[Federal Register Volume 75, Number 24 (Friday, February 5, 2010)]
[Notices]
[Pages 6000-6002]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-2442]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID: DOD-2010-OS-0010]


Privacy Act of 1974; Systems of Records

AGENCY: National Security Agency/Central Security Service, DoD.

ACTION: Notice to alter a system of records.

-----------------------------------------------------------------------

SUMMARY: The National Security Agency (NSA) is proposing to alter a 
system of records notice in its inventory of record systems subject to 
the Privacy Act of 1974, (5 U.S.C. 552a), as amended.

DATES: This proposed action will be effective without further notice on 
March 8, 2010, unless comments are received which would result in a 
contrary determination.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods.
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Federal Docket Management System Office, 1160 
Defense Pentagon, Washington, DC 20301-1160.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the Internet 
at http://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Anne Hill at (301) 688-6527.

SUPPLEMENTARY INFORMATION: The National Security Agency's systems of 
notices subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, 
have been published in the Federal Register and are available from the 
address above.
    The proposed system reports, as required by 5 U.S.C. 552a(r), of 
the Privacy Act of 1974, as amended, were submitted on January 29, 
2010, to the House Committee on Oversight and Government Reform, the 
Senate Committee on Homeland Security and Governmental Affairs, and the 
Office of Management and Budget (OMB) pursuant to paragraph 4c of 
Appendix I to OMB Circular No. A-130, ``Federal Agency Responsibilities 
for Maintaining Records About Individuals,'' dated February 8, 1996 
(February 20, 1996; 61 FR 6427).

    Dated: February 1, 2010.
Mitchell S. Bryman,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
GNSA 15

SYSTEM NAME:
    NSA/CSS Computer Users Control System (February 22, 1993; 58 FR 
10531).

CHANGES:
* * * * *

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Delete entry and replace with ``Subchapter III of the Federal 
Information Security Management Act of 2002 (Title III of Pub. L. 107-
347); Subtitle III of 40 U.S.C., Information Technology Management; 10 
U.S.C. 2224, Defense Information Assurance Program; E.O. 12333, as 
amended, United States Intelligence Activities; Department of Defense 
Directive 8500.1, Information Assurance; Department of Defense 
Instruction 8500.2, Information Assurance Implementation and E.O. 9397 
(SSN), as amended''.

PURPOSE(S):
    Delete entry and replace with ``To administer, monitor, and track 
the use and access of NSA/CSS networks, computers, software, and 
databases. The records may also be used to identify the occurrence of 
and assist in the prevention of computer misuse''.

[[Page 6001]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Delete entry and replace with ``In addition to those disclosures 
generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, 
these records contained therein may specifically be disclosed outside 
the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    To appropriate governmental agencies and the judicial branch where 
litigation or anticipated civil or criminal litigation is involved or 
where sensitive national security investigations related to protection 
of intelligence sources and methods are involved.
    The ``DoD Blanket Routine Uses'' set forth at the beginning of the 
NSA/CSS' compilation of systems of records notices apply to this 
system.''

STORAGE:
    Delete entry and replace with ``Paper in file folders and 
electronic storage media''.
* * * * *

SAFEGUARDS:
    Delete entry and replace with ``Buildings are secured by a series 
of guarded pedestrian gates and checkpoints. Access to facilities is 
limited to security-cleared personnel and escorted visitors only. 
Within the facilities themselves, access to paper and computer 
printouts are controlled by limited-access facilities and lockable 
containers. Access to electronic means is controlled by computer 
password protection.''

RETENTION AND DISPOSAL:
    Delete entry and replace with ``Delete/destroy when agency 
determines they are no longer needed for administrative, legal, audit, 
or other operational purposes.
    Records are destroyed by pulping, burning, shredding, or erasure or 
destruction of electronic media.''

SYSTEM MANAGER(S) AND ADDRESS:
    Delete entry and replace with ``Deputy Director, Enterprise 
Information Technology Services, National Security Agency/Central 
Security Service, Ft. George G. Meade, MD 20755-6000.''

NOTIFICATION PROCEDURE:
    Delete entry and replace with ``Individuals seeking to determine 
whether information about themselves is contained in this system should 
address written inquiries to the National Security Agency/Central 
Security Service, Freedom of Information Act/Privacy Act Office, 9800 
Savage Road, Ft. George G. Meade, MD 20755-6000.
    Written inquiries should contain the individual's full name, Social 
Security Number (SSN) and mailing address.''

RECORD ACCESS PROCEDURES:
    Delete entry and replace with ``Individuals seeking access to 
information about themselves contained in this system should address 
written inquiries to the National Security Agency/Central Security 
Service, Freedom of Information Act/Privacy Act Office, 9800 Savage 
Road, Ft. George G. Meade, MD 20755-6000.
    Written inquiries should contain the individual's full name, Social 
Security Number (SSN) and mailing address.''

