish a central and 
authoritative identity management data repository for the Department's 
enterprise identities. The system of records is maintained to provide 
authorized individuals with access to, or to interact with, the 
Department's information technology resources. The system will be 
utilized to support identity management data activities including, but 
not limited to:
    (1) The management and governance of digital identity lifecycle 
activities;
    (2) the full auditing of all digital identities; and,
    (3) the management of application and system access.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains records on Department employees and 
contractors who apply for, and were granted access to, the Department's 
information technology resources.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system of records contains records for employees and 
contractors related to digital identity, credential, access management, 
and identity governance including, but not limited to: Name; unique 
numerical/alphanumerical identification numbers; work address; date of 
birth (DOB); country of citizenship; credential information; contact 
information; organizational data; identity investigation and summary 
adjudication information; verification of training requirements or 
other prerequisite requirements for access to Department information 
technology resources; and system access data such as account data, 
roles, privileges, and entitlements.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained from official Department 
information technology systems and is fed into the system of records 
from the following source systems: The Department's system of records 
entitled ``Investigatory Material Compiled for Personnel Security, 
Suitability, Positive Identification Verification and Access Control 
for the Department of Education Security Tracking and Reporting System 
(EDSTAR),'' (18-05-17), which was last published in full in the Federal 
Register at 72 FR 66158 (Nov. 27, 2007); and the General Services 
Administration's system of records entitled ``HSPD-12 USAccess,'' (GSA/
GOVT-7), which was last published in full in the Federal Register at 80 
FR 64416 (Oct. 23, 2015).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The Department may disclose individually identifiable information 
contained in a record in this system of records under the routine uses 
listed in this system of records without the consent of the individual 
if the disclosure is compatible with the purpose(s) for which the 
record was collected. The Department may make these disclosures on a 
case-by-case basis or, if the Department has complied with the computer 
matching requirements of the Privacy Act of 1974, as amended (Privacy 
Act), under a computer matching agreement.
    (1) Congressional Member Disclosure. The Department may disclose 
information to a member of Congress and to his or her staff from the 
records of an individual in response to an inquiry from the member made 
at the written request of that individual. The member's right to the 
information is no greater than the right of the individual who 
requested the inquiry.
    (2) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
    (a) Introduction. In the event that one of the parties listed in 
sub-paragraphs (i) through (v) is involved in judicial or 
administrative litigation or ADR, or has an interest in judicial or 
administrative litigation or ADR, the Department may disclose certain 
records to the parties described in paragraphs (b), (c), and (d) of 
this routine use under the conditions specified in those paragraphs:
    (i) The Department or any of its components;
    (ii) Any Department employee in his or her official capacity;
    (iii) Any Department employee in his or her individual capacity if 
the U.S. Department of Justice (DOJ) agrees to or has been requested to 
provide or arrange for representation for the employee;
    (iv) Any Department employee in his or her individual capacity 
where the Department has agreed to represent the employee; or
    (v) The United States where the Department determines that the 
litigation is likely to affect the Department or any of its components.
    (b) Disclosure to the DOJ. If the Department determines that 
disclosure of certain records to the DOJ is relevant and necessary to 
judicial or administrative litigation or ADR, the Department may 
disclose those records as a routine use to DOJ.
    (c) Adjudicative Disclosure. If the Department determines that 
disclosure of certain records to an adjudicative body before which the 
Department is authorized to appear, to a person or entity designated by 
the Department or otherwise empowered to resolve or mediate disputes, 
is relevant and necessary to judicial or administrative litigation or 
ADR, the Department may disclose those records as a routine use to the 
adjudicative body, person, or entity.
    (d) Disclosure to Parties, Counsel, Representatives, or Witnesses. 
If the Department determines that disclosure of certain records is 
relevant and necessary to judicial or administrative litigation or ADR, 
the Department may disclose those records as a routine use to the 
party, counsel, representative, or witness.
    (3) Enforcement Disclosure. If information in this system of 
records, alone or in connection with other information, indicates a 
violation or potential violation of any applicable statutory, 
regulatory, or legally binding requirement, the Department may disclose 
records to an entity charged with investigating or prosecuting such 
violation or potential violation.
    (4) Employment, Benefit, and Contracting Disclosure.
    (a) For Decisions by the Department. The Department may disclose a 
record to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement or other pertinent records, or 
to another public authority or professional organization, if necessary 
to obtain information relevant to a Department decision concerning the 
hiring or retention of an employee or other personnel action, the 
issuance of a security clearance, the letting of a contract, or the 
issuance of a license, grant, or other benefit.
    (b) For Decisions by Other Public Agencies and Professional 
Organizations. The Department may disclose a record to a Federal, 
State, local, or foreign agency or other public authority or 
professional organization, in connection with its decision concerning 
the hiring or retention of an

