[Federal Register Volume 85, Number 150 (Tuesday, August 4, 2020)]
[Notices]
[Pages 47195-47197]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-16855]



[[Page 47195]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION

[Docket ID ED-2020-OCIO-0058]


Privacy Act of 1974; System of Records

AGENCY: Office of the Chief Information Officer, Department of 
Education.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the Department of Education (Department) publishes this 
notice of a new system of records entitled ``Department of Education 
Cybersecurity Excellence Award'' (18-04-05). Pursuant to Executive 
Order 13870 of May 2, 2019, as published in the Federal Register on May 
9, 2019 (Executive Order 13870), the Department has developed and 
implemented, consistent with applicable law, an annual Department of 
Education Cybersecurity Excellence Award to recognize Department 
employees and contractors for outstanding performance and achievements 
in the areas of cybersecurity and cyber-operations. The Department will 
solicit applications and nominations for one individual or team of 
individuals to be annually awarded the Department of Education 
Cybersecurity Excellence Award.

DATES: Submit your comments on this new system of records notice on or 
before September 3, 2020.
    This new system of records will become applicable upon publication 
in the Federal Register on August 4, 2020, unless the new system of 
records notice needs to be changed as a result of public comment. All 
proposed routine uses in the paragraph entitled ``ROUTINE USES OF 
RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND 
PURPOSES OF SUCH USES'' will become applicable on September 3, 2020, 
unless the new system of records notice needs to be changed as a result 
of public comment. The Department will publish any significant changes 
to the system of records or routine uses that result from public 
comment.

ADDRESSES: Submit your comments through the Federal eRulemaking Portal 
or via postal mail, commercial delivery, or hand delivery. We will not 
accept comments submitted by fax or by email or those submitted after 
the comment period. To ensure that we do not receive duplicate copies, 
please submit your comments only once. In addition, please include the 
Docket ID at the top of your comments.
     Federal eRulemaking Portal: Go to www.regulations.gov to 
submit your comments electronically. Information on using 
Regulations.gov, including instructions for accessing agency documents, 
submitting comments, and viewing the docket, is available on the site 
under the ``Help'' tab.
     Postal Mail, Commercial Delivery, or Hand Delivery: If you 
mail or deliver your comments about this new system of records, address 
them to: Peter Hoang, Information Assurance Services, Office of the 
Chief Information Officer, U.S. Department of Education, 550 12th 
Street SW, Washington, DC 20202.
    Privacy Note: The Department's policy is to make all comments 
received from members of the public available for public viewing in 
their entirety on the Federal eRulemaking Portal at 
www.regulations.gov. Therefore, commenters should be careful to include 
in their comments only information that they wish to make publicly 
available.
    Assistance to Individuals with Disabilities in Reviewing the 
Rulemaking Record: On request, we will provide an appropriate 
accommodation or auxiliary aid to an individual with a disability who 
needs assistance to review the comments or other documents in the 
public rulemaking record for this notice. If you want to schedule an 
appointment for this type of accommodation or auxiliary aid, please 
contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Peter Hoang, Information Assurance 
Services, Office of the Chief Information Officer, U.S. Department of 
Education, 550 12th Street SW, Washington, DC 20202. Email: 
[email protected]. Phone: (202)245-6923.
    If you use a telecommunications device for the deaf (TDD) or a text 
telephone (TTY), you may call the Federal Relay Service at 1-800-877-
8339.

SUPPLEMENTARY INFORMATION: The information maintained in this system 
will be used to (1) review and evaluate applications and nominations of 
individual candidates and teams including, but not limited to, 
assessing individual candidate and team eligibility in order to select 
one individual candidate or team of indivuals to whom the Department 
will present, on an annual basis, the Department of Education 
Cybersecurity Excellence Award, and two individual candidates or teams 
of individuals to whom the Department will present, on an annual basis, 
honorable mentions; (2) develop and implement the Department of 
Education Cybersecurity Excellence Award program's annual recognition 
component; and, (3) carry out the responsibilities set forth in section 
2(d) of Executive Order 13870.
    Accessible Format: Individuals with disabilities can obtain this 
document in an accessible format (e.g., braille, large print, 
audiotape, or compact disc) on request to the person listed under FOR 
FURTHER INFORMATION CONTACT.
    Electronic Access to This Document: The official version of this 
document is the document published in the Federal Register. You may 
access the official edition of the Federal Register and the Code of 
Federal Regulations at www.govinfo.gov. At this site you can view this 
document, as well as all other documents of this Department published 
in the Federal Register, in text or Portable Document Format (PDF). To 
use PDF, you must have Adobe Acrobat Reader, which is available free at 
the site.
    You may also access documents of the Department published in the 
Federal Register by using the article search feature at 
www.federalregister.gov. Specifically, through the advanced search 
feature at this site, you can limit your search to documents published 
by the Department.

Jason Gray,
Chief Information Officer, Office of the Chief Information Officer.
    For the reasons discussed in the preamble, the Chief Information 
Office, U.S. Department of Education (Department), publishes a notice 
of a new system of records to read as follows:

SYSTEM NAME AND NUMBER:
    Department of Education Cybersecurity Excellence Award (18-04-05).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Information Assurance Services, Office of the Chief Information 
Officer, U.S. Department of Education, 550 12th Street SW, Washington, 
DC 20202.

