[Federal Register Volume 84, Number 195 (Tuesday, October 8, 2019)]
[Notices]
[Pages 53728-53730]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-21885]
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
[Notice-ID-2019-01; Docket No. 2019-0002; Sequence No. 27]
Privacy Act of 1974; System of Records
AGENCY: General Services Administration (GSA), Office of Government-
Wide Policy (OGP).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: GSA is publishing this system of records notice (SORN) as the
new managing partner of the e-Rulemaking Program, effective October 1,
2019. The e-Rulemaking Program includes the Federal Docket Management
System (FDMS) and Regulations.gov. Regulations.gov allows the public to
search, view, download, and comment on Federal agencies' rulemaking
documents in one central location on-line. FDMS provides each
participating Federal agency with the ability to electronically access
and manage its own rulemaking dockets, or other dockets, including
comments or supporting materials submitted by individuals or
organizations. GSA is establishing the GSA/OGP-1, e-Rulemaking Program
Administrative System to manage regulations.gov and partner agency
access to the Federal Docket Management System (FDMS).
DATES: The System of Records Notice (SORN) is applicable on October 8,
2019, with the exception of the routine uses. The routine uses will not
be effective until November 7, 2019, pending public comment. Comments
on the routine uses or other aspects of the SORN must be submitted by
November 7, 2019.
ADDRESSES: Submit comments identified by ``Notice-ID-2019-01, Notice of
a New System of Records'' by any of the following methods:
Regulations.gov: https://www.regulations.gov. Submit
comments via the Federal e-Rulemaking portal by searching for Notice-
ID-2019-01, Notice of New System of Records. Select the link ``Comment
Now'' that corresponds with ``Notice-ID-2019-01, Notice of New System
of Records.'' Follow the instructions provided on the screen. Please
include your name, company name (if any), and ``Notice-ID-2019-01,
Notice of New System of Records'' on your attached document.
Mail: General Services Administration, Regulatory
Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405.
ATTN: Ms. Mandell/Notice-ID-2019-01, Notice of New System of Records.
FOR FURTHER INFORMATION CONTACT: Call or email GSA's Chief Privacy
Officer: telephone 202-322-8246, or email [email protected].
SUPPLEMENTARY INFORMATION: The e-Rulemaking Program has been managed by
the Environmental Protection Agency (EPA). However, based on direction
from the Office of Management and Budget (OMB), GSA will be the
managing partner of the Program, effective October 1, 2019.
GSA is assuming the role of managing partner and is establishing
this system of records to support GSA's management of regulations.gov
and partner agency access to FDMS. This notice describes how GSA, as
managing partner, manages partner agencies' users' credentials. This
system of records does not include records pertaining to agency
rulemakings (e.g., comments received); partner agencies are responsible
for any Privacy Act Notices relevant to their rulemaking materials.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer,
General Services Administration.
SYSTEM NAME AND NUMBER:
GSA/OGP-1, e-Rulemaking Program Administrative System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
National Computer Center in Research Triangle Park, North Carolina.
SYSTEM MANAGER(S):
The system manager is the Associate Chief Information Officer of
Corporate IT Services in GSA-IT. The business address is: General
Services Administration--IC, 1800 F Street NW, Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
e-Government Act of 2002, see 44 U.S.C. 3602(f)(6); see also id
Sec. 3501, note.
[[Page 53729]]
PURPOSE(S) OF THE SYSTEM:
The purpose of the e-Rulemaking Program Administrative System is to
support GSA's management of regulations.gov and partner agency access
to FDMS. FDMS is used by participating Federal agencies that conduct
rulemakings and regulations.gov enables Federal agencies to accept
public comments electronically. This system of records notice governs
the records pertaining to GSA's issuance and management of user
credentials to access FDMS.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Covered individuals are partner agency users who register to access
FDMS including those agency users who serve as designated partner
agency account managers.
CATEGORIES OF RECORDS IN THE SYSTEM:
GSA maintains partner agencies' users' names, government issued
email addresses, telephone numbers, and passwords as credentials. In
addition, users provide their supervisor's name, telephone number, and
government issued email address.
