Privacy Act of 1974; System of Records, 67690-67692 [2022-24423]
Download as PDF
<![CDATA[
67690
Federal Register / Vol. 87, No. 216 / Wednesday, November 9, 2022 / Notices
Regulatory Secretariat Division has
submitted to the Office of Management
and Budget (OMB) a request to review
and approve an extension of a
previously approved information
collection requirement regarding
contractor use of interagency fleet
management system (IFMS) vehicles.
DATES: Submit comments on or before
December 9, 2022.
ADDRESSES: Written comments and
recommendations for this information
collection should be sent within 30 days
of publication of this notice to
www.reginfo.gov/public/do/PRAMain.
Find this particular information
collection by selecting ‘‘Currently under
Review—Open for Public Comments’’ or
by using the search function.
Additionally, submit a copy to GSA
through https://www.regulations.gov
and follow the instructions on the site.
This website provides the ability to type
short comments directly into the
comment field or attach a file for
lengthier comments.
Instructions: All items submitted
must cite OMB Control No. 9000–0032,
Contractor Use of Interagency Fleet
Management System Vehicles.
Comments received generally will be
posted without change to https://
www.regulations.gov, including any
personal and/or business confidential
information provided. To confirm
receipt of your comment(s), please
check www.regulations.gov,
approximately two to three days after
submission to verify posting. If there are
difficulties submitting comments,
contact the GSA Regulatory Secretariat
Division at 202–501–4755 or
GSARegSec@gsa.gov.
FOR FURTHER INFORMATION CONTACT:
Marissa Ryba, Procurement Analyst, at
telephone 314–586–1280, or
marissa.ryba@gsa.gov.
SUPPLEMENTARY INFORMATION:
A. OMB Control Number, Title, and
Any Associated Form(s)
9000–0032, Contractor Use of
Interagency Fleet Management System
Vehicles.
khammond on DSKJM1Z7X2PROD with NOTICES
B. Needs and Uses
This clearance covers the information
that contractors must submit to comply
with the following FAR requirements:
FAR 51.202—For the contracting
officer to authorize a contractor’s use of
Interagency Fleet Management System
(IFMS) vehicles, this FAR section
requires contractors to submit the
following information:
(1) A written statement that the
contractor will assume, without the
right of reimbursement from the
VerDate Sep<11>2014
17:09 Nov 08, 2022
Jkt 259001
Government, the cost or expense of any
use of the IFMS vehicles and services
not related to the performance of the
contract;
(2) Evidence that the contractor has
obtained motor vehicle liability
insurance covering bodily injury and
property damage, with limits of liability
as required or approved by the agency,
protecting the contractor and the
Government against third-party claims
arising from the ownership,
maintenance, or use of an IFMS vehicle;
and
(3) Any recommendations.
FAR 51.203—Once authorized by the
contracting officer, this FAR section
requires contractors to submit their
request for IFMS vehicles and related
services in writing to the appropriate
GSA point of contact and include the
following information:
(1) Two copies of the agency
authorization;
(2) The number of vehicles and
related services required and period of
use;
(3) A list of employees who are
authorized to request the vehicles or
related services;
(4) A listing of equipment authorized
to be serviced; and
(5) Billing instructions and address.
The contracting officer will use the
information to determine the
contractor’s eligibility to obtain IFMS
vehicles and related services, and to
authorize this use. The GSA will also
use this information to determine
whether appropriate authorization has
been granted by the contracting officer.
C. Annual Burden
Respondents: 20.
Total Annual Responses: 20.
Total Burden Hours: 20.
D. Public Comment
A 60-day notice was published in the
Federal Register at 87 FR 53747, on
September 1, 2022. No comments were
received.
Obtaining Copies: Requesters may
obtain a copy of the information
collection documents from the GSA
Regulatory Secretariat Division, by
calling 202–501–4755 or emailing
GSARegSec@gsa.gov. Please cite OMB
Control No. 9000–0032, Contractor Use
of Interagency Fleet Management
System Vehicles.
Janet Fry,
Director, Federal Acquisition Policy Division,
Office of Governmentwide Acquisition Policy,
Office of Acquisition Policy, Office of
Governmentwide Policy.
