Privacy Act of 1974; System of Records, 83981-83993 [2023-26480]
Download as PDF
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
proposed collections of information are
necessary for proper performance of the
functions of the Peace Corps, including
whether the information will have
practical use; the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the information
to be collected; and, ways to minimize
the burden of the collection of
information on those who are to
respond, including through the use of
automated collection techniques, when
appropriate, and other forms of
information technology.
This notice is issued in Washington, DC,
on November 22, 2023.
James Olin,
FOIA/Privacy Act Officer.
[FR Doc. 2023–26157 Filed 11–30–23; 8:45 am]
BILLING CODE 6051–01–P
POSTAL SERVICE
Privacy Act of 1974; System of
Records
Postal Service®.
Notice of modified system of
AGENCY:
ACTION:
records.
The United States Postal
(USPS) is proposing to modify
three General Privacy Act Systems of
Records (SOR) to support the
development and implementation of a
voluntary mentorship program and
related applications to assist
participating employees in achieving
their individual personal and
professional goals.
DATES: These revisions will become
effective without further notice on
January 2, 2024, unless responses to
comments received on or before that
date result in a contrary determination.
ADDRESSES: Comments may be
submitted via email to the Privacy and
Records Management Office, United
States Postal Service Headquarters
(privacy@usps.gov). To facilitate public
inspection, arrangements to view copies
of any written comments received will
be made upon request.
FOR FURTHER INFORMATION CONTACT:
Janine Castorina, Chief Privacy and
Records Management Officer, Privacy
and Records Management Office, 202–
268–3069 or uspsprivacyfedregnotice@
usps.gov.
SUPPLEMENTARY INFORMATION: This
notice is in accordance with the Privacy
Act requirement that agencies publish
their systems of records in the Federal
Register when there is a revision,
change, or addition, or when the agency
establishes a new system of records. The
SUMMARY:
lotter on DSK11XQN23PROD with NOTICES1
Service®
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Postal Service is proposing revisions to
three existing systems of records (SOR)
to support the implementation of
voluntary mentorship programs and
related applications.
I. Background
The USPS is planning to implement
voluntary mentorship programs to
support professional growth and
promote diversity, equity, inclusion,
and accessibility, consistent with the
Postal Service’s Delivering for America
plan. These mentorship programs will
use an application process to select
mentors and to match them with
mentees. Mentors and mentees will also
be asked to complete voluntary surveys
to provide feedback on the program. In
association with these mentorship
programs, a new software application
will also be implemented to help
facilitate and maintain the mentorship
program and assist mentors and
mentees.
II. Rationale for Changes to USPS
Privacy Act Systems of Records
The Postal Service is proposing
modifications to the following SORs:
USPS SOR 100.300, Employee
Development and Training Records
—One new Purpose, number 13
—One new Category of Records,
number 3
—One new Retention and Disposal
period, number 5
—One new Category of Individuals
—One new Notification Procedure
USPS SOR 550.100, Commercial
Information Technology
Resources—Applications
—One new Purpose, number 12
—Three new Categories of Records,
numbers 12–14
—One new Retention and Disposal
period, number 12
—One new Retrievability process,
number 12
USPS SOR 550.200, Commercial
Information Technology
Resources—Administrative
—One new Category of Records,
number 118
III. Description of the Modified Systems
of Records
Pursuant to 5 U.S.C. 552a(e)(11),
interested persons are invited to submit
written data, views, or arguments on
this proposal. A report of the proposed
revisions to this SOR has been sent to
Congress and to the Office of
Management and Budget for their
evaluations. The Postal Service does not
expect that this modified system of
records will have any adverse effect on
individual privacy rights. Accordingly,
for the reasons stated above, the Postal
PO 00000
Frm 00086
Fmt 4703
Sfmt 4703
83981
Service proposes revisions included in
this system of records presented in its
entirety as follows:
SYSTEM NAME AND NUMBER:
USPS 100.300 Employee
Development and Training Records.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
Management training centers,
Integrated Business Solutions Services
Centers, other USPS facilities where
career development and training records
are stored, USPS Law Department and
contractor sites.
SYSTEM MANAGER(S):
Vice President, Human Resources,
United States Postal Service, 475
L’Enfant Plaza SW, Washington, DC
20260.
Vice President, Organization
Development, United States Postal
Service, 475 L’Enfant Plaza SW,
Washington, DC 20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 410, 1001, 1005, and
1206.
PURPOSE(S) OF THE SYSTEM:
1. To provide managers, supervisors,
and training and development
professionals with decision-making
information for employee career
development, succession planning,
training, and assignment.
2. To make and track employee job
assignments, to place employees in new
positions, and to assist in career
planning and training in general.
3. To provide statistics for personnel
and workload management.
4. To provide employees with an
online platform that supports individual
and career development.
5. To facilitate voluntary information
sharing through an enhanced employee
profile tool that highlights individual
education, knowledge and experience.
6. To provide employees with
convenient and flexible online learning
options.
7. To create a forum that promotes a
culture for participation in voluntary
career development activities and
opportunities.
8. To create a readily available source
of information about current employee
talents, skills, and abilities.
9. To communicate with and provide
notification to individuals about
training assignments and requirements,
both prior to and after effective date of
employment or placement.
10. To facilitate communication
between the Postal Service and
E:\FR\FM\01DEN1.SGM
01DEN1
83982
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
individual employees, new hires and
applicants, including current and
former employees.
11. To share relevant information and
topics about the Postal Service with
individual employees, new hires and
applicants, including current and
former employees.
12. To request and gather voluntary
feedback from individual employees,
new hires and applicants, including
current and former employees.
13. To facilitate registration and
participation in a voluntary mentorship
program.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Current and former USPS employees,
new hires and applicants. Individual
employees that voluntarily participate
in USPS-sponsored mentorship
programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Employee information: Name,
Social Security Number, Employee
Identification Number, phone
number(s), SMS text message number,
personal email address, demographic
information, photograph, years of
service, retirement eligibility, postal
assignment information, work contact
information, finance number(s), duty
location, and pay location.
2. Employee development and
training information: Records related to
career development, work history,
assessments, skills bank participation,
USPS- and non-USPS-sponsored
training, examinations, evaluations of
training, and USPS lodging when a
discrepancy report is filed against the
student about unauthorized activities
while occupying the room.
3. Mentorship program applicant and
participant information: First and last
name; current position; employing
office; work telephone number(s); work
email address; length of tenure with the
USPS and in current position;
participant role; agreement to
participate; objectives, goals and/or
expectations for participation;
communication, meeting, and match
preferences; interests/hobbies; and
satisfaction survey results.
lotter on DSK11XQN23PROD with NOTICES1
RECORD SOURCE CATEGORIES:
Employees; employees’ supervisor or
manager; and other systems of records.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9.
apply.
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Automated database, computer
storage media, digital files, and paper
files.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
By employee name, Social Security
Number, or Employee Identification
Number.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
1. Training records are retained 5
years. Training-related travel records are
retained 1 year.
2. Records related to succession
planning and individual development
planning are retained 10 years.
3. Examination records are retained 1
year after employee separation.
4. Skills bank records are retained up
to 2 years.
5. Mentorship Program participant
records and satisfaction survey results
will be retained for up to 2 years, after
the end of the Fiscal Year program
cycle. Records existing on paper are
destroyed by burning, pulping, or
shredding. Records existing on
computer storage media are destroyed
according to the applicable USPS media
sanitization practice.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Access to these areas is limited to
authorized personnel, who must be
identified with a badge.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is
regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software.
RECORD ACCESS PROCEDURES:
Frm 00087
Fmt 4703
Sfmt 4703
See Notification Procedures below
and Record Access Procedures above.
NOTIFICATION PROCEDURES:
Individuals wanting to know if
information about them is maintained in
this system must address inquiries to
the facility head where currently or last
employed. Headquarters employees
must submit inquiries to Corporate
Personnel Management, 475 L’Enfant
Plaza SW, Washington, DC 20260.
Participants in the USPS Law
Department Mentorship Program must
submit inquiries to USPS Law
Department, 475 L’Enfant Plaza SW,
Washington, DC 20260.
Inquiries must include full name,
Social Security Number or Employee
Identification Number, name and
address of facility where last employed,
and dates of USPS employment.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j) and (k),
USPS has established regulations at 39
CFR 266.9 that exempt records in this
system depending on their purpose. The
USPS has also claimed exemption from
certain provisions of the Act for several
of its other systems of records at 39 CFR
266.9. To the extent that copies of
exempted records from those other
systems are incorporated into this
system, the exemptions applicable to
the original primary system continue to
apply to the incorporated records.
HISTORY:
August 18, 2021, 86 FR 46281; July
19, 2013, 78 FR 43247; June 17, 2011,
76 FR 35483; April 29, 2005, 70 FR
22516.
SYSTEM NAME AND NUMBER:
550.100 Commercial Information
Technology Resources—Applications.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
All USPS facilities and contractor
sites.
SYSTEM MANAGER(S):
For records of computer access
authorizations: Chief Information
Officer and Executive Vice President,
United States Postal Service, 475
L’Enfant Plaza SW, Washington, DC
20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.5.
PO 00000
CONTESTING RECORD PROCEDURES:
39 U.S.C. 401, 403, and 404.
PURPOSE(S) OF THE SYSTEM:
1. To provide event registration
services to USPS customers, contractors,
and other third parties.
E:\FR\FM\01DEN1.SGM
01DEN1
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
2. To allow task allocation and
tracking among team members.
3. To allow users to communicate by
telephone, instant-messaging, and email
through local machine and web-based
applications on desktop and mobile
operating systems.
4. To share your personal image via
your device camera during meetings and
web conferences, if you voluntarily
choose to turn the camera on, enabling
virtual face-to-face conversations.
5. To provide for the creation and
storage of media files, including video
recordings, audio recordings, desktop
recording, and web-based meeting
recordings.
6. To provide a collaborative platform
for viewing video and audio recordings.
7. To create limited use applications
using standard database formats.
8. To review distance driven by
approved individuals for accurate
logging and compensation.
9. To develop, maintain, and share
computer code.
10. To comply with Security
Executive Agent Directive (SEAD) 3
requirements for self-reporting of
unofficial foreign travel pertaining to
covered individuals who have access to
classified information or who hold a
sensitive position.
11. To administer and maintain a
secure board portal software that
provides leadership with instant access
to information they need before, during
and after meetings, making board and
committee interactions more efficient
and productive by promoting
collaboration and information sharing
among USPS Board of Governors (BOG)
and Executive Leadership Team (ELT).
12. To facilitate the software
component of USPS-sponsored
voluntary mentorship programs.
lotter on DSK11XQN23PROD with NOTICES1
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
1. Individuals with authorized access
to USPS computers, information
resources, and facilities, including
employees, contractors, business
partners, suppliers, and third parties.
2. Individuals participating in webbased meetings, web-based video
conferencing, web-based
communication applications, and webbased collaboration applications.
3. USPS Board of Governors,
administrators, and USPS Executive
Leadership Team.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Third-Party Information Records:
Records relating to non-Postal, thirdparty individuals utilizing an
information system, application, or
piece of software, including: Third-Party
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Name, Third Party Date Request, Third
Party Free Text, Guest User Information.
2. Collaboration Application Records:
Records relating to web-conferencing
and web-collaboration applications,
including; Collaborative Group Names,
Collaborative Group IDs, Action Name,
Number Of Actions Sent, Number Of
Action Responses, Employee Phone
Number, Collaborative Group Chat
History, Profile Information,
Collaborative Group Membership,
Contacts, Project Owner, Project Creator,
Event Start Time, Event Status, Event
Organizer, Event Presenter, Event
Producer, Event Production Type, Event
Recording Setting, Total Number Of
Event Media Viewings, Number Of
Active Users, Number Of Active Users
In Collaborative Groups, Number Of
Active Collaborative Group
Communication Channels, Number Of
Messages Sent, Number Of Calls
Participated In, Last Activity Date Of A
User, Number Of Guest Users In A
Collaborative Group, Event Name, Event
Description, Event Start Date, Event End
Date, Video Platform Group Name,
Video Platform Group Email Alias,
Video Platform Group Description,
Video Platform Group Classification,
Video Platform Group Access Level,
Video Platform Channel Name, Video
Platform Channel Description, Video
Platform Channel Access, Video
Platform Live Event Recording, Total
Number Of Video Conferences, Add
Room Member To Collaborative Group,
Attachment Downloaded From
Collaborative Group, Attachment
Uploaded From Collaborative Group,
Direct Message Started From
Collaborative Group, Invite Sent From
Collaborative Group, Message Edited
From Collaborative Group, Message
Posted In Collaborative Group, Remove
Room Member From Collaborative
Group, Room Created In Collaborative
Group, Add Service Account Permission
To Enterprise Collaborative Group,
Remove Service Account Permission To
Enterprise Collaborative Group, Added
User To Enterprise Collaborative Group,
Added User Role To Enterprise
Collaborative Group, Removed User
From Enterprise Collaborative Group,
Request To Join Enterprise Collaborative
Group, Approve Join Request From
Enterprise Collaborative Group, Reject
Join Request From Enterprise
Collaborative Group, Invite User To
Enterprise Collaborative Group, Accept
Invitation For Enterprise Collaborative
Group, Reject Invitation For Enterprise
Collaborative Group, Revoke Invitation
For Enterprise Collaborative Group, Join
Enterprise Collaborative Group, Ban
User Including With Moderation In
PO 00000
Frm 00088
Fmt 4703
Sfmt 4703
83983
Enterprise Collaborative Group, Unban
User From Enterprise Collaborative
Group, Add All Users In Domain For
Enterprise Collaborative Group, Create
Group In Enterprise Collaborative
Group, Delete Group In Enterprise
Collaborative Group, Create Namespace
In Enterprise Collaborative Group,
Delete Namespace In Enterprise
Collaborative Group, Change Info
Setting In Enterprise Collaborative
Group, Add Info Setting In Enterprise
Collaborative Group, Remove Info
Setting In Enterprise Collaborative
Group, Add Member Role In Enterprise
Collaborative Group, Remove User Role
In Enterprise Collaborative Group,
Membership Expiration Added In
Enterprise Collaborative Group,
Membership Expiration Removed In
Enterprise Collaborative Group,
Membership Expiration Updated In
Enterprise Collaborative Group, ACL
Permission Changed In Collaborative
Group, Collaborative Group Invitation
Accepted, Join Request Approved, User
Joined Collaborative Group, User
Requested To Join Collaborative Group,
Collaborative Group Basic Setting
Changed, Collaborative Group Created,
Collaborative Group Deleted,
Collaborative Group Identity Setting
Changed, Collaborative Group Info
Setting Added, Collaborative Group Info
Setting Changed, Collaborative Group
Info Setting Removed, Collaborative
Group New Member Restriction
Changed, Collaborative Group Post
Reply Settings Changed, Collaborative
Group Spam Moderation Settings
Changed, Collaborative Group Topic
Setting Changed, Collaborative Group
Message Moderated, User Posts Will
Always Be Posted, User Added To
Collaborative Group, User Banned From
Collaborative Group, User Invitation
Revoked From A Collaborative Group,
User Invited To Collaborative Group,
User Join Request Rejected From A
Collaborative Group, User Reinvited To
Collaborative Group, User Removed
From Collaborative Group, Call Event
Abuse Report Submitted, Call Event
Endpoint Left, Call Event Livestream
Watched, Individual Form Response,
Form Respondent Email Address,
Whiteboard Software Updated,
Whiteboard Reboot Requested,
Whiteboard Export Requested,
Attachment Deleted, Attachment
Uploaded, Note Content Edited, Note
Created, Note Deleted, Note Permissions
Edited.
