[Federal Register Volume 88, Number 90 (Wednesday, May 10, 2023)]
[Notices]
[Pages 30171-30173]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-09933]


-----------------------------------------------------------------------

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

[NOTICE: 23-046]


Privacy Act of 1974; System of Records

AGENCY: National Aeronautics and Space Administration (NASA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, the National Aeronautics and Space Administration is providing 
public notice of a modification to a previously announced system of 
records, Core Financial Management Records, NASA 10CFMR. This notice 
incorporates the text of locations and NASA Standard Routine Uses 
previously published separately from, and cited by reference in, this 
and other NASA systems of records notices. This notice also adds an 
authority; updates technical safeguards and records access, 
notification, and contesting procedures; and updates title of the 
System Manager.

DATES: Submit comments within 30 calendar days from the date of this 
publication. The changes will take effect at the end of that period if 
no adverse comments are received.

ADDRESSES: Bill Edwards-Bodmer, Privacy Act Officer, Office of the 
Chief Information Officer, National Aeronautics and Space 
Administration Headquarters, Washington, DC 20546-0001, (757) 864-7998, 
[email protected].

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Bill 
Edwards-Bodmer, (757) 864-7998, [email protected].

SUPPLEMENTARY INFORMATION: This system of records notice (SORN) is 
modified to incorporate in whole, as appropriate, information formerly 
published separately in the Federal Register as Appendix A, Location 
Numbers and Mailing Addresses of NASA Installations at which Records 
are Located, and Appendix B, Standard Routine Uses--NASA, and removes 
references to ``Appendix A'' and ``Appendix B.'' This notice updates 
Technical Safeguards to reflect current information technology security 
protocols and updates the System Manager to add a new manager position 
and update the title of the original system manager. Finally, it is 
also modified to make minor editorial changes.

William Edwards-Bodmer,
NASA Privacy Act Officer.

SYSTEM NAME AND NUMBER:
    Core Financial Management Records, NASA 10CFMR.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    George C. Marshall Space Flight Center, National Aeronautics and 
Space Administration, Marshall Space Flight Center, AL 35812.

SYSTEM MANAGER(S):
     Director, Agency Financial Systems Office, Mary W. Jackson 
NASA Headquarters, National Aeronautics and Space Administration, 
Washington, DC 20546-0001.
     IS90/Associate Chief Information Officer, Applications 
Division, George C. Marshall Space Flight Center, National Aeronautics 
and Space Administration, Marshall Space Flight Center, AL 35812.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
     51 U.S.C. 20113(a).
     44 U.S.C. 3101.
     31 U.S.C. 901.
     31 U.S.C. 3512.

PURPOSE(S) OF THE SYSTEM:
    Records in this system are used to process reimbursement payments 
to employees for travel, purchase of books or other miscellaneous 
items; and to process payments and collections in which an individual 
is reimbursing the Agency.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system of records include former and 
current NASA employees and non-NASA individuals requiring any type of 
payment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system are comprised of budget formulation, 
financial management, and employee

[[Page 30172]]

timekeeping records and may include information about the individuals 
including Social Security Number (Tax Identification Number), home 
address, telephone number, email address, and bank account information.

