[Federal Register Volume 71, Number 246 (Friday, December 22, 2006)]
[Notices]
[Pages 77072-77073]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-21937]


-----------------------------------------------------------------------

NUCLEAR REGULATORY COMMISSION


Privacy Act of 1974, as Amended; New System of Records

AGENCY: Nuclear Regulatory Commission.

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: The Nuclear Regulatory Commission (NRC) is providing notice of 
the establishment of a new system of records, NRC-45, Digital 
Certificates for Personal Identity Verification.

DATES: The new system of records will become effective without further 
notice on January 31, 2007, unless comments received on or before that 
date cause a contrary decision. If changes are made based on NRC's 
review of comments received, a new final notice will be published.

ADDRESSES: Comments may be provided to the Chief, Rulemaking, 
Directives, and Editing Branch, Division of Administrative Services, 
Office of Administration, U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001. Written comments should also be transmitted 
to the Chief of the Rules and Directives Branch, either by means of 
facsimile transmission to (301) 415-5144, or by e-mail to 
[email protected].

FOR FURTHER INFORMATION CONTACT: Sandra S. Northern, Privacy Program 
Officer, FOIA/Privacy Act Team, Records and FOIA/Privacy Services 
Branch, Information and Records Services Division, Office of 
Information Services, U.S. Nuclear Regulatory Commission, Washington, 
DC 20555-0001, telephone: 301-415-6879; e-mail: [email protected].

SUPPLEMENTARY INFORMATION: The establishment of this new system of 
records, NRC-45, Digital Certificates for Personal Identity 
Verification, will allow the NRC to collect and maintain information to 
facilitate secure, on-line communication between Federal automated 
information systems and the public; to authenticate individuals 
requiring access to federally controlled facilities, information 
systems and applications; and to track and control personal identity 
verification (PIV) cards (smartcards) issued to persons entering and 
exiting the facilities by the

[[Page 77073]]

use of digital certificate technologies to authenticate and verify 
identity.
    A report on the proposed new system is being sent to OMB, the 
Committee on Homeland Security and Governmental Affairs of the U.S. 
Senate, and the Committee on Government Reform of the U.S. House of 
Representatives as required by the Privacy Act and OMB Circular No. A-
130, Appendix I, ``Federal Agency Responsibilities for Maintaining 
Records About Individuals.''
    Accordingly, the NRC proposes to add NRC-45 to read as follows:
NRC-45

System Name:
    Digital Certificates for Personal Identity Verification-NRC.

System Location:
    Primary system--Office of Information Services, NRC, White Flint 
North Complex, 11555 Rockville Pike, Rockville, Maryland, and 
contractor facility.
    Duplicate system--Duplicate systems may exist, in whole or in part, 
at the locations listed in Addendum I, part 2, published on October 10, 
2006 (71 FR 59614).

Categories Of Individuals Covered By The System:
    Individuals covered are persons who have applied for the issuance 
of digital certificates for signature, encryption, and/or 
authentication purposes; have had their certificates renewed, replaced, 
suspended, revoked, or denied; have used their certificates to 
electronically make contact with, retrieve information from, or submit 
information to an automated information system; or have corresponded 
with NRC or its contractor concerning digital certificate services.

Categories Of Records In The System:
    The system contains information needed to establish and verify the 
identity of users, to maintain the system, and to establish 
accountability and audit controls. System records may include: (a) 
Applications for the issuance, amendment, renewal, replacement, or 
revocation of digital certificates, including evidence provided by 
applicants or proof of identity and authority, and sources used to 
verify an applicant's identity and authority; (b) Certificates issued; 
(c) Certificates denied, suspended, or revoked, including reasons for 
denial, suspension, or revocation; (d) A list of currently valid 
certificates; (e) A list of currently invalid certificates; (f) A 
record of validation transactions attempted with digital certificates; 
and (g) A record of validation transactions completed with digital 
certificates.

Authority For Maintenance Of The System:
    5 U.S.C. 301; Electronic Government Act of 2002, 44 U.S.C. Chapter 
36; the Paperwork Reduction Act of 1995, 44 U.S.C. 3501; Government 
Paperwork Elimination Act, 44 U.S.C. 3504; Homeland Security 
Presidential Directive 12 (HSPD-12), Policy for a Common Identification 
Standard for Federal Employees and Contractors, August 27, 2004; 
Executive Order 9397.

Routine Uses Of Records Maintained In The System, Including Categories 
Of Users And The Purposes Of Such Uses:
    In addition to the disclosures permitted under subsection (b) of 
the Privacy Act, the NRC may disclose information contained in this 
system of records without the consent of the subject individual if the 
disclosure is compatible with the purpose for which the record was 
collected under the following routine uses:
    a. To agency digital certificate program contractors to compile and 
maintain documentation on applicants for verifying applicants' identity 
and authority to access information system applications; to establish 
and maintain documentation on information sources for verifying 
applicants' identities; to ensure proper management, data accuracy, and 
evaluation of the system;
    b. To Federal authorities to determine the validity of subscriber 
digital certificates and other identity attributes;
    c. To the National Archives and Records Administration (NARA) for 
records management purposes;
    d. To a public data repository (only name, e-mail address, 
organization, and public key) to facilitate secure communications using 
digital certificates; and
    e. Any of the routine uses specified in the Prefatory Statement of 
General Routine Uses, published October 10, 2006 (71 FR 59614).

Disclosure To Consumer Reporting Agencies:
    Disclosure of system records to consumer reporting systems is not 
permitted.

Policies And Practices For Storing, Retrieving, Accessing, Retaining, 
And Disposing Of Records In The System:
Storage:
    Records are stored electronically or on paper.

Retrievability:
    Records are retrievable by an individual's name, e-mail address, 
certificate status, certificate number, certificate issuance date, or 
approval role.

Safeguards:
    Technical, administrative, and personnel security measures are 
implemented to ensure confidentiality, integrity, and availability of 
the system data stored, processed, and transmitted. Hard copy documents 
are maintained in locking file cabinets. Electronic records are 
password protected. Access to and use of these records are limited to 
those individuals whose official duties require access.

Retention And Disposal:
    Disposition pending (until NARA has approved the retention and 
disposition schedule for these records, treat the records as 
permanent).

System Manager(s) And Address:
    Director, Infrastructure and Computer Operations Division, Office 
of Information Services, U.S. Nuclear Regulatory Commission, 
Washington, DC 20555-0001.

Notification Procedure:
    Individuals seeking to determine whether this system of records 
contains information pertaining to themselves should write to the 
Freedom of Information Act and Privacy Act (FOIA/PA) Officer, Office of 
Information Services, U.S. Nuclear Regulatory Commission, Washington, 
DC 20555-0001, and comply with the procedures contained in NRC's 
Privacy Act regulations, 10 CFR part 9.

Record Access Procedure:
    Same as ``Notification procedure.''

Contesting Record Procedure:
    Same as ``Notification procedure.''

Record Source Categories:
    The sources for information in the system are the individuals who 
apply for digital certificates, the NRC and contractors using multiple 
sources to verify identities, and internal system transactions designed 
to gather and maintain data needed to manage and evaluate the digital 
certificate program.

Exemptions Claims For The System:
    None.

    For the Nuclear Regulatory Commission.
    Dated at Rockville, Maryland, this 15th day of December, 2006.
Edward T. Baker III,
Director, Office of Information Services.
[FR Doc. E6-21937 Filed 12-21-06; 8:45 am]
BILLING CODE 7590-01-P