3. Communication Application
Records: Enterprise Social Network User
Name, Enterprise Social Network User
State, Enterprise Social Network User
State Change Date, Enterprise Social
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
83984
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
Network User Last Activity Date,
Number Of Messages Posted By An
Enterprise Social Network User In
Specified Time Period, Number Of
Messages Viewed By An Enterprise
Social Network User, Number Of Liked
Messages By An Enterprise Social
Network User, Products Assigned To A
Enterprise Social Network User, Home
Network Information, External Network
Information, External Network Name,
External Network Description, External
Network Image, Network Creation Date,
Network Usage Policy, External
Network User Name, External Network
User Email Address, External Group
Name, Number Of Users On A Network,
Network ID, Live Event Video Links,
Files Added Or Modified In Enterprise
Social Network, Message ID, Thread ID,
Message Privacy Status, Full Body Of
Message, Chat User Action, Chat Room
Member Added, Chat Attachment
Downloaded, Chat Attachment
Uploaded, Chat Room Blocked, Chat
User Blocked, Chat Direct Message
Started, Chat Invitation Accepted, Chat
Invitation Declined, Chat Invitation
Sent, Chat Message Edited, Chat
Message Posted, Chat Room Member
Removed, Chat Room Created.
4. Multimedia Records: Records
relating to media associated with or
originating from an information system,
including; Video Platform User ID,
Video Name, Videos Uploaded By User,
Videos Accessed By User, Channels
Created By User, User Group
Membership, Comments Left By User
On Videos, Screen Recordings, Video
Transcript, Deep Search Captions, Video
Metadata, Audio Metadata, Phone
Number, Time Phone Call Started, User
Name, Call Type, Phone Number Called
To, Phone Number Called From, Called
To Location, Called From Location,
Telephone Minutes Used, Telephone
Minutes Available, Charges For Use Of
Telephone Services, Currency Of
Charged Telephone Services, Call
Duration, Call ID, Conference ID, Phone
Number Type, Blocked Phone Numbers,
Blocking Action, Reason For Blocking
Action, Blocked Phone Number Display
Name, Date And Time Of Blocking, Call
Start Time, User Display Name, SIP
Address, Caller Number, Called To
Number, Call Type, Call Invite Time,
Call Failure Time, Call End Time, Call
Duration, Number Type, Media Bypass,
SBC FQDN, Data Center Media Path,
Data Center Signaling Path, Event Type,
Final SIP, Final Vendor Subcode, Final
SIP Phrase, Unique Customer Support
ID.
5. Limited Use Application Records:
Records relating to applications with a
specific, limited use, including;
Application Authoring Application
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Name, Application Authoring
Application Author, Voice Search Text
Strings, Miles Driven, Mileage Rates,
Country Currency, Destination,
Destination Classification, Car Make,
Car Model, Working Hours, Total
Number Of Monthly Drives, Total
Number Of Monthly Miles, Total
Number Of Personal Drives, Total
Number Of Personal Drives, Users
Allowed To Access Application,
Application Authoring Application
Security Settings, Total Number Of
Cloud-Based Searches Performed, Total
Number Of Cloud-Based Search Queries
From Web Browsers, Total Number Of
Cloud-Based Search Queries From
Android Operating Systems, Total
Number Of Cloud-Based Search Queries
From iOS Operating Systems, Data
Visualization Report Email Delivery
Added, Data Visualization Asset
Created, Data Visualization Data
Exported, Data Visualization Asset
Deleted, Data Visualization Report
Downloaded, Data Visualization Asset
Edited, Data Visualization Asset
Restored, Data Visualization Report
Email Delivery Stopped, Data
Visualization Asset Trashed, Data
Visualization Report Email Delivery
Updated, Data Visualization Asset
Viewed, Data Visualization Link
Sharing Access Type Changed, Data
Visualization Link Sharing Visibility
Changed, Data Visualization User
Sharing Permissions Changed.
6. Development Records: Records
relating to applications used for the
creation, sharing, or modification of
software code, including: Data
Repository User ID, Data Repository
Password, Data Repository User
Address, Data Repository Payment
Information, Data Repository User First
Name, Data Repository User Last Name,
Data Repository Profile Picture, Data
Repository Profile Biography, Data
Repository Profile Location, Data
Repository User Company, Data
Repository User Preferences, Data
Repository User Preference Analytics,
Data Repository Transaction Date, Data
Repository Transaction Time, Data
Repository Transaction Amount
Charged, Data Repository web pages
Viewed, Data Repository Referring
website, Data Repository Date Of web
page Request, Data Repository Time Of
web page Request, Data Repository User
Commits, Data Repository User Commit
Comment Body Text, Data Repository
Pull Request Comment Body Text, Data
Repository Issue Comment Body Text,
Data Repository User Comment Body
Text, Data Repository User
Authentication, Language Of Device
Accessing Data Repository, Operating
PO 00000
Frm 00089
Fmt 4703
Sfmt 4703
System Of Device Accessing Data
Repository, Application Version Of
Device Accessing Data Repository,
Device Type Of Device Accessing Data
Repository, Device ID Of Device
Accessing Data Repository, Device
Model Of Device Accessing Data
Repository, Device Manufacturer Of
Device Accessing Data Repository,
Browser Version Of Device Accessing
Data Repository, Client Application
Information Of Device Accessing Data
Repository, Data Repository User Usage
Information, Data Repository
Transactional Information, Data
Repository API Notification Status, Data
Repository API Issue Status, Data
Repository API Pull Status, Data
Repository API Commit Status, Data
Repository API Review Status, Data
Repository API Label, Data Repository
API User Account Signin Status, Data
Repository API Schedule Status, Data
Repository API Schedule List.
7. Unofficial Foreign Travel
Monitoring: Records relating to covered
individuals for the administration of the
SEAD 3 program, including: Title, Name
Of Traveler, Information Type: PreTravel And Post-Travel, Start Date Of
Travel, End Date Of Travel, Carrier Of
Transportation, Countries You Are
Visiting, Passport Number, Passport
Expiration Date, Names And
Association Of Foreign National Travel
Companions, Planned Foreign Contacts,
Emergency Contact Name, Emergency
Contact Phone Number, Emergency
Contact Relationship, Post-Travel
Questions Relating To Activity, Events,
And Interactions.
8. Cloud-Based Storage Records:
Records relating to activity within
cloud-based storage systems, including:
Number Of Files Made Publicly
Available, Number Of Files Made
Available With A Link, Number Of Files
Shared With Domain Users, Number Of
Files Shared With Domain Users
Through Link, Number Of Files Shared
With Users Outside Domain, Number Of
Files Shared With User Or Group In
Domain, Number Of Files Not Shared At
All, Number Of Spreadsheet Documents
Added, Number Of Text Documents
Added, Number Of Presentation
Documents, Number Of Form
Documents Added, Number Of Other
Files Added, Number Of Files Edited,
Number Of Files Viewed, Number Of
Files Added, Total Cloud Storage Space
Used, Last Time Storage Accessed By
User, Item Added To Folder, Item
Approval Cancelled, Comment Added
On Approval Of Item, Due Date Time
Change Requested, Item Approval
Requested, Reviewer Change Requested
For Item Approval, Item Approval
Reviewed, Document Copy Created,
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
Document Created, Document Deleted,
Document Downloaded, Document
Shared As Email Attachment, Document
Edited, Label Applied, Label Value
Changed, Label Removed, Item Locked,
Item Moved, Item Previewed, Item
Printed, Item Removed From Folder,
Item Renamed, Item Restored, Item
Trashed, Item Unlocked, Item
Uploaded, Item Viewed, Security
Update Applied To File, Security
Update Applied To All Files In Folder,
Publish Status Changed, Editor Settings
Changed, Link Sharing Access Type
Changed, Link Sharing Access Changed
From Parent Folder, Link Sharing
Visibility Changed, Link Sharing
Visibility Changed From Parent Folder,
Security Update Removed From File,
Membership Role Changed, Shared
Storage Settings Changed, Spreadsheet
Range Enabled, User Sharing
Permissions Changed, User Sharing
Permissions Changed From Parent
Folder, User Storage Updated, File
Viewed, File Renamed, File Created,
File Edited, File Previewed, File
Printed, File Updated, File Deleted, File
Uploaded, File Downloaded, File
Shared.
9. Email Application Records:
Records relating to regular use of email
applications, including: Email Body
Text, Email Metadata, Total Number Of
Emails Sent, Total Number Of Emails
Received, Total Number Of Emails Sent
And Received, Last Time User Accessed
Email Client Through A Post Office
Protocol (POP) Mail Server, Last Time
User Accessed Email Client Through An
internet Message Access Protocol
(IMAP) Mail Server, Last Time User
Accessed Through Web-Based Server,
Total Email Client Storage Space Used,
Calendar Access Level(S) Changed,
Calendar Country Changed, Calendar
Created, Calendar Deleted, Calendar
Description Changed, Calendar Location
Changed, Calendar Time zone Changed,
Calendar Title Changed, Calendar
Notification Triggered, Calendar
Subscription Added, Calendar
Subscription Deleted, Calendar Event
Created, Calendar Event Deleted,
Calendar Event Guest Added, Calendar
Event Guest Auto-Response, Calendar
Event Guest Removed, Calendar Event
Guest Response Changed, Calendar
Event Modified, Calendar Event
Removed From Trash, Calendar Event
Restored, Calendar Event Start Time
Changed, Calendar Event Title
Modified, Successful Availability
Lookup Of A Calendar Between Email
Clients, Successful Availability Lookup
Of Email Client Resource, Successful
Email Client Resource List Lookup,
Unsuccessful Availability Lookup Of A
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Calendar On Email Client, Unsuccessful
Availability Lookup Of Email Client
Resource, Unsuccessful Email Client
Resource List Lookup.
10. Web Browser Records: Records
relating to activity within a web
browser, including: Web Browser
Password Changed, Web Browser
Password Reused, Malware Detected in
Transferred Content for User, Sensitive
Data Detected In Transferred Content,
Unsafe website Visit Detected For User.
11. USPS Board of Governors name,
email, and collaborative meeting records
used to store meeting material such as
presentations, briefing documents/
memos, meeting minutes/notes, and
responses to various board inquiries,
presentation briefing documents, and
memos.
12. Mentorship Application
Information: Match Data Stored About
A User, Program Membership Status,
Program Eligibility, Program Enrollment
Date, Program Participation Preference,
Mentor/Mentee Capacity, Preferred
Mentors, Accepting New Matches
Status, Recommended Mentors,
Declined Recommendation Reason,
Active Mentor/Mentee/Peer
Relationships, Relationship Start/End
Date, User Who Requested The
Relationship, Relationship Status,
Action Item/Checklist Item Progress,
Mentorship Agreements, Pairing Health,
Mentor/Mentee/Peer Relationship
Requests, Mentor/Mentee/Peer
Relationship Extension Requests,
Mentor/Mentee/Peer Request
Introduction Notes, Mentor/Mentee/
Peer Request Preferred Match Duration,
Past Mentor/Mentee/Peer Relationships,
Active Group Membership As A
Mentor/Mentee/Peer, Group Name,
Group Start/End Date, Group Status,
Past Group Membership As A Mentor/
Mentee/Peer
13. Mentoring Session Data Stored for
a User: Status, Default Admin Agenda,
Custom User Agenda.
Start/End Date Time, Mentee/Mentor
Feedback, 1–4 Star Rating, Free Text
Session Feedback, Private Session
Notes, Shared Session Notes, User
Booking Session, Session Calendar
Event And Videoconferencing Details,
Session Attendance, Session Topics.
14. Program Survey Data Stored For A
User: Survey Status, Custom Admin
Supplied Question Responses, Program
Admin Data, Reporting Column
Preferences, Program Admin Support
Contact.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9.
apply. In addition:
PO 00000
Frm 00090
Fmt 4703
Sfmt 4703
83985
(a) To appropriate agencies, entities,
and persons when (1) the Postal Service
suspects or has confirmed that there has
been a breach of the system of records;
(2) the Postal Service has determined
that as a result of the suspected or
confirmed breach there is a risk of harm
to individuals, the Postal Service
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with the Postal Service’s
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
RECORD SOURCE CATEGORIES:
Employees; contractors; customers;
USPS Board of Governors.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Automated database, computer
storage media, and paper.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
1. Records relating to third-parties are
retrievable by name and email address.
2. Records relating to collaboration
are retrievable by name, email address,
and user ID.
3. Records relating to communication
are retrievable by name, email address,
and user ID.
4. Records pertaining to multimedia
are retrievable by username and media
title.
5. Records relating to application
development are retrievable by user ID
and application name.
6. Records relating to limited use
applications are retrievable by name,
email address, and user ID.
7. Records relating to Unofficial
Foreign Travel Monitoring for covered
individuals are retrievable by name.
8. Records relating to Cloud-based
storage are retrievable by name, email
address, and user ID.
9. Records relating to Email
Applications are retrievable by name,
email address, and user ID.
10. Records relating to Web Browsers
are retrievable by name, email address,
and user ID.
11. USPS Board of Governors secure
board portal collaboration software data
is retrievable by date, meeting
information, committee name, and other
session collaboration details.
12. Records relating to mentorship
programs are retrievable by mentee
name.
E:\FR\FM\01DEN1.SGM
01DEN1
83986
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
1. Records relating to third parties are
retained for twenty-four months.
2. Records relating to collaboration
are retained for twenty-four months.
3. Records relating to communication
are retained for twenty-four months.
4. Multimedia recordings are retained
for twenty-four months.
5. Records relating to application
development are retained for twentyfour months.
6. Records relating to limited use
applications are retained for twenty-four
months.
7. Records relating to Unofficial
Foreign Travel Monitoring for covered
individuals are retained for twenty-five
years.
8. Records relating to Cloud-based
storage are retained for twenty-four
months.
9. Records relating to Email
Applications are retained for twentyfour months.
10. Records relating to Web Browsers
are retained for twenty-four months.
11. USPS Board of Governors secure
board portal collaboration software data
is retained up to twelve months from
the close of the corresponding event.
12. Records relating to mentorship
programs are retained for twenty-four
months.
lotter on DSK11XQN23PROD with NOTICES1
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Computer access is limited to
authorized personnel with a current
security clearance, and physical access
is limited to authorized personnel who
must be identified with a badge.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
encryption, mechanical locks, card key
systems, or other physical access control
methods. The use of computer systems
is regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure and USPS Privacy.
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Act regulations regarding access to
records and verification of identity
under 39 CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and
Record Access Procedures above.
NOTIFICATION PROCEDURES:
Customers and employees wanting to
know if other information about them is
maintained in this system of records
must address inquiries in writing to the
Chief Information Officer and Executive
Vice President and include their name
and address.
EXEMPTION(S) PROMULGATED FROM THIS
SYSTEM:
None.
HISTORY:
May 11, 2021; 86 FR 25899; January
31, 2022; 87 FR 4957.
SYSTEM NAME AND NUMBER:
550.200 Commercial Information
Technology Resources—Administrative.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
All USPS facilities and contractor
sites.
SYSTEM MANAGER(S):
For records of computer access
authorizations: Chief Information
Officer and Executive Vice President,
United States Postal Service, 475
L’Enfant Plaza SW, Washington, DC
20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404.
PURPOSE(S) OF THE SYSTEM:
1. To provide active and passive
monitoring and review of information
system applications and user activities.
2. To generate logs and reports of
information system application and user
activities.
3. To provide a means of auditing
commercial information system
activities across applications and users.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
1. Individuals with authorized access
to USPS computers, information
resources, and facilities, including
employees, contractors, business
partners, suppliers, and third parties.
2. Individuals participating in webbased meetings, web-based video
conferencing, web-based
communication applications, and webbased collaboration applications.
PO 00000
Frm 00091
Fmt 4703
Sfmt 4703
CATEGORIES OF RECORDS IN THE SYSTEM:
1. General Audit Log activities:
DateTime, IP Address, User Activity,
User Item Accessed, Activity Detail,
Object ID, Record Type, Client IP
Address, CorrelationID, CreationTime,
EventData, EventSource, ItemType,
OrganizationID, UserAgent, USerKEy,
UserType, Version, Workload.
2. File and page activities: Accessed
file, Change retention label for a file,
Deleted file marked as a record,
Checked in file, Changed record status
to locked, Changed record status to
unlocked, Checked out file, Copied file,
Discarded file checkout, Deleted file,
Deleted file from recycle bin, Deleted
file from second-stage recycle bin,
Detected document sensitivity
mismatch, Detected malware in file,
Deleted file marked as a record,
Downloaded file, Modified file, Moved
file, Recycled all minor versions of file,
Recycled all versions of file, Recycled
version of file, Renamed file, Restored
file, Uploaded file, Viewed page, View
signaled by client, Performed search
query.
