[Federal Register Volume 86, Number 33 (Monday, February 22, 2021)]
[Notices]
[Pages 10551-10554]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-03453]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Department of the Navy

[Docket ID: USN-2021-HQ-0002]


Privacy Act of 1974; System of Records

AGENCY: United States Marine Corps (USMC), Department of Defense (DoD).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Department of the Navy is establishing a new System of 
Records entitled the Command Individual Risk and Resiliency System 
(CIRRAS) application. The CIRRAS application will be used by the USMC 
to enable Commanding Officers and Senior Enlisted Advisors to make 
informed and timely decisions on Force Preservation Risk Assessments, 
to optimize individual/unit readiness, and to facilitate enterprise-
wide risk management. Individual data will assist commanders by quickly 
identifying those Marines or Service Members requiring immediate 
command attention. Trend analysis will assist USMC commanders to 
implement mitigation strategies to improve overall individual/unit 
readiness. These records will also be used as a management tool for 
statistical analysis, tracking, reporting, evaluating program 
effectiveness, and conducting research.

DATES: This new system of records is effective upon publication; 
however, comments on the Routine Uses will be accepted on or before 
March 24, 2021. The Routine Uses are effective at the close of the 
comment period.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
    * Federal Rulemaking Portal: https://www.regulations.gov.
    Follow the instructions for submitting comments.
    * Mail: DoD cannot receive written comments at this time due to the 
COVID-19 pandemic. Comments should be sent electronically to the docket 
listed above.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these

[[Page 10552]]

submissions available for public viewing on the internet at https://www.regulations.gov as they are received without change, including any 
personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Sally A. Hughes, FOIA/PA Program 
Manager (ARSF), Headquarters, U.S. Marine Corps, 3000 Marine Corps 
Pentagon, Washington, DC 20350-3000, telephone (703) 614-4008.

SUPPLEMENTARY INFORMATION: The ``Marine Corps Risk and Resiliency 
Records'' system of records is being established by the USMC to support 
Force Preservation Risk Assessments. The Marine Corps force 
preservation process is the formalized method used by commanders to 
identify individual Marine risk factors and to apply holistic risk 
management measures to improve individual and unit readiness. Every 
day, this process assists leaders across the Corps to identify those in 
need. However, gaps in knowledge have historically limited the 
effectiveness of the effort. To improve the process, the USMC is 
developing the CIRRAS application, which compiles individual force 
preservation data input by small unit leaders, medical officers, and 
other support staff. By presenting timely, prioritized, actionable 
information to those who can help Marines, and by protecting 
unauthorized disclosure through strict access limits and cybersecurity, 
leaders will be better equipped to reduce destructive behaviors in 
their units.
    Force Preservation Risk Assessments are based on the identification 
and tracking of individual Service Member behaviors associated with 
increased risk or resiliency as defined by the Commandant's ``Six Fs,'' 
as defined in Marine Corps Order 1500.61, 28 July 2017. The Six Fs are 
Fidelity, Fighter, Fitness, Family, Finances and Future. Force 
Preservation Risk Assessments include critical stressors that are 
environmental factors or experiences that can overtax a Service 
Member's coping resources. The intensity or accumulation of multiple 
stressors is linked to a greater likelihood of harmful reactions 
including death by suicide. The CIRRAS application is a networked, web-
based application that captures risk, resiliency and critical stressor 
factors for all United States Marines and United States Armed Forces 
Service Members assigned to the USMC to provide Force Preservation 
information to the unit commander. The CIRRAS will directly support 
Commanders/Officers in Charge and Senior Enlisted Advisors by providing 
a tool to enable proactive identification and assessment of individual 
Marines' or Service Members' risk, resiliency, and critical stressor 
factors. Also, the system will allow the transfer of the same factors 
between commands in order to optimize individual/unit readiness and 
facilitate enterprise-wide risk management of individual Marines' risk 
status. The CIRRAS will be used by Regimental/Group Commanders through 
immediate supervisors (Platoon Commander/Officers in Charge) of all 
United States Marines and United States Armed Forces Service Members 
assigned to the USMC in accordance with Marine Corps Order 5100.29B, 
Marine Corps Safety Program; MCO 1500.60, Force Preservation Council 
(FPC) Program; and other Force Preservation Directives.
    The DoD notices for systems of records subject to the Privacy Act 
of 1974, as amended, have been published in the Federal Register and 
are available from the address in FOR FURTHER INFORMATION CONTACT or at 
the Defense Privacy, Civil Liberties, and Transparency Division website 
at https://dpcld.defense.gov.
    In accordance with 5 U.S.C. 552a(r) and Office of Management and 
Budget (OMB) Circular No. A-108, the DoD has provided a report of this 
system of records to the OMB and to Congress.

    Dated: February 10, 2021.
Kayyonne T. Marston,
Alternate OSD Federal Register Liaison Officer, Department of Defense.

