[Federal Register Volume 80, Number 246 (Wednesday, December 23, 2015)]
[Notices]
[Pages 79937-79947]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-32289]


=======================================================================
-----------------------------------------------------------------------

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

[Notice (15-115)]


Privacy Act of 1974; Privacy Act System of Records

AGENCY: National Aeronautics and Space Administration (NASA).

ACTION: Notice of proposed revisions to existing Privacy Act systems of 
records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 
U.S.C. 552a), the National Aeronautics and Space Administration is 
issuing public notice of its proposal to modify its previously noticed 
system of records. This notice publishes updates to systems of records 
as set forth below under the caption SUPPLEMENTARY INFORMATION.

DATES: Submit comments within 30 calendar days from the date of this 
publication. The changes will take effect at the end of that period, if 
no adverse comments are received.

ADDRESSES: Patti F. Stockman, Privacy Act Officer, Office of the Chief 
Information Officer, National Aeronautics and Space Administration 
Headquarters, Washington, DC 20546-0001, (202) 358-4787, [email protected].

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Patti F. 
Stockman, (202) 358-4787, [email protected].

SUPPLEMENTARY INFORMATION: Pursuant to the provisions of the Privacy 
Act of 1974, 5 U.S.C. 552a, and as part of its biennial System of 
Records review, NASA is making minor modifications of its systems of 
records including: Elimination of redundancies in locations of records; 
revised categories of records to reflect reduced information collected; 
updates of system and subsystem managers; clarification of routine 
uses; and correction of previous typographical errors. Changes for 
specific NASA systems of records are set forth below:
    Aircraft Crewmembers' Qualifications and Performance Records/NASA 
10ACMQ: Adding a Purpose section and elaborating the Safeguards section 
to be more precise.
    Astronaut Candidate Selection Records/NASA 10ACSR: Adding a Purpose 
section and elaborating the Safeguards section to be more complete.
    Core Financial Management Records/NASA 10CFMR: Adding a Purpose 
section and elaborating the Safeguards section to be more complete.
    NASA Freedom of Information Act System/NASA 10FOIA: Adding a 
Purpose statement and revising Source of Records Categories to include

[[Page 79938]]

representatives of individuals who are making FOIA requests.
    NASA Guest Operations System/NASA 10GOS: Updating to reflect change 
in location of the records, add a statement of the purposes of 
collecting the records, and clarifying the Storage section.
    History Archives Biographical Collection/NASA 10HABC: Adding a 
Purpose section and a new Routine Use.
    Inspector General Investigations Case Files/NASA 10IGIC: Revising 
Location and System Manager(s) sections to delete a location where 
records are no longer maintained; updating Retention and Disposal for 
clarity.
    Parking and Transit System (PATS)/NASA 10PATS: Adding a Purpose 
statement and elaborating the Safeguards section to be more complete.
    Security Records System/NASA 10SECR: Adding a new Routine Use, 
elaborating Safeguards section to be more complete, and updating 
Retention and Disposal to reflect approved retention schedules.
    Submitted by:

Renee P. Wynn,
NASA Chief Information Officer.
NASA 10ACMQ

SYSTEM NAME:
    Aircraft Crewmembers' Qualifications and Performance Records.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Locations 1 through 11 inclusive as set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on Crewmembers of NASA aircraft.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This System contains: (1) Records of experience, and currency 
(e.g., flight hours day, night, and instrument), types of approaches 
and landings, crew position, type of aircraft, flight check ratings and 
related examination results, and training performed; and (2) flight 
itineraries and passenger manifests.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113(a) and 44 U.S.C. 3101.

PURPOSE(S):
    Records in this system are used to document flight crew experience 
and currency as well as itineraries and passenger manifests in case of 
accidents or requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. Records from this 
system may be disclosed: (1) To this system of records may be granted 
to Federal, State, or local agencies or to foreign governments in cases 
of accident investigations, including mishap and collateral 
investigations; (2) to Federal, State, or local agencies, companies, or 
governments requesting qualifications of crewmembers prior to 
authorization to participate in their flight programs, or to Federal, 
State, or local agencies, companies, or governments whose crewmembers 
may participate in NASA's flight programs; (3) to the public or in 
press releases either by prior approval of the individual, or in the 
case of public release of information from mishap or collateral 
investigation reports, pursuant to NASA regulations at 14 CFR part 
1213; and (4) in accordance with NASA standard routine uses as set 
forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained as hard-copy documents and on 
electronic media.

RETRIEVABILITY:
    Records are retrieved from the system by aircrew identifier.

SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Additionally, 
server and data management environments employ infrastructure 
encryption technologies both in data transmission and at rest on 
servers. Electronic messages sent within and outside of the Agency that 
convey sensitive data are encrypted and transmitted by staff via pre-
approved electronic encryption systems as required by NASA policy. 
Approved security plans are in place for information systems containing 
the records in accordance with the Federal Information Security 
Management Act of 2002 (FISMA) and OMB Circular A-130, Management of 
Federal Information Resources. Only authorized personnel requiring 
information in the official discharge of their duties are authorized 
access to records through approved access or authentication methods. 
Access to electronic records is achieved only from workstations within 
the NASA Intranet or via a secure Virtual Private Network (VPN) 
connection that requires two-factor hardware token authentication or 
via employee PIV badge authentication from NASA-issued computers. Non-
electronic records are secured in locked rooms or locked file cabinets.

RETENTION AND DISPOSAL:
    Records for other than astronauts are maintained in Agency files 
and destroyed 5 years after crewmember separates from NASA in 
accordance with NASA Records Retention Schedules (NRRS), Schedule 8 
Item 32. Records of crewmembers who are astronauts are permanent and 
will be transferred to the National Archives in accordance with NRRS, 
Schedule 8 Item 34.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Aircraft Management Office, Location 1.
    Subsystem Managers: Deputy Chief, Flight Control and Cockpit 
Integration Branch, Location 2; Chief, Dryden Research Aircraft 
Operations Division, Location 3; Head, Aeronautical Programs Branch, 
Location 4; Chief, Aircraft Operations Division, Location 5; Chief, 
Aircraft Operations Office, Location 6; Chief, Flight Operations and 
Engineering Branch, Location 7; Chief, Aircraft Operations Office, 
Location 8; Chief, Aircraft Operations, Location 9; Chief, Contract 
Management, Location 10; Aircraft Management Officer, Location 11 
(Locations are set forth in Appendix A).