[FR Doc. 2022–24422 Filed 11–8–22; 8:45 am]
BILLING CODE 6820–EP–P
PO 00000
Frm 00022
Fmt 4703
Sfmt 4703
GENERAL SERVICES
ADMINISTRATION
[Notice–ID–2022–03; Docket No. 2022–0002;
Sequence No. 27]
Privacy Act of 1974; System of
Records
General Services
Administration (GSA).
ACTION: Notice of a new system of
records.
AGENCY:
The purpose of the system of
records is to maintain personal contact
information of government employees
in order to ship home office equipment.
DATES: This system of records will go
into effect without further notice on
December 9, 2022 unless otherwise
revised pursuant to comments received.
ADDRESSES: You may submit comments
by any of the following methods:
• By email to the GSA Privacy Act
Officer: gsa.privacyact@gsa.gov.
• By mail to: Privacy Office (IDE),
GSA, 1800 F Street NW, Washington,
DC 20405.
FOR FURTHER INFORMATION CONTACT:
Richard Speidel, Chief Privacy Officer,
GSA, by email at gsa.privacyact@gsa.gov
or by phone at 202–969–5830.
SUPPLEMENTARY INFORMATION: The
General Services Administration seeks
to establish a new system of records for
the GSA Advantage! program. GSA
Advantage! is an online shopping and
ordering system used by government
agencies to purchase goods and services.
GSA seeks to use GSA Advantage! As a
medium for government employees to
order home office equipment. This
system of records will securely manage
users’ personal contact information to
facilitate shipping this equipment
directly to federal employees’ personal
mailing addresses.
SUMMARY:
SYSTEM NAME AND NUMBER:
GSA Advantage!—GSA/ADV–1.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The General Services Administration
(GSA) Federal Acquisition Service
(FAS) is the owner of the system. The
system is hosted, operated, and
maintained by GSA staff and
contractors. Records are maintained in
an electronic form on servers housed at
government facilities within the United
States. Contact the system manager for
additional information.
SYSTEM MANAGER(S):
Director, eCommerce Division GSA
IT, Office of Acquisition IT Services,
1800 F St. NW, Washington, DC 20405.
E:\FR\FM\09NON1.SGM
09NON1
Federal Register / Vol. 87, No. 216 / Wednesday, November 9, 2022 / Notices
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
E-Government Act of 2002, Public
Law 107–347 Sec. 204 (44 U.S.C. 3501
note); 40 U.S.C. 501; Public Law 104–52
Sec 620; 40 U.S.C. 587(c)(3).
PURPOSE(S) OF THE SYSTEM:
GSA Advantage! is the government’s
online electronic shopping and ordering
system. The purpose for the GSA
Advantage! Program collecting
Personally Identifiable Information (PII)
is to allow the purchase and shipment
of home office equipment directly to
federal employees.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Individuals covered by the system are
federal employees.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains information
related to the purchase and shipment of
home office equipment through the GSA
Advantage! platform. Data elements
include the covered individual’s:
• full name;
• email address;
• phone number; and
• home address.
RECORD SOURCE CATEGORIES:
Information is obtained from covered
individuals ordering home office
equipment.
khammond on DSKJM1Z7X2PROD with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed to authorized entities, as is
determined to be relevant and
necessary, outside GSA as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as
follows:
a. To the on-line ordering fulfillment
contractor to allow for the confirmation
by email of orders received, fulfilled
and closed.
b. To shipping contractors or
government agencies responsible for
mailing services to ship the equipment
to employees.
c. To an expert, consultant, or other
contractor of GSA in the performance of
a federal duty to which the information
is relevant.
d. To an appropriate federal, state,
tribal, local, international, or foreign law
enforcement agency or other appropriate
authority charged with investigating or
prosecuting a violation or enforcing or
implementing a law, rule, regulation, or
order, where a record, either on its face
or in conjunction with other
VerDate Sep<11>2014
17:09 Nov 08, 2022
Jkt 259001
information, indicates a violation or
potential violation of law, which
includes criminal, civil, or regulatory
violations.