[[Page 35765]]

employee or other personnel action, the issuance of a security 
clearance, the reporting of an investigation of an employee, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit, to the extent that the record is relevant and necessary to the 
receiving entity's decision on the matter.
    (5) Employee Grievance, Complaint, or Conduct Disclosure. If a 
record is relevant and necessary to an employee grievance, complaint, 
or disciplinary action involving a present or former employee of the 
Department, the Department may disclose a record in this system of 
records in the course of investigation, fact-finding, or adjudication, 
to any party to the grievance, complaint, or action; to the party's 
counsel or representative; to a witness; or to a designated fact-
finder, mediator, or other person designated to resolve issues or 
decide the matter.
    (6) Labor Organization Disclosure. The Department may disclose 
records from this system of records to an arbitrator to resolve 
disputes under a negotiated grievance procedure or to officials of 
labor organizations recognized under 5 U.S.C. chapter 71 when relevant 
and necessary to their duties of exclusive representation.
    (7) Freedom of Information Act (FOIA) or Privacy Act Advice 
Disclosure. The Department may disclose records to DOJ or OMB if the 
Department concludes that disclosure is desirable or necessary in 
determining whether particular records are required to be disclosed 
under FOIA or the Privacy Act.
    (8) Contract Disclosure. If the Department contracts with an entity 
for the purposes of performing any function that requires disclosure of 
records in this system to the employees of the contractor, the 
Department may disclose the records to those employees. As part of such 
a contract, the Department shall require the contractor to agree to 
establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records.
    (9) Research Disclosure. The Department may disclose records to a 
researcher if an appropriate official of the Department determines that 
the individual or organization to which the disclosure would be made is 
qualified to carry out specific research related to functions or 
purposes of this system of records. The official may disclose records 
from this system of records to that researcher solely for the purpose 
of carrying out that research related to the functions or purposes of 
this system of records. The researcher shall be required to agree to 
establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records.
    (10) Disclosure in the Course of Responding to a Breach of Data. 
The Department may disclose records from this system to appropriate 
agencies, entities, and persons when (a) the Department suspects or has 
confirmed that there has been a breach of the system of records; (b) 
the Department has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Department 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (c) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Department's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (11) Disclosure in Assisting another Agency in Responding to a 
Breach of Data. The Department may disclose records from this system to 
another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (12) Disclosure in the Course of Responding to a Security Incident. 
The Department may disclose records to appropriate governmental 
agencies, entities, and persons when (a) the Department suspects or has 
confirmed that there has been a security incident involving the system 
of records; (b) the Department has determined that as a result of the 
suspected or confirmed security incident, there is a risk of harm to 
individuals, the Department (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (c) the disclosure made to such governmental agencies, 
entities, and persons is necessary to assist in connection with the 
Department's efforts to respond to such suspected or confirmed security 
incident or to prevent, minimize, or remedy such harm.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored on an encrypted server within a secured and 
controlled environment. There are no hardcopy records that require 
additional storage.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by a combination of name and other unique 
personal identifiers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of in accordance with General 
Records Schedule (GRS) 3.2, Item 030 (DAA-GRS-2013-0006-0003) and Item 
031 (DAA-GRS-2013-0006-0004). GRS 3.2, Item 030, requires destruction 
of records when business use ceases; and, GRS 3.2, Item 031, requires 
destruction of records 6 years after password is altered or user 
account is terminated, but longer retention is authorized if required 
for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All physical access to the Department site, and the sites of 
Department contractors where this system of records is maintained, is 
controlled and monitored by security personnel who check each 
individual entering the building for his or her employee or visitor 
badge. The computer systems employed by the Department offer a high 
degree of resistance to tampering and circumvention. These security 
systems limit data access to Department and contract staff on a ``need 
to know'' basis and control individual users' ability to access and 
alter records within the system. All users of this system of records 
are given a unique user ID with personal identifiers. All interactions 
by individual users with the system are recorded.

RECORD ACCESS PROCEDURES:
    If you wish to gain access to a record regarding you in this system 
of records, contact the system manager at the address listed above. You 
must provide the system manager with the necessary particulars such as 
your full, legal name, date of birth, work address, country of 
citizenship, and any other identifying information requested by the 
Department while processing the request in order to distinguish between 
individuals with the same name. Requesters must also reasonably specify 
the record contents sought. Your request must meet the requirements of 
the regulations at 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:
    If you wish to contest the content of a record regarding you in 
this system of records, contact the system manager at

[[Page 35766]]

the address listed above. You must provide your full, legal name, and 
any other identifying information requested by the Department while 
processing the request in order to distinguish between individuals with 
the same name. You must also specify the information to be contested. 
Your request must meet the requirements of the regulations at 34 CFR 
5b.7.

NOTIFICATION PROCEDURES:
    If you wish to determine whether a record exists regarding you in 
this system of records, contact the system manager at the address 
listed above. You must provide necessary particulars such as your full, 
legal name, date of birth, work address, country of citizenship, and 
any other identifying information requested by the Department while 
processing the request to distinguish between individuals with the same 
name. Your request must meet the requirements of the regulations at 34 
CFR 5b.5, including proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2021-14409 Filed 7-6-21; 8:45 am]
BILLING CODE 4000-01-P