Privacy Act of 1974; System of Records, 17219-17222 [2023-05806]
Download as PDF
<![CDATA[
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 88, No. 55 / Wednesday, March 22, 2023 / Notices
ISA and to provide a consultation on the
Lead IRP Volume 3.
Technical Contacts: Any technical
questions concerning the Lead ISA
should be directed to Dr. Evan Coffman
(coffman.evan@epa.gov). Any technical
questions concerning the Lead IRP
Volume 3 should be directed to Dr.
Deirdre Murphy (murphy.deirdre@
epa.gov).
Availability of Meeting Materials:
Prior to the meeting, the review
documents, agenda and other materials
will be accessible on the CASAC
website: https://casac.epa.gov.
Procedures for Providing Public Input:
Public comment for consideration by
EPA’s federal advisory committees and
panels has a different purpose from
public comment provided to EPA
program offices. Therefore, the process
for submitting comments to a federal
advisory committee is different from the
process used to submit comments to an
EPA program office. Federal advisory
committees and panels, including
scientific advisory committees, provide
independent advice to EPA. Members of
the public can submit relevant
comments on the topic of this advisory
activity, including the charge to the
CASAC and the EPA review documents,
and/or the group conducting the
activity, for the CASAC to consider as
it develops advice for EPA. Input from
the public to the CASAC will have the
most impact if it provides specific
scientific or technical information or
analysis for CASAC to consider or if it
relates to the clarity or accuracy of the
technical information. Members of the
public wishing to provide comment
should follow the instructions below to
submit comments.
Oral Statements: Individuals or
groups requesting an oral presentation
during the public meeting will be
limited to five minutes. Each person
making an oral statement should
consider providing written comments as
well as their oral statement so that the
points presented orally can be expanded
upon in writing. The public comment
period will be on June 13, 2023.
Interested parties should contact Mr.
Aaron Yeow, DFO, in writing
(preferably via email) at the contact
information noted above by June 6,
2023, to be placed on the list of public
speakers.
Written Statements: Written
statements will be accepted throughout
the advisory process; however, for
timely consideration by CASAC
members, statements should be
supplied to the DFO (preferably via
email) at the contact information noted
above by June 6, 2023. It is the SAB
Staff Office general policy to post
VerDate Sep<11>2014
16:52 Mar 21, 2023
Jkt 259001
written comments on the web page for
the advisory meeting or teleconference.
Submitters are requested to provide an
unsigned version of each document
because the SAB Staff Office does not
publish documents with signatures on
its websites. Members of the public
should be aware that their personal
contact information, if included in any
written comments, may be posted to the
CASAC website. Copyrighted material
will not be posted without explicit
permission of the copyright holder.
Accessibility: For information on
access or services for individuals with
disabilities, please contact Mr. Aaron
Yeow at (202) 564–2050 or yeow.aaron@
epa.gov. To request accommodation of a
disability, please contact the DFO, at the
contact information noted above,
preferably at least ten days prior to each
meeting, to give EPA as much time as
possible to process your request.
V. Khanna Johnston,
Deputy Director, Science Advisory Board Staff
Office.
[FR Doc. 2023–05815 Filed 3–21–23; 8:45 am]
BILLING CODE 6560–50–P
ENVIRONMENTAL PROTECTION
AGENCY
[FRL–10616–01–OMS]
Privacy Act of 1974; System of
Records
Office of Mission Support
(OMS), Environmental Protection
Agency (EPA).
ACTION: Notice of a modified system of
records.
AGENCY:
The U.S. Environmental
Protection Agency’s (EPA) Office of
Mission Support (OMS) is giving notice
that it proposes to modify a system of
records pursuant to the provisions of the
Privacy Act of 1974. The Office of
Administrative Services Information
System (OASIS) is being modified to
update safeguard infrastructure and
security measures, and add Routine
Uses.
SUMMARY:
Persons wishing to comment on
this system of records notice must do so
by April 21, 2023. New routine uses for
this modified system of records will be
effective April 21, 2023.
ADDRESSES: Submit your comments,
identified by Docket ID No. EPA–HQ–
OEI–2006–0633, by one of the following
methods:
Federal eRulemaking Portal: https://
www.regulations.gov. Follow the online
instructions for submitting comments.
DATES:
PO 00000
Frm 00043
Fmt 4703
Sfmt 4703
17219
Email: docket_oms@epa.gov. Include
the Docket ID number in the subject line
of the message.
Fax: (202) 566–1752.