SYSTEM NAME AND NUMBER:
    Marine Corps Risk and Resiliency Records, M05230-1.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Command Individual Risk and Resiliency Assessment System (CIRRAS) 
application, AWS GovCloud (US-East), NIWC Atlantic, Charleston, 
Component Enterprise Data Center (CEDC), P.O. Box 190022, Bldg. 3148, 
North Charleston, SC 29419-9022.

SYSTEM MANAGER(S):
    CIRRAS System Manager, Headquarters Marine Corps, Manpower & 
Reserve Affairs (M&RA), Marine & Family Programs (MF) Division, 3280 
Russell Rd., Quantico, VA 22134-5143, 4th Deck, 
[email protected], 703-432-9294.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    10 U.S.C. 5013, Secretary of the Navy; 10 U.S.C. 5041, 
Headquarters, Marine Corps; Department of Defense (DoD) Instruction 
6490.08, Command Notification Requirements to Dispel Stigma in 
Providing Mental Health Care to Service Members; DoD 6025.18-R, DoD 
Health Information Privacy Regulation; Marine Corps Order (MCO) 
1500.60, Force Preservation Council (FPC) Program; MCO 3500.27C, Risk 
Management; MCO 1752.5C, Sexual Assault Prevention & Response; MCO 
5300.17A, Substance Abuse Program; MCO 5100.29B, Marine Corps Safety 
Program; MCO 5100.19F, Marine Corps Traffic Safety Program.

PURPOSE(S) OF THE SYSTEM:
    To capture risk, resiliency, and critical stressor factors for all 
United States Marines or United States Armed Forces Service Members 
assigned to a United States Marine Corps (USMC) unit, and to provide 
Force Preservation information to the USMC Unit Commander; to transfer 
the same between commands, in order to optimize individual/unit 
readiness and facilitate enterprise-wide risk management of individual 
Marines; to help prevent adverse outcomes including the loss of life; 
to quickly identify those Marines or Service Members requiring 
immediate command attention; and to provide trend analysis to assist in 
implementing mitigation strategies to improve individual/unit 
readiness.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Active duty and Reserve USMC military personnel, and any other 
United States Armed Forces Service Members assigned to the USMC.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Biographic information to include: Full legal name, DoD ID number/
Electronic Data Interchange Personal Identifier (EDIPI), citizenship/
legal status, race/ethnicity, date and place of birth, gender/gender 
identification, home/mailing address, and phone numbers; marital status 
and divorce date (if any), alleged infidelity, and geographic 
separation from significant other; name, number of dependents, 
expecting parent, foster parenting, pending adoption, acting caregiver, 
family care plan, and housing information; date of entry, age, 
position/title, rank/grade, duty status, deployments, service member 
photo, Military Occupational Specialty (MOS), awards, End of Active 
Service (EAS), Pay Entry Base Date (PEBD), General Technical Score (GT) 
score, time in service, waivers, performance summary, monitored command 
code, future monitored command code, Reporting Unit Code (RUC), work 
email,

[[Page 10553]]

deployment history, discipline, Non-Judicial Punishment (NJP), loss of 
rank, loss of pay, security clearance revocation or suspension, law 
enforcement events identified on military blotter, under investigation 
by military or civilian commands/agencies, arrested within the last 
twelve months, and restraining order; Command Stressors information to 
include: Combat exposure, responsible for killing or injury in combat, 
and combat action ribbons; driver's license, restricted license, and 
base driving privileges; clubs and spiritual affiliations; fitness test 
scores and health promotion courses.
    General Education Development (GED), vocational training, college 
level, degrees, and certifications, military career qualifications, 
military career progression, and military career administration status; 
factors affecting personal finance status, wage garnishments, past-due 
bills, bankruptcy collection agency action, and gambling debt or 
issues; Force Preservation Risk and Resiliency Level; Individual 
Service Member Risk, Resiliency and Critical Stressor life events to 
include: High-risk hobbies, exposure to suicide, non-suicidal self-
injury, witness/victim exposure to crime or violence, hazing, sexual 
harassment, sexual assault, violence, child abuse, domestic abuse, 
neglect, behavioral and mental health information, traumatic brain 
injury, accidental death, alleged offender of crime or violence; 
Comments by commanders and command leadership Force Preservation 
Council members; alcohol/drug treatment, inpatient/outpatient, 
inpatient location, alcohol screening and use/misuse, drug screening 
and use/misuse, drug or alcohol related incident(s), history of 
substance abuse, duty-limiting diagnosis, under care for chronic 
treatment, prescription drugs (duty restricting), history of substance 
abuse, pending medical board decision, psychotropic or narcotic drugs 
prescribed, hospitalization, and critical illness/injury.