e. To the Department of Justice (DOJ)
or other federal agency conducting
litigation or in proceedings before any
court, adjudicative or administrative
body, when: (a) GSA or any component
thereof, or (b) any employee of GSA in
his/her official capacity, or (c) any
employee of GSA in his/her individual
capacity where DOJ or GSA has agreed
to represent the employee, or (d) the
United States or any agency thereof, is
a party to the litigation or has an interest
in such litigation, and GSA determines
that the records are both relevant and
necessary to the litigation.
f. To a court in connection with any
litigation or settlement discussions
regarding claims by or against GSA, to
the extent that GSA determines the
disclosure of the information is relevant
and necessary to the litigation or
discussions.
g. To an appeal, grievance, hearing, or
complaints examiner; an equal
employment opportunity investigator,
arbitrator, or mediator; and an exclusive
representative or other person
authorized to investigate or settle a
grievance, complaint, or appeal filed by
an individual who is the subject of the
record.
h. To the National Archives and
Records Administration (NARA) for
records management purposes.
i. To the Office of Personnel
Management (OPM), the Office of
Management and Budget (OMB), and
the Government Accountability Office
(GAO) in accordance with their
responsibilities for evaluating federal
programs.
j. To a Member of Congress or his or
her staff on behalf of and at the request
of the individual who is the subject of
the record.
k. To another federal agency or federal
entity, when GSA determines that
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
federal government, or national security,
resulting from a suspected or confirmed
breach.
l. To appropriate agencies, entities,
and persons when (1) GSA suspects or
has confirmed that the security or
confidentiality of information in the
system of records has been
compromised; (2) GSA has determined
PO 00000
Frm 00023
Fmt 4703
Sfmt 4703
67691
that as a result of the suspected or
confirmed compromise there is a risk of
harm to economic or property interests,
identity theft or fraud, or harm to the
security or integrity of this system or
other systems or programs (whether
maintained by GSA or another agency or
entity) that rely upon the compromised
information; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with GSA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
All records are stored in a secure data
center. PII is encrypted in transit,
encrypted at rest, and not viewable by
other users.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Application administrators can
retrieve records by any field search
using their administrative login via
Multi-Factor authentication (including
appropriate background investigation
and access approvals). All direct data
retrievals are logged for tracking.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
System records are retained and
disposed of according to GSA records
maintenance and disposition schedules,
the requirements of the Recovery Board,
and the National Archives and Records
Administration guidance.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
System records are safeguarded in
accordance with the requirements of the
Privacy Act, the Computer Security Act,
and the GSA Advantage! System
Security Plan. System roles are assigned
with specific permissions to allow or
prevent accessing certain information.
Records in the system are protected
from unauthorized access and misuse
through a combination of
administrative, technical, and physical
security measures. Administrative
measures include, but are not limited to,
policies that limit system access to
individuals within an agency with a
legitimate business need, and regular
review of security procedures and best
practices to enhance security. Technical
measures include but are not limited to
system design that enforces separation
of duties for privileged users including
role-based access controls; multi-factor
authentication with strong passwords
that are frequently changed; FIPS 140–
2 compliant database encryption, and
FIPS 140–2 compliant encryption in
E:\FR\FM\09NON1.SGM
09NON1
67692
Federal Register / Vol. 87, No. 216 / Wednesday, November 9, 2022 / Notices
transit. Physical security measures
include but are not limited to the use of
secure data centers which meet
government requirements for storage of
sensitive data.
RECORD ACCESS PROCEDURES:
Requests for access to records should
be directed to the system manager.
Individuals seeking access to their
records in this system of records may
submit a request by following the
instructions provided in 41 CFR part
105–64.2.
CONTESTING RECORD PROCEDURES:
Individuals wishing to contest the
content of records about themselves
contained in this system of records
should contact the system manager at
the address above. See 41 CFR part 105–
64.4 for full details on what to include
in a Privacy Act amendment request.
NOTIFICATION PROCEDURES:
Individuals seeking notification of
any records about themselves contained
in this system of records should contact
the system manager at the address
above. Follow the procedures on
accessing records in 41 CFR part 105–
64.2 to request such notification.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
N/A.