Mail: OMS Docket, Environmental
Protection Agency, Mail Code: 2822T,
1200 Pennsylvania Ave. NW,
Washington, DC 20460.
Hand Delivery: OMS Docket, EPA/DC,
WJC West Building, Room 3334, 1301
Constitution Ave. NW, Washington, DC
20460. Such deliveries are only
accepted during the Docket’s normal
hours of operation, and special
arrangements should be made for
deliveries of boxed information.
Instructions: Direct your comments to
Docket ID No. EPA–HQ–OEI–2006–
0633. The EPA’s policy is that all
comments received will be included in
the public docket without change and
may be made available online at https://
www.regulations.gov, including any
personal information provided, unless
the comment includes information
claimed to be Controlled Unclassified
Information (CUI) or other information
for which disclosure is restricted by
statute. Do not submit information that
you consider to be CUI or otherwise
protected through https://
www.regulations.gov. The https://
www.regulations.gov website is an
‘‘anonymous access’’ system for the
EPA, which means the EPA will not
know your identity or contact
information. If you submit an electronic
comment, the EPA recommends that
you include your name and other
contact information in the body of your
comment. If the EPA cannot read your
comment due to technical difficulties
and cannot contact you for clarification,
the EPA may not be able to consider
your comment. If you send an email
comment directly to the EPA without
going through https://
www.regulations.gov, your email
address will be automatically captured
and included as part of the comment
that is placed in the public docket and
made available on the internet.
Electronic files should avoid the use of
special characters, any form of
encryption, and be free of any defects or
viruses. For additional information
about the EPA public docket, visit the
EPA Docket Center homepage at https://
www.epa.gov/dockets.
Docket: All documents in the docket
are listed in the https://
www.regulations.gov index. Although
listed in the index, some information is
not publicly available, e.g., CUI or other
information for which disclosure is
restricted by statute. Certain other
material, such as copyrighted material,
will be publicly available only in hard
copy. Publicly available docket
E:\FR\FM\22MRN1.SGM
22MRN1
17220
Federal Register / Vol. 88, No. 55 / Wednesday, March 22, 2023 / Notices
materials are available either
electronically in https://
www.regulations.gov or in hard copy at
the OMS Docket, EPA/DC, WJC West
Building, Room 3334, 1301 Constitution
Ave. NW, Washington, DC 20460. The
Public Reading Room is normally open
from 8:30 a.m. to 4:30 p.m., Monday
through Friday excluding legal holidays.
The telephone number for the Public
Reading Room is (202) 566–1744, and
the telephone number for the OMS
Docket is (202) 566–1752. Further
information about EPA Docket Center
services and current operating status is
available athttps://www.epa.gov/
dockets.
FOR FURTHER INFORMATION CONTACT:
James Cunningham,
cunningham.james@epa.gov, 202–564–
7212; Jackie Brown, brown.jackie@
epa.gov, 202–564–0313; or OMS-ARMOA-RMS@epa.gov.
SUPPLEMENTARY INFORMATION: EPA uses
OASIS as a secure platform to provide
software services to EPA employees
using EPA’s intranet, including a secure
database for the software modules the
system supports. EPA is updating this
SORN to reflect how OASIS has
modernized its operating system
platform, implemented a more secure
method for user authentication, and
completed a review and update to the
software modules the system supports.
SYSTEM LOCATION:
SYSTEM NAME AND NUMBER:
The purpose of OASIS is to
administer and manage administrative
resources for the EPA. There are
nineteen OASIS software modules. Each
module’s business purpose is described
in the following table:
Office of Administrative Services
Information System (OASIS), EPA–41.
SECURITY CLASSIFICATION:
Unclassified.
The system is managed by the Office
of Mission Support, EPA, 1301
Constitution Ave. NW, Washington, DC
20460. Electronically stored information
is hosted at the EPA National Computer
Center (NCC), 109 TW Alexander Drive,
Research Triangle Park, Durham, NC
27711.
SYSTEM MANAGER(S):
James Cunningham, Information
Technology Project Manager, 1301
Constitution Ave. NW, Washington, DC
20460, cunningham.james@epa.gov.
Jackie Brown, Information System
Security Officer, 1301 Constitution Ave.
NW, Washington, DC 20460,
brown.jackie@epa.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
E-Government Act of 2002 (Pub. L.
104–347); the Paperwork Reduction Act
of 1995, as amended (44 U.S.C. 3501, et
seq.); Executive Order 13571—
Streamlining Service Delivery and
Improving Customer Service (April
2011).