CONTESTING RECORD PROCEDURES:
    Delete entry and replace with ``The NSA/CSS rules for contesting 
contents and appealing initial determinations are published at 32 CFR 
part 322 or may be obtained by written request addressed to the 
National Security Agency/Central Security Service, Freedom of 
Information Act/Privacy Act Office, 9800 Savage Road, Ft. George G. 
Meade, MD 20755-6000.''
* * * * *
GNSA 15

SYSTEM NAME:
    NSA/CSS Computer Users Control System.

SYSTEM LOCATION:
    National Security Agency/Central Security Service, Ft. George G. 
Meade, MD 20755-6000.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Users of National Security Agency/Central Security Service 
computers and software.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The user's name, Social Security Number, an assigned identification 
(I.D.) code, organization, work phone number, terminal identification, 
system name, programs accessed or attempted to access, data files used 
and date and time logged onto and off the system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Subchapter III of the Federal Information Security Management Act 
of 2002 (Title III of Pub. L. 107-347); Subtitle III of 40 U.S.C., 
Information Technology Management; 10 U.S.C. 2224, Defense Information 
Assurance Program; E.O. 12333, as amended, United States Intelligence 
Activities; Department of Defense Directive 8500.1, Information 
Assurance; Department of Defense Instruction 8500.2, Information 
Assurance Implementation and E.O. 9397 (SSN), as amended.

PURPOSE(S):
    To administer, monitor, and track the use and access of NSA/CSS 
networks, computers, software, and databases. The records may also be 
used to identify the occurrence of and assist in the prevention of 
computer misuse.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, these records contained therein may 
specifically be disclosed outside the DoD as a routine use pursuant to 
5 U.S.C. 552a(b)(3) as follows:
    To appropriate governmental agencies and the judicial branch where 
litigation or anticipated civil or criminal litigation is involved or 
where sensitive national security investigations related to protection 
of intelligence sources and methods are involved.
    The ``DoD Blanket Routine Uses'' set forth at the beginning of the 
NSA/CSS' compilation of systems of records notices apply to this 
system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Paper in file folders and electronic storage media.

RETRIEVABILITY:
    Records are retrieved by the user's name, Social Security Number, 
or assigned identification (I.D.) code.

SAFEGUARDS:
    Buildings are secured by a series of guarded pedestrian gates and 
checkpoints. Access to facilities is limited to security-cleared 
personnel and escorted visitors only. Within the facilities themselves, 
access to paper and computer printouts are controlled by limited-access 
facilities and lockable containers. Access to electronic means is 
controlled by computer password protection.

RETENTION AND DISPOSAL:
    Delete/destroy when agency determines they are no longer needed for 
administrative, legal, audit, or other operational purposes.
    Records are destroyed by pulping, burning, shredding, or erasure or 
destruction of electronic media.

SYSTEM MANAGER(S) AND ADDRESS:
    Deputy Director, Enterprise Information Technology Services, 
National Security Agency/Central Security Service, Ft. George G. Meade, 
MD 20755-6000.

[[Page 6002]]

NOTIFICATION PROCEDURE:
    Individuals seeking to determine whether information about 
themselves is contained in this system should address written inquiries 
to the National Security Agency/Central Security Service, Freedom of 
Information Act/Privacy Act Office, 9800 Savage Road, Ft. George G. 
Meade, MD 20755-6000.
    Written inquiries should contain the individual's full name, Social 
Security Number (SSN) and mailing address.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to information about themselves 
contained in this system should address written inquiries to the 
National Security Agency/Central Security Service, Freedom of 
Information Act/Privacy Act Office, 9800 Savage Road, Ft. George G. 
Meade, MD 20755-6000.
    Written inquiries should contain the individual's full name, Social 
Security Number (SSN) and mailing address.

CONTESTING RECORD PROCEDURES:
    The NSA/CSS rules for contesting contents and appealing initial 
determinations are published at 32 CFR part 322 or may be obtained by 
written request addressed to the National Security Agency/Central 
Security Service, Freedom of Information Act/Privacy Act Office, 9800 
Savage Road, Ft. George G. Meade, MD 20755-6000.

RECORD SOURCE CATEGORIES:
    Contents of the record are obtained from the individual about whom 
the record pertains, from administrative personnel and computer system 
administrators, and a self-generated computer program.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Portions of this file may be exempt pursuant to 5 U.S.C. 
552a(k)(2), as applicable.
    Investigative material compiled for law enforcement purposes may be 
exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is 
denied any right, privilege, or benefit for which he would otherwise be 
entitled by Federal law or for which he would otherwise be eligible, as 
a result of the maintenance of such information, the individual will be 
provided access to such information except to the extent that 
disclosure would reveal the identity of a confidential source.
    An exemption rule for this record system has been promulgated 
according to the requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) 
and (e) and published in 32 CFR part 322. For additional information 
contact the system manager.

[FR Doc. 2010-2442 Filed 2-4-10; 8:45 am]
BILLING CODE 5001-06-P