SYSTEM MANAGER(S):
    Chief Information Security Officer, Information Assurance Services, 
Office of the Chief Information Office, U.S. Department of Education, 
550 12th Street SW, Washington, DC 20202.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Executive Order 13870 of May 2, 2019, entitled, ``America's 
Cybersecurity Workforce,'' as published in the Federal Register at 84 
FR 20523 (May 9, 2019) (Executive Order 13870).

[[Page 47196]]

PURPOSE(S) OF THE SYSTEM:
    The records maintained in this system will be used to (1) review 
and evaluate applications and nominations of individual candidates and 
teams including, but not limited to, assessing individual candidate and 
team eligibility in order to select one individual candidate or team of 
individuals to whom the Department will present, on an annual basis, 
the Department of Education Cybersecurity Excellence Award, and two 
individual candidates or teams of individuals to whom the Department 
will present, on an annual basis, honorable mentions; (2) develop and 
implement the Department of Education Cybersecurity Excellence Award 
program's annual recognition component; and, (3) carry out the 
responsibilities set forth in section 2(d) of Executive Order 13870.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains records on employees and contractors of the 
Department who apply for or are nominated for the Department of 
Education Cybersecurity Excellence Award.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system consists of records about each applicant or nominee, 
including those who are part of a team that applies or is nominated, 
for the Department of Education Cybersecurity Excellence Award 
including, but not limited to, their: (1) Name; (2) organization and/or 
branch name; (3) job title; (4) narrative statement of accomplishments 
in cybersecurity innovations, team (stakeholder) collaboration, tool 
implementation, process development, cybersecurity training, and 
cybersecurity market research and product solutions; and, (5) work 
address, work email address, and work contact number.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained from Department employees 
and contractors who apply or are nominated, individually or as part of 
a group (team), by their Department peers or Department leadership for 
the Department of Education Cybersecurity Excellence Award. Information 
also may be obtained from other persons or entities from which data is 
obtained under the routine uses set forth below.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The Department may disclose information contained in a record in 
this system of records under the routine uses listed in this system of 
records without the consent of the individual if the disclosure is 
compatible with the purpose(s) for which the record was collected. The 
Department may make these disclosures on a case-by-case basis or, if 
the Department has complied with the computer matching requirements of 
the Privacy Act of 1974, as amended (Privacy Act), under a computer 
matching agreement.
    (1) Programmatic Purposes. The Department may disclose information 
from this system of records as part of the Department's review and 
evaluation of candidate applications and nominations, and in order to 
promote the selection and recognition of recipients of the Department 
of Education Cybersecurity Excellence Award and honorable mentions, 
along with the visibility of the award program itself, to the following 
entities for the purposes specified:
    (a) Disclosures to the General Public Announcing each Awardee and 
Honorable Mention Recipient. The Department may disclose to the general 
public, via the Department's website, the name and accomplishments of 
each awardee and honorable mention recipient.
    (b) Disclosures to Individuals and Entities Assisting the 
Department in Arranging Awardee and Honorable Mention Recipient 
Accommodations, Transportation, and Other Services. The Department may 
provide information from this system of records to individuals and 
entities, such as vendors, in preparation for and in connection with 
the awards ceremony held, annually, by the Department in Washington, 
DC, and related educational and celebratory activities.
    (c) Disclosures to the White House and Federal Agencies for 
Briefings, Speechwriting, or to Obtain Security Clearances. The 
Department may disclose awardee and honorable mention recipient 
information from this system of records to the White House and Federal 
agencies for any speechwriting and briefings for officials addressing 
the awardees, honorable mention recipients, or guests at recognition 
events, or to permit awardees and honorable mention recipients to 
obtain security clearances to attend such events or to gain entry into 
buildings with limited access, as appropriate.
    (2) Enforcement Disclosure. In the event that information in this 
system of records indicates, either on its face or in connection with 
other information, a violation or potential violation of any applicable 
statute, regulation, or order of a competent authority, the Department 
may disclose the relevant records to the appropriate agency, whether 
foreign, Federal, State, Tribal, or local, charged with the 
responsibility of investigating or prosecuting that violation or 
charged with enforcing or implementing the statute, Executive Order, 
rule, regulation, or order issued pursuant thereto.
    (3) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
    (a) Introduction. In the event that one of the parties listed in 
sub-paragraphs (i) through (v) is involved in judicial or 
administrative litigation or ADR, or has an interest in judicial or 
administrative litigation or ADR, the Department may disclose certain 
records to the parties described in paragraphs (b), (c), and (d) of 
this routine use under the conditions specified in those paragraphs:
    (i) The Department, or any component of the Department;
    (ii) Any Department employee in his or her official capacity;
    (iii) Any Department employee in his or her individual capacity if 
the Department of Justice (DOJ) has agreed or has been requested to 
provide or arrange for representation for the employee;
    (iv) Any Department employee in his or her individual capacity if 
the agency has agreed to represent the employee; or
    (v) The United States if the Department determines that the 
litigation is likely to affect the Department or any of its components.
    (b) Disclosure to the DOJ. If the Department determines that 
disclosure of certain records to the DOJ is relevant and necessary to 
litigation or ADR, the Department may disclose those records as a 
routine use to the DOJ.
    (c) Adjudicative Disclosures. If the Department determines that it 
is relevant and necessary to the litigation or ADR to disclose certain 
records to an adjudicative body, whether judicial or administrative, 
before which the Department is authorized to appear or to a person or 
an entity designated by the Department or otherwise empowered to 
resolve or mediate disputes, the Department may disclose those records 
as a routine use to the adjudicative body, person, or entity.
    (d) Disclosure to Parties, Counsel, Representatives, and Witnesses. 
If the Department determines that disclosure of certain records to a 
party, counsel, representative, or witness is relevant and necessary to 
the litigation or ADR, the Department may disclose those records as a 
routine use to the party, counsel, representative, or witness.
    (4) Freedom of Information Act (FOIA) and Privacy Act Advice 
Disclosure. The Department may

