[Federal Register Volume 82, Number 153 (Thursday, August 10, 2017)]
[Notices]
[Pages 37451-37453]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-16852]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-ID-2017-02; Docket 2017-0002; Sequence No. 14]


Privacy Act of 1974; System of Records

AGENCY: General Services Administration (GSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

[[Page 37452]]

SUMMARY: Login.gov is a single sign-on platform to facilitate access to 
government services. GSA is modifying the routine uses applicable to 
the system of records by removing the words ``NIST-compliant'' from one 
existing Login.gov routine use and adding a new routine use for the 
system.

DATES: The modifications to the system of records that are described in 
this notice are effective upon publication in today's Federal Register, 
with the exception of the one new routine use to allow Login.gov to 
mail users a confirmation or notification (see new routine use ``j'' 
below) which is effective September 11, 2017. Comments on that routine 
use must be submitted by September 11, 2017.

ADDRESSES: Submit comments identified by ``Notice-ID-2017-02, Notice of 
Modified System of Records'' by any of the following methods:
     Regulations.gov: http://www.regulations.gov. Submit 
comments via the Federal eRulemaking portal by searching for Notice-ID-
2017-02, Notice of Modified System of Records. Select the link 
``Comment Now'' that corresponds with ``Notice-ID-2017-02, Notice of 
Modified System of Records.'' Follow the instructions provided on the 
screen. Please include your name, company name (if any), and ``Notice-
ID-2017-02, Notice of Modified System of Records'' on your attached 
document.
     Mail: General Services Administration, Regulatory 
Secretariat Division (MVCB), 1800 F Street NW., Washington, DC 20405. 
ATTN: Ms. Sosa/Notice-ID-2017-02, Notice of Modified System of Records.
    Instructions: Comments received generally will be posted without 
change to http://www.regulations.gov, including any personal and/or 
business confidential information provided. To confirm receipt of your 
comment(s), please check http://www.regulations.gov, approximately two 
to three days after submission to verify posting (except allow 30 days 
for posting of comments submitted by mail).

FOR FURTHER INFORMATION CONTACT: Call the GSA Chief Privacy Officer at 
telephone 202-322-8246; or email [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to clarify an existing routine 
use and add a new routine use for Login.gov, a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a. The National 
Institute of Standards and Technology (NIST) develops information 
security standards and guidelines, including minimum requirements for 
Federal information systems, but does not endorse or certify specific 
implementations. Therefore, GSA is modifying existing routine use ``b'' 
to remove the reference to ``NIST-compliant'' third party identity 
proofing service providers. New routine use ``j'' will enable Login.gov 
to disclose a user's name and mailing address to the Government 
Publishing Office (GPO) to mail that user an address confirmation form 
or any other requested mailed notifications. Login.gov provides a 
single, secure platform through which members of the public can log-in 
and access services from partner agencies, and increases user security 
by facilitating identity proofing and authentication as necessary in 
order to access specific government services.

    Dated: August 7, 2017.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.

SYSTEM NAME AND NUMBER:
    Login.gov, GSA/TTS-1.

SECURITY CLASSIFCATION:
    Unclassified.

SYSTEM LOCATION:
    The system is owned and maintained by GSA, housed in secure 
datacenters in continental United States. Contact the System Manager 
listed below for additional information.

SYSTEM MANAGER:
    Joel Minton, Director, Login.gov, General Services Administration, 
1800 F Street NW., Washington, DC 20405. https://www.Login.gov.
* * * * *

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside GSA as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. To the Department of Justice or other Federal agency conducting 
litigation or in proceedings before any court, adjudicative or 
administrative body, when: (a) GSA or any component thereof, or (b) any 
employee of GSA in his/her official capacity, or (c) any employee of 
GSA in his/her individual capacity where DOJ or GSA has agreed to 
represent the employee, or (d) the United States or any agency thereof, 
is a party to the litigation or has an interest in such litigation, and 
GSA determines that the records are both relevant and necessary to the 
litigation.
    b. To third party identity proofing services, as necessary to 
identity proof an individual for access to a service at the required 
level of assurance.
    c. To an appropriate Federal, State, tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    d. To a Member of Congress or his or her staff in response to a 
request made on behalf of and at the request of the individual who is 
the subject of the record.
    e. To the Office of Management and Budget (OMB) and the Government 
Accountability Office (GAO) in accordance with their responsibilities 
for evaluation or oversight of Federal programs.
    f. To an expert, consultant, or contractor of GSA in the 
performance of a Federal duty to which the information is relevant.
    g. To the National Archives and Records Administration (NARA) for 
records management purposes.
    h. To appropriate agencies, entities, and persons when (1) GSA 
suspects or has confirmed that there has been a breach of the system of 
records; (2) GSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, GSA (including 
its information systems, programs and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with GSA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    i. To another Federal agency or Federal entity, when GSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national

[[Page 37453]]

security, resulting from a suspected or confirmed breach.
    j. To the Government Publishing Office (GPO), when Login.gov needs 
to mail a user an address confirmation form or if a user requests 
mailed notifications of account changes or of proofing attempts.
* * * * *

History:
    This notice modifies the routine use section of the system of 
records notice that is published in full at 82 FR 6552, January 19, 
2017. The comments GSA received on that notice, and its responses to 
them, may be searched for and viewed on regulations.gov using Docket ID 
``GSA-GSA-2017-0002''.

[FR Doc. 2017-16852 Filed 8-9-17; 8:45 am]
BILLING CODE 6820-34-P