PURPOSE(S) OF THE SYSTEM:
OASIS software module
Business purpose
Building Service Desk .....................
Credential Badging .........................
Driver Tracking ................................
Manage Headquarters building maintenance and service calls.
Generate and manage issuance and expiration of Credential badges used to access restricted EPA labs.
Manage EPA Headquarters executive motor pool fleet of vehicles and track and report on EPA vehicle
usage trends.
Track and report environmental, health and safety regulatory compliance.
Manage EPA’s fleet life-cycle data such as acquisition costs, vehicle identification, operating costs, fuel
consumption, and disposal proceeds.
Facilitate yearly submission of the Federal Real Property Profile (FRPP) data to the General Services Administration (GSA).
Provide Facility Management Services Division with the capability to manage EPA Headquarters facility
projects.
Provide security incident reporting system for EPA Headquarters.
Record and track postal transaction costs associated with the Agency’s incoming and outgoing mail and
reconcile the costs with the Office of the Chief Financial Officer (OCFO) financial system.
Support EPA Security Management Division (SMD) in implementing the agency’s national security information program.
Manage EPA Headquarters parking spaces.
Provide EPA Headquarters employees with the capability to submit document print requests.
Track and maintain information for Headquarters Print Job Orders and manage Print Shop costs associated with these orders.
Provide SMD Physical Security Branch (PSB) the capability to read legacy Personnel Security System
data.
Manage EPA real property assets.
Provide Facility Management Services Divison (FMSD) with the capability to manage EPA Headquarters
employee Transit Subsidy accounts.
Provide Headquarters employees with the capability to register and update their Transit Subsidy accounts.
Environmental, Health and Safety ..
EPA Automotive Statistical Tool
(AST).
Federal Real Property Profile
(FRPP).
HQ Project Management ................
Incident Reporting ...........................
Mail Center ......................................
National Security Information ..........
Parking System ...............................
Print Request Form .........................
Print Request Tracking ...................
PSS1 Archive ..................................
Real Estate Management ...............
Transit Management .......................
lotter on DSK11XQN23PROD with NOTICES1
EPA is removing the following OASIS
software modules that are no longer in
use: Physical Security; Warehouse
Management; Fitness Center
Management; Combo Locks, Incidents,
Keys and Safe System; and Personnel
Security System. EPA is updating the
following OASIS software modules with
no impact to personally identifiable
information (PII): Building Service Desk,
Credential Badging, Driver Tracking,
Mail Center, National Security
Information, and Parking System
(previously Parking and Transit
System). EPA is adding the following
OASIS software modules with no
addition of new PII data elements:
Environmental Health and Safety, HQ
Project Management, Incident
Reporting, Print Request Form, Print
Request Tracking, PSS1 Archive, Transit
Management, Transit Subsidy Program
Enrollment, USA Performance (USAP),
and User Management. All OASIS
modules were updated to incorporate
Multi-Factor Authentication (MFA).
Additionally, EPA is updating this
SORN to add Routine Uses L and M per
updated OMB requirements.
Transit Subsidy Program Enrollment.
USA Performance ...........................
User Management ..........................
VerDate Sep<11>2014
16:52 Mar 21, 2023
Provide application programming interface (API) access to the Office of Personnel Management (OPM)
USA Performance (USAP) System to maintain performance related data for EPA employees.
Manage user access and roles for OASIS software modules.
Jkt 259001
PO 00000
Frm 00044
Fmt 4703
Sfmt 4703
E:\FR\FM\22MRN1.SGM
22MRN1
Federal Register / Vol. 88, No. 55 / Wednesday, March 22, 2023 / Notices
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Categories of individuals covered by
this system include current and former
Agency federal employee, contractors,
grantees, interns, and volunteers.
lotter on DSK11XQN23PROD with NOTICES1
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include:
personal information such as name,
home address, telephone number,
workforce ID, work location, position,
date of birth, city of birth, and Social
Security Number (SSN); work-related
information such as work address, work
telephone number, organization/office
assignment, application role(s), email
address, and company name; personnel
security records such as the results of a
background investigation, and
information derived from documents
used to verify applicant’s identity;
security incident related information
such as names, incident date, type,
description, contact information,
employment type; physical security
information such as building
vulnerabilities, mitigations, costs
associated with mitigation, and risk
designation levels at various EPA
locations; driver tracking information
such as EPA vehicle license plate
numbers, service records, driver name,
trip type, pickup date, and number of
passengers utilizing Agency buses;
parking and transit information such as
carpool members’ names, addresses,
work addresses, license plate numbers,
and type of cars as well as transit
subsidy information such as subsidy
amount, possession of a registered
Smart Trip card, and serial number of
Smart Trip card if registered; Mail
Center Management information used to
track registered mail, including mailing
address of the recipient and sender,
name of individual who signed for the
piece of mail, date and time mail was
signed for, and costs of postage for each
office; printing information such as
name and telephone number of the
office requesting print jobs, the budget
associated with the print job, and
completion and delivery of the print job;
physical asset information such as asset
name, ID, type, location, address, legal
interest, primary use and disposition;
and print request information such as
originator name, work phone number,
mail code, title, statistics, data
requested, date submitted, and
estimated cost.