3. Folder activities: Copied folder,
Created folder, Deleted folder, Deleted
folder from recycle bin, Deleted folder
from second-stage recycle bin, Modified
folder, Moved folder, Renamed folder,
Restored folder.
4. Cloud-based Enterprise Storage
activities: Created list, Created list
column, Created list content type,
Created list item, Created site column,
Created site content type, Deleted list,
Deleted list column, Deleted list content
type, Deleted list item, Deleted site
column, Deleted site content type,
Recycled list item, Restored list,
Restored list item, Updated list,
Updated list column, Updated list
content type, Updated list item,
Updated site column, Updated site
content type.
5. Sharing and access request
activities: Added permission level to
site collection, Accepted access request,
Accepted sharing invitation, Blocked
sharing invitation, Created access
request, Created a company shareable
link, Created an anonymous link,
Created secure link, Deleted secure link,
Created sharing invitation, Denied
access request, Removed a company
shareable link, Removed an anonymous
link, Shared filer, folder, or site,
Unshared file folder or site, Updated
access request, Updated an anonymous
link, Updated sharing invitation, Used a
company shareable link, Used an
anonymous link, Used secure link, User
added to secure link, User removed
from secure link, Withdrew sharing
invitation.
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
6. Synchronization activities: Allowed
computer to sync files, Blocked
computer from syncing files,
Downloaded files to computer,
Downloaded file changes to computer,
Uploaded files to document library,
Uploaded file changes to document
library.
7. Site permissions activities: Added
site collection admin, Added user of
group to Cloud-based Enterprise Storage
group, Broke permission level
inheritance, Broke sharing inheritance,
Created group, Deleted group, Modified
access request setting, Modified
‘‘Members Can Share’’ setting, Modified
permission level on site collection,
Modified site permissions, Removed site
collection admin, Removed permission
level from site collection, Removed user
or group from Cloud-based Enterprise
Storage group, Requested site admin
permissions, Restored sharing
inheritance, Updated group.
8. Site administration activities:
Added allowed data location, Added
exempt user agent, Added geo location
admin, Allowed user to create groups,
Cancelled site geo move, Changed a
sharing policy, Changed deice access
policy, Changed exempt user agents,
Changed network access policy,
Completed site geo move, Created Sent
To connection, Created site collection,
Deleted orphaned hub site, Deleted Sent
To connection, Deleted site, Enabled
document preview, Enabled legacy
workflow, Enabled Office on Demand,
Enabled result source for People
Searched, Enabled RSS feeds, Failed site
swap, Joined site to hub site, Registered
hub site, Removed allowed data
location, Removed geo location admin,
Renamed site, Scheduled site rename,
Scheduled site swap, Scheduled site geo
move, Set host site, Set storage quota for
geo location, Swapped site, Unjoined
site from hub site, Unregistered hub site.
9. Cloud-based Email Server mailbox
activities: Created mailbox item, Copied
messages to another folder, User signed
in to mailbox, Accessed mailbox items,
Sent message using Send On Behalf
permissions, Purged messages from
mailbox, Moved messages to Deleted
Items folder, Moved messages to another
folder, Sent message using Send As
permissions, Sent message, Updated
message, Deleted messages from Deleted
Items folder, New-InboxRule CreateInboxRule from email web application,
Set-InboxRule Modify inbox rule from
email web application, Update inbox
rules from email web application,
Added delegate mailbox permissions,
Removed delegate mailbox permissions,
Added permissions to folder, Modified
permissions of folder, Removed
permissions from folder, Added or
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
removed user with delegate access to
calendar folder, Labeled message as a
record.
10. Retention policy and retention
level activities: Created retention label,
Created retention policy, Configured
settings for a retention policy, Deleted
retention label, Deleted retention policy,
Deleted settings from a retention policy,
Updated retention label, Updated
retention policy, Updated settings for a
retention policy, Enabled regulatory
record option for retention labels.
11. User administration activities:
Added user, Deleted user, Set license
properties, Reset user password,
Changed user password, Changed user
license, Updated user, Set property that
forces user to change password,
Organization Signup, Organization
Creation, User creation without
organization, Password reset requested,
Disable user, Login success, Login
success reauthenticate, Login failure,
Login failure reauthentication, Logout,
User permission change, Role
permission change, Environment
permissions change, Create role, Edit
role—add user, Edit role—remove user,
Edit role—change external group
mapping, Delete role.
12. Enterprise User Administration
group administration activities: Added
group, Updated group, Deleted group,
Added member to group, Removed
member from group.
13. Application administration
activities: Added service principal,
Removed a service principal from the
directory, Set delegation entry,
Removed credentials from a service
principal, Added delegation entry,
Added credentials to a service principal,
Removed delegation entry.
14. Role administration activities:
Added member to Role, Removed a user
from a directory role, Set company
contact information.
15. Directory administration
activities: Added a partner to the
directory, Removed a partner from the
directory, Added domain to company,
Removed domain from company,
Updated domain, Set domain
authentication, Verified domain,
Updated the federation settings for a
domain, Verified email verified domain,
Turned on Enterprise Information
Technology Account Administration
sync, Set password policy, Set company
information.
16. eDiscovery activities: Created
content search, Deleted content search,
Changed content search, Started content
search, Stopped content search, Started
export of content search, Started export
report, Previewed results of content
search, Purged results of content search,
Started analysis of content search,
PO 00000
Frm 00092
Fmt 4703
Sfmt 4703
83987
Removed export of content search,
Removed preview results of content
search, Removed purse action
performed on content search, Removed
analysis of content search, Removed
search report, Content search preview
item listed, Content search preview item
viewed, Content search preview item
downloaded, Downloaded export of
content search, Created search
permissions filter, Deleted search
permissions filter, Changed search
permissions filter, Created hold in
eDiscovery case, Deleted hold in
eDiscovery case, Changed hold in
eDiscovery case, Created eDiscovery
case, Deleted hold in eDiscovery case,
Changed hold in eDiscovery case,
Created eDiscovery case, Deleted
eDiscovery data, Changed hold in
eDiscovery case, Added member to
eDiscovery case, Removed member from
eDiscovery case, Changed eDiscovery
case membership, Created eDiscovery
administrator, Deleted eDiscovery
administrator, Changed eDiscovery
administrator membership, Remediation
action created, Item deleted using
Remediation, Created workingset
search, Updated workingset search,
Deleted workingset search, Previewed
workingset search, Document viewed,
Document annotated, Document
downloaded, Tag created, Tag edited,
Tag deleted, Tag files, Tag job, Created
review set, Added Cloud-based
productivity software data, Added nonoffice data, Added data to another
workingset, Added remediated data,
Run algo job, Run export job, Run burn
job, Run error remediation job, Run load
comparison job, Updated case settings.
17. eDiscovery system command
activities: Created content search,
Deleted content search, Changed
content search, Started content search,
Stopped content search, created content
search action, Deleted content search
action, Created search permissions
filter, Deleted search permissions filter,
Changed search permissions filter,
Created hold in eDiscovery case,
Deleted hold in eDiscovery case,
Changed hold in eDiscovery case,
Created search query for eDiscovery
case hold, Deleted search query for
eDiscovery case hold, Changed search
query for eDiscovery case hold, Created
eDiscovery case, Deleted eDiscovery
case, Changed eDiscovery case, Added
member to eDiscovery case, Removed
member from eDiscovery case, Changed
eDiscovery case membership, Created
eDiscovery administrator, Deleted
eDiscovery administrator, Changed
eDiscovery administrator membership.
18. Data Analysis application
activities: Viewed program dashboard,
Created program dashboard, Edited
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
83988
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
program dashboard, Deleted program
dashboard, Shared program dashboard,
Printed program dashboard, Copied
program dashboard, Viewed program
tile, Exported program tile data, Viewed
program report, Deleted program report,
Printed program report page, Created
program report, Edited program report,
Copied program report, Exported
program artifact to another file format,
Export program activity events, Updated
program workspace access, Restored
program workspace, Updated program
workspace, Viewed program metadata,
Created program dataset, Deleted
program dataset, Created program
group, Deleted program group, Added
program group members, Retrieved
program groups, Retrieved program
dashboard, Retrieved data sources from
program dataset, Retrieved upstream
data flows from program dataflow,
Retrieved data sources from program
dataflow, Removed program group
members, Retrieved links between
datasets and dataflows, Created
organizational program content pack,
Created program app, Installed program
app, Updated program app, Updated
organization’s program settings, Started
program trial, Started program extended
trial, Analyzed program dataset, Created
program gateway, Deleted program
gateway, Added data source to program
gateway, Removed data source from
program gateway, Changed program
gateway admins, Changed program
gateway data source users, Set
scheduled refresh on program dataset,
Unpublished program app, Deleted
organizational program content pack,
Renamed program dashboard, Edited
program dataset, Updated capacity
display name, Changed capacity state,
Updated capacity admin, Changed
capacity user assignment, Migrated
workspace to a capacity, Removed
workspace from a capacity, Retrieved
program workspaces, Shared program
report, Generated program Embed
Token, Discover program dataset data
sources, Updated program dataset data
sources, Requested program dataset
refresh, Binded program dataset to
gateway, Changed program dataset data
sources, Requested program dataset
refresh, Binded program dataset to
gateway, Changed program dataset
connections, Took over program dataset,
Updated program gateway data source
credentials, Imported file to program,
Updated program dataset parameters,
Generated program dataflow SAS token,
Created program dataflow, Updated
program dataflow, Deleted program
dataflow, Viewed program dataflow,
Exported program dataflow, Set
scheduled refresh on program dataflow,
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Requested program dataflow refresh,
Received program dataflow secret from
Key Vault, Attached dataflow storage
account, Migrated dataflow storage
location, Updated dataflow storage
assignment permissions, Set dataflow
storage location for workspace, Took
ownership of program dataflow,
Canceled program dataflow refresh,
Created program email subscription,
Updated program email subscription,
Deleted program email subscription,
Created program folder, Deleted
program folder, Updated program
folder, Added program folder access,
Deleted program folder access, Updated
program folder access, Posted program
comment, Deleted program comment,
Analyzed program report, Viewed
program usage metrics, Edited program
dataset endorsement, Edited program
dataflow endorsement, Edited program
report endorsement, Edited program app
endorsement, Retrieved list of modified
workspaces in program tenant, Sent a
scan request in program tenant, Retrieve
scan result in program tenant, Inserted
snapshot for user in program tenant,
Updated snapshot for user in program
tenant, Deleted snapshot for user in
program tenant, Inserted snapshot for
user in program tenant, Updated
snapshot for user in program tenant,
Deleted snapshot for user in program
tenant, Retrieved snapshots for user in
program tenant, Edited program
certification permission, Took over a
program data source, Updated capacity
custom settings, Created workspace for
program template app, Deleted
workspace for program template app,
Updated settings for program template
app, Updated testing permissions for
program template app, Created program
template app, Deleted program template
app, Promoted program template app,
Installed program template app,
Updated parameters for installed
program template app, Created install
ticker for installing program template
app, Updated an organizational custom
visual, Created an organizational custom
visual, Deleted an organizational custom
visual, Custom visual requested
Enterprise Information Technology
Account Administration access token,
Customer visual requested Cloud-based
productivity software access token,
Connected to program dataset from
external app, Created program dataset
from external app, Deleted program
dataset from external app, Edited
program dataset from external app,
Requested program dataset refresh from
external app, Requested SAS token for
program storage, Requested account key
for program storage, Assigned a
workspace to a deployment pipeline,
PO 00000
Frm 00093
Fmt 4703
Sfmt 4703
Removed a workspace from a
deployment pipeline, Deleted
deployment pipeline, Created
deployment pipeline, Deployed to a
pipeline stage, Updated deployment
pipeline configuration, Updated
deployment pipeline access, Added
external resource, Added link to
external resource, Deleted link to
external resource, Updated featured
tables, Applied sensitivity label to
program artifact, Changed sensitivity
label for program artifact, Deleted
sensitivity label from program artifact.
19. Productivity Analysis activities:
Updated privacy setting, Updated data
access setting, Uploaded organization
data, Created meeting exclusion,
Updated preferred meeting exclusion,
Execute query, Canceled query, Deleted
result, Downloaded report, Accessed
Odata link, Viewed query visualization,
Viewed explore, Created partition,
Updated partition, Deleted partition,
User logged in, User logged out.
20. Briefing email activities: Updated
user privacy settings, Updated
organization privacy settings.
21. Cloud-based Collaboration
Application activities: Created team,
Deleted team, Added channel, Deleted
channel, Changed organization setting,
Changed team setting, Changed channel
setting, User signed in to Cloud-based
Collaboration Application, Added
members, Changed role of members,
Removed members, Added bot to team,
Removed bot from team, Added tab,
Removed tab, Updated tab, Added
connector, Removed connector,
Updated connector, Downloaded
analytics report, Upgraded Cloud-based
Collaboration Application device,
Blocked Cloud-based Collaboration
Application device, Unblocked Cloudbased Collaboration Application device,
Changed configuration of Cloud-based
Collaboration Application device,
Enrolled Cloud-based Collaboration
Application device, Installed app,
Upgraded app, Uninstalled app,
Published app, Updated app, Deleted
app, Deleted all organization apps,
Performed action on card, Added
scheduling group, Edited scheduling
group, Deleted scheduling group, Added
shift, Edited shift, Deleted shift, Added
time off, Edited time off, Deleted time
off, Added open shift, Edited open shift,
Deleted open shift, Shared schedule,
Clocked in using Time clock, Clocked
out using Time clock, Started break
using Time clock, Ended break using
Time clock, Added Time clock entry,
Edited Time clock entry, Deleted Time
clock entry, Added shift request,
Responded to shift request, Canceled
shift request, Changed schedule setting,
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
Added workforce integration, Accepted
off shift message.
22. Cloud-based Collaboration
Application approvals activities:
Created new approval request, Viewed
approval request details, Approved
approval request, Rejected approval
request, Canceled approval request,
Shared approval request, File attached
to approval request, Reassigned
approval request, Added e-signature to
approval request.
23. Enterprise Social Network
activities: Changed data retention
policy, Changed network configuration,
Changed network profile settings,
Changed private content mode, Changed
security configuration, Created file,
Created group, Deleted group, Deleted
message, Downloaded file, Exported
data, Shared file, Suspended network
user, Suspended user, Updated file
description, Updated file name, Viewed
file.
24. Enterprise Customer Relationship
Management activities: Accessed out-ofbox entity (deprecated), Accessed
custom entity (deprecated), Accessed
admin entity (deprecated), Performed
bulk actions (deprecated), All Enterprise
Customer Relationship Management
activities, Accessed Enterprise Customer
Relationship Management admin center
(deprecated), Accessed internal
management tool (deprecated), Signed
in or out (deprecated), Activated process
or plug-in (deprecated).
25. Information Systems
Infrastructure Automation activities:
Created flow, Edited flow, Deleted flow,
Edited flow permissions, Deleted flow
permissions, Started a Flow paid trial,
Renewed a Flow paid trial.
26. Application authoring program
activities: Created app, Edited app,
Deleted app, Launched app, Published
app, Marked app as Hero, Marked app
as Featured, Edited app permission,
Restored app version.
27. Enterprise Automation DLP
activities: Created DLP Policy, Updated
DLP Policy, Deleted DLP Policy.
28. Video platform activities: Created
video, Edited video, Deleted video,
Uploaded video, Downloaded video,
Edited video permission, Viewed video,
Shared video, Liked video, Unliked
video, Commented on video, Deleted
video comment, Uploaded video text
track, Deleted video text track,
Uploaded video thumbnail, Deleted
video thumbnail, Replaced video
permissions and channel links, Marked
video public, Marked video private,
Created Video platform group, Edited
Video platform group, Deleted Video
platform group, Edited Video platform
group memberships, Created Video
platform channel, Edited Video platform
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
channel, Deleted a Video platform
channel, Replaced Video platform
channel thumbnails, Edited Video
platform user settings, Edited tenant
settings, Edited global role members,
Deleted Video platform user, Deleted
Video platform user’s data report,
Edited Video platform user, Exported
Video platform user’s data report,
Downloaded Video platform user’s data
report, Video Platform Event Date,
Video Platform Event Name, Video
Platform Event Description, Video
Platform Meeting Code, Video Platform
Participant Identifiers.