NOTIFICATION PROCEDURE:
    Information may be obtained from the cognizant system or subsystem 
manager listed above.

RECORD ACCESS PROCEDURES:
    Requests from individuals should be addressed to the same address 
as stated in the Notification section above.

CONTESTING RECORD PROCEDURES:
    The NASA regulations for requesting amendments to records and 
contesting record contents appear at 14 CFR part 1212.

RECORD SOURCE CATEGORIES:
    Individuals, training schools or instructors, medical units or 
doctors.

EXEMPTIONS:
    None.
NASA 10ACSR

SYSTEM NAME:
    Astronaut Candidate Selection Records.

[[Page 79939]]

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Location 5, as set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on persons who have applied to 
the agency for consideration as candidates for and recipients of 
training associated with NASA Astronaut and Human Space Flight 
Programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system include identifying information for the 
individuals in employment applications and resumes and records of 
specialized training, honors and awards. The system also contains 
relevant human resource correspondence, records an individual's 
qualifications for participation in a specialized program, evaluations 
of candidates, and final NASA determinations of candidates' 
qualification for the program.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113(a); 44 U.S.C. 3101; 5 U.S.C. 3301 et seq.

PURPOSE(S):
    Records in this system are used by NASA to facilitate processes and 
procedures associated with the recruitment, evaluation, and selection 
of United States astronaut candidates, as defined in 14 CFR 1214, 
Subpart 1214.11 (NASA Astronaut Candidate Recruitment and Selection 
Program).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    NASA standard routine uses, as set forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Stored on a secure server as electronic records.

RETRIEVABILITY:
    Records are retrieved from the system by any one or a combination 
of name, Discipline Area, or unique identification number.

SAFEGUARDS:
    Records are maintained within a secure, electronic database and 
protected in accordance with the requirements and procedures of FISMA, 
the NASA regulations at 14 CFR 1212.605, NASA Procedural Requirements 
(NPR) 2810.1A, NASA ITS-HBK-2810.02-05, and, utilizing database servers 
with self-encrypting ``data-at-rest'' technologies, located in secured, 
monitored, restricted access rooms. Electronic messages sent within and 
outside of the Agency that convey sensitive data are encrypted and 
transmitted by staff via pre-approved electronic encryption systems as 
required by NASA policy. An approved security plan for this system has 
been established in accordance with OMB Circular A-130, Management of 
Federal Information Resources. Only key authorized employees with 
appropriately configured system roles can access the system through 
approved authentication methods, and only from workstations within the 
NASA Intranet or via a secure VPN connection that requires two-factor 
authentication.

RETENTION AND DISPOSAL:
    Records are maintained and transferred to the National Archives in 
accordance with NASA Records Retention Schedules, Schedule 8, Item 35.

SYSTEM MANAGERS AND ADDRESSES:
    Astronaut Candidate Program Manager, Location 5, as set forth in 
Appendix A.

NOTIFICATION PROCEDURE:
    Individuals interested in inquiring about their records should 
notify the System Manager at the address given above.

RECORD ACCESS PROCEDURE:
    Individuals who wish to gain access to their records should submit 
their request in writing to the system manager.

CONTESTING RECORD PROCEDURES:
    The NASA regulations pertaining to access to records and for 
contesting contents and appealing initial determinations by individual 
concerned are set forth in 14 CFR 1212.4.

RECORD SOURCE CATEGORIES:
    Civil servant application information is received by the NASA 
Astronaut Candidate Selection System from applicants themselves via an 
electronic interface with the NASA Enterprise Application Competency 
Center (NEACC) that receives a portion of all records from the 
USAJobs.gov Web site, operated by the United States Office of Personnel 
Management (OPM), and into which applicants enter their own application 
data. Candidate Qualification input is received directly from 
individuals used as references who have direct knowledge of applicant 
capabilities. In certain circumstances, updates to this information may 
be submitted by the individual on whom the record is maintained and/or 
the NASA Personnel Office(s).

EXEMPTIONS:
    None.
NASA 10CFMR

SYSTEM NAME:
    Core Financial Management Records.

SECURITY CLASSIFICATION:
    This system is categorized in accordance with OMB Circular A-11 as 
a Special Management Attention Major Information System. A security 
plan for this system has been established in accordance with OMB 
Circular A-130, Management of Federal Information Resources.

SYSTEM LOCATION:
    George C. Marshall Space Flight Center, National Aeronautics and 
Space Administration, Marshall Space Flight Center, AL 35812.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system of records include former and 
current NASA employees and non-NASA individuals requiring any type of 
payment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system are comprised of budget formulation, 
financial management, and employee timekeeping records and may include 
information about the individuals including Social Security Number (Tax 
Identification Number), home address, telephone number, email address, 
and bank account information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    National Aeronautics and Space Act, as amended. 51 U.S.C. 20113(a); 
Federal Records Act, 44 U.S.C. 3101; Chief Financial Officers Act of 
1990, 31 U.S.C. 901; Financial Management Improvement Act of 1996, 31 
U.S.C. 3512.

PURPOSE(S):
    Records in this system are used to process reimbursement payments 
to employees for travel, purchase of books or other miscellaneous 
items; and to process payments and collections in which an individual 
is reimbursing the Agency.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for

[[Page 79940]]

which the Agency collected the information. The following are routine 
uses: (1) Furnish data to the Department of Treasury for financial 
reimbursement of individual expenses, such as travel, books, and other 
miscellaneous items; (2) Process payments and collections in which an 
individual is reimbursing the Agency; (3) Ongoing administration and 
maintenance of the records, which is performed by authorized NASA 
employees, both civil servants and contractors; and (4) NASA Standard 
routine uses as set forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained on electronic media.

RETRIEVABILITY:
    Records are retrieved from the system by name or SSN (Tax ID).

SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Additionally, 
server and data management environments employ infrastructure 
encryption technologies both in data transmission and at rest on 
servers. Electronic messages sent within and outside of the Agency that 
convey sensitive data are encrypted and transmitted by staff via pre-
approved electronic encryption systems as required by NASA policy. 
Approved security plans are in place for information systems containing 
the records in accordance with the Federal Information Security 
Management Act of 2002 (FISMA) and OMB Circular A-130, Management of 
Federal Information Resources. Only authorized personnel requiring 
information in the official discharge of their duties are authorized 
access to records through approved access or authentication methods. 
Access to electronic records is achieved only from workstations within 
the NASA Intranet or via a secure Virtual Private Network (VPN) 
connection that requires two-factor hardware token authentication or 
via employee PIV badge authentication from NASA-issued computers. Non-
electronic records are secured in locked rooms or locked file cabinets.

RETENTION AND DISPOSAL:
    Records are stored in the NASA Enterprise Application Competency 
Center (NEACC) database and managed, retained and dispositioned in 
accordance with NASA Records Retention Schedules, Schedule 9, Items 11, 
13 and 16.

SYSTEM MANAGERS AND ADDRESSES:
    IS01/Manager of the NEACC, George C. Marshall Space Flight Center, 
National Aeronautics and Space Administration, Marshall Space Flight 
Center, AL 35812.

NOTIFICATION PROCEDURE:
    Individuals interested in inquiring about their records should 
notify the System Manager at the address given above.

RECORD ACCESS PROCEDURE:
    Individuals who wish to gain access to their records should submit 
their request in writing to the System Manager at the address given 
above.

CONTESTING RECORD PROCEDURES:
    The NASA regulations governing access to records, procedures for 
contesting the contents and for contesting the contents and for 
appealing initial determinations are set forth in 14 CFR part 1212.

RECORD SOURCE CATEGORIES:
    The information is received by the NEACC Financial Systems through 
an electronic interface from the Federal Personnel Payroll System 
(FPPS). In certain circumstances, updates to this information may be 
submitted by NASA employees and recorded directly into the NEACC 
Financial Systems.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
NASA 10FOIA

SYSTEM NAME:
    NASA Freedom of Information Act System.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Locations 1-11 and 18, as set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals or their representatives who have submitted Freedom of 
Information Act (FOIA)/Privacy Act (PA) requests for records and/or 
FOIA administrative appeals with NASA; individuals whose requests for 
records have been referred to the Agency by other agencies; individuals 
who are the subject of such requests, appeals; and/or the NASA 
personnel assigned to handle such requests and appeals.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system consists of records created or compiled in response to 
FOIA, FOIA/PA or PA requests for records or subsequent administrative 
appeals and may include: The requester's name, address, telephone 
number, email address; the original requests and administrative 
appeals; responses to such requests and appeals; all related memoranda, 
correspondence, notes and other related or supporting documentation, 
and in some instances copies of requested records and records under 
administrative appeal.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113(a); 44 U.S.C. 3101; 5 U.S.C. 552; 14 CFR part 1206.

PURPOSE(S):
    Records in this system are maintained for the purpose of processing 
and tracking access requests and administrative appeals under the FOIA 
and Privacy Act; for the purpose of maintaining a FOIA or Privacy Act 
administrative record regarding Agency action on such requests and 
appeals; and for the Agency in carrying out any other responsibilities 
under the FOIA and Privacy Act.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. The records and 
information in these records may be disclosed in accordance with a NASA 
standard routine uses as set forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained in paper files; copies may 
also be maintained in electronic format.

RETRIEVABILITY:
    Information is retrieved by FOIA case file numbers.

SAFEGUARDS:
    Records are maintained on a secure NASA server and protected in 
accordance with all Federal standards and those established in NASA 
regulations at 14 CFR 1212.605. Additionally, the server and data 
management environments employ infrastructure encryption technologies 
both in data transmission and at rest on servers. Electronic messages 
sent within and outside of the Agency that convey sensitive data are 
encrypted and

[[Page 79941]]

transmitted by staff via pre-approved electronic encryption systems as 
required by NASA policy. An approved security plan is in place for the 
information system containing the records in accordance with the 
Federal Information Security Management Act of 2002 (FISMA) and OMB 
Circular A-130, Management of Federal Information Resources. Only 
authorized personnel requiring information in the official discharge of 
their duties are authorized access to records through approved access 
or authentication methods. Access to electronic records is achieved 
only from workstations within the NASA Intranet or via a secure Virtual 
Private Network (VPN) connection that requires two-factor hardware 
token authentication or via employee PIV badge authentication from 
NASA-issued computers. Non-electronic records are secured in locked 
rooms or files.

RETENTION AND DISPOSAL:
    Records are retained and disposed of in accordance with guidelines 
defined in the NASA Procedural Requirements (NPR) 1441.1D, NASA Records 
Retention Schedules (NRRS), Schedule 1, Item 49.

SYSTEM MANAGER AND ADDRESS:
    System Manager: Principal Agency FOIA Officer, Office of 
Communications, Location 1, as set forth in Appendix A. Subsystem 
Managers: Center FOIA Officers, located within locations 2-11 and 18, 
as set forth in Appendix A.

NOTIFICATION PROCEDURE:
    Individuals interested in inquiring about their records should 
notify the system manager or subsystem manager at the appropriate NASA 
Center, as set forth in Appendix A.

RECORD ACCESS PROCEDURES:
    Individuals seeking to access their FOIA case file should submit 
their request in writing to the system manager or subsystem manager at 
the appropriate NASA Center, as set forth in Appendix A. The request 
envelope should be clearly marked, ``PRIVACY ACT REQUEST FOR ACCESS.'' 
The request should include a general description of the records sought, 
FOIA case file number, and must include your full name, current 
address, and the date. The request must be signed and either notarized 
or submitted under penalty of perjury. The system manager may require a 
notarized signature. Some information may be exempt from access in 
accordance with FOIA regulations.

CONTESTING RECORD PROCEDURES:
    The NASA regulations governing access to records, procedures for 
contesting the content and for appealing initial determinations are set 
forth in Title 14, Code of Federal Regulations, Part 1212.