RECORD SOURCE CATEGORIES:
    Records and information stored in this system of records are 
obtained from: Service Individuals, Service Member's first-line leader, 
command staff, commanding officer, small unit leaders, medical 
officers, other support staff, and their assigned Force Preservation 
Council Members as well as authoritative data from Marine Corps Total 
Force System (MCTFS). Future iterations of the system may also include 
information from Department of Defense Tricare Pharmacy Tracking, 
Defense Enrollment Eligibility Reporting System, Marine Corps 
Recruiting Information Support System, Armed Forces Health Longitudinal 
Technology Application/GENESIS, and Manpower and Reserve Affairs Marine 
and Family Programs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, as amended, the records contained 
herein may specifically be disclosed outside the DoD as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the federal government when 
necessary to accomplish an agency function related to this system of 
records.
    b. To the appropriate Federal, State, local, territorial, tribal, 
foreign, or international law enforcement authority or other 
appropriate entity where a record, either alone or in conjunction with 
other information, indicates a violation or potential violation of law, 
whether criminal, civil, or regulatory in nature.
    c. To any component of the Department of Justice for the purpose of 
representing the DoD, or its components, officers, employees, or 
members in pending or potential litigation to which the record is 
pertinent.
    d. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body or official, when the DoD or other 
Agency representing the DoD determines that the records are relevant 
and necessary to the proceeding; or in an appropriate proceeding before 
an administrative or adjudicative body when the adjudicator determines 
the records to be relevant to the proceeding.
    e. To the National Archives and Records Administration for the 
purpose of records management inspections conducted under the authority 
of 44 U.S.C. 2904 and 2906.
    f. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    g. To appropriate agencies, entities, and persons when (1) the DoD 
suspects or confirms a breach of the system of records; (2) the DoD 
determines as a result of the suspected or confirmed breach there is a 
risk of harm to individuals, the DoD (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the DoD's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    h. To another Federal agency or Federal entity, when the DoD 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    i. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored in electronic format in 
accordance with the safeguards mentioned below.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name or EDIPI/DoD ID number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are permanent and maintained by USMC for 25 years, then 
transferred to the National Archives and Records Administration.

ADMINISTRATIVE, PHYSICAL, AND TECHNICAL SAFEGUARDS:
    Access is limited to authorized personnel with a need to know to 
perform their official assigned responsibilities. Users are granted 
only those privileges that are necessary for their job requirements. 
Access is controlled through use of Common Access Cards, DoD Public Key 
Infrastructure certificates, user identification and passwords, 
firewall, and role-based access controls. Personally Identifiable 
Information (PII) and Health Insurance Portability and Accountability 
Act (HIPAA) training is required for all users. Physical access to AWS 
data centers is logged and monitored. The physical access points to 
server rooms are monitored using Closed Circuit Television Camera 
(CCTV). Physical access is controlled at building ingress points by 
professional

[[Page 10554]]

security staff utilizing surveillance, detection systems, and other 
electronic means. Authorized staff utilize multi-factor authentication 
mechanisms to access and exit data centers and server rooms. Entrances 
to server rooms are secured with devices that sound alarms to initiate 
an incident response if the door is forced or held open. Electronic 
intrusion detection systems are installed within the data layer to 
monitor, detect, and automatically alert appropriate personnel of 
security incidents. Data at Rest Encryption and Risk Management 
Framework security controls, which include security controls for the 
PII and Protected Health Information (PHI) overlays, are utilized.

RECORDS ACCESS PROCEDURES:
    Individuals seeking access to information about themselves 
contained in this system of records should address written requests to 
the commanding officer where assigned or to the system manager at 
Headquarters Marine Corps, Manpower & Reserve Affairs (M&RA), Marine & 
Family Programs (MF) Division, 3280 Russell Rd., Quantico, VA 22134-
5143, 4th Deck. Signed, written requests should include the 
individual's full name, EDIPI/DoD ID number, telephone number, street 
address, email address, and name and number of this System of Records 
Notice (SORN). In addition, the requestor must provide either a 
notarized statement or a declaration made in accordance with 28 U.S.C. 
1746, in the appropriate format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    The DoD rules for accessing records, contesting contents, and 
appealing initial agency determinations are contained in 32 CFR part 
310, or may be obtained from the system manager.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine if information about themselves is 
contained in this system should address written requests to the 
commanding officer where assigned or to the system manager at 
Headquarters Marine Corps, Manpower & Reserve Affairs (M&RA), Marine & 
Family Programs (MF) Division, 3280 Russell Rd., Quantico, VA 22134-
5143, 4th Deck. Signed written requests should include the individual's 
full name, telephone number, street address, email address, and name 
and number of this SORN. In addition, the requestor must provide either 
a notarized statement or a declaration made in accordance with 28 
U.S.C. 1746, using the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2021-03453 Filed 2-19-21; 8:45 am]
BILLING CODE 5001-06-P