29. Content explorer activities:
Accessed item.
30. Quarantine activities: Previewed
Quarantine message, Deleted
Quarantine message, Released
Quarantine message, Exported
Quarantine message, Viewed
Quarantine Message’s header.
31. Customer Key Service Encryption
activities: Fallback to Availability Key.
32. Form application activities:
Created form, Edited form, Moved form,
Deleted form, Viewed form, Previewed
form, Exported form, Allowed share
form for copy, Added form co-author,
Removed form co-author, Viewed
response page, Created response,
Updated response, Deleted all
responses, Deleted response, Viewed
responses, Viewed response, Created
summary link, Deleted summary link,
Updated from phishing status, Updated
user phishing status, Sent premium
form product invitation, Updated form
setting, Updated user setting, Listed
forms.
33. Sensitivity label activities:
Applied sensitivity label to site,
Removed sensitivity label from site,
Applied sensitivity label to file,
Changed sensitivity label applied to file,
Removed sensitivity label from file.
34. Local machine communications
platform system command activities: Set
tenant federation.
35. Search activities: Performed email
search, Performed Cloud-based
Enterprise Storage search.
36. Security analytics activities:
Attempted to compromise accounts.
37. Device activities: Printed file,
Deleted file, Renamed file, Created file,
Modified file, Read file, Captured
screen, Copied file to removable media,
Copied file to network share, Copied file
to clipboard, Uploaded file to cloud,
File accessed by an unallowed
application.
38. Information barrier activities:
Removed segment from site, Changed
segment of site, Applied segment to site.
39. On-premises DLP scanning
activities: Matched DLP rule, Enforced
DLP rule.
PO 00000
Frm 00094
Fmt 4703
Sfmt 4703
83989
40. Individual Productivity Analytics
activities: Updated user settings,
Updated organization settings.
41. Exact Data Match (EDM) activities:
Created EDM schema, Modified EDM
schema, Removed EDM scheme,
Completed EDM data upload, Failed
EDM data upload.
42. Enterprise Information System
Information Protection activities:
Accessed file, Discovered file, Applied
sensitivity label, Updated sensitivity
label, Removed sensitivity label,
Removed file, Applied protection,
Changed protection, Removed
protection, Received AIP heartbeat.
43. Data Repository Team Discussion
Post Actions: Team Discussion Post
Updated, Team Discussion Post
Destroyed.
44. Data Repository Team Discussion
Post Reply Actions: Team Discussion
Post Reply Updated, Team Discussion
Post Reply Destroyed.
45. Data Repository Enterprise
Actions: Self-Hosted Runner Removed,
Self-Hosted Runner Registered, SelfHosted Runner Group Created, SelfHosted Runner Group Removed, SelfHosted Runner Removed From Group,
Self-Hosted Runner Added To Group,
Self-Hosted Runner Group Member List
Updated, Self-Hosted Runner Group
Configuration Changed, Self-Hosted
Runner Updated.
46. Data Repository Hook Actions:
Hook Created, Hook Configuration
Changed, Hook Destroyed, Hook Events
Altered.
47. Data Repository Integration
Installation Request Actions: Integration
Installation Request Created, Integration
Installation Request Closed.
48. Data Repository Issue Action:
Issue Destroyed.
49. Data Repository Org Actions:
Secret Action Created, Member Creation
Disabled, Two Factor Authentication
Requirement Disabled, Member Creation
Enabled, Two Factor Authentication
Enabled, Member Invited, Self-Hosted
Runner Registered, Secret Action
Removed, Member Removed, Outside
Collaborator Removed, Self-Hosted
Runner Removed, Self-Hosted Runner
Group Created, Self-Hosted Runner
Group Removed, Self-Hosted Runner
Group Updated, Secret Action Updated,
Repository Default Branch Named
Updated, Default Repository Permission
Updated, Member Role Updated,
Member Repository Creation Permission
Updated.
50. Data Repository Organization
Label Actions: Default Label Created,
Default Label Updated, Default Label
Destroyed.
51. Data Repository Oauth
Application Actions: Oauth Application
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
83990
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
Created, Oauth Application Destroyed,
Oauth Application Secret Restet, Oauth
Application Token Revoked, Oauth
Application Transferred.
52. Data Repository Profile Picture
Actions: Organization Profile Picture
Updated.
53. Data Repository Project Actions:
Project Board Created, Project Board
Linked, Project Board Renamed, Project
Board Updated, Project Board Deleted,
Project Board Unlinked, Project Board
Permissions Updated, Project Board
Team Permissions Updated, Project
Board User Permission Updated.
54. Data Repository Protected Branch
Actions: Branch Protection Enabled,
Branch Protection Destroyed, Branch
Protection Enforced For Administrators,
Branch Enforcement Of Required Code
Owner Enforced, Stale Pull Request
Dismissal Enforced, Branch Commit
Signing Updated, Pull Request Review
Updated, Required Status Check
Updated, Requirement For Branch To
Be Up To Date Before Merging Changed,
Branch Update Attempt Rejected,
Branch Protection Requirement
Overridden, Force Push Enabled, Force
Push Disabled, Branch Deletion
Enabled, Branch Deletion Disabled,
Linear Commit History Enabled, Linear
Commit History Disabled.
55. Data Repository Repo Actions:
User Visibility Changed, Actions
Enabled For Repository, Collaboration
Member Added, Topic Added To
Repository, Repository Archived,
Anonymous Git Read Access Disabled,
Anonymous Git Read Access Enabled,
Anonymous Git Read Access Setting
Locked, Anonymous Git Read Access
Setting Unlocked, New Repository
Created, Secret Created For Repository,
Repository Deleted, Repository Enabled,
Secret Removed, User Removed, SelfHosted Runner Registered, Topic
Removed From Repository, Repository
Renamed, Self-Hosted Runner Updated,
Repository Transferred, Repository
Transfer Started, Repository
Unarchived, Secret Action Updated.
56. Data Repository Dependency
Graph Actions: Dependency Graph
Disabled, Dependency Graph Disabled
For New Repository, Dependency Graph
Enabled, Dependency Graph Enabled
For New Repository.
57. Data Repository Secret Scanning
Actions: Secret Scanning Disabled For
Individual Repository, Secret Scanning
Disabled For All Repositories, Secret
Scanning Disabled For New
Repositories, Secret Scanning Enabled
For Individual Repository, Secret
Scanning Enabled For All Repositories,
Secret Scanning Enabled For New
Repositories.
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
58. Data Repository Vulnerability
Alert Actions: Vulnerable Dependency
Alert Created, Vulnerable Dependency
Alert Dismissed, Vulnerable
Dependency Alert Resolved.
59. Data Repository Team Actions:
Member Added To Team, Repository
Added To Team, Team Parent Changed,
Team Privacy Level Changed, Team
Created, Member Demoted In Team,
Team Destroyed, Member Promoted In
Team, Member Removed From Team,
Repository Removed From Team.
60. Data Repository Team Discussion
Actions: Team Discussion Disabled,
Team Discussion Enabled.
61. Data Repository Workflow
Actions: Workflow Run Cancelled,
Workflow Run Completed, Workflow
Run Created, Workflow Run Deleted,
Workflow Run Rerun, Workflow Job
Prepared.
62. Data Repository Account Actions:
Billing Plan Change, Plan Change,
Pending Plan Change, Pending
Subscription Change.
63. Data Repository Advisory Credit
Actions: Accept Credit, Create Credit,
Decline Credit, Destroy Credit.
64. Data Repository Billing Actions:
Change Billing Type, Change Email.
65. Data Repository Bot Alerts
Actions: Disable Bot, Enable Bot.
66. Data Repository Bot Alerts for
New Repository Actions: Disable Alerts,
Enable Alerts.
67. Data Repository Bot Security
Alerts for Update Actions: Disable
Security Update Alerts, Enable Security
Update Alerts.
68. Data Repository Bot Security
Alerts for New Repository Actions:
Disable New Repository Security Alerts,
Enable New Repository Security Alerts.
69. Data Repository Environment
Actions: Create Actions Secret, Delete,
Remove Actions Secret, Update Actions
Secret.
70. Data Repository Git Actions:
Clone, Fetch, Push.
71. Data Repository Marketplace
Agreement Signature Actions: Create.
72. Data Repository Marketplace
Listing Actions: Approve, Create, Delist,
Redraft, Reject.
73. Data Repository Members Can
Create Pages Actions: Enable, Disable.
74. Data Repository Organization
Credential Authorization Actions:
Security Assertion Markup Language
Single-Sign On Authorized, Security
Assertion Markup Language Single-Sign
On Deauthorized, Authorized
Credentials Revoked.
75. Data Repository Package Actions:
Package Version Published, Package
Version Deleted, Package Deleted,
Package Version Restored, Package
Restored.
PO 00000
Frm 00095
Fmt 4703
Sfmt 4703
76. Data Repository Payment Method
Actions: Payment Method Cleared,
Payment Method Created, Payment
Method Updated.
77. Data Repository Advisory Actions:
Security Advisory Closed, Common
Vulnerabilities And Exposures Advisory
Requested, Data Repository Security
Advisory Made Public, Data Repository
Security Advisory Withdrawn, Security
Advisory Opened, Security Advisory
Published, Security Advisory Reopened,
Security Advisory Updated.
78. Data Repository Content Analysis:
Data Use Settings Enabled, Data Use
Settings Disabled.
79. Data Repository Sponsors Actions:
Repo Funding Link Button Toggle, Repo
Funding Links File Action, Sponsor
Sponsorship Cancelled, Sponsor
Sponsorship Created, Sponsor
Sponsorship Preference Changed,
Sponsor Sponsorship Tier Changed,
Sponsored Developer Approved,
Sponsored Developer Created,
Sponsored Developer Profile Updated,
Sponsored Developer Request
Submitted For Approval, Sponsored
Developer Tier Description Updated,
Sponsored Developer Newsletter Sent,
Sponsored Developer Invited From
Waitlist, Sponsored Developer Joined
From Waitlist.
80. Administrator audit log events:
Admin privileges grant, Group events,
Marketplace login audit change, Auto
provisioning automatically disabled.
81. Group enterprise audit log events:
Add service account permission,
Remove service account permission,
Add user, Add user role, Remove user,
Request to join, Approve join request,
Reject join request, Invite user, Accept
invitation, Reject invitation, Revoke
invitation, Join, Ban user including with
moderation, Unban user, Add all users
in domain, Create group, Delete group,
Create namespace, Delete namespace,
Change info setting, Add info setting,
Remove info setting, Add member role,
Remove user role, Membership
expiration added, Membership
expiration removed, Membership
expiration updated.
82. Software vendor employee
interaction events: Event date, Software
product name, Software vendor
employee email, Software vendor
employee home office location,
Software vendor employee access
justification, Justification tickets, Log
ID, Software product resource accessed
name.
83. Login events: Two-step
verification enabled, Two-step
verification disabled, Account password
change, Account recovery email change,
Account recovery phone change,
Account recovery secret question
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
change, Account recovery secret answer
change, Advanced Protection enroll,
Advanced Protection unenroll, Failed
login, Government-backed attack
attempt, Leaked password detected,
Login challenged, Login verification,
Logout, Out of domain email forwarding
enabled, Successful login, Suspicious
Login, Suspicious login blocked,
Suspicious login from less secure app
blocked, Suspicious programmatic login
locked, User suspended, User
suspended through spam relay, User
suspended through spam, User
suspended through suspicious activity.
84. OAuth Token audit log events:
OAuth event description, OAuth event
name, OAuth user, OAuth application
name, OAuth client ID, OAuth scope,
OAuth event data, OAuth logged
activity IP address.
85. Rules audit log events: Rule event
name, Rule event description, Rule
triggering user, Rule name, Rule type,
Rule resource name, Resource ID,
Resource title, Resource type, Resource
owner, Recipients, Data source, Actor IP
address, Rule severity, Scan type,
Matched trigger, Matched detectors,
Triggered actions, Suppressed actions,
Date, Device ID, Device type.
86. SAML audit log events: SAML
event description, SAML Event name,
SAML triggering user, SAML
application name, SAML user
organization name, Initiated by, Failure
type, Response status, Second level
status, SAML logged activity IP address,
SAML event date.
87. Calendar application audit log
events: Activity name, Activity
description, Calendar user, Calendar ID,
Event title, Event ID, User agent,
Recipient email, Message ID, Remote
Exchange Web Server URL, Error code,
Requested window start, Requested
window end, Date, Calendar logged
activity IP address.
88. Context-Aware Access audit log
events: Event name, Context-Aware
access user, Context-Aware access
logged activity IP address, Device ID,
Access level applied, Context-Aware
access event date.
89. Web browser audit log events: Web
browser event name, Web browser event
date, Web browser event reason, Device
name, Device user, Web browser profile
user name, URL generating event,
Operating System of Web Browser, Web
browser triggered rule reason, Web
browser event result, Web browser
content name, Web browser content
size, Web browser content hash, Web
browser content type, Web browser
trigger type, Web browser trigger user,
Web browser user agent, Web browser
client type.
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
90. Data Visualization audit log
events: Asset name, Event description,
User, Event name, Date, Asset type,
Owner, Asset ID, IP address, Connector
type, visibility, Prior visibility.
91. Devices audit log events: Device
ID, Event description, Date, Event name,
User, Device type, Application hash,
Serial number, Device model, OS
version, Policy name, Policy status
code, Windows OS edition, Account
registration change, Device action event,
Device application change, Device
compliance status, Device compromise,
Device OS update, Device ownership,
Device settings change, Device status
changed on Apple portal, Device sync,
Failed screen unlock attempts, Sign out
user, Suspicious activity, Work profile
support.
92. Cloud-based web storage
application audit log events: Cloudbased web storage application event
name, Cloud-based web storage
application event description, Cloudbased web storage application item type,
Cloud-based web storage application
item ID, Cloud-based web storage
application item visibility, Cloud-based
web storage application item prior
visibility, Cloud-based web storage
application user, Cloud-based web
storage application visitor Boolean
value, Cloud-based web storage
application file owner, Cloud-based web
storage application event date, Cloudbased web storage application event IP
address.
93. Groups audit log events: Groups
event name, Groups event description,
Groups event user, Groups event date.
94. Chat audit log events: Chat event
name, Chat event description, Chat
event user, Chat event date.
95. Whiteboard application audit log
events: Whiteboard application ID
Whiteboard application event
description, Whiteboard application
event name, Whiteboard application
event user, Whiteboard application
event date.
96. Note application audit log events:
Note application event name, Note
application event description, Note
application event user, Note application
event note owner, Note application
event date, Note application note URI,
Note application attachment URI.
97. Password vault audit log events:
Password vault actor, Password vault
event timestamp, Password vault event
name, Password vault application
username, Password vault application
installation name, Password vault
application credential name.
98. Takeout audit log events: Takeout
event description, Takeout products
requested, Takeout Job ID, Takeout
event date, Takeout event IP address.
PO 00000
Frm 00096
Fmt 4703
Sfmt 4703
83991
99. User accounts audit log events:
User account event description, User
account event date, User account event
IP address, two-step verification disable,
two-step verification enroll, Account
password change, Account recovery
email change, Account recovery phone
change, Account recovery secret
question change, Account recovery
secret answer change.
100. Voice audit log events: Voice
event name, Voice event description,
Voice event date, Voice event user,
Voice receiving phone number, Voice
placing phone number, Voice call
duration, Voice group message status,
Voice call cost, Auto Attendant couldn’t
route to voicemail recipient, Auto
attendant deleted, Auto attendant failed
to transfer to a user, Auto attendant
published, Auto attendant received a
voicemail, Auto attendant voicemail
failed to deliver, Auto attendant
voicemail failed to forward.