Richard Speidel,
Chief Privacy Officer, Enterprise Data &
Privacy Management Office, General Services
Administration.
[FR Doc. 2022–24423 Filed 11–8–22; 8:45 am]
BILLING CODE 6820–34–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Medicare & Medicaid
Services
[Document Identifier: CMS–R–262]
Agency Information Collection
Activities: Proposed Collection;
Comment Request
FOR FURTHER INFORMATION CONTACT:
Centers for Medicare &
Medicaid Services, Health and Human
Services (HHS).
ACTION: Notice.
Contents
The Centers for Medicare &
Medicaid Services (CMS) is announcing
an opportunity for the public to
comment on CMS’ intention to collect
information from the public. Under the
Paperwork Reduction Act of 1995 (the
PRA), federal agencies are required to
This notice sets out a summary of the
use and burden associated with the
following information collections. More
detailed information can be found in
each collection’s supporting statement
and associated materials (see
ADDRESSES).
AGENCY:
khammond on DSKJM1Z7X2PROD with NOTICES
publish notice in the Federal Register
concerning each proposed collection of
information (including each proposed
extension or reinstatement of an existing
collection of information) and to allow
60 days for public comment on the
proposed action. Interested persons are
invited to send comments regarding our
burden estimates or any other aspect of
this collection of information, including
the necessity and utility of the proposed
information collection for the proper
performance of the agency’s functions,
the accuracy of the estimated burden,
ways to enhance the quality, utility, and
clarity of the information to be
collected, and the use of automated
collection techniques or other forms of
information technology to minimize the
information collection burden.
DATES: Comments must be received by
January 9, 2023.
ADDRESSES: When commenting, please
reference the document identifier or
OMB control number. To be assured
consideration, comments and
recommendations must be submitted in
any one of the following ways:
1. Electronically. You may send your
comments electronically to https://
www.regulations.gov. Follow the
instructions for ‘‘Comment or
Submission’’ or ‘‘More Search Options’’
to find the information collection
document(s) that are accepting
comments.
2. By regular mail. You may mail
written comments to the following
address: CMS, Office of Strategic
Operations and Regulatory Affairs,
Division of Regulations Development,
Attention: Document Identifier/OMB
Control Number: ll, Room C4–26–05,
7500 Security Boulevard, Baltimore,
Maryland 21244–1850.
To obtain copies of a supporting
statement and any related forms for the
proposed collection(s) summarized in
this notice, please access the CMS PRA
website by copying and pasting the
following web address into your web
browser: https://www.cms.gov/
Regulations-and-Guidance/Legislation/
PaperworkReductionActof1995/PRAListing.
SUMMARY:
VerDate Sep<11>2014
17:09 Nov 08, 2022
Jkt 259001
William N. Parham at (410) 786–4669.
SUPPLEMENTARY INFORMATION:
PO 00000
Frm 00024
Fmt 4703
Sfmt 4703
CMS–R–262—CMS Plan Benefit
Package (PBP) and Formulary CY
2024
Under the PRA (44 U.S.C. 3501–
3520), federal agencies must obtain
approval from the Office of Management
and Budget (OMB) for each collection of
information they conduct or sponsor.
The term ‘‘collection of information’’ is
defined in 44 U.S.C. 3502(3) and 5 CFR
1320.3(c) and includes agency requests
or requirements that members of the
public submit reports, keep records, or
provide information to a third party.
Section 3506(c)(2)(A) of the PRA
requires federal agencies to publish a
60-day notice in the Federal Register
concerning each proposed collection of
information, including each proposed
extension or reinstatement of an existing
collection of information, before
submitting the collection to OMB for
approval. To comply with this
requirement, CMS is publishing this
notice.