RECORD SOURCE CATEGORIES:
Personnel information is obtained
from EPA’s Office of Human Resources
(OHR). Remaining information is
obtained from users and managers for
each OASIS module.
VerDate Sep<11>2014
16:52 Mar 21, 2023
Jkt 259001
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
The routine uses below are both
related to and compatible with the
original purpose for which the
information was collected. The
following general routine uses apply to
this system (86 FR 62527): A, B, C, D,
E, F, G, H, I, J, K, L, and M.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are maintained electronically
on computer storage devices, located at
U.S. EPA National Computer Center,
109 T.W. Alexander Drive, Research
Triangle Park, NC 27711. Paper records
are not collected nor maintained for
OASIS.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Only users authorized to use the
National Security Information (NSI)
module can retrieve information by
SSN. Other modules require one or
more of the following fields to retrieve
records: Name, Work Force ID, LAN ID,
Personnel ID, Email Address, Smart
Trip Number, Incident Number,
Business Service Desk (BSD) Ticket
Number, Asset ID, or Project Number.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records are retained and disposed of
in accordance with EPA’s records
control schedule approved by the
National Archives and Records
Administration (NARA): EPA Record
Schedules 0740 and 0063.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Security controls used to protect
personal sensitive data in OASIS are
commensurate with those required for
an information system rated
MODERATE for confidentiality,
integrity, and availability, as prescribed
in National Institute of Standards and
Technology (NIST) Special Publication,
800–53, ‘‘Security and Privacy Controls
for Information Systems and
Organizations,’’ Revision 5.
1. Administrative Safeguards: All EPA
system users are expected to follow the
Agency Rules of Behavior. All
employees, contractors, volunteers, and
grantees are required to complete EPA’s
annual Information Security and
Privacy Awareness Training and
Controlled Unclassified Information
(CUI) Awareness Training.
2. Technical Safeguards: Access to
OASIS is role-based using the principle
of least privilege. Role-based access
ensures that individuals only have the
roles granted to them that are necessary
PO 00000
Frm 00045
Fmt 4703
Sfmt 4703
17221
to complete their job function. These
roles could include the ability to view,
create, or modify records. A PIV
Credential is used for MFA user
authentication. OASIS data elements are
stored in an ORACLE Enterprise Edition
database and uses AES256 bit
encryption algorithms to protect PII data
as it resides in the database and when
the data is in use by authenticated users.
3. Physical Safeguards: All OASIS
records are maintained on computer
servers that are located in secure,
access-controlled buildings.
RECORD ACCESS PROCEDURES:
All requests for access to personal
records should cite the Privacy Act of
1974 and reference the type of request
being made (i.e., access). Requests must
include: (1) the name and signature of
the individual making the request; (2)
the name of the Privacy Act system of
records to which the request relates; (3)
a statement whether a personal
inspection of the records or a copy of
them by mail is desired; and (4) proof
of identity. A full description of EPA’s
Privacy Act procedures for requesting
access to records is included in EPA’s
Privacy Act regulations at 40 CFR part
16.
CONTESTING RECORD PROCEDURES:
Requests for correction or amendment
must include: (1) the name and
signature of the individual making the
request; (2) the name of the Privacy Act
system of records to which the request
relates; (3) a description of the
information sought to be corrected or
amended and the specific reasons for
the correction or amendment; and (4)
proof of identity. A full description of
EPA’s Privacy Act procedures for the
correction or amendment of a record is
included in EPA’s Privacy Act
regulations at 40 CFR part 16.