101. User setting changes: 2-Step
Verification Scratch Codes Of User
Deleted, New 2-Step Verification
Scratch Codes Generated For User, 3Legged Oauth Device Tokens Revoked,
3-Legged Oauth Token Revoked, Add
Recovery Email For User, Add Recovery
Phone For User, Admin Privileges
Granted For User, Admin Privileges
Revoked For User, Application Specific
Password Revoked For User, Automatic
Contact Sharing Changed For User, Bulk
Upload Notification, User Invite
Cancelled, Custom Attribute Changed,
External Id Changed, Gender Changed,
Ims Changed, IP Whitelisted, Keywords
Changed, User Location Changed, User
Organization Changed, User Phone
Numbers Changed, User Recovery Email
Changed, User Recovery Phone
Changed, User Relation Changed, User
Address Changed, User Email Monitor
Created, Data Transfer Requested For
User, Delegated Admin Privileges
Granted, Account Information Dump
Deleted, Email Monitor Deleted,
Mailbox Dump Deleted, Profile Photo
Deleted, First Name Changed, Gmail
Account Reset, Last Name Changed,
Mail Routing Destination Created, Mail
Routing Destination Deleted, Nickname
Created, Nickname Deleted, Password
Changed, Password Change Required
On Next Login, Recovery Email
Removed, Recovery Phone Removed,
Account Information Requested,
Mailbox Dump Requested, User Invite
Resent, Cookies Reset For User And
Forced Relogin, Security Key Registered
For User, Security Key Revoked, User
Invite Sent, Temporary Password
Viewed, 2-Step Verification Turned Off,
User Session Unblocked, Profile Photo
Updated, User Advanced Protection
Unenroll, User Archived, User Birthdate
E:\FR\FM\01DEN1.SGM
01DEN1
lotter on DSK11XQN23PROD with NOTICES1
83992
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
Changed, User Created, User Deleted,
User Downgraded From Social Media
Application, User Enrolled In 2-Step
Verification, User List Downloaded,
User Org Unit Changed, User Put In 2Step Verification Grace Period, User
Renamed, User Strong Auth Unenrolled,
User Suspended, User Unarchived, User
Undeleted, User Unsuspended, User
Upgraded To Social Media Application.
102. Application Authoring
application audit log elements: App
synced, App edited, App added, App
deleted, App invocation added, App
invocation edited, App invocation
deleted, App invocation action
performed, App read call made, App bot
invocation.
103. Organizational Administrative
Data Elements: Set Terms and
Conditions, Modify Terms and
Conditions, Set org custom theme, Edit
org custom theme, Add custom policy,
Delete custom policy, Create User IdP
Profile, Create environment, Delete
environment, Rename environment,
Edit domain name, Create business
group, Edit business group name, Edit
business group entitlement, Delete
business group.
104. API audit log elements: Create
API, Delete API, Import API, Update
label of API, Update consumer endpoint
of API, Update endpoint URI of API,
Calendar API kind, Application API
client version, Create API version,
Delete API version, Import API, Edit
name of API version, Edit description of
API version, Edit API URL of API
version, Add tag to API, Remove tag
from API, Deprecate API, Set T&Cs,
Create RAML, Modify RAML, Create
endpoint, Update existing endpoint,
Deploy proxy, Update deployed proxy,
Redeploy proxy, Create SLA tier,
Modify SLA tier, Deprecate SLA tier,
Delete SLA tier, Apply policy, Edit
policy, Remove policy, Create project,
Delete project, Delete files, Rename
project, Clean branch, Create branch,
Delete branch, Save branch, Delete file,
Move file, Import project, Publish to
Exchange, Publish to API Platform, Add
dependencies, Remove dependencies,
Change dependencies, Reload
dependencies, Merge Branch, Share
project, Sync with Data Repository,
Unsync with Data Repository, Modify
organization settings, Rename branch,
Modify project settings.
105. API Metadata: Create an API
instance, Delete an API instance, Update
an API instance.
106. Application Data: Create
application, Delete application, Reset
client secret, Request access, Request
tier change, Request tier change
approval, Approve application, Revoke
application, Restore application, Create
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
Mocking Service link, Delete Mocking
Service link, Create/modify/delete
Object store, Upload file, Delete file,
Update file,
107. Private Portals audit log events:
Create portal, Modify portal association,
Delete portal, Add portal page, Make
portal page visible, Delete portal page,
Edit portal page, Hide portal page, Set
portal theme, Modify portal theme,
Modify portal security, Create a page,
Update a page, Delete a page, Publish a
portal.
108. Public Portals audit log events:
Update a domain, Delete a domain,
Create a page, Delete a page, Update a
page, Create a portal, Publish a portal,
Delete a portal, Update a portal.
109. Identity Management audit log
events: Create identity provider
configuration, Edit identity provider
configuration, Delete identity provider
configuration, Warning, Create identity
management key, Set primary identity
management key, Delete identity
management key.
110. Connected App audit log events:
Create Connected Application, Edit
Connected Application, Delete
Connected Application, Update Scope
Assignments, Application Authorization
Approved, Application Authorization
Denied, Token Retrieval Success, Token
Retrieval Failed, Revoke Access/Refresh
Tokens.
111. Team audit log events: Create
Team, Update Team, Move Team, Add
Members, Remove Members, Add
Permissions, Remove Permissions, Edit
External Group Mappings, Delete Team.
112. Asset Management audit log
events: Create an asset, Update an asset,
Delete an asset, Share an asset, Publish
an asset to public portal, Remove an
asset from public portal, Update an asset
icon, Delete an asset icon, Create a
managed tag (category), Delete a
managed tag (category), Delete an
organization, Update tags, Create a tag
configuration, Update a tag
configuration, Delete a tag
configuration.
113. Asset Review audit log events:
Create a Comment, Delete a comment,
Update a comment, Create a review,
Delete a review, Update a review.
114. Runtime Manager audit log
events: Create application, Start
application, Restart application, Stop
application, Delete application, Change
application zip file, Promote application
from sandbox, Change application
runtime, Change application worker
size, Change application worker
number, Enable/disable persistent
queues, Enable/disable persistent queue
encryption, Modify application
properties, Enable/disable insight,
Modify log levels, Create/modify/delete
PO 00000
Frm 00097
Fmt 4703
Sfmt 4703
alerts, Enable/disable alerts, Create/
modify/delete application data, Create/
modify schedules, Create/modify/delete
tenants, Enable/disable schedules, Clear
queues, Enable/Disable static IP,
Allocate/release static IP, LoadBalancer
Create/modify/delete, Create/modify/
delete alerts V2, Create/modify/delete
VPC, Create/modify/delete VPN.
115. Server audit log events: Add
server, Delete server, Rename server,
Create server group, Delete server group,
Rename server group, Add server to
server group, Remove server from server
group, Create cluster, Delete Cluster,
Rename cluster, Add server to cluster,
Remove server from cluster, Deploy
application, Delete application, Start
application, Stop application, Redeploy
application with existing file, Redeploy
application with new file.
116. Private Spaces audit log events:
Create/Modify/Delete private space,
Create/Modify/Delete connection,
Create/Modify/Delete VPN, Create/
Modify/Delete transit gateway, Create/
Modify/Delete TLSContext, Create/
Modify/Delete routes.
117. Anypoint MQ audit log events:
Create/modify/delete/purge queue,
Create/modify/delete exchange, Create/
delete exchange binding, Create/delete/
regenerate client.
118. Mentorship program application
data: Notification Logs, Notification
Type, Notification Template, Status,
Time sent, Email Events, General
Application Data, Support Tickets,
Product Usage Analytics, Product
update in app notification delivery
status, Application error logs,
Application request logs.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9.
apply. In addition:
a. To appropriate agencies, entities,
and persons when (1) the Postal Service
suspects or has confirmed that there has
been a breach of the system of records;
(2) the Postal Service has determined
that as a result of the suspected or
confirmed breach there is a risk of harm
to individuals, the Postal Service
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with the Postal Service’s
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
RECORD SOURCE CATEGORIES:
Employees; contractors; customers.
E:\FR\FM\01DEN1.SGM
01DEN1
Federal Register / Vol. 88, No. 230 / Friday, December 1, 2023 / Notices
HISTORY:
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
May 10th, 2021; 86 FR 24902.
Automated database, computer
storage media, and paper.
Colleen Hibbert-Kapler,
Attorney, Ethics and Compliance.
[FR Doc. 2023–26480 Filed 11–30–23; 8:45 am]
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
BILLING CODE 7710–12–P
Records relating to system
administration are retrievable by user
ID.
SECURITIES AND EXCHANGE
COMMISSION
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records relating to system
administration are retained for twentyfour months.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Computer access is limited to
authorized personnel with a current
security clearance, and physical access
is limited to authorized personnel who
must be identified with a badge.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
encryption, mechanical locks, card key
systems, or other physical access control
methods. The use of computer systems
is regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and
Record Access Procedures above.
lotter on DSK11XQN23PROD with NOTICES1
NOTIFICATION PROCEDURES:
Customers wanting to know if other
information about them is maintained in
this system of records must address
inquiries in writing to the Chief
Information Officer and Executive Vice
President and include their name and
address.
EXEMPTION(S) PROMULGATED FROM THIS
SYSTEM:
None.
VerDate Sep<11>2014
18:47 Nov 30, 2023
Jkt 262001
[Release No. 34–99022; File No. SR–NSCC–
2023–011]
Self-Regulatory Organizations;
National Securities Clearing
Corporation; Notice of Filing of
Proposed Rule Change To Refine the
Margin Liquidity Adjustment (‘‘MLA’’)
Charge Calculation and the
Description of the MLA Charge
November 27, 2023.
Pursuant to section 19(b)(1) of the
Securities Exchange Act of 1934
(‘‘Act’’) 1 and Rule 19b–4 thereunder,2
notice is hereby given that on November
17, 2023, National Securities Clearing
Corporation (‘‘NSCC’’) filed with the
Securities and Exchange Commission
(‘‘Commission’’) the proposed rule
change as described in Items I, II and III
below, which Items have been prepared
by the clearing agency. The Commission
is publishing this notice to solicit
comments on the proposed rule change
from interested persons.
I. Clearing Agency’s Statement of the
Terms of Substance of the Proposed
Rule Change
The proposed rule change consists of
modifications to NSCC’s Rules &
Procedures (‘‘Rules’’) to refine the
Margin Liquidity Adjustment (‘‘MLA’’)
charge calculation and the description
of the MLA charge, as described in
greater detail below.3
II. Clearing Agency’s Statement of the
Purpose of, and Statutory Basis for, the
Proposed Rule Change
In its filing with the Commission, the
clearing agency included statements
concerning the purpose of and basis for
the proposed rule change and discussed
any comments it received on the
proposed rule change. The text of these
statements may be examined at the
places specified in Item IV below. The
clearing agency has prepared
summaries, set forth in sections A, B,
and C below, of the most significant
aspects of such statements.
1 15
U.S.C. 78s(b)(1).
CFR 240.19b–4.
3 Capitalized terms not defined herein are defined
in the Rules, available at https://dtcc.com/∼/media/
Files/Downloads/legal/rules/nscc_rules.pdf.
2 17
PO 00000
Frm 00098
Fmt 4703
Sfmt 4703
83993
(A) Clearing Agency’s Statement of the
Purpose of, and Statutory Basis for, the
Proposed Rule Change
1. Purpose
NSCC is proposing to refine the MLA
charge calculation to more accurately
calculate the impact costs of liquidating
a security/portfolio by (i) moving all
exchange traded products (‘‘ETPs’’)
(other than those deemed to be Illiquid
Securities) into the equities asset group
and calculating impact cost at the
security level rather than at the
subgroup level for the equities asset
subgroups and (ii) improving the
calculations relating to exchange traded
funds (‘‘ETFs’’) by adding a calculation
for latent liquidity for equity ETFs with
in-kind baskets, as described in more
detail below.
NSCC conducted an impact study of
the proposed changes based on data
from January 3, 2022 through June 30,
2023.4 The impact study indicated that
if the proposed changes had been in
place during the impact study period,
the proposed changes would have
resulted in an approximately $62
million daily average increase during
the impact study period, which
accounts for approximately 0.52% of the
daily total Clearing Fund during that
period. Currently, the daily MLA charge
accounts for approximately 3.54% of the
daily total Clearing Fund. With the
proposed MLA charge refinements, the
MLA charge would have accounted for
approximately 4.06% of the daily total
Clearing Fund.
NSCC is also proposing to enhance
the description of the MLA charge to
clarify the description of the calculation
with respect to SFT Positions in
connection with Securities Financing
Transactions, as described below.
(i) Overview of Required Fund Deposit
and MLA Charge
As part of its market risk management
strategy, NSCC manages its credit
exposure to Members by determining
the appropriate Required Fund Deposits
to the Clearing Fund and monitoring its
sufficiency, as provided for in the
Rules.5 The Required Fund Deposit
serves as each Member’s margin.
4 In order to more accurately assess the impact of
the proposed changes, the impact study included
changes to the gap risk measure that were
implemented on October 2, 2023 as if such changes
had been in effect during the impact study period.
See Securities Exchange Act Release No. 98086
(Aug. 8, 2023), 88 FR 55100 (Aug. 14, 2023) (File
No. SR–NSCC–2022–015) (order approving
proposed rule change to change the gap risk
measure).
5 See Rule 4 (Clearing Fund) and Procedure XV
(Clearing Fund Formula and Other Matters), supra
E:\FR\FM\01DEN1.SGM
Continued
01DEN1
Agencies
[Federal Register Volume 88, Number 230 (Friday, December 1, 2023)]
[Notices]
[Pages 83981-83993]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-26480]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974; System of Records
AGENCY: Postal Service[supreg].
ACTION: Notice of modified system of records.
-----------------------------------------------------------------------
SUMMARY: The United States Postal Service[supreg] (USPS) is proposing
to modify three General Privacy Act Systems of Records (SOR) to support
the development and implementation of a voluntary mentorship program
and related applications to assist participating employees in achieving
their individual personal and professional goals.
DATES: These revisions will become effective without further notice on
January 2, 2024, unless responses to comments received on or before
that date result in a contrary determination.
ADDRESSES: Comments may be submitted via email to the Privacy and
Records Management Office, United States Postal Service Headquarters
([email protected]). To facilitate public inspection, arrangements to
view copies of any written comments received will be made upon request.
FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].
SUPPLEMENTARY INFORMATION: This notice is in accordance with the
Privacy Act requirement that agencies publish their systems of records
in the Federal Register when there is a revision, change, or addition,
or when the agency establishes a new system of records. The Postal
Service is proposing revisions to three existing systems of records
(SOR) to support the implementation of voluntary mentorship programs
and related applications.
I. Background
The USPS is planning to implement voluntary mentorship programs to
support professional growth and promote diversity, equity, inclusion,
and accessibility, consistent with the Postal Service's Delivering for
America plan. These mentorship programs will use an application process
to select mentors and to match them with mentees. Mentors and mentees
will also be asked to complete voluntary surveys to provide feedback on
the program. In association with these mentorship programs, a new
software application will also be implemented to help facilitate and
maintain the mentorship program and assist mentors and mentees.
II. Rationale for Changes to USPS Privacy Act Systems of Records
The Postal Service is proposing modifications to the following
SORs:
USPS SOR 100.300, Employee Development and Training Records
--One new Purpose, number 13
--One new Category of Records, number 3
--One new Retention and Disposal period, number 5
--One new Category of Individuals
--One new Notification Procedure
USPS SOR 550.100, Commercial Information Technology Resources--
Applications
--One new Purpose, number 12
--Three new Categories of Records, numbers 12-14
--One new Retention and Disposal period, number 12
--One new Retrievability process, number 12
USPS SOR 550.200, Commercial Information Technology Resources--
Administrative
--One new Category of Records, number 118
III. Description of the Modified Systems of Records
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written data, views, or arguments on this proposal. A report of
the proposed revisions to this SOR has been sent to Congress and to the
Office of Management and Budget for their evaluations. The Postal
Service does not expect that this modified system of records will have
any adverse effect on individual privacy rights. Accordingly, for the
reasons stated above, the Postal Service proposes revisions included in
this system of records presented in its entirety as follows:
SYSTEM NAME AND NUMBER:
USPS 100.300 Employee Development and Training Records.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
Management training centers, Integrated Business Solutions Services
Centers, other USPS facilities where career development and training
records are stored, USPS Law Department and contractor sites.
SYSTEM MANAGER(S):
Vice President, Human Resources, United States Postal Service, 475
L'Enfant Plaza SW, Washington, DC 20260.