RECORD SOURCE CATEGORIES:
    Information is collected directly from individuals, or their 
representatives, making Freedom of Information Act or Privacy Act 
requests.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
NASA 10GOS

SYSTEM NAME:
    NASA Guest Operations System.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Location 5, as set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on individuals who have been 
invited to attend NASA events. These individuals can be members of the 
NASA community such as principal and prominent management and staff 
officials, program and project managers, scientists, engineers, 
speakers, other selected employees involved in newsworthy activities, 
and other participants in Agency programs, as well members of the 
general public who are invited to attend NASA events.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system may include personal information about the 
individuals invited or attending events, such as their names, home 
addresses, nationality and passport information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113(a); 44 U.S.C. 3101.

PURPOSE(S):
    Records in this system are used by the Agency for the purpose of 
communicating with guests to NASA events.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. Records from this 
system may be disclosed in accordance with NASA standard routine uses 
as set forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained electronically in a central secure database.

RETRIEVABILITY:
    Records are searched and retrieved by name, business, or address.

SAFEGUARDS:
    An approved security plan for this system has been established in 
accordance with OMB Circular A-130, Management of Federal Information 
Resources. Individuals will have access to the system only in 
accordance with approved authentication methods. Electronic messages 
sent within and outside of the Agency that convey sensitive data are 
encrypted and transmitted by staff via pre-approved electronic 
encryption systems as required by NASA policy. Only key authorized 
employees with appropriately configured system roles can access the 
system and only from workstations within the NASA Intranet.

RETENTION AND DISPOSAL:
    Records are retained in a computer database and managed, retained 
and dispositioned in accordance with the guidelines defined in the NASA 
Records Retention Schedules (NRRS), Schedule 1, Item 37A.

SYSTEM MANAGER(S) AND ADDRESS:
    System Manager: Guest Operations Manager, Office of Communications, 
Location 1, as set forth in Appendix A.

NOTIFICATION PROCEDURE:
    Individuals interested in inquiring about their records should 
notify the system manager.

RECORD ACCESS PROCEDURE:
    Individuals who wish to gain access to their records should submit 
their request in writing to the system manager.

CONTESTING RECORD PROCEDURES:
    The NASA regulations governing access to records, procedures for 
contesting the contents and for appealing initial determinations are 
set forth in 14 CFR part 1212.

RECORD SOURCE CATEGORIES:
    The information contained in the GOS is obtained directly from the 
individuals, who provide the information on a voluntary basis.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[[Page 79942]]

NASA 10HABC

SYSTEM NAME:
    History Archives Biographical Collection.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Location 1 and 11 as set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on individuals who are of 
historical significance in aeronautics, astronautics, space science, 
and other concerns of NASA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Biographical data; speeches and articles by an individual; 
correspondence, interviews, and various other tapes and transcripts of 
program activities.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20112(a)(3) and 44 U.S.C. 3101.

PURPOSE(S):
    Records in this system are used by History Office staff to answer 
reference queries from the media and are made available to visiting 
historians and other researchers to support their research and writing 
projects.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. Records may be 
disclosed: (1) To scholars (historians and other disciplines) or any 
other interested individuals for research in writing dissertations, 
articles, and books, for government, commercial, and nonprofit 
publication or developing material for other media use; (2) by History 
Office staff to members of the media or NASA staff in response to 
reference requests, and to visiting historians and other researchers to 
support their research and writing projects; and (3) in accordance with 
NASA standard routine uses as set forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained as hard-copy documents and on 
electronic media.

RETRIEVABILITY:
    The records are retrieved from the system by the individual's name.

SAFEGUARDS:
    Because these records are archive material and, therefore, a matter 
of public information, there are no special safeguard procedures 
required.

RETENTION AND DISPOSAL:
    Records are retained indefinitely in Agency reference collections 
in history offices, but may be destroyed when no longer needed in 
accordance with NASA Records Retention Schedules, Schedule 1 Item 10.

SYSTEM MANAGERS AND ADDRESSES:
    Chief Archivist, Location 1.
    Subsystem Manager: Public Affairs Officer, Location 11 as set forth 
in Appendix A.

NOTIFICATION PROCEDURE:
    Information may be obtained from the system manager listed above.

RECORD ACCESS PROCEDURE:
    Requests from individuals should be addressed to same address as 
stated in the Notification section above.

CONTESTING RECORD PROCEDURES:
    The NASA regulations for access to records and for contesting 
contents and appealing initial determinations by the individual 
concerned appear at 14 CFR part 1212.

RECORD SOURCE CATEGORIES:
    Press releases, newspapers, journals, copies of internal Agency 
records, and the individuals themselves.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
NASA 10IGIC

SYSTEM NAME:
    Inspector General Investigations Case Files.

SECURITY CLASSIFICATION:
    Some of the material contained in the system has been classified in 
the interests of national security pursuant to Executive Order 11652.

SYSTEM LOCATION:
    Locations 1, 2, 4 through 11, 16 and 17 as set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on current and former employees 
of NASA, contractors, and subcontractors, and others whose actions have 
affected NASA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Case files pertaining to matters including, but not limited to, the 
following classifications of cases: (1) Fraud against the Government, 
(2) theft of Government property, (3) bribery, (4) lost or stolen lunar 
samples, (5) misuse of Government property, (6) conflict of interest, 
(7) waiver of claim for overpayment of pay, (8) leaks of Source 
Evaluation Board information, (9) improper personal conduct, (10) 
irregularities in awarding contracts, (11) computer crimes, (12) 
research misconduct, and (13) whistleblower protection investigations 
under various statutes and regulations.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113; 51 U.S.C. 20114; 44 U.S.C. 3101; Inspector General 
Act of 1978, as amended, 5 U.S.C. Appendix 3.