NOTIFICATION PROCEDURES:
Individuals who wish to be informed
whether a Privacy Act system of records
maintained by EPA contains any record
pertaining to them, should make a
written request to the EPA, Attn:
Agency Privacy Officer, MC 2831T,
1200 Pennsylvania Ave. NW,
Washington, DC 20460, or by email at:
privacy@epa.gov. A full description of
EPA’s Privacy Act procedures is
included in EPA’s Privacy Act
regulations at 40 CFR part 16.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
E:\FR\FM\22MRN1.SGM
22MRN1
17222
Federal Register / Vol. 88, No. 55 / Wednesday, March 22, 2023 / Notices
HISTORY:
3064–0029, –0112, –0125, and –0177).
The notices of the proposed renewal for
these information collections were
previously published in the Federal
Register on January 6, 2023, and
February 10, 2023, allowing for a 60-day
comment period.
DATES: Comments must be submitted on
or before April 21, 2023.
ADDRESSES: Interested parties are
invited to submit written comments to
the FDIC by any of the following
methods:
• Agency website: https://
www.fdic.gov/resources/regulations/
federal-register-publications/.
• Email: comments@fdic.gov. Include
the name and number of the collection
in the subject line of the message.
• Mail: Manny Cabeza (202–898–
3767), Regulatory Counsel, MB–3128,
Federal Deposit Insurance Corporation,
550 17th Street NW, Washington, DC
20429.
• Hand Delivery: Comments may be
hand-delivered to the guard station at
the rear of the 17th Street NW building
(located on F Street NW), on business
days between 7:00 a.m. and 5:00 p.m.
71 FR 51814 (August 31, 2006).
Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2023–05806 Filed 3–21–23; 8:45 am]
BILLING CODE 6560–50–P
FEDERAL DEPOSIT INSURANCE
CORPORATION
[OMB No. 3064–0029; –0112; –0125; –0177]
Agency Information Collection
Activities: Proposed Collection
Renewal; Comment Request
Federal Deposit Insurance
Corporation (FDIC).
ACTION: Notice and request for comment.
AGENCY:
The FDIC, as part of its
obligations under the Paperwork
Reduction Act of 1995, invites the
general public and other Federal
agencies to take this opportunity to
comment on the request to renew the
existing information collections
described below (OMB Control No.
SUMMARY:
Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain. Find this particular
information collection by selecting
‘‘Currently under 30-day Review—Open
for Public Comments’’ or by using the
search function.
FOR FURTHER INFORMATION CONTACT:
Manny Cabeza, Regulatory Counsel,
202–898–3767, mcabeza@fdic.gov, MB–
3128, Federal Deposit Insurance
Corporation, 550 17th Street NW,
Washington, DC 20429.
SUPPLEMENTARY INFORMATION:
Proposal to renew the following
currently approved collection of
information:
1. Title: Notification of Performance of
Bank Services.
OMB Number: 3064–0029.
Form Number: 6120/06.
Affected Public: Insured state
nonmember banks and state savings
associations.
Burden Estimate:
SUMMARY OF ESTIMATED ANNUAL BURDEN
[OMB No. 3064–0029]
Number of
respondents
Number of
responses per
respondent
Time per
response
(HH:MM)
Information collection
(obligation to respond)
Type of burden
(frequency of response)
Annual burden
(hours)
1. Notification of Performance of
Bank Services, 12 CFR 304.3
(Mandatory).
Reporting (On Occasion) .................
294
2.21
00:30
325
Total Annual Burden (Hours): ....
...........................................................
........................
........................
........................
325
Source: FDIC.
General Description of Collection:
Insured state nonmember banks are
required to notify the FDIC, under
section 7 of the Bank Service Company
Act (12 U.S.C. 1867), of the relationship
with a bank service company. The Form
FDIC 6120/06, Notification of
Performance of Bank Services, may be
used by banks to satisfy the notification
requirement. There is no change in the
method or substance of the collection.
The estimated number of respondents,
as well as the time per response and the
frequency of response have remained
the same.
2. Title: Real Estate Lending
Standards.
OMB Number: 3064–0112.
Forms: None.
Affected Public: Insured state
nonmember banks and state savings
associations.
Burden Estimate:
SUMMARY OF ESTIMATED ANNUAL BURDEN
lotter on DSK11XQN23PROD with NOTICES1
[OMB No. 3064–0112]
Number of
respondents
Number of
responses per
respondent
Time per
response
(HH:MM)
Information collection
(obligation to respond)
Type of burden
(frequency of response)
Annual burden
(hours)
1. Real Estate Lending Standards,
12 CFR 365 (Mandatory).
Recordkeeping (Annual) ..................
3,086
1
20:00
61,720
Total Annual Burden (Hours): ....
...........................................................
........................
........................
........................
61,720
Source: FDIC.