[[Page 47197]]

disclose records from this system of records to the DOJ or the Office 
of Management and Budget (OMB) if the Department concludes that 
disclosure is desirable or necessary in determining whether particular 
records are required to be disclosed under the FOIA or the Privacy Act.
    (5) Disclosure to the DOJ. The Department may disclose records from 
this system of records to the DOJ to the extent necessary for obtaining 
DOJ advice on any matter relevant to an audit, inspection, or other 
inquiry related to the Department of Education Cybersecurity Excellence 
Award.
    (6) Contract Disclosure. If the Department contracts with an entity 
for the purposes of performing any function that requires disclosure of 
records in this system to employees of the contractor, the Department 
may disclose the records to those employees. As part of such a 
contract, the Department shall require the contractor to agree to 
establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records.
    (7) Research Disclosure. The Department may disclose records to a 
researcher if an appropriate official of the Department determines that 
the individual or organization to which the disclosure would be made is 
qualified to carry out specific research related to functions or 
purposes of this system of records. The official may disclose records 
from this system of records to that researcher solely for the purpose 
of carrying out that research related to the functions or purposes of 
this system of records. The researcher shall be required to agree to 
establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records.
    (8) Congressional Member Disclosure. The Department may disclose 
information from the record of an individual to a member of Congress 
and to his or her staff in response to an inquiry from the member (or 
from the member's staff) made at the written request of that 
individual. The member's right to access the information is no greater 
than the right of the individual who made the written request to such 
member.
    (9) Disclosure in the Course of Responding to a Breach of Data. The 
Department may disclose records from this system of records to 
appropriate agencies, entities, and persons when: (a) The Department 
suspects or has confirmed that there has been a breach of the system of 
records; (b) the Department has determined that as a result of the 
suspected or confirmed breach, there is a risk of harm to individuals, 
the Department (including its information systems, programs, and 
operations), the Federal Government, or national security; and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist the Department's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (10) Disclosure in Assisting Another Agency in Responding to a 
Breach of Data. The Department may disclose records from this system to 
another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records are maintained on an access-controlled electronic 
system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records are retrieved by the applicant's or nominee's name and 
year of application or nomination, as applicable.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The Department shall submit a retention and disposition schedule 
that covers the records contained in this system to the National 
Archives and Records Administration (NARA) for review. The records will 
not be destroyed until such time as NARA approves said schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All physical access to the Department site where this system of 
records is maintained and the sites of the Department's staff and 
contractors with access to the system is controlled and monitored by 
security personnel who check each individual entering the building for 
his or her employee or visitor badge.
    The computer systems employed by the Department and its contractors 
offer a high degree of security against tampering and circumvention. 
These security systems limit data access to Department and contract 
personnel on a ``need to know'' basis and control individual users' 
ability to access and alter records within the system.

RECORD ACCESS PROCEDURES:
    If you wish to gain access to a record regarding you in the system 
of records, contact the system manager at the address listed above. You 
must provide necessary particulars, such as your name and any other 
identifying information requested by the Department while processing 
the request to distinguish between individuals with the same name. Your 
request must meet the requirements of 34 CFR 5b.5, including proof of 
identity.

CONTESTING RECORD PROCEDURES:
    If you wish to contest the content of a record regarding you in the 
system of records, contact the system manager. You must provide 
necessary particulars, such as your name and any other identifying 
information requested by the Department while processing the request to 
distinguish between individuals with the same name. Your request must 
meet the requirements of 34 CFR 5b.7.

NOTIFICATION PROCEDURES:
    If you wish to determine whether a record exists regarding you in 
the system of records, contact the system manager at the address listed 
above. You must provide necessary particulars, such as your name and 
any other identifying information requested by the Department while 
processing the request to distinguish between individuals with the same 
name. Your request must meet the requirements of 34 CFR 5b.5, including 
proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.
[FR Doc. 2020-16855 Filed 8-3-20; 8:45 am]
BILLING CODE 4000-01-P