PURPOSES:
    Information in this system of records is collected in the course of 
investigating alleged crimes and other violations of law or regulations 
that affect NASA. The information is used by prosecutors, Agency 
managers, law enforcement agencies, Congress, NASA contractors, and 
others to address the crimes and other misconduct discovered during 
investigations.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. The following are 
routine uses: (1) Responding to the White House, the Office of 
Management and Budget, and other organizations in the Executive Office 
of the President regarding matters inquired of; (2) disclosure to a 
congressional office from the record of an individual in response to a 
written inquiry from the congressional office made at the request of 
that individual; (3) providing data to Federal intelligence elements; 
(4) providing data to any source from which information is requested in 
the course of an investigation, and to identify the type of information 
requested; (5) providing personal identifying data to Federal, State, 
local, or foreign law enforcement representatives seeking confirmation 
of identity of persons under investigations; (6) disclosing, as 
necessary, to a contractor, subcontractor, or grantee firm or 
institution, to the extent that the disclosure is in NASA's interest 
and is relevant and necessary in order that the contractor, 
subcontractor, or grantee is able to take administrative or corrective

[[Page 79943]]

action; (7) disclosing to any official (including members of the 
Council of Inspectors General on Integrity and Efficiency (CIGIE) and 
staff and authorized officials of the Department of Justice and Federal 
Bureau of Investigation) charged with the responsibility to conduct 
qualitative assessment reviews of internal safeguards and management 
procedures employed in Office of Inspector General (OIG) operations; 
(8) disclosing to members of the CIGIE for the preparation of reports 
to the President and Congress on the activities of the Inspectors 
General; (9) disclosing to the public when: The matter under 
investigation has become public knowledge, or when the Inspector 
General determines that such disclosure is necessary to preserve 
confidence in the integrity of the OIG investigative process, or to 
demonstrate the accountability of NASA officers, or employees, or other 
individuals covered by this system, unless the Inspector General 
determines that disclosure of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy; (10) disclosing to the news media and public when 
there exists a legitimate public interest (e.g., to provide information 
on events in the criminal process, such as indictments), or when 
necessary for protection from imminent threat to life or property; (11) 
disclosing to any individual or entity when necessary to elicit 
information that will assist an OIG investigation or audit; (12) 
disclosing to complainants and/or victims to the extent necessary to 
provide such persons with information and explanations concerning the 
progress and/or results of the investigation or case arising from the 
matters of which they complained and/or of which they were a victim; 
(13) disclosing to contractors, grantees, experts, consultants, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or other assignment for the Federal 
Government, who have a need to know such information in order to 
accomplish an agency function; (14) NASA standard routine uses as set 
forth in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained as hard-copy documents and on 
electronic media.

RETRIEVABILITY:
    Each OIG investigation is assigned a case number and all records 
relating to a particular investigation are filed and retrieved by that 
case number. Records may also be retrieved from the system by the name 
of an individual.

SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Additionally, 
server and data management environments employ infrastructure 
encryption technologies both in data transmission and at rest on 
servers. Electronic messages sent within and outside of the Agency that 
convey sensitive data are encrypted and transmitted by staff via pre-
approved electronic encryption systems as required by NASA policy. 
Approved security plans are in place for information systems containing 
the records in accordance with the Federal Information Security 
Management Act of 2002 (FISMA) and OMB Circular A-130, Management of 
Federal Information Resources. Only authorized personnel requiring 
information in the official discharge of their duties are authorized 
access to records through approved access or authentication methods. 
Access to electronic records is achieved only from workstations within 
the NASA Intranet or via a secure Virtual Private Network (VPN) 
connection that requires two-factor hardware token authentication or 
via employee PIV badge authentication from NASA-issued computers. Non-
electronic records are secured in locked rooms or files.

RETENTION AND DISPOSAL:
    Records are maintained in Agency files and destroyed in accordance 
with NASA Procedural Requirements (NPR) 1441.1, NASA Records Management 
Program Requirements, and NASA Records Retention Schedules (NRRS) 
1441.1, Schedule 9.

SYSTEM MANAGER AND ADDRESS:
    Assistant Inspector General for Investigations, Location 1.
    Subsystem Managers Special and Resident Agents in Charge, Location 
2, 4 through 11 inclusive, 16, and 17 as set forth in Appendix A.

NOTIFICATION PROCEDURE:
    None. System is exempt (see below).

RECORD ACCESS PROCEDURES:
    None. System is exempt (see below).

CONTESTING RECORD PROCEDURES:
    None. System is exempt (see below).

RECORD SOURCE CATEGORIES:
    Exempt.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    (1) The Inspector General Investigations Case Files system of 
records is exempt from any part of the Privacy Act (5 U.S.C. 552a), 
EXCEPT the following subsections: (b) Relating to conditions of 
disclosure; (c)(1) and (2) relating to keeping and maintaining a 
disclosure accounting; (e)(4)(A)-(F) relating to publishing a system 
notice setting forth name, location, categories of individuals and 
records, routine uses, and policies regarding storage, retrievability, 
access controls, retention and disposal of the records; (e)(6), (7), 
(9), (10), and (11) relating to the dissemination and maintenance of 
records; (i) relating to criminal penalties. This exemption applies to 
those records and information contained in the system of records 
pertaining to the enforcement of criminal laws.
    (2) To the extent that there may exist noncriminal investigative 
files within this system of records, the Inspector General 
Investigations Case Files system of records is exempt from the 
following subsections of the Privacy Act (5 U.S.C. 552a): (c)(3) 
Relating to access to disclosure accounting, (d) relating to access to 
reports, (e)(1) relating to the type of information maintained in the 
records; (e)(4)(G), (H), and (I) relating to publishing the system 
notice information as to agency procedures for access and amendment and 
information as to the categories of sources of records, and (f) 
relating to developing agency rules for gaining access and making 
corrections.
    The determination to exempt this system of records has been made by 
the Administrator of NASA in accordance with 5 U.S.C. 552a(j) and (k) 
and subpart 5 of the NASA regulations appearing in 14 CFR part 1212, 
for the reason that a component of the Office of Inspector General, 
NASA, performs as its principal function activities pertaining to the 
enforcement of criminal laws, within the meaning of 5 U.S.C. 
552a(j)(2).
NASA 10PATS

SYSTEM NAME:
    Parking and Transit System (PATS).

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Locations 1 and 4, as set forth in Appendix A.