Information Collection
1. Type of Information Collection
Request: Revision of a currently
approved collection; Title of
Information Collection: CMS Plan
Benefit Package (PBP) and Formulary
CY 2024; Use: Under the Medicare
Modernization Act (MMA), Medicare
Advantage (MA) and Prescription Drug
Plan (PDP) organizations are required to
submit plan benefit packages for all
Medicare beneficiaries residing in their
service area. The plan benefit package
submission consists of the Plan Benefit
Package (PBP) software, formulary file,
and supporting documentation, as
necessary. MA and PDP organizations
use the PBP software to describe their
organization’s plan benefit packages,
including information on premiums,
cost sharing, authorization rules, and
supplemental benefits. They also
generate a formulary to describe their
list of drugs, including information on
prior authorization, step therapy,
tiering, and quantity limits.
CMS requires that MA and PDP
organizations submit a completed PBP
and formulary as part of the annual
bidding process. During this process,
organizations prepare their proposed
plan benefit packages for the upcoming
contract year and submit them to CMS
for review and approval. CMS uses this
data to review and approve the benefit
packages that the plans will offer to
Medicare beneficiaries. This allows
CMS to review the benefit packages in
a consistent way across all submitted
bids during with incredibly tight
timeframes. This data is also used to
populate data on Medicare Plan Finder,
E:\FR\FM\09NON1.SGM
09NON1
]]>Agencies
[Federal Register Volume 87, Number 216 (Wednesday, November 9, 2022)]
[Notices]
[Pages 67690-67692]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-24423]
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
[Notice-ID-2022-03; Docket No. 2022-0002; Sequence No. 27]
Privacy Act of 1974; System of Records
AGENCY: General Services Administration (GSA).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The purpose of the system of records is to maintain personal
contact information of government employees in order to ship home
office equipment.
DATES: This system of records will go into effect without further
notice on December 9, 2022 unless otherwise revised pursuant to
comments received.
ADDRESSES: You may submit comments by any of the following methods:
By email to the GSA Privacy Act Officer:
[email protected].
By mail to: Privacy Office (IDE), GSA, 1800 F Street NW,
Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT: Richard Speidel, Chief Privacy
Officer, GSA, by email at [email protected] or by phone at 202-
969-5830.
SUPPLEMENTARY INFORMATION: The General Services Administration seeks to
establish a new system of records for the GSA Advantage! program. GSA
Advantage! is an online shopping and ordering system used by government
agencies to purchase goods and services. GSA seeks to use GSA
Advantage! As a medium for government employees to order home office
equipment. This system of records will securely manage users' personal
contact information to facilitate shipping this equipment directly to
federal employees' personal mailing addresses.
SYSTEM NAME AND NUMBER:
GSA Advantage!--GSA/ADV-1.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The General Services Administration (GSA) Federal Acquisition
Service (FAS) is the owner of the system. The system is hosted,
operated, and maintained by GSA staff and contractors. Records are
maintained in an electronic form on servers housed at government
facilities within the United States. Contact the system manager for
additional information.
SYSTEM MANAGER(S):
Director, eCommerce Division GSA IT, Office of Acquisition IT
Services, 1800 F St. NW, Washington, DC 20405.
[[Page 67691]]
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
E-Government Act of 2002, Public Law 107-347 Sec. 204 (44 U.S.C.
3501 note); 40 U.S.C. 501; Public Law 104-52 Sec 620; 40 U.S.C.
587(c)(3).
PURPOSE(S) OF THE SYSTEM:
GSA Advantage! is the government's online electronic shopping and
ordering system. The purpose for the GSA Advantage! Program collecting
Personally Identifiable Information (PII) is to allow the purchase and
shipment of home office equipment directly to federal employees.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system are federal employees.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains information related to the purchase and
shipment of home office equipment through the GSA Advantage! platform.
Data elements include the covered individual's:
full name;
email address;
phone number; and
home address.