General Description of Collection:
Section 1828(o) of the Federal Deposit
VerDate Sep<11>2014
16:52 Mar 21, 2023
Jkt 259001
Insurance Act requires each federal
banking agency to adopt uniform
PO 00000
Frm 00046
Fmt 4703
Sfmt 4703
regulations prescribing real estate
lending standards. Part 365 of the FDIC
E:\FR\FM\22MRN1.SGM
22MRN1
]]>Agencies
[Federal Register Volume 88, Number 55 (Wednesday, March 22, 2023)]
[Notices]
[Pages 17219-17222]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-05806]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
[FRL-10616-01-OMS]
Privacy Act of 1974; System of Records
AGENCY: Office of Mission Support (OMS), Environmental Protection
Agency (EPA).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. Environmental Protection Agency's (EPA) Office of
Mission Support (OMS) is giving notice that it proposes to modify a
system of records pursuant to the provisions of the Privacy Act of
1974. The Office of Administrative Services Information System (OASIS)
is being modified to update safeguard infrastructure and security
measures, and add Routine Uses.
DATES: Persons wishing to comment on this system of records notice must
do so by April 21, 2023. New routine uses for this modified system of
records will be effective April 21, 2023.
ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OEI-2006-0633, by one of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov. Follow the
online instructions for submitting comments.
Email: [email protected]. Include the Docket ID number in the
subject line of the message.
Fax: (202) 566-1752.
Mail: OMS Docket, Environmental Protection Agency, Mail Code:
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334,
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are
only accepted during the Docket's normal hours of operation, and
special arrangements should be made for deliveries of boxed
information.
Instructions: Direct your comments to Docket ID No. EPA-HQ-OEI-
2006-0633. The EPA's policy is that all comments received will be
included in the public docket without change and may be made available
online at https://www.regulations.gov, including any personal
information provided, unless the comment includes information claimed
to be Controlled Unclassified Information (CUI) or other information
for which disclosure is restricted by statute. Do not submit
information that you consider to be CUI or otherwise protected through
https://www.regulations.gov. The https://www.regulations.gov website is
an ``anonymous access'' system for the EPA, which means the EPA will
not know your identity or contact information. If you submit an
electronic comment, the EPA recommends that you include your name and
other contact information in the body of your comment. If the EPA
cannot read your comment due to technical difficulties and cannot
contact you for clarification, the EPA may not be able to consider your
comment. If you send an email comment directly to the EPA without going
through https://www.regulations.gov, your email address will be
automatically captured and included as part of the comment that is
placed in the public docket and made available on the internet.
Electronic files should avoid the use of special characters, any form
of encryption, and be free of any defects or viruses. For additional
information about the EPA public docket, visit the EPA Docket Center
homepage at https://www.epa.gov/dockets.
Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some
information is not publicly available, e.g., CUI or other information
for which disclosure is restricted by statute. Certain other material,
such as copyrighted material, will be publicly available only in hard
copy. Publicly available docket
[[Page 17220]]
materials are available either electronically in https://www.regulations.gov or in hard copy at the OMS Docket, EPA/DC, WJC West
Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460.
The Public Reading Room is normally open from 8:30 a.m. to 4:30 p.m.,
Monday through Friday excluding legal holidays. The telephone number
for the Public Reading Room is (202) 566-1744, and the telephone number
for the OMS Docket is (202) 566-1752. Further information about EPA
Docket Center services and current operating status is available
athttps://www.epa.gov/dockets.
FOR FURTHER INFORMATION CONTACT: James Cunningham,
[email protected], 202-564-7212; Jackie Brown,
[email protected], 202-564-0313; or [email protected].
SUPPLEMENTARY INFORMATION: EPA uses OASIS as a secure platform to
provide software services to EPA employees using EPA's intranet,
including a secure database for the software modules the system
supports. EPA is updating this SORN to reflect how OASIS has modernized
its operating system platform, implemented a more secure method for
user authentication, and completed a review and update to the software
modules the system supports. EPA is removing the following OASIS
software modules that are no longer in use: Physical Security;
Warehouse Management; Fitness Center Management; Combo Locks,
Incidents, Keys and Safe System; and Personnel Security System. EPA is
updating the following OASIS software modules with no impact to
personally identifiable information (PII): Building Service Desk,
Credential Badging, Driver Tracking, Mail Center, National Security
Information, and Parking System (previously Parking and Transit
System). EPA is adding the following OASIS software modules with no
addition of new PII data elements: Environmental Health and Safety, HQ
Project Management, Incident Reporting, Print Request Form, Print
Request Tracking, PSS1 Archive, Transit Management, Transit Subsidy
Program Enrollment, USA Performance (USAP), and User Management. All
OASIS modules were updated to incorporate Multi-Factor Authentication
(MFA). Additionally, EPA is updating this SORN to add Routine Uses L
and M per updated OMB requirements.