[[Page 79944]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on NASA civil servants and 
contractors who are holders of parking permits; applicants or members 
of carpools, vanpools and other ridesharing programs; applicants and 
recipients of fare subsidies issued by NASA; and applicants for other 
NASA transit benefit programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system may include information about individuals, 
including name, home address, badge number, monthly commuting cost, 
email address, years of government service, grade, personal vehicle 
make and model, and person vehicle license number. These records may be 
captured as parking, rideshare, or other transit program applications, 
status or participation reports of individuals' participation in the 
programs.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113(a); 44 U.S.C. 3101; 40 U.S.C. 471; and, 40 U.S.C. 
486;

PURPOSE(S):
    Records in this system are used to facilitate administration of 
employee and contractor participation in parking, rideshare, and 
transit programs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information, which is the issuance 
of NASA Parking Permits and NASA Fare Subsidies.
    Records in this system may be disclosed: (1) To other Federal 
agencies to confirm that an individual is not receiving transit 
benefits from multiple agencies concurrently; and (2) in accordance 
with the NASA Standard Routine Uses as listed in Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in hard copy and electronically in systems on 
secure NASA servers.

RETRIEVABILITY:
    Records are retrieved by name or by zip code of residence.

SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Additionally, 
server and data management environments employ infrastructure 
encryption technologies both in data transmission and at rest on 
servers. Electronic messages sent within and outside of the Agency that 
convey sensitive data are encrypted and transmitted by staff via pre-
approved electronic encryption systems as required by NASA policy. 
Approved security plans are in place for information systems containing 
the records in accordance with the Federal Information Security 
Management Act of 2002 (FISMA) and OMB Circular A-130, Management of 
Federal Information Resources. Only authorized personnel requiring 
information in the official discharge of their duties are authorized 
access to records through approved access or authentication methods. 
Access to electronic records is achieved only from workstations within 
the NASA Intranet or via a secure Virtual Private Network (VPN) 
connection that requires two-factor hardware token authentication or 
via employee PIV badge authentication from NASA-issued computers. Non-
electronic records are secured in locked rooms or locked file cabinets.

RETENTION AND DISPOSAL:
    Records are maintained and disposed of in accordance with NASA 
Records Retention Schedule 6, Item 11 and General Records Schedule 9, 
Item 7.

SYSTEM MANAGER(S) AND ADDRESS:
    Transportation Officer, Headquarters Facilities and Administrative 
Services Division, Location 1, as set forth in Appendix A.
    Subsystem Manager: Transportation Subsidy Program Lead, Logistics 
Management Division, Location 4, as set forth in Appendix A.

NOTIFICATION PROCEDURE:
    Individuals interested in inquiring about their records should 
notify the System Manager or Subsystem Manager at the addresses given 
above.

RECORD ACCESS PROCEDURES:
    Individuals who wish to gain access to their records should submit 
their request in writing to the System Manager or Subsystem Manager at 
the address given above.

CONTESTING RECORD PROCEDURES:
    The NASA regulations governing access to records and procedures for 
contesting the contents and for appealing initial determinations are 
set forth in 14 CFR part 1212.

RECORD SOURCE CATEGORIES:
    Information is provided by individuals in applications submitted 
for parking permits, carpool and vanpool membership, ridesharing 
information, and fare subsidies.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
NASA 10SECR

SYSTEM NAME:
    Security Records System.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    The centralized data system is located at Location 9. Records are 
also located at Locations 1 through 9 and Locations 11, 12, and 14. The 
locations are set forth in Appendix A.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on Civil Servant Employees, 
applicants, NASA committee members, NASA consultants, NASA experts, 
NASA Resident Research Associates, guest workers, contractor employees, 
detailees, visitors, correspondents (written and telephonic), Faculty 
Fellows, Intergovernmental Personnel Mobility Act (IPA) Employees, 
Grantees, Cooperative Employees, and Remote Users of NASA Non-Public 
Information Technology Resources. This system also maintains 
information on all non-U.S. citizens, to include Lawful Permanent 
Residents seeking access to NASA facilities, resources, laboratories, 
contractor sites, Federally Funded Research and Development Centers or 
NASA sponsored events for unclassified purposes to include employees of 
NASA or NASA contractors; prospective NASA or NASA contractor 
employees; employees of other U.S. Government agencies or their 
contractors; foreign students at U.S. institutions; officials or other 
persons employed by foreign governments or other foreign institutions 
who may or may not be involved in cooperation with NASA under 
international agreements; foreign media representatives; and 
representatives or agents of foreign national governments seeking 
access to NASA facilities, to include high-level protocol visits; or 
international relations.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personnel Security Records, Personal Identity Records including 
NASA visitor files, Emergency Data Records, Criminal Matters, Traffic 
Management

[[Page 79945]]