RECORD SOURCE CATEGORIES:
The information in the system may be submitted by users and then
approved by partner agencies' designated account manager or directly
submitted and approved by a partner agency's designated account manager
on behalf of a user.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or portions of the records or
information contained in this system may be disclosed to authorized
entities on a need to know basis outside GSA as a routine use pursuant
to 5 U.S.C. 552a(b)(3) as follows:
a. To an appropriate Federal, State, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face or in conjunction with other information, indicates a
violation or potential violation of law, which includes criminal,
civil, or regulatory violations.
b. To the Office of Personnel Management (OPM), OMB, and the
Government Accountability Office (GAO) in accordance with their
responsibilities for evaluating Federal programs.
c. To a Member of Congress or his or her staff in response to a
request made on behalf of and at the request of the individual who is
the subject of the record.
d. To the Department of Justice or other Federal agency conducting
litigation or in proceedings before any court, adjudicative or
administrative body, when: (a) GSA or any component thereof, or (b) any
employee of GSA in his/her official capacity, or (c) any employee of
GSA in his/her individual capacity where DOJ or GSA has agreed to
represent the employee, or (d) the United States or any agency thereof,
is a party to the litigation or has an interest in such litigation, and
GSA determines that the records are both relevant and necessary to the
litigation.
e. To the National Archives and Records Administration (NARA) for
records management purposes.
f. To an expert, consultant, or contractor of GSA in the
performance of a Federal duty to which the information is relevant.
g. In connection with any litigation or settlement discussions
regarding claims by or against the GSA, including public filing with a
court, to the extent that GSA determines the disclosure of the
information is relevant and necessary to the litigation or discussions.
h. To an appeal or grievance examiner, formal complaints examiner,
equal opportunity investigator, arbitrator, or other authorized
official engaged in investigation or settlement of matters and
investigations involving the Merit Systems Protection Board or the
Office of Special Counsel.
i. To appropriate agencies, entities, and persons when (1) GSA
suspects or has confirmed that there has been a breach of the system of
records, (2) GSA has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, GSA (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with GSA's efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm.
j. To another Federal agency or Federal entity, when GSA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the Federal
Government, or national security, resulting from a suspected or
confirmed breach.
k. To a partner agency when GSA determines that information from
this system of records is reasonably necessary to assist the recipient
agency in managing its access to the system.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
User credentials and associated documentation are stored on secure
servers approved by GSA Office of the Chief Information Security
Officer (OCISO) and accessed only by authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The e-Rulemaking Program Administrative System retrieves partner
agency user credentials using the government-issued email addresses.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records relating to user credentials are subject to GSA's Records
Management Program and NARA-approved retention and disposal procedures.
When a user account is terminated, records pertaining to that account
are maintained for a period of 6 years before disposal.
ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
The e-Rulemaking Program Administrative System is in a facility
protected by physical walls, security guards, and requiring
identification badges. Rooms housing the system infrastructure are
locked, as are the individual server racks. All security controls are
reviewed on a periodic basis by external assessors. The controls
themselves include measures for access control, security awareness
training, audits, configuration management, contingency planning,
incident response, and maintenance.
There are a limited number of GSA system administrator accounts for
the e-Rulemaking Program Administrative System that allow GSA to manage
regulations.gov and partner agency access to FDMS. Partner agency
access to FDMS is managed through designated partner agency account
managers, who in turn have access to the system to manage their own
agency's user accounts within FDMS.
Each designated partner agency account manager has access to FDMS.
This level of access enables them to
[[Page 53730]]
establish, manage, and terminate user accounts limited to their own
agency.
The GSA system administrator accounts are an additional level of
security and management in that they oversee all partner agency
accounts, including both designated partner agency account managers and
agency users. The GSA system administrator accounts require additional
tokens that meet multi-factor authentication standards in accordance
with National Institute of Standards and Technology (NIST) standards.
The controls assist in restricting access to authorized users who
require it for official business purposes. Records in FDMS are
maintained in a secure, password protected electronic system that
utilizes security hardware and software to include multiple firewalls,
active intrusion detection, encryption, identification and
authentication of users.
RECORD ACCESS PROCEDURES:
Partner agency users can access and manage their user credentials
through their designated partner agency account manager. If an access
inquiry is not resolved by the designated partner agency account
manager, the partner agency user may contact the GSA system manager
listed above. Procedures for requesting access from GSA can be found at
41 CFR part 105-64.4.
CONTESTING RECORD PROCEDURES:
If partner agency users have questions or concerns about their
account records, they can contact their designated partner agency
account manager. If a question or concern is not resolved by the
designated partner agency account manager, a partner agency user may
contact the GSA system manager listed above. Procedures for contesting
records stored by GSA can be found at 41 CFR part 105-64.4.
NOTIFICATION PROCEDURES:
If partner agency users wish to receive notice about their account
records, they can contact their designated partner agency account
manager. If not resolved by the designated partner agency account
manager, the partner agency user may contact the GSA system manager
listed above. Procedures for requesting notice of records stored by GSA
can be found at 41 CFR part 105-64.4.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
N/A.
[FR Doc. 2019-21885 Filed 10-7-19; 8:45 am]
BILLING CODE 6820-34-P