[Federal Register Volume 77, Number 37 (Friday, February 24, 2012)]
[Notices]
[Pages 11063-11064]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-4192]


 ========================================================================
 Notices
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains documents other than rules 
 or proposed rules that are applicable to the public. Notices of hearings 
 and investigations, committee meetings, agency decisions and rulings, 
 delegations of authority, filing of petitions and applications and agency 
 statements of organization and functions are examples of documents 
 appearing in this section.
 
 ========================================================================
 

  Federal Register / Vol. 77, No. 37 / Friday, February 24, 2012 / 
Notices  

[[Page 11063]]



AGENCY FOR INTERNATIONAL DEVELOPMENT


Privacy Act of 1974, System of Records

AGENCY: United States Agency for International Development.

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Agency for International Development (USAID) 
is issuing public notice of its intent to establish a new system of 
records maintained in accordance with the Privacy Act of 1974 (5 U.S.C. 
552a), as amended, entitled ``USAID-31, HSPD-12 PIV Lifecycle 
Management.''
    This action is necessary to meet the requirements of the Privacy 
Act to publish in the Federal Register notice of the existence and 
character of record systems maintained by the agency (5 U.S.C. 
522a(e)(4)).

DATES: Public comments must be received on or before March 14, 2012. 
Unless comments are received that would require a revision; this update 
to the system of records will become effective on March 14, 2012.

ADDRESSES: You may submit comments:

Paper Comments

     Fax: (703) 666-1466.
     Mail: Chief Privacy Officer, United States Agency for 
International Development, 2733 Crystal Drive, 11th Floor, Arlington, 
VA. 22202.

Electronic Comments

     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions on the Web site for submitting comments.
     Email: [email protected].

FOR FURTHER INFORMATION CONTACT: For general questions, please contact, 
USAID Privacy Office, United States Agency for International 
Development, 2733 Crystal Drive, 10th Floor, Arlington, VA 22202. 
Email: [email protected].

SUPPLEMENTARY INFORMATION: Personal Identity Verification (PIV) 
Lifecycle Management system allows for the control and flexibility of 
PIV card enrollment, issuance, and management under the direction of 
USAID Management for domestic and international operations. The direct 
management of the PIV deployment enables USAID to update the card and 
features at its own pace, implement the use of PIV credential data, 
such as a digital signature and encryption certificates for documents 
and email and to add biometric authentication capabilities as it 
becomes available.

    Dated: December 21, 2011.
Jeffery Anouilh,
Deputy Chief Information Security Office and Privacy Officer.
USAID-31

System name:
    HSPD-12 PIV Lifecycle Management.

Security classification:
    Sensitive But Unclassified.

System location(s):
    United States Agency for International Development, 2733 Crystal 
Drive, 11th Floor, Arlington, VA 22202.

Categories of individuals covered by the system:
    This system contains records of current employees, contractors, 
consultants, and partners.

Categories of records covered by the system:
    This system contains USAID organizational information. The covered 
record, which has already been collected by the Department of State for 
issuance of the current USAID PIV badge, are as follows: name; employee 
digital photo; two digital fingerprints; organizational affiliation; 
Agency; 3-4 Public Key Infrastructure (PKI) certificates; and 
expiration date. In order to access the data on the chip, the 
cardholder must create a Personal Identification Number (PIN).

Authority for maintenance of the system:
    Privacy Act of 1974 (Pub. L. 93-579), sec. 552a(c), (e), (f), and 
(p).

Purpose(s):
    Records in this system will be used:
    (1) To update current USAID Direct Hire employees' card data in 
order to comply with OMB M-11-11 for physical and logical access to 
USAID networks and facilities.
    (2) To issue PIV compliant cards to eligible contractors.

Disclosure to consumer reporting agencies:
    These records are not disclosed to consumer reporting agencies.

Routine Use of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    USAID may disclose relevant system records in accordance with any 
current and future blanket routine uses established for its record 
systems. These may be for internal communications or with external 
partners.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Data records are located at the hosting environment, and maintained 
in user-authenticated, password-protected systems. All records are 
accessed only by authorized personnel who have a need to access the 
records in the performance of their official duties.

Retrievability:
    Records are retrievable by name, PIN number or any other identifier 
listed in the categories of records cited above.

Safeguards:
    Additional administrative safeguards are provided through the use 
of internal standard operating procedures in accordance with the FIPS-
201, and NIST 800-53 standards.

Retention and disposal:
    Records are retained using the appropriate, approved National 
Archives Records Administration--Schedules for the type of record being 
maintained.

System manager(s) and address:
    Jeffrey Anouilh, United States Agency for International 
Development, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

Notification procedures:
    Individuals requesting notification of the existence of records on 
them must send the request in writing to the Chief Privacy Officer, 
USAID, 2733 Crystal Drive, 11th Floor, Arlington, VA 22202.

[[Page 11064]]

The request must include the requestor's full name, his/her current 
address and a return address for transmitting the information. The 
request shall be signed by either notarized signature or by signature 
under penalty of perjury and reasonably specify the record contents 
being sought.

Record access procedures:
    Individuals wishing to request access to a record must submit the 
request in writing according to the ``Notification Procedures'' above. 
An individual wishing to request access to records in person must 
provide identity documents, such as government-issued photo 
identification, sufficient to satisfy the custodian of the records that 
the requester is entitled to access.

Contesting record procedures:
    An individual requesting amendment of a record maintained on 
himself or herself must identify the information to be changed and the 
corrective action sought. Requests must follow the ``Notification 
Procedures'' above.

Record source categories:
    The records contained in this system will be provided by and 
updated by the individual who is the subject of the record.

Exemptions claimed for the system:
    None.

[FR Doc. 2012-4192 Filed 2-23-12; 8:45 am]
BILLING CODE P