Records, and Access Management Records. Specific records fields 
include, but are not limited to: Name, former names, date of birth, 
place of birth, social security number, home address, phone numbers, 
citizenship, traffic infraction, security violation, security incident, 
security violation discipline status and action taken.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    18 U.S.C. 793-799, Espionage and Information Control Statutes;
    18 U.S.C. 2151-2157, Sabotage Statutes;
    18 U.S.C. 202-208, Bribery, Graft, and Conflicts of Interest;
    18 U.S.C. 3056, Powers, authorities, and duties of United States 
Secret Service;
    18 U.S.C. 371, Conspiracy Statute;
    40 U.S.C. 1441, Responsibilities regarding efficiency, security, 
and privacy of Federal computer systems;
    44 U.S.C. 3101, Records management by agency heads; general duties;
    50 U.S.C., Internal Security Act of 1950;
    51 U.S.C. 20101 National and Commercial Space Programs;
    42 U.S.C. 2011 et seq., Atomic Energy Act of 1954, as amended;
    Executive Order 9397, as amended, Numbering System for Federal 
Accounts Relating to Individual Persons;
    Executive Order 13526, as amended, Classified National Security 
Information;
    Executive Order 12968, as amended, Access to Classified 
Information;
    Executive Order 10865, Safeguarding Classified Information Within 
Industry;
    Executive Order 10450, Security Requirements for Government 
Employees;
    Pub. L. 81-733, Summary suspension of employment of civilian 
officers and employees;
    Pub. L. 107-347, Federal Information Security Management Act 2002;
    HSPD 12, Policy for a Common Identification Standard for Federal 
Employees and Contractors;
    14 CFR parts 1203 through 1203b, NASA Information Security Program;
    14 CFR 1213; NASA Release of Information to News and Information 
Media;
    15 CFR 744; EAR Control Policy: End-user and End-use Based;
    22 CFR 62, Exchange Visitor Program;
    22 CFR 120-130; Foreign Relations Export Control;
    41 CFR Chapter 101 Federal Property Management Regulation.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. The records and 
information in these records may be disclosed:
    1. To the Department of Justice (DOJ) when: (a) The agency or any 
component thereof; (b) any employee of the agency in his or her 
official capacity; (c) any employee of the agency in his or her 
individual capacity where agency or the DOJ has agreed to represent the 
employee; or (d) the United States Government, is a party to litigation 
or has an interest in such litigation, and by careful review, the 
agency determines that the records are both relevant and necessary to 
the litigation and the use of such records by DOJ is therefore deemed 
by the agency to be for a purpose compatible with the purpose for which 
the agency collected the records.
    2. To a court or adjudicative body in a proceeding when: (a) The 
agency or any component thereof; (b) any employee of the agency in his 
or her official capacity; (c) any employee of the agency in his or her 
individual capacity where agency or the Department of Justice has 
agreed to represent the employee; or (d) the United States Government, 
is a party to litigation or has an interest in such litigation, and by 
careful review, the agency determines that the records are both 
relevant and necessary to the litigation and the use of such records is 
therefore deemed by the agency to be for a purpose that is compatible 
with the purpose for which the agency collected the records.
    3. To an Agency in order to provide a basis for determining 
preliminary visa eligibility.
    4. To a staff member of the Executive Office of the President in 
response to an inquiry from the White House.
    5. To the National Archives and Records Administration or to the 
General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906.
    6. To agency contractors, grantees, or volunteers who have been 
engaged to assist the agency in the performance of a contract service, 
grant, cooperative agreement, or other activity related to this system 
of records and who need to have access to the records in order to 
perform their activity. Recipients shall be required to comply with the 
requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
    7. To other Federal agencies and relevant contractor facilities to 
determine eligibility of individuals to access classified National 
Security information.
    8. To any official investigative or judicial source from which 
information is requested in the course of an investigation, to the 
extent necessary to identify the individual, inform the source of the 
nature and purpose of the investigation, and to identify the type of 
information requested.
    9. To the news media or the general public, factual information the 
disclosure of which would be in the public interest and which would not 
constitute an unwarranted invasion of personal privacy, consistent with 
Freedom of Information Act standards.
    10. To a Federal, State, or local agency, or other appropriate 
entities or individuals, or through established liaison channels to 
selected foreign governments, in order to enable an intelligence agency 
to carry out its responsibilities under the National Security Act of 
1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 
or any successor order, applicable national security directives, or 
classified implementing procedures approved by the Attorney General and 
promulgated pursuant to such statutes, orders or directives.
    11. In order to notify an employee's next-of-kin or contractor in 
the event of a mishap involving that employee or contractor.
    12. To notify another Federal agency when, or verify whether, a PIV 
card is valid.
    13. To provide relevant information to an internal or external 
organization or element thereof conducting audit activities of a NASA 
contractor or subcontractor.
    14. To a NASA contractor, subcontractor, grantee, or other 
Government organization information developed in an investigation or 
administrative inquiry concerning a violation of a Federal or state 
statute or regulation on the part of an officer or employee of the 
contractor, subcontractor, grantee, or other Government organization.
    15. To foreign governments or international organizations if 
required by treaties, international conventions, or executive 
agreements.
    16. To members of a NASA Advisory Committee or Committees and 
interagency boards charged with responsibilities pertaining to 
international visits and assignments and/or national security when 
authorized by the individual or to the extent the committee(s) is so 
authorized and such disclosure is required by law.
    17. To the following individuals for the purpose of providing 
information on traffic accidents, personal injuries, or the loss or 
damage of property: (a) Individuals involved in such incidents; (b) 
persons injured in such incidents; (c)

[[Page 79946]]

owners of property damaged, lost or stolen in such incidents; and/or 
(d) these individuals' duly verified insurance companies, personal 
representatives, employers, and/or attorneys. The release of 
information under these circumstances should only occur when it will 
not: (a) Interfere with ongoing law enforcement proceedings, (b) risk 
the health or safety of an individual, or (c) reveal the identity of an 
informant or witness that has received an explicit assurance of 
confidentiality. Social security numbers should not be released under 
these circumstances unless the social security number belongs to the 
individual requester.'' The intent of this use is to facilitate 
information flow to parties who need the information to adjudicate a 
claim.
    18. To the Transportation Security Administration, with consent of 
the individual on whom the records are maintained, to establish 
eligibility for the TSA Pre[check] program.
    19. In accordance with NASA standard routine uses as set forth in 
Appendix B.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained electronically and in hard-
copy documents.

RETRIEVABILITY:
    Records are retrieved from the system by individual's name, file 
number, badge number, decal number, payroll number, Agency-specific 
unique personal identification code, and/or Social Security Number.

SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Additionally, 
server and data management environments employ infrastructure 
encryption technologies both in data transmission and at rest on 
servers. Approved security plans are in place for information systems 
containing the records in accordance with the Federal Information 
Security Management Act of 2002 (FISMA) and OMB Circular A-130, 
Management of Federal Information Resources (OA-9999-M-MSF-2712, OA-
9999-M-MSF-2707, IE-999-M-MSF-1654). Only authorized personnel 
requiring information in the official discharge of their duties are 
authorized access to records through approved access or authentication 
methods. Access to electronic records is achieved only by utilizing 
NASA agency managed authentication mechanisms. Non-electronic records 
are secured in access-controlled rooms with electronic security 
countermeasures and agency managed, PIV enabled, physical 
authentication mechanisms.