RECORD SOURCE CATEGORIES:
    The information is received by the Applications & Platform Services 
(APS) Financial Systems through an electronic interface from the 
Federal Personnel Payroll System (FPPS). In certain circumstances, 
updates to this information may be submitted by NASA employees and 
recorded directly into the APS Financial Systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. The following are 
routine uses:
    1. Furnish data to the Department of Treasury for financial 
reimbursement of individual expenses, such as travel, books, and other 
miscellaneous items.
    2. Furnish data to the Department of Treasury for which an 
individual is reimbursing the Agency (for example, repayment of an 
unused travel advance).
    In addition, information may be disclosed under the following NASA 
Standard Routine Uses:
    1. Law Enforcement--When a record on its face, or in conjunction 
with other information, indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order, disclosure may be made to the appropriate 
agency, whether Federal, foreign, State, local, or tribal, or other 
public authority responsible for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order, if NASA determines by 
careful review that the records or information are both relevant and 
necessary to any enforcement, regulatory, investigative or prosecutive 
responsibility of the receiving entity.
    2. Certain Disclosures to Other Agencies--A record from this SOR 
may be disclosed to a Federal, State, or local agency maintaining 
civil, criminal, or other relevant enforcement information or other 
pertinent information, such as current licenses, if necessary, to 
obtain information relevant to an NASA decision concerning the hiring 
or retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    3. Certain Disclosures to Other Federal Agencies--A record from 
this SOR may be disclosed to a Federal agency, in response to its 
request, for a matter concerning the hiring or retention of an 
employee, the issuance of a security clearance, the reporting of an 
investigation of an employee, the letting of a contract, or the 
issuance of a license, grant, or other benefit by the requesting 
agency, to the extent that the information is relevant and necessary to 
the requesting agency's decision on the matter.
    4. Department of Justice--A record from this SOR may be disclosed 
to the Department of Justice when (a) NASA, or any component thereof; 
or (b) any employee of NASA in his or her official capacity; or (c) any 
employee of NASA in his or her individual capacity where the Department 
of Justice has agreed to represent the employee; or (d) the United 
States, where NASA determines that litigation is likely to affect NASA 
or any of its components, is a party to litigation or has an interest 
in such litigation, and by careful review, the use of such records by 
the Department of Justice is deemed by NASA to be relevant and 
necessary to the litigation.
    5. Courts--A record from this SOR may be disclosed in an 
appropriate proceeding before a court, grand jury, or administrative or 
adjudicative body, when NASA determines that the records are relevant 
and necessary to the proceeding; or in an appropriate proceeding before 
an administrative or adjudicative body when the adjudicator determines 
the records to be relevant and necessary to the proceeding.
    6. Response to an Actual or Suspected Compromise or Breach of 
Personally Identifiable Information--A record from this SOR may be 
disclosed to appropriate agencies, entities, and persons when (1) NASA 
suspects or has confirmed that there has been a breach of the system of 
records; (2) NASA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, NASA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with NASA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    7. Contractors--A record from this SOR may be disclosed to 
contractors, grantees, experts, consultants, students, volunteers, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish a NASA function related to this SOR. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to NASA employees.
    8. Members of Congress--A record from this SOR may be disclosed to 
a Member of Congress or to a Congressional staff member in response to 
an inquiry of the Congressional office made at the written request of 
the constituent about whom the record is maintained.
    9. Disclosures to Other Federal Agencies in Response to an Actual 
or Suspected Compromise or Breach of Personally Identifiable 
Information--A record from this SOR may be disclosed to another Federal 
agency or Federal entity, when NASA determines that information from 
this system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    10. National Archives and Records Administration--A record from 
this SOR may be disclosed as a routine use to the officers and 
employees of the National Archives and Records Administration (NARA) 
pursuant to records management inspections being conducted under the 
authority of 44 U.S.C. 2904 and 2906.
    11. Audit--A record from this SOR may be disclosed to another 
agency, or organization for purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are maintained on electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved from the system by name or SSN (Tax ID).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are stored in the NASA Applications & Platform Services 
(APS) database and managed, retained and dispositioned in accordance 
with NASA

[[Page 30173]]

Records Retention Schedules, Schedule 9, Items 11 and 16.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Additionally, 
server and data management environments employ infrastructure 
encryption technologies both in data transmission and at rest on 
servers. Electronic messages sent within and outside of the Agency that 
convey sensitive data are encrypted and transmitted by staff via pre-
approved electronic encryption systems as required by NASA policy. 
Approved security plans are in place for information systems containing 
the records in accordance with the Federal Information Security 
Management Act of 2002 (FISMA) and OMB Circular A-130, Management of 
Federal Information Resources. Only authorized personnel requiring 
information in the official discharge of their duties are authorized 
access to records through approved access or authentication methods. 
Access to electronic records is achieved only from workstations within 
the NASA Intranet or via a secure Virtual Private Network (VPN) 
connection that requires two-factor hardware token authentication or 
via employee PIV badge authentication from NASA-issued computers. Non-
electronic records are secured in locked rooms or locked file cabinets.

RECORD ACCESS PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

CONTESTING RECORD PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

NOTIFICATION PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
     (15-115, 80 FR 246, pp. 79937-79947).
     (15-068, 80 FR 193, pp. 60410-60411).
     (11-091, 76 FR 200, pp. 64112-64114).

[FR Doc. 2023-09933 Filed 5-9-23; 8:45 am]
BILLING CODE 7510-13-P