Vice President, Organization Development, United States Postal
Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 410, 1001, 1005, and 1206.
PURPOSE(S) OF THE SYSTEM:
1. To provide managers, supervisors, and training and development
professionals with decision-making information for employee career
development, succession planning, training, and assignment.
2. To make and track employee job assignments, to place employees
in new positions, and to assist in career planning and training in
general.
3. To provide statistics for personnel and workload management.
4. To provide employees with an online platform that supports
individual and career development.
5. To facilitate voluntary information sharing through an enhanced
employee profile tool that highlights individual education, knowledge
and experience.
6. To provide employees with convenient and flexible online
learning options.
7. To create a forum that promotes a culture for participation in
voluntary career development activities and opportunities.
8. To create a readily available source of information about
current employee talents, skills, and abilities.
9. To communicate with and provide notification to individuals
about training assignments and requirements, both prior to and after
effective date of employment or placement.
10. To facilitate communication between the Postal Service and
[[Page 83982]]
individual employees, new hires and applicants, including current and
former employees.
11. To share relevant information and topics about the Postal
Service with individual employees, new hires and applicants, including
current and former employees.
12. To request and gather voluntary feedback from individual
employees, new hires and applicants, including current and former
employees.
13. To facilitate registration and participation in a voluntary
mentorship program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former USPS employees, new hires and applicants.
Individual employees that voluntarily participate in USPS-sponsored
mentorship programs.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Employee information: Name, Social Security Number, Employee
Identification Number, phone number(s), SMS text message number,
personal email address, demographic information, photograph, years of
service, retirement eligibility, postal assignment information, work
contact information, finance number(s), duty location, and pay
location.
2. Employee development and training information: Records related
to career development, work history, assessments, skills bank
participation, USPS- and non-USPS-sponsored training, examinations,
evaluations of training, and USPS lodging when a discrepancy report is
filed against the student about unauthorized activities while occupying
the room.
3. Mentorship program applicant and participant information: First
and last name; current position; employing office; work telephone
number(s); work email address; length of tenure with the USPS and in
current position; participant role; agreement to participate;
objectives, goals and/or expectations for participation; communication,
meeting, and match preferences; interests/hobbies; and satisfaction
survey results.
RECORD SOURCE CATEGORIES:
Employees; employees' supervisor or manager; and other systems of
records.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9. apply.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Automated database, computer storage media, digital files, and
paper files.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
By employee name, Social Security Number, or Employee
Identification Number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
1. Training records are retained 5 years. Training-related travel
records are retained 1 year.
2. Records related to succession planning and individual
development planning are retained 10 years.
3. Examination records are retained 1 year after employee
separation.
4. Skills bank records are retained up to 2 years.
5. Mentorship Program participant records and satisfaction survey
results will be retained for up to 2 years, after the end of the Fiscal
Year program cycle. Records existing on paper are destroyed by burning,
pulping, or shredding. Records existing on computer storage media are
destroyed according to the applicable USPS media sanitization practice.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is regulated with installed security
software, computer logon identifications, and operating system controls
including access controls, terminal and transaction logging, and file
management software.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedures below and Record Access Procedures
above.
NOTIFICATION PROCEDURES:
Individuals wanting to know if information about them is maintained
in this system must address inquiries to the facility head where
currently or last employed. Headquarters employees must submit
inquiries to Corporate Personnel Management, 475 L'Enfant Plaza SW,
Washington, DC 20260.
Participants in the USPS Law Department Mentorship Program must
submit inquiries to USPS Law Department, 475 L'Enfant Plaza SW,
Washington, DC 20260.
Inquiries must include full name, Social Security Number or
Employee Identification Number, name and address of facility where last
employed, and dates of USPS employment.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(j) and (k), USPS has established
regulations at 39 CFR 266.9 that exempt records in this system
depending on their purpose. The USPS has also claimed exemption from
certain provisions of the Act for several of its other systems of
records at 39 CFR 266.9. To the extent that copies of exempted records
from those other systems are incorporated into this system, the
exemptions applicable to the original primary system continue to apply
to the incorporated records.
HISTORY:
August 18, 2021, 86 FR 46281; July 19, 2013, 78 FR 43247; June 17,
2011, 76 FR 35483; April 29, 2005, 70 FR 22516.
SYSTEM NAME AND NUMBER:
550.100 Commercial Information Technology Resources--Applications.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
All USPS facilities and contractor sites.
SYSTEM MANAGER(S):
For records of computer access authorizations: Chief Information
Officer and Executive Vice President, United States Postal Service, 475
L'Enfant Plaza SW, Washington, DC 20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404.
PURPOSE(S) OF THE SYSTEM:
1. To provide event registration services to USPS customers,
contractors, and other third parties.
[[Page 83983]]
2. To allow task allocation and tracking among team members.
3. To allow users to communicate by telephone, instant-messaging,
and email through local machine and web-based applications on desktop
and mobile operating systems.
4. To share your personal image via your device camera during
meetings and web conferences, if you voluntarily choose to turn the
camera on, enabling virtual face-to-face conversations.
5. To provide for the creation and storage of media files,
including video recordings, audio recordings, desktop recording, and
web-based meeting recordings.
6. To provide a collaborative platform for viewing video and audio
recordings.
7. To create limited use applications using standard database
formats.
8. To review distance driven by approved individuals for accurate
logging and compensation.
9. To develop, maintain, and share computer code.
10. To comply with Security Executive Agent Directive (SEAD) 3
requirements for self-reporting of unofficial foreign travel pertaining
to covered individuals who have access to classified information or who
hold a sensitive position.
11. To administer and maintain a secure board portal software that
provides leadership with instant access to information they need
before, during and after meetings, making board and committee
interactions more efficient and productive by promoting collaboration
and information sharing among USPS Board of Governors (BOG) and
Executive Leadership Team (ELT).
12. To facilitate the software component of USPS-sponsored
voluntary mentorship programs.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
1. Individuals with authorized access to USPS computers,
information resources, and facilities, including employees,
contractors, business partners, suppliers, and third parties.
2. Individuals participating in web-based meetings, web-based video
conferencing, web-based communication applications, and web-based
collaboration applications.
3. USPS Board of Governors, administrators, and USPS Executive
Leadership Team.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Third-Party Information Records: Records relating to non-Postal,
third-party individuals utilizing an information system, application,
or piece of software, including: Third-Party Name, Third Party Date
Request, Third Party Free Text, Guest User Information.
2. Collaboration Application Records: Records relating to web-
conferencing and web-collaboration applications, including;
Collaborative Group Names, Collaborative Group IDs, Action Name, Number
Of Actions Sent, Number Of Action Responses, Employee Phone Number,
Collaborative Group Chat History, Profile Information, Collaborative
Group Membership, Contacts, Project Owner, Project Creator, Event Start
Time, Event Status, Event Organizer, Event Presenter, Event Producer,
Event Production Type, Event Recording Setting, Total Number Of Event
Media Viewings, Number Of Active Users, Number Of Active Users In
Collaborative Groups, Number Of Active Collaborative Group
Communication Channels, Number Of Messages Sent, Number Of Calls
Participated In, Last Activity Date Of A User, Number Of Guest Users In
A Collaborative Group, Event Name, Event Description, Event Start Date,
Event End Date, Video Platform Group Name, Video Platform Group Email
Alias, Video Platform Group Description, Video Platform Group
Classification, Video Platform Group Access Level, Video Platform
Channel Name, Video Platform Channel Description, Video Platform
Channel Access, Video Platform Live Event Recording, Total Number Of
Video Conferences, Add Room Member To Collaborative Group, Attachment
Downloaded From Collaborative Group, Attachment Uploaded From
Collaborative Group, Direct Message Started From Collaborative Group,
Invite Sent From Collaborative Group, Message Edited From Collaborative
Group, Message Posted In Collaborative Group, Remove Room Member From
Collaborative Group, Room Created In Collaborative Group, Add Service
Account Permission To Enterprise Collaborative Group, Remove Service
Account Permission To Enterprise Collaborative Group, Added User To
Enterprise Collaborative Group, Added User Role To Enterprise
Collaborative Group, Removed User From Enterprise Collaborative Group,
Request To Join Enterprise Collaborative Group, Approve Join Request
From Enterprise Collaborative Group, Reject Join Request From
Enterprise Collaborative Group, Invite User To Enterprise Collaborative
Group, Accept Invitation For Enterprise Collaborative Group, Reject
Invitation For Enterprise Collaborative Group, Revoke Invitation For
Enterprise Collaborative Group, Join Enterprise Collaborative Group,
Ban User Including With Moderation In Enterprise Collaborative Group,
Unban User From Enterprise Collaborative Group, Add All Users In Domain
For Enterprise Collaborative Group, Create Group In Enterprise
Collaborative Group, Delete Group In Enterprise Collaborative Group,
Create Namespace In Enterprise Collaborative Group, Delete Namespace In
Enterprise Collaborative Group, Change Info Setting In Enterprise
Collaborative Group, Add Info Setting In Enterprise Collaborative
Group, Remove Info Setting In Enterprise Collaborative Group, Add
Member Role In Enterprise Collaborative Group, Remove User Role In
Enterprise Collaborative Group, Membership Expiration Added In
Enterprise Collaborative Group, Membership Expiration Removed In
Enterprise Collaborative Group, Membership Expiration Updated In
Enterprise Collaborative Group, ACL Permission Changed In Collaborative
Group, Collaborative Group Invitation Accepted, Join Request Approved,
User Joined Collaborative Group, User Requested To Join Collaborative
Group, Collaborative Group Basic Setting Changed, Collaborative Group
Created, Collaborative Group Deleted, Collaborative Group Identity
Setting Changed, Collaborative Group Info Setting Added, Collaborative
Group Info Setting Changed, Collaborative Group Info Setting Removed,
Collaborative Group New Member Restriction Changed, Collaborative Group
Post Reply Settings Changed, Collaborative Group Spam Moderation
Settings Changed, Collaborative Group Topic Setting Changed,
Collaborative Group Message Moderated, User Posts Will Always Be
Posted, User Added To Collaborative Group, User Banned From
Collaborative Group, User Invitation Revoked From A Collaborative
Group, User Invited To Collaborative Group, User Join Request Rejected
From A Collaborative Group, User Reinvited To Collaborative Group, User
Removed From Collaborative Group, Call Event Abuse Report Submitted,
Call Event Endpoint Left, Call Event Livestream Watched, Individual
Form Response, Form Respondent Email Address, Whiteboard Software
Updated, Whiteboard Reboot Requested, Whiteboard Export Requested,
Attachment Deleted, Attachment Uploaded, Note Content Edited, Note
Created, Note Deleted, Note Permissions Edited.
3. Communication Application Records: Enterprise Social Network
User Name, Enterprise Social Network User State, Enterprise Social
Network User State Change Date, Enterprise Social
[[Page 83984]]
Network User Last Activity Date, Number Of Messages Posted By An
Enterprise Social Network User In Specified Time Period, Number Of
Messages Viewed By An Enterprise Social Network User, Number Of Liked
Messages By An Enterprise Social Network User, Products Assigned To A
Enterprise Social Network User, Home Network Information, External
Network Information, External Network Name, External Network
Description, External Network Image, Network Creation Date, Network
Usage Policy, External Network User Name, External Network User Email
Address, External Group Name, Number Of Users On A Network, Network ID,
Live Event Video Links, Files Added Or Modified In Enterprise Social
Network, Message ID, Thread ID, Message Privacy Status, Full Body Of
Message, Chat User Action, Chat Room Member Added, Chat Attachment
Downloaded, Chat Attachment Uploaded, Chat Room Blocked, Chat User
Blocked, Chat Direct Message Started, Chat Invitation Accepted, Chat
Invitation Declined, Chat Invitation Sent, Chat Message Edited, Chat
Message Posted, Chat Room Member Removed, Chat Room Created.
4. Multimedia Records: Records relating to media associated with or
originating from an information system, including; Video Platform User
ID, Video Name, Videos Uploaded By User, Videos Accessed By User,
Channels Created By User, User Group Membership, Comments Left By User
On Videos, Screen Recordings, Video Transcript, Deep Search Captions,
Video Metadata, Audio Metadata, Phone Number, Time Phone Call Started,
User Name, Call Type, Phone Number Called To, Phone Number Called From,
Called To Location, Called From Location, Telephone Minutes Used,
Telephone Minutes Available, Charges For Use Of Telephone Services,
Currency Of Charged Telephone Services, Call Duration, Call ID,
Conference ID, Phone Number Type, Blocked Phone Numbers, Blocking
Action, Reason For Blocking Action, Blocked Phone Number Display Name,
Date And Time Of Blocking, Call Start Time, User Display Name, SIP
Address, Caller Number, Called To Number, Call Type, Call Invite Time,
Call Failure Time, Call End Time, Call Duration, Number Type, Media
Bypass, SBC FQDN, Data Center Media Path, Data Center Signaling Path,
Event Type, Final SIP, Final Vendor Subcode, Final SIP Phrase, Unique
Customer Support ID.
5. Limited Use Application Records: Records relating to
applications with a specific, limited use, including; Application
Authoring Application Name, Application Authoring Application Author,
Voice Search Text Strings, Miles Driven, Mileage Rates, Country
Currency, Destination, Destination Classification, Car Make, Car Model,
Working Hours, Total Number Of Monthly Drives, Total Number Of Monthly
Miles, Total Number Of Personal Drives, Total Number Of Personal
Drives, Users Allowed To Access Application, Application Authoring
Application Security Settings, Total Number Of Cloud-Based Searches
Performed, Total Number Of Cloud-Based Search Queries From Web
Browsers, Total Number Of Cloud-Based Search Queries From Android
Operating Systems, Total Number Of Cloud-Based Search Queries From iOS
Operating Systems, Data Visualization Report Email Delivery Added, Data
Visualization Asset Created, Data Visualization Data Exported, Data
Visualization Asset Deleted, Data Visualization Report Downloaded, Data
Visualization Asset Edited, Data Visualization Asset Restored, Data
Visualization Report Email Delivery Stopped, Data Visualization Asset
Trashed, Data Visualization Report Email Delivery Updated, Data
Visualization Asset Viewed, Data Visualization Link Sharing Access Type
Changed, Data Visualization Link Sharing Visibility Changed, Data
Visualization User Sharing Permissions Changed.
6. Development Records: Records relating to applications used for
the creation, sharing, or modification of software code, including:
Data Repository User ID, Data Repository Password, Data Repository User
Address, Data Repository Payment Information, Data Repository User
First Name, Data Repository User Last Name, Data Repository Profile
Picture, Data Repository Profile Biography, Data Repository Profile
Location, Data Repository User Company, Data Repository User
Preferences, Data Repository User Preference Analytics, Data Repository
Transaction Date, Data Repository Transaction Time, Data Repository
Transaction Amount Charged, Data Repository web pages Viewed, Data
Repository Referring website, Data Repository Date Of web page Request,
Data Repository Time Of web page Request, Data Repository User Commits,
Data Repository User Commit Comment Body Text, Data Repository Pull
Request Comment Body Text, Data Repository Issue Comment Body Text,
Data Repository User Comment Body Text, Data Repository User
Authentication, Language Of Device Accessing Data Repository, Operating
System Of Device Accessing Data Repository, Application Version Of
Device Accessing Data Repository, Device Type Of Device Accessing Data
Repository, Device ID Of Device Accessing Data Repository, Device Model
Of Device Accessing Data Repository, Device Manufacturer Of Device
Accessing Data Repository, Browser Version Of Device Accessing Data
Repository, Client Application Information Of Device Accessing Data
Repository, Data Repository User Usage Information, Data Repository
Transactional Information, Data Repository API Notification Status,
Data Repository API Issue Status, Data Repository API Pull Status, Data
Repository API Commit Status, Data Repository API Review Status, Data
Repository API Label, Data Repository API User Account Signin Status,
Data Repository API Schedule Status, Data Repository API Schedule List.