SYSTEM NAME AND NUMBER:
Office of Administrative Services Information System (OASIS), EPA-
41.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system is managed by the Office of Mission Support, EPA, 1301
Constitution Ave. NW, Washington, DC 20460. Electronically stored
information is hosted at the EPA National Computer Center (NCC), 109 TW
Alexander Drive, Research Triangle Park, Durham, NC 27711.
SYSTEM MANAGER(S):
James Cunningham, Information Technology Project Manager, 1301
Constitution Ave. NW, Washington, DC 20460, [email protected].
Jackie Brown, Information System Security Officer, 1301 Constitution
Ave. NW, Washington, DC 20460, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
E-Government Act of 2002 (Pub. L. 104-347); the Paperwork Reduction
Act of 1995, as amended (44 U.S.C. 3501, et seq.); Executive Order
13571--Streamlining Service Delivery and Improving Customer Service
(April 2011).
PURPOSE(S) OF THE SYSTEM:
The purpose of OASIS is to administer and manage administrative
resources for the EPA. There are nineteen OASIS software modules. Each
module's business purpose is described in the following table:
------------------------------------------------------------------------
OASIS software module Business purpose
------------------------------------------------------------------------
Building Service Desk............. Manage Headquarters building
maintenance and service calls.
Credential Badging................ Generate and manage issuance and
expiration of Credential badges
used to access restricted EPA labs.
Driver Tracking................... Manage EPA Headquarters executive
motor pool fleet of vehicles and
track and report on EPA vehicle
usage trends.
Environmental, Health and Safety.. Track and report environmental,
health and safety regulatory
compliance.
EPA Automotive Statistical Tool Manage EPA's fleet life-cycle data
(AST). such as acquisition costs, vehicle
identification, operating costs,
fuel consumption, and disposal
proceeds.
Federal Real Property Profile Facilitate yearly submission of the
(FRPP). Federal Real Property Profile
(FRPP) data to the General Services
Administration (GSA).
HQ Project Management............. Provide Facility Management Services
Division with the capability to
manage EPA Headquarters facility
projects.
Incident Reporting................ Provide security incident reporting
system for EPA Headquarters.
Mail Center....................... Record and track postal transaction
costs associated with the Agency's
incoming and outgoing mail and
reconcile the costs with the Office
of the Chief Financial Officer
(OCFO) financial system.
National Security Information..... Support EPA Security Management
Division (SMD) in implementing the
agency's national security
information program.
Parking System.................... Manage EPA Headquarters parking
spaces.
Print Request Form................ Provide EPA Headquarters employees
with the capability to submit
document print requests.
Print Request Tracking............ Track and maintain information for
Headquarters Print Job Orders and
manage Print Shop costs associated
with these orders.
PSS1 Archive...................... Provide SMD Physical Security Branch
(PSB) the capability to read legacy
Personnel Security System data.
Real Estate Management............ Manage EPA real property assets.
Transit Management................ Provide Facility Management Services
Divison (FMSD) with the capability
to manage EPA Headquarters employee
Transit Subsidy accounts.
Transit Subsidy Program Enrollment Provide Headquarters employees with
the capability to register and
update their Transit Subsidy
accounts.
USA Performance................... Provide application programming
interface (API) access to the
Office of Personnel Management
(OPM) USA Performance (USAP) System
to maintain performance related
data for EPA employees.
User Management................... Manage user access and roles for
OASIS software modules.