RETENTION AND DISPOSAL:
    The Personnel Security Records are maintained in Agency files and 
destroyed upon notification of the death or within 5 years after 
separation or transfer of employee or within 5 years after contract 
relationship expires, whichever is applicable in accordance with NASA 
Records Retention Schedules (NRRS), Schedule 1 Item 103. The foreign 
national files are maintained in Agency files and destroyed in 
accordance with NRRS, Schedule 1 Item 35.
    The Personal Identity Records are maintained in Agency files and 
destroyed upon notification of the death or within 5 years after 
separation or transfer of employee or within 5 years after contract 
relationship expires, whichever is applicable in accordance with NRRS, 
Schedule 1 Item 103. Visitor files are maintained and destroyed in 
accordance with NRRS, Schedule 1 Item 114. The Emergency Data Records 
are maintained in Agency files and destroyed when superseded or 
obsolete in accordance with NRRS 1, Item 100B.
    The Criminal Matter Records are maintained in Agency files and 
destroyed in accordance with NRRS 1, Schedule 97.5, Items A and B.
    The Traffic Management Records are maintained in Agency files and 
destroyed in accordance with NRRS 1, Schedule 97.5, Item C.

SYSTEM MANAGER(S) AND ADDRESS:
    System Manager: Deputy Assistant Administrator of the Office of 
Protective Services, Location 1. Subsystem Managers: The Chief of 
Security/Protective Services at each subsystem location at locations 1 
through 9 and locations 11, 12, and 14. Locations are as set forth in 
Appendix A.

NOTIFICATION PROCEDURE:
    Information may be obtained from the cognizant system or subsystem 
manager listed above. Requests must contain the following identifying 
data concerning the requestor: First, middle, and last name; date of 
birth; Social Security Number; period and place of employment with 
NASA, if applicable.

RECORD ACCESS PROCEDURES:
    Personnel Security Records compiled solely for the purpose of 
determining suitability, eligibility, or qualifications for Federal 
civilian employment, Federal contracts, or access to classified 
information have been exempted by the Administrator under 5 U.S.C. 
552a(k)(5) from the access provisions of the Act.
    Personal Identity Records: Requests from individuals should be 
addressed to the same address as stated in the Notification section 
above.
    Emergency Data Records: Requests from individuals should be 
addressed to the same address as stated in the Notification section 
above.
    Criminal Matter Records compiled for civil or criminal law 
enforcement purposes have been exempted by the Administrator under 5 
U.S.C. 552a(k)(2) from the access provision of the Act.
    Traffic Management Records: Requests from individuals should be 
addressed to the same address as stated in the Notification section 
above.

CONTESTING RECORD PROCEDURES:
    For Personnel Security Records and Criminal Matters Records, see 
Record Access Procedures, above. For Personal Identity Records, 
Emergency Data Records, and Traffic Management Records, the NASA rules 
for access to records and for contesting contents and appealing initial 
determinations by the individual concerned appear at 14 CFR part 1212.

RECORD SOURCE CATEGORIES:
    Information is obtained from a variety of sources including the 
employee, contractor, or applicant via use of the Standard Form (SF) 
SF-85, SF-85P, or SF-86 and personal interviews; employers' and former 
employers' records; FBI criminal history records and other databases; 
financial institutions and credit reports; medical records and health 
care providers; educational institutions; interviews of witnesses such 
as neighbors, friends, coworkers, business associates, teachers, 
landlords, or family members; tax records; and other public records. 
Security violation information is obtained from a variety of sources, 
such as guard reports, security inspections, witnesses, supervisor's 
reports, audit reports.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    Personnel Security Records compiled solely for the purpose of 
determining suitability, eligibility, or qualifications for Federal 
civilian employment, Federal contracts, or access to classified 
information, but only to the extent that the disclosure of such 
material would

[[Page 79947]]

reveal the identity of a confidential source, are exempt from the 
following sections of the Privacy Act of 1974, 5 U.S.C. 552a(c)(3) 
relating to access to the disclosure accounting; (d) relating to access 
to the records; (e)(1) relating to the type of information maintained 
in the records; (e)(4)(G), (H) and (I) relating to publishing in the 
annual system notice information as to agency procedures for access and 
correction and information as to the categories of sources of records; 
and (f) relating to developing agency rules for gaining access and 
making corrections. The determination to exempt the Personnel Security 
Records portion of the Security Records System has been made by the 
Administrator of NASA in accordance with 5 U.S.C. 552a(k)(5) and 
Subpart 5 of the NASA regulations appearing in 14 CFR part 1212.
    Criminal Matter Records to the extent they constitute investigatory 
material compiled for law enforcement purposes are exempt from the 
following sections of the Privacy Act of 1974, 5 U.S.C. 552a(c)(3) 
relating to access to the disclosure accounting; (d) relating to access 
to the records; (e)(1) relating to the type of information maintained 
in the records; (e)(4)(G), (H) and (I) relating to publishing in the 
annual system notice information as to agency procedures for access and 
correction and information as to the categories of sources of records; 
and (f) relating to developing agency rules for gaining access and 
making corrections. The determination to exempt the Criminal Matter 
Records portion of the Security Records System has been made by the 
Administrator of NASA in accordance with 5 U.S.C. 552a(k)(2) and 
subpart 5 of the NASA regulations appearing in 14 CFR part 1212.
    Records subject to the provisions of 5 U.S.C. 552(b)(1) required by 
Executive Order to be kept secret in the interest of national defense 
or foreign policy are exempt from the following sections of the Privacy 
Act of 1974, 5 U.S.C. 552a: (c)(3) Relating to access to the disclosure 
accounting; (d) relating to the access to the records; (e)(1) relating 
to the type of information maintained in the records; (e)(4)(G), (H) 
and (I) relating to publishing in the annual system notice information 
as to agency procedures for access and correction and information as to 
the categories of sources of records; and (f) relating to developing 
agency rules for gaining access and making corrections. The 
determination to exempt this portion of the Security Records System has 
been made by the Administrator of NASA in accordance with 5 U.S.C. 
552a(k)(1) and subpart 5 of the NASA regulations appearing in 14 CFR 
part 1212.

[FR Doc. 2015-32289 Filed 12-22-15; 8:45 am]
BILLING CODE 7510-13-P