7. Unofficial Foreign Travel Monitoring: Records relating to
covered individuals for the administration of the SEAD 3 program,
including: Title, Name Of Traveler, Information Type: Pre-Travel And
Post-Travel, Start Date Of Travel, End Date Of Travel, Carrier Of
Transportation, Countries You Are Visiting, Passport Number, Passport
Expiration Date, Names And Association Of Foreign National Travel
Companions, Planned Foreign Contacts, Emergency Contact Name, Emergency
Contact Phone Number, Emergency Contact Relationship, Post-Travel
Questions Relating To Activity, Events, And Interactions.
8. Cloud-Based Storage Records: Records relating to activity within
cloud-based storage systems, including: Number Of Files Made Publicly
Available, Number Of Files Made Available With A Link, Number Of Files
Shared With Domain Users, Number Of Files Shared With Domain Users
Through Link, Number Of Files Shared With Users Outside Domain, Number
Of Files Shared With User Or Group In Domain, Number Of Files Not
Shared At All, Number Of Spreadsheet Documents Added, Number Of Text
Documents Added, Number Of Presentation Documents, Number Of Form
Documents Added, Number Of Other Files Added, Number Of Files Edited,
Number Of Files Viewed, Number Of Files Added, Total Cloud Storage
Space Used, Last Time Storage Accessed By User, Item Added To Folder,
Item Approval Cancelled, Comment Added On Approval Of Item, Due Date
Time Change Requested, Item Approval Requested, Reviewer Change
Requested For Item Approval, Item Approval Reviewed, Document Copy
Created,
[[Page 83985]]
Document Created, Document Deleted, Document Downloaded, Document
Shared As Email Attachment, Document Edited, Label Applied, Label Value
Changed, Label Removed, Item Locked, Item Moved, Item Previewed, Item
Printed, Item Removed From Folder, Item Renamed, Item Restored, Item
Trashed, Item Unlocked, Item Uploaded, Item Viewed, Security Update
Applied To File, Security Update Applied To All Files In Folder,
Publish Status Changed, Editor Settings Changed, Link Sharing Access
Type Changed, Link Sharing Access Changed From Parent Folder, Link
Sharing Visibility Changed, Link Sharing Visibility Changed From Parent
Folder, Security Update Removed From File, Membership Role Changed,
Shared Storage Settings Changed, Spreadsheet Range Enabled, User
Sharing Permissions Changed, User Sharing Permissions Changed From
Parent Folder, User Storage Updated, File Viewed, File Renamed, File
Created, File Edited, File Previewed, File Printed, File Updated, File
Deleted, File Uploaded, File Downloaded, File Shared.
9. Email Application Records: Records relating to regular use of
email applications, including: Email Body Text, Email Metadata, Total
Number Of Emails Sent, Total Number Of Emails Received, Total Number Of
Emails Sent And Received, Last Time User Accessed Email Client Through
A Post Office Protocol (POP) Mail Server, Last Time User Accessed Email
Client Through An internet Message Access Protocol (IMAP) Mail Server,
Last Time User Accessed Through Web-Based Server, Total Email Client
Storage Space Used, Calendar Access Level(S) Changed, Calendar Country
Changed, Calendar Created, Calendar Deleted, Calendar Description
Changed, Calendar Location Changed, Calendar Time zone Changed,
Calendar Title Changed, Calendar Notification Triggered, Calendar
Subscription Added, Calendar Subscription Deleted, Calendar Event
Created, Calendar Event Deleted, Calendar Event Guest Added, Calendar
Event Guest Auto-Response, Calendar Event Guest Removed, Calendar Event
Guest Response Changed, Calendar Event Modified, Calendar Event Removed
From Trash, Calendar Event Restored, Calendar Event Start Time Changed,
Calendar Event Title Modified, Successful Availability Lookup Of A
Calendar Between Email Clients, Successful Availability Lookup Of Email
Client Resource, Successful Email Client Resource List Lookup,
Unsuccessful Availability Lookup Of A Calendar On Email Client,
Unsuccessful Availability Lookup Of Email Client Resource, Unsuccessful
Email Client Resource List Lookup.
10. Web Browser Records: Records relating to activity within a web
browser, including: Web Browser Password Changed, Web Browser Password
Reused, Malware Detected in Transferred Content for User, Sensitive
Data Detected In Transferred Content, Unsafe website Visit Detected For
User.
11. USPS Board of Governors name, email, and collaborative meeting
records used to store meeting material such as presentations, briefing
documents/memos, meeting minutes/notes, and responses to various board
inquiries, presentation briefing documents, and memos.
12. Mentorship Application Information: Match Data Stored About A
User, Program Membership Status, Program Eligibility, Program
Enrollment Date, Program Participation Preference, Mentor/Mentee
Capacity, Preferred Mentors, Accepting New Matches Status, Recommended
Mentors, Declined Recommendation Reason, Active Mentor/Mentee/Peer
Relationships, Relationship Start/End Date, User Who Requested The
Relationship, Relationship Status, Action Item/Checklist Item Progress,
Mentorship Agreements, Pairing Health, Mentor/Mentee/Peer Relationship
Requests, Mentor/Mentee/Peer Relationship Extension Requests, Mentor/
Mentee/Peer Request Introduction Notes, Mentor/Mentee/Peer Request
Preferred Match Duration, Past Mentor/Mentee/Peer Relationships, Active
Group Membership As A Mentor/Mentee/Peer, Group Name, Group Start/End
Date, Group Status, Past Group Membership As A Mentor/Mentee/Peer
13. Mentoring Session Data Stored for a User: Status, Default Admin
Agenda, Custom User Agenda.
Start/End Date Time, Mentee/Mentor Feedback, 1-4 Star Rating, Free
Text Session Feedback, Private Session Notes, Shared Session Notes,
User Booking Session, Session Calendar Event And Videoconferencing
Details, Session Attendance, Session Topics.
14. Program Survey Data Stored For A User: Survey Status, Custom
Admin Supplied Question Responses, Program Admin Data, Reporting Column
Preferences, Program Admin Support Contact.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9. apply. In addition:
(a) To appropriate agencies, entities, and persons when (1) the
Postal Service suspects or has confirmed that there has been a breach
of the system of records; (2) the Postal Service has determined that as
a result of the suspected or confirmed breach there is a risk of harm
to individuals, the Postal Service (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with the Postal
Service's efforts to respond to the suspected or confirmed breach or to
prevent, minimize, or remedy such harm.
RECORD SOURCE CATEGORIES:
Employees; contractors; customers; USPS Board of Governors.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Automated database, computer storage media, and paper.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
1. Records relating to third-parties are retrievable by name and
email address.
2. Records relating to collaboration are retrievable by name, email
address, and user ID.
3. Records relating to communication are retrievable by name, email
address, and user ID.
4. Records pertaining to multimedia are retrievable by username and
media title.
5. Records relating to application development are retrievable by
user ID and application name.
6. Records relating to limited use applications are retrievable by
name, email address, and user ID.
7. Records relating to Unofficial Foreign Travel Monitoring for
covered individuals are retrievable by name.
8. Records relating to Cloud-based storage are retrievable by name,
email address, and user ID.
9. Records relating to Email Applications are retrievable by name,
email address, and user ID.
10. Records relating to Web Browsers are retrievable by name, email
address, and user ID.
11. USPS Board of Governors secure board portal collaboration
software data is retrievable by date, meeting information, committee
name, and other session collaboration details.
12. Records relating to mentorship programs are retrievable by
mentee name.
[[Page 83986]]
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
1. Records relating to third parties are retained for twenty-four
months.
2. Records relating to collaboration are retained for twenty-four
months.
3. Records relating to communication are retained for twenty-four
months.
4. Multimedia recordings are retained for twenty-four months.
5. Records relating to application development are retained for
twenty-four months.
6. Records relating to limited use applications are retained for
twenty-four months.
7. Records relating to Unofficial Foreign Travel Monitoring for
covered individuals are retained for twenty-five years.
8. Records relating to Cloud-based storage are retained for twenty-
four months.
9. Records relating to Email Applications are retained for twenty-
four months.
10. Records relating to Web Browsers are retained for twenty-four
months.
11. USPS Board of Governors secure board portal collaboration
software data is retained up to twelve months from the close of the
corresponding event.
12. Records relating to mentorship programs are retained for
twenty-four months.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel.
Computer access is limited to authorized personnel with a current
security clearance, and physical access is limited to authorized
personnel who must be identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by encryption, mechanical locks, card key
systems, or other physical access control methods. The use of computer
systems is regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the
Notification Procedure and USPS Privacy.
Act regulations regarding access to records and verification of
identity under 39 CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and Record Access Procedures above.
NOTIFICATION PROCEDURES:
Customers and employees wanting to know if other information about
them is maintained in this system of records must address inquiries in
writing to the Chief Information Officer and Executive Vice President
and include their name and address.
EXEMPTION(S) PROMULGATED FROM THIS SYSTEM:
None.
HISTORY:
May 11, 2021; 86 FR 25899; January 31, 2022; 87 FR 4957.
SYSTEM NAME AND NUMBER:
550.200 Commercial Information Technology Resources--
Administrative.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
All USPS facilities and contractor sites.
SYSTEM MANAGER(S):
For records of computer access authorizations: Chief Information
Officer and Executive Vice President, United States Postal Service, 475
L'Enfant Plaza SW, Washington, DC 20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404.
PURPOSE(S) OF THE SYSTEM:
1. To provide active and passive monitoring and review of
information system applications and user activities.
2. To generate logs and reports of information system application
and user activities.
3. To provide a means of auditing commercial information system
activities across applications and users.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
1. Individuals with authorized access to USPS computers,
information resources, and facilities, including employees,
contractors, business partners, suppliers, and third parties.
2. Individuals participating in web-based meetings, web-based video
conferencing, web-based communication applications, and web-based
collaboration applications.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. General Audit Log activities: DateTime, IP Address, User
Activity, User Item Accessed, Activity Detail, Object ID, Record Type,
Client IP Address, CorrelationID, CreationTime, EventData, EventSource,
ItemType, OrganizationID, UserAgent, USerKEy, UserType, Version,
Workload.
2. File and page activities: Accessed file, Change retention label
for a file, Deleted file marked as a record, Checked in file, Changed
record status to locked, Changed record status to unlocked, Checked out
file, Copied file, Discarded file checkout, Deleted file, Deleted file
from recycle bin, Deleted file from second-stage recycle bin, Detected
document sensitivity mismatch, Detected malware in file, Deleted file
marked as a record, Downloaded file, Modified file, Moved file,
Recycled all minor versions of file, Recycled all versions of file,
Recycled version of file, Renamed file, Restored file, Uploaded file,
Viewed page, View signaled by client, Performed search query.
3. Folder activities: Copied folder, Created folder, Deleted
folder, Deleted folder from recycle bin, Deleted folder from second-
stage recycle bin, Modified folder, Moved folder, Renamed folder,
Restored folder.
4. Cloud-based Enterprise Storage activities: Created list, Created
list column, Created list content type, Created list item, Created site
column, Created site content type, Deleted list, Deleted list column,
Deleted list content type, Deleted list item, Deleted site column,
Deleted site content type, Recycled list item, Restored list, Restored
list item, Updated list, Updated list column, Updated list content
type, Updated list item, Updated site column, Updated site content
type.
5. Sharing and access request activities: Added permission level to
site collection, Accepted access request, Accepted sharing invitation,
Blocked sharing invitation, Created access request, Created a company
shareable link, Created an anonymous link, Created secure link, Deleted
secure link, Created sharing invitation, Denied access request, Removed
a company shareable link, Removed an anonymous link, Shared filer,
folder, or site, Unshared file folder or site, Updated access request,
Updated an anonymous link, Updated sharing invitation, Used a company
shareable link, Used an anonymous link, Used secure link, User added to
secure link, User removed from secure link, Withdrew sharing
invitation.
[[Page 83987]]
6. Synchronization activities: Allowed computer to sync files,
Blocked computer from syncing files, Downloaded files to computer,
Downloaded file changes to computer, Uploaded files to document
library, Uploaded file changes to document library.
7. Site permissions activities: Added site collection admin, Added
user of group to Cloud-based Enterprise Storage group, Broke permission
level inheritance, Broke sharing inheritance, Created group, Deleted
group, Modified access request setting, Modified ``Members Can Share''
setting, Modified permission level on site collection, Modified site
permissions, Removed site collection admin, Removed permission level
from site collection, Removed user or group from Cloud-based Enterprise
Storage group, Requested site admin permissions, Restored sharing
inheritance, Updated group.
8. Site administration activities: Added allowed data location,
Added exempt user agent, Added geo location admin, Allowed user to
create groups, Cancelled site geo move, Changed a sharing policy,
Changed deice access policy, Changed exempt user agents, Changed
network access policy, Completed site geo move, Created Sent To
connection, Created site collection, Deleted orphaned hub site, Deleted
Sent To connection, Deleted site, Enabled document preview, Enabled
legacy workflow, Enabled Office on Demand, Enabled result source for
People Searched, Enabled RSS feeds, Failed site swap, Joined site to
hub site, Registered hub site, Removed allowed data location, Removed
geo location admin, Renamed site, Scheduled site rename, Scheduled site
swap, Scheduled site geo move, Set host site, Set storage quota for geo
location, Swapped site, Unjoined site from hub site, Unregistered hub
site.
9. Cloud-based Email Server mailbox activities: Created mailbox
item, Copied messages to another folder, User signed in to mailbox,
Accessed mailbox items, Sent message using Send On Behalf permissions,
Purged messages from mailbox, Moved messages to Deleted Items folder,
Moved messages to another folder, Sent message using Send As
permissions, Sent message, Updated message, Deleted messages from
Deleted Items folder, New-InboxRule Create-InboxRule from email web
application, Set-InboxRule Modify inbox rule from email web
application, Update inbox rules from email web application, Added
delegate mailbox permissions, Removed delegate mailbox permissions,
Added permissions to folder, Modified permissions of folder, Removed
permissions from folder, Added or removed user with delegate access to
calendar folder, Labeled message as a record.
10. Retention policy and retention level activities: Created
retention label, Created retention policy, Configured settings for a
retention policy, Deleted retention label, Deleted retention policy,
Deleted settings from a retention policy, Updated retention label,
Updated retention policy, Updated settings for a retention policy,
Enabled regulatory record option for retention labels.
11. User administration activities: Added user, Deleted user, Set
license properties, Reset user password, Changed user password, Changed
user license, Updated user, Set property that forces user to change
password, Organization Signup, Organization Creation, User creation
without organization, Password reset requested, Disable user, Login
success, Login success reauthenticate, Login failure, Login failure
reauthentication, Logout, User permission change, Role permission
change, Environment permissions change, Create role, Edit role--add
user, Edit role--remove user, Edit role--change external group mapping,
Delete role.
12. Enterprise User Administration group administration activities:
Added group, Updated group, Deleted group, Added member to group,
Removed member from group.
13. Application administration activities: Added service principal,
Removed a service principal from the directory, Set delegation entry,
Removed credentials from a service principal, Added delegation entry,
Added credentials to a service principal, Removed delegation entry.
14. Role administration activities: Added member to Role, Removed a
user from a directory role, Set company contact information.
15. Directory administration activities: Added a partner to the
directory, Removed a partner from the directory, Added domain to
company, Removed domain from company, Updated domain, Set domain
authentication, Verified domain, Updated the federation settings for a
domain, Verified email verified domain, Turned on Enterprise
Information Technology Account Administration sync, Set password
policy, Set company information.
16. eDiscovery activities: Created content search, Deleted content
search, Changed content search, Started content search, Stopped content
search, Started export of content search, Started export report,
Previewed results of content search, Purged results of content search,
Started analysis of content search, Removed export of content search,
Removed preview results of content search, Removed purse action
performed on content search, Removed analysis of content search,
Removed search report, Content search preview item listed, Content
search preview item viewed, Content search preview item downloaded,
Downloaded export of content search, Created search permissions filter,
Deleted search permissions filter, Changed search permissions filter,
Created hold in eDiscovery case, Deleted hold in eDiscovery case,
Changed hold in eDiscovery case, Created eDiscovery case, Deleted hold
in eDiscovery case, Changed hold in eDiscovery case, Created eDiscovery
case, Deleted eDiscovery data, Changed hold in eDiscovery case, Added
member to eDiscovery case, Removed member from eDiscovery case, Changed
eDiscovery case membership, Created eDiscovery administrator, Deleted
eDiscovery administrator, Changed eDiscovery administrator membership,
Remediation action created, Item deleted using Remediation, Created
workingset search, Updated workingset search, Deleted workingset
search, Previewed workingset search, Document viewed, Document
annotated, Document downloaded, Tag created, Tag edited, Tag deleted,
Tag files, Tag job, Created review set, Added Cloud-based productivity
software data, Added non-office data, Added data to another workingset,
Added remediated data, Run algo job, Run export job, Run burn job, Run
error remediation job, Run load comparison job, Updated case settings.