------------------------------------------------------------------------
[[Page 17221]]
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Categories of individuals covered by this system include current
and former Agency federal employee, contractors, grantees, interns, and
volunteers.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include: personal information such as name,
home address, telephone number, workforce ID, work location, position,
date of birth, city of birth, and Social Security Number (SSN); work-
related information such as work address, work telephone number,
organization/office assignment, application role(s), email address, and
company name; personnel security records such as the results of a
background investigation, and information derived from documents used
to verify applicant's identity; security incident related information
such as names, incident date, type, description, contact information,
employment type; physical security information such as building
vulnerabilities, mitigations, costs associated with mitigation, and
risk designation levels at various EPA locations; driver tracking
information such as EPA vehicle license plate numbers, service records,
driver name, trip type, pickup date, and number of passengers utilizing
Agency buses; parking and transit information such as carpool members'
names, addresses, work addresses, license plate numbers, and type of
cars as well as transit subsidy information such as subsidy amount,
possession of a registered Smart Trip card, and serial number of Smart
Trip card if registered; Mail Center Management information used to
track registered mail, including mailing address of the recipient and
sender, name of individual who signed for the piece of mail, date and
time mail was signed for, and costs of postage for each office;
printing information such as name and telephone number of the office
requesting print jobs, the budget associated with the print job, and
completion and delivery of the print job; physical asset information
such as asset name, ID, type, location, address, legal interest,
primary use and disposition; and print request information such as
originator name, work phone number, mail code, title, statistics, data
requested, date submitted, and estimated cost.
RECORD SOURCE CATEGORIES:
Personnel information is obtained from EPA's Office of Human
Resources (OHR). Remaining information is obtained from users and
managers for each OASIS module.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The routine uses below are both related to and compatible with the
original purpose for which the information was collected. The following
general routine uses apply to this system (86 FR 62527): A, B, C, D, E,
F, G, H, I, J, K, L, and M.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained electronically on computer storage devices,
located at U.S. EPA National Computer Center, 109 T.W. Alexander Drive,
Research Triangle Park, NC 27711. Paper records are not collected nor
maintained for OASIS.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Only users authorized to use the National Security Information
(NSI) module can retrieve information by SSN. Other modules require one
or more of the following fields to retrieve records: Name, Work Force
ID, LAN ID, Personnel ID, Email Address, Smart Trip Number, Incident
Number, Business Service Desk (BSD) Ticket Number, Asset ID, or Project
Number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with EPA's
records control schedule approved by the National Archives and Records
Administration (NARA): EPA Record Schedules 0740 and 0063.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Security controls used to protect personal sensitive data in OASIS
are commensurate with those required for an information system rated
MODERATE for confidentiality, integrity, and availability, as
prescribed in National Institute of Standards and Technology (NIST)
Special Publication, 800-53, ``Security and Privacy Controls for
Information Systems and Organizations,'' Revision 5.
1. Administrative Safeguards: All EPA system users are expected to
follow the Agency Rules of Behavior. All employees, contractors,
volunteers, and grantees are required to complete EPA's annual
Information Security and Privacy Awareness Training and Controlled
Unclassified Information (CUI) Awareness Training.
2. Technical Safeguards: Access to OASIS is role-based using the
principle of least privilege. Role-based access ensures that
individuals only have the roles granted to them that are necessary to
complete their job function. These roles could include the ability to
view, create, or modify records. A PIV Credential is used for MFA user
authentication. OASIS data elements are stored in an ORACLE Enterprise
Edition database and uses AES256 bit encryption algorithms to protect
PII data as it resides in the database and when the data is in use by
authenticated users.
3. Physical Safeguards: All OASIS records are maintained on
computer servers that are located in secure, access-controlled
buildings.
RECORD ACCESS PROCEDURES:
All requests for access to personal records should cite the Privacy
Act of 1974 and reference the type of request being made (i.e.,
access). Requests must include: (1) the name and signature of the
individual making the request; (2) the name of the Privacy Act system
of records to which the request relates; (3) a statement whether a
personal inspection of the records or a copy of them by mail is
desired; and (4) proof of identity. A full description of EPA's Privacy
Act procedures for requesting access to records is included in EPA's
Privacy Act regulations at 40 CFR part 16.
CONTESTING RECORD PROCEDURES:
Requests for correction or amendment must include: (1) the name and
signature of the individual making the request; (2) the name of the
Privacy Act system of records to which the request relates; (3) a
description of the information sought to be corrected or amended and
the specific reasons for the correction or amendment; and (4) proof of
identity. A full description of EPA's Privacy Act procedures for the
correction or amendment of a record is included in EPA's Privacy Act
regulations at 40 CFR part 16.
NOTIFICATION PROCEDURES:
Individuals who wish to be informed whether a Privacy Act system of
records maintained by EPA contains any record pertaining to them,
should make a written request to the EPA, Attn: Agency Privacy Officer,
MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, or by email
at: [email protected]. A full description of EPA's Privacy Act procedures
is included in EPA's Privacy Act regulations at 40 CFR part 16.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
[[Page 17222]]
HISTORY:
71 FR 51814 (August 31, 2006).
Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2023-05806 Filed 3-21-23; 8:45 am]
BILLING CODE 6560-50-P