RECORD SOURCE CATEGORIES:
Information is obtained from covered individuals ordering home
office equipment.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed to authorized
entities, as is determined to be relevant and necessary, outside GSA as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
a. To the on-line ordering fulfillment contractor to allow for the
confirmation by email of orders received, fulfilled and closed.
b. To shipping contractors or government agencies responsible for
mailing services to ship the equipment to employees.
c. To an expert, consultant, or other contractor of GSA in the
performance of a federal duty to which the information is relevant.
d. To an appropriate federal, state, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face or in conjunction with other information, indicates a
violation or potential violation of law, which includes criminal,
civil, or regulatory violations.
e. To the Department of Justice (DOJ) or other federal agency
conducting litigation or in proceedings before any court, adjudicative
or administrative body, when: (a) GSA or any component thereof, or (b)
any employee of GSA in his/her official capacity, or (c) any employee
of GSA in his/her individual capacity where DOJ or GSA has agreed to
represent the employee, or (d) the United States or any agency thereof,
is a party to the litigation or has an interest in such litigation, and
GSA determines that the records are both relevant and necessary to the
litigation.
f. To a court in connection with any litigation or settlement
discussions regarding claims by or against GSA, to the extent that GSA
determines the disclosure of the information is relevant and necessary
to the litigation or discussions.
g. To an appeal, grievance, hearing, or complaints examiner; an
equal employment opportunity investigator, arbitrator, or mediator; and
an exclusive representative or other person authorized to investigate
or settle a grievance, complaint, or appeal filed by an individual who
is the subject of the record.
h. To the National Archives and Records Administration (NARA) for
records management purposes.
i. To the Office of Personnel Management (OPM), the Office of
Management and Budget (OMB), and the Government Accountability Office
(GAO) in accordance with their responsibilities for evaluating federal
programs.
j. To a Member of Congress or his or her staff on behalf of and at
the request of the individual who is the subject of the record.
k. To another federal agency or federal entity, when GSA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the federal
government, or national security, resulting from a suspected or
confirmed breach.
l. To appropriate agencies, entities, and persons when (1) GSA
suspects or has confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) GSA has
determined that as a result of the suspected or confirmed compromise
there is a risk of harm to economic or property interests, identity
theft or fraud, or harm to the security or integrity of this system or
other systems or programs (whether maintained by GSA or another agency
or entity) that rely upon the compromised information; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with GSA's efforts to respond to the
suspected or confirmed compromise and prevent, minimize, or remedy such
harm.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
All records are stored in a secure data center. PII is encrypted in
transit, encrypted at rest, and not viewable by other users.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Application administrators can retrieve records by any field search
using their administrative login via Multi-Factor authentication
(including appropriate background investigation and access approvals).
All direct data retrievals are logged for tracking.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
System records are retained and disposed of according to GSA
records maintenance and disposition schedules, the requirements of the
Recovery Board, and the National Archives and Records Administration
guidance.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
System records are safeguarded in accordance with the requirements
of the Privacy Act, the Computer Security Act, and the GSA Advantage!
System Security Plan. System roles are assigned with specific
permissions to allow or prevent accessing certain information. Records
in the system are protected from unauthorized access and misuse through
a combination of administrative, technical, and physical security
measures. Administrative measures include, but are not limited to,
policies that limit system access to individuals within an agency with
a legitimate business need, and regular review of security procedures
and best practices to enhance security. Technical measures include but
are not limited to system design that enforces separation of duties for
privileged users including role-based access controls; multi-factor
authentication with strong passwords that are frequently changed; FIPS
140-2 compliant database encryption, and FIPS 140-2 compliant
encryption in
[[Page 67692]]
transit. Physical security measures include but are not limited to the
use of secure data centers which meet government requirements for
storage of sensitive data.
RECORD ACCESS PROCEDURES:
Requests for access to records should be directed to the system
manager. Individuals seeking access to their records in this system of
records may submit a request by following the instructions provided in
41 CFR part 105-64.2.
CONTESTING RECORD PROCEDURES:
Individuals wishing to contest the content of records about
themselves contained in this system of records should contact the
system manager at the address above. See 41 CFR part 105-64.4 for full
details on what to include in a Privacy Act amendment request.
NOTIFICATION PROCEDURES:
Individuals seeking notification of any records about themselves
contained in this system of records should contact the system manager
at the address above. Follow the procedures on accessing records in 41
CFR part 105-64.2 to request such notification.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
N/A.
Richard Speidel,
Chief Privacy Officer, Enterprise Data & Privacy Management Office,
General Services Administration.
[FR Doc. 2022-24423 Filed 11-8-22; 8:45 am]
BILLING CODE 6820-34-P