17. eDiscovery system command activities: Created content search,
Deleted content search, Changed content search, Started content search,
Stopped content search, created content search action, Deleted content
search action, Created search permissions filter, Deleted search
permissions filter, Changed search permissions filter, Created hold in
eDiscovery case, Deleted hold in eDiscovery case, Changed hold in
eDiscovery case, Created search query for eDiscovery case hold, Deleted
search query for eDiscovery case hold, Changed search query for
eDiscovery case hold, Created eDiscovery case, Deleted eDiscovery case,
Changed eDiscovery case, Added member to eDiscovery case, Removed
member from eDiscovery case, Changed eDiscovery case membership,
Created eDiscovery administrator, Deleted eDiscovery administrator,
Changed eDiscovery administrator membership.
18. Data Analysis application activities: Viewed program dashboard,
Created program dashboard, Edited
[[Page 83988]]
program dashboard, Deleted program dashboard, Shared program dashboard,
Printed program dashboard, Copied program dashboard, Viewed program
tile, Exported program tile data, Viewed program report, Deleted
program report, Printed program report page, Created program report,
Edited program report, Copied program report, Exported program artifact
to another file format, Export program activity events, Updated program
workspace access, Restored program workspace, Updated program
workspace, Viewed program metadata, Created program dataset, Deleted
program dataset, Created program group, Deleted program group, Added
program group members, Retrieved program groups, Retrieved program
dashboard, Retrieved data sources from program dataset, Retrieved
upstream data flows from program dataflow, Retrieved data sources from
program dataflow, Removed program group members, Retrieved links
between datasets and dataflows, Created organizational program content
pack, Created program app, Installed program app, Updated program app,
Updated organization's program settings, Started program trial, Started
program extended trial, Analyzed program dataset, Created program
gateway, Deleted program gateway, Added data source to program gateway,
Removed data source from program gateway, Changed program gateway
admins, Changed program gateway data source users, Set scheduled
refresh on program dataset, Unpublished program app, Deleted
organizational program content pack, Renamed program dashboard, Edited
program dataset, Updated capacity display name, Changed capacity state,
Updated capacity admin, Changed capacity user assignment, Migrated
workspace to a capacity, Removed workspace from a capacity, Retrieved
program workspaces, Shared program report, Generated program Embed
Token, Discover program dataset data sources, Updated program dataset
data sources, Requested program dataset refresh, Binded program dataset
to gateway, Changed program dataset data sources, Requested program
dataset refresh, Binded program dataset to gateway, Changed program
dataset connections, Took over program dataset, Updated program gateway
data source credentials, Imported file to program, Updated program
dataset parameters, Generated program dataflow SAS token, Created
program dataflow, Updated program dataflow, Deleted program dataflow,
Viewed program dataflow, Exported program dataflow, Set scheduled
refresh on program dataflow, Requested program dataflow refresh,
Received program dataflow secret from Key Vault, Attached dataflow
storage account, Migrated dataflow storage location, Updated dataflow
storage assignment permissions, Set dataflow storage location for
workspace, Took ownership of program dataflow, Canceled program
dataflow refresh, Created program email subscription, Updated program
email subscription, Deleted program email subscription, Created program
folder, Deleted program folder, Updated program folder, Added program
folder access, Deleted program folder access, Updated program folder
access, Posted program comment, Deleted program comment, Analyzed
program report, Viewed program usage metrics, Edited program dataset
endorsement, Edited program dataflow endorsement, Edited program report
endorsement, Edited program app endorsement, Retrieved list of modified
workspaces in program tenant, Sent a scan request in program tenant,
Retrieve scan result in program tenant, Inserted snapshot for user in
program tenant, Updated snapshot for user in program tenant, Deleted
snapshot for user in program tenant, Inserted snapshot for user in
program tenant, Updated snapshot for user in program tenant, Deleted
snapshot for user in program tenant, Retrieved snapshots for user in
program tenant, Edited program certification permission, Took over a
program data source, Updated capacity custom settings, Created
workspace for program template app, Deleted workspace for program
template app, Updated settings for program template app, Updated
testing permissions for program template app, Created program template
app, Deleted program template app, Promoted program template app,
Installed program template app, Updated parameters for installed
program template app, Created install ticker for installing program
template app, Updated an organizational custom visual, Created an
organizational custom visual, Deleted an organizational custom visual,
Custom visual requested Enterprise Information Technology Account
Administration access token, Customer visual requested Cloud-based
productivity software access token, Connected to program dataset from
external app, Created program dataset from external app, Deleted
program dataset from external app, Edited program dataset from external
app, Requested program dataset refresh from external app, Requested SAS
token for program storage, Requested account key for program storage,
Assigned a workspace to a deployment pipeline, Removed a workspace from
a deployment pipeline, Deleted deployment pipeline, Created deployment
pipeline, Deployed to a pipeline stage, Updated deployment pipeline
configuration, Updated deployment pipeline access, Added external
resource, Added link to external resource, Deleted link to external
resource, Updated featured tables, Applied sensitivity label to program
artifact, Changed sensitivity label for program artifact, Deleted
sensitivity label from program artifact.
19. Productivity Analysis activities: Updated privacy setting,
Updated data access setting, Uploaded organization data, Created
meeting exclusion, Updated preferred meeting exclusion, Execute query,
Canceled query, Deleted result, Downloaded report, Accessed Odata link,
Viewed query visualization, Viewed explore, Created partition, Updated
partition, Deleted partition, User logged in, User logged out.
20. Briefing email activities: Updated user privacy settings,
Updated organization privacy settings.
21. Cloud-based Collaboration Application activities: Created team,
Deleted team, Added channel, Deleted channel, Changed organization
setting, Changed team setting, Changed channel setting, User signed in
to Cloud-based Collaboration Application, Added members, Changed role
of members, Removed members, Added bot to team, Removed bot from team,
Added tab, Removed tab, Updated tab, Added connector, Removed
connector, Updated connector, Downloaded analytics report, Upgraded
Cloud-based Collaboration Application device, Blocked Cloud-based
Collaboration Application device, Unblocked Cloud-based Collaboration
Application device, Changed configuration of Cloud-based Collaboration
Application device, Enrolled Cloud-based Collaboration Application
device, Installed app, Upgraded app, Uninstalled app, Published app,
Updated app, Deleted app, Deleted all organization apps, Performed
action on card, Added scheduling group, Edited scheduling group,
Deleted scheduling group, Added shift, Edited shift, Deleted shift,
Added time off, Edited time off, Deleted time off, Added open shift,
Edited open shift, Deleted open shift, Shared schedule, Clocked in
using Time clock, Clocked out using Time clock, Started break using
Time clock, Ended break using Time clock, Added Time clock entry,
Edited Time clock entry, Deleted Time clock entry, Added shift request,
Responded to shift request, Canceled shift request, Changed schedule
setting,
[[Page 83989]]
Added workforce integration, Accepted off shift message.
22. Cloud-based Collaboration Application approvals activities:
Created new approval request, Viewed approval request details, Approved
approval request, Rejected approval request, Canceled approval request,
Shared approval request, File attached to approval request, Reassigned
approval request, Added e-signature to approval request.
23. Enterprise Social Network activities: Changed data retention
policy, Changed network configuration, Changed network profile
settings, Changed private content mode, Changed security configuration,
Created file, Created group, Deleted group, Deleted message, Downloaded
file, Exported data, Shared file, Suspended network user, Suspended
user, Updated file description, Updated file name, Viewed file.
24. Enterprise Customer Relationship Management activities:
Accessed out-of-box entity (deprecated), Accessed custom entity
(deprecated), Accessed admin entity (deprecated), Performed bulk
actions (deprecated), All Enterprise Customer Relationship Management
activities, Accessed Enterprise Customer Relationship Management admin
center (deprecated), Accessed internal management tool (deprecated),
Signed in or out (deprecated), Activated process or plug-in
(deprecated).
25. Information Systems Infrastructure Automation activities:
Created flow, Edited flow, Deleted flow, Edited flow permissions,
Deleted flow permissions, Started a Flow paid trial, Renewed a Flow
paid trial.
26. Application authoring program activities: Created app, Edited
app, Deleted app, Launched app, Published app, Marked app as Hero,
Marked app as Featured, Edited app permission, Restored app version.
27. Enterprise Automation DLP activities: Created DLP Policy,
Updated DLP Policy, Deleted DLP Policy.
28. Video platform activities: Created video, Edited video, Deleted
video, Uploaded video, Downloaded video, Edited video permission,
Viewed video, Shared video, Liked video, Unliked video, Commented on
video, Deleted video comment, Uploaded video text track, Deleted video
text track, Uploaded video thumbnail, Deleted video thumbnail, Replaced
video permissions and channel links, Marked video public, Marked video
private, Created Video platform group, Edited Video platform group,
Deleted Video platform group, Edited Video platform group memberships,
Created Video platform channel, Edited Video platform channel, Deleted
a Video platform channel, Replaced Video platform channel thumbnails,
Edited Video platform user settings, Edited tenant settings, Edited
global role members, Deleted Video platform user, Deleted Video
platform user's data report, Edited Video platform user, Exported Video
platform user's data report, Downloaded Video platform user's data
report, Video Platform Event Date, Video Platform Event Name, Video
Platform Event Description, Video Platform Meeting Code, Video Platform
Participant Identifiers.
29. Content explorer activities: Accessed item.
30. Quarantine activities: Previewed Quarantine message, Deleted
Quarantine message, Released Quarantine message, Exported Quarantine
message, Viewed Quarantine Message's header.
31. Customer Key Service Encryption activities: Fallback to
Availability Key.
32. Form application activities: Created form, Edited form, Moved
form, Deleted form, Viewed form, Previewed form, Exported form, Allowed
share form for copy, Added form co-author, Removed form co-author,
Viewed response page, Created response, Updated response, Deleted all
responses, Deleted response, Viewed responses, Viewed response, Created
summary link, Deleted summary link, Updated from phishing status,
Updated user phishing status, Sent premium form product invitation,
Updated form setting, Updated user setting, Listed forms.
33. Sensitivity label activities: Applied sensitivity label to
site, Removed sensitivity label from site, Applied sensitivity label to
file, Changed sensitivity label applied to file, Removed sensitivity
label from file.
34. Local machine communications platform system command
activities: Set tenant federation.
35. Search activities: Performed email search, Performed Cloud-
based Enterprise Storage search.
36. Security analytics activities: Attempted to compromise
accounts.
37. Device activities: Printed file, Deleted file, Renamed file,
Created file, Modified file, Read file, Captured screen, Copied file to
removable media, Copied file to network share, Copied file to
clipboard, Uploaded file to cloud, File accessed by an unallowed
application.
38. Information barrier activities: Removed segment from site,
Changed segment of site, Applied segment to site.
39. On-premises DLP scanning activities: Matched DLP rule, Enforced
DLP rule.
40. Individual Productivity Analytics activities: Updated user
settings, Updated organization settings.
41. Exact Data Match (EDM) activities: Created EDM schema, Modified
EDM schema, Removed EDM scheme, Completed EDM data upload, Failed EDM
data upload.
42. Enterprise Information System Information Protection
activities: Accessed file, Discovered file, Applied sensitivity label,
Updated sensitivity label, Removed sensitivity label, Removed file,
Applied protection, Changed protection, Removed protection, Received
AIP heartbeat.
43. Data Repository Team Discussion Post Actions: Team Discussion
Post Updated, Team Discussion Post Destroyed.
44. Data Repository Team Discussion Post Reply Actions: Team
Discussion Post Reply Updated, Team Discussion Post Reply Destroyed.
45. Data Repository Enterprise Actions: Self-Hosted Runner Removed,
Self-Hosted Runner Registered, Self-Hosted Runner Group Created, Self-
Hosted Runner Group Removed, Self-Hosted Runner Removed From Group,
Self-Hosted Runner Added To Group, Self-Hosted Runner Group Member List
Updated, Self-Hosted Runner Group Configuration Changed, Self-Hosted
Runner Updated.
46. Data Repository Hook Actions: Hook Created, Hook Configuration
Changed, Hook Destroyed, Hook Events Altered.
47. Data Repository Integration Installation Request Actions:
Integration Installation Request Created, Integration Installation
Request Closed.
48. Data Repository Issue Action: Issue Destroyed.
49. Data Repository Org Actions: Secret Action Created, Member
Creation Disabled, Two Factor Authentication Requirement Disabled,
Member Creation Enabled, Two Factor Authentication Enabled, Member
Invited, Self-Hosted Runner Registered, Secret Action Removed, Member
Removed, Outside Collaborator Removed, Self-Hosted Runner Removed,
Self-Hosted Runner Group Created, Self-Hosted Runner Group Removed,
Self-Hosted Runner Group Updated, Secret Action Updated, Repository
Default Branch Named Updated, Default Repository Permission Updated,
Member Role Updated, Member Repository Creation Permission Updated.
50. Data Repository Organization Label Actions: Default Label
Created, Default Label Updated, Default Label Destroyed.
51. Data Repository Oauth Application Actions: Oauth Application
[[Page 83990]]
Created, Oauth Application Destroyed, Oauth Application Secret Restet,
Oauth Application Token Revoked, Oauth Application Transferred.
52. Data Repository Profile Picture Actions: Organization Profile
Picture Updated.
53. Data Repository Project Actions: Project Board Created, Project
Board Linked, Project Board Renamed, Project Board Updated, Project
Board Deleted, Project Board Unlinked, Project Board Permissions
Updated, Project Board Team Permissions Updated, Project Board User
Permission Updated.
54. Data Repository Protected Branch Actions: Branch Protection
Enabled, Branch Protection Destroyed, Branch Protection Enforced For
Administrators, Branch Enforcement Of Required Code Owner Enforced,
Stale Pull Request Dismissal Enforced, Branch Commit Signing Updated,
Pull Request Review Updated, Required Status Check Updated, Requirement
For Branch To Be Up To Date Before Merging Changed, Branch Update
Attempt Rejected, Branch Protection Requirement Overridden, Force Push
Enabled, Force Push Disabled, Branch Deletion Enabled, Branch Deletion
Disabled, Linear Commit History Enabled, Linear Commit History
Disabled.
55. Data Repository Repo Actions: User Visibility Changed, Actions
Enabled For Repository, Collaboration Member Added, Topic Added To
Repository, Repository Archived, Anonymous Git Read Access Disabled,
Anonymous Git Read Access Enabled, Anonymous Git Read Access Setting
Locked, Anonymous Git Read Access Setting Unlocked, New Repository
Created, Secret Created For Repository, Repository Deleted, Repository
Enabled, Secret Removed, User Removed, Self-Hosted Runner Registered,
Topic Removed From Repository, Repository Renamed, Self-Hosted Runner
Updated, Repository Transferred, Repository Transfer Started,
Repository Unarchived, Secret Action Updated.
56. Data Repository Dependency Graph Actions: Dependency Graph
Disabled, Dependency Graph Disabled For New Repository, Dependency
Graph Enabled, Dependency Graph Enabled For New Repository.
57. Data Repository Secret Scanning Actions: Secret Scanning
Disabled For Individual Repository, Secret Scanning Disabled For All
Repositories, Secret Scanning Disabled For New Repositories, Secret
Scanning Enabled For Individual Repository, Secret Scanning Enabled For
All Repositories, Secret Scanning Enabled For New Repositories.
58. Data Repository Vulnerability Alert Actions: Vulnerable
Dependency Alert Created, Vulnerable Dependency Alert Dismissed,
Vulnerable Dependency Alert Resolved.
59. Data Repository Team Actions: Member Added To Team, Repository
Added To Team, Team Parent Changed, Team Priv