Notice is hereby given that the Department of State proposes to create a system of records, Network User Account Records, State-56, pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a) and Office of Management and Budget Circular No. A-130, Appendix I. The Department's report was filed with the Office of Management and Budget on August 16, 2010.
It is proposed that the new system will be named “Network User Account Records.” It is also proposed that the new system description will be utilized to administer network user accounts; to help document and/or control access to computer systems, platforms, services, applications, and databases within a Department network; to monitor security of computer systems; to investigate and make referrals for disciplinary or other actions if unauthorized access or inappropriate usage is suspected or detected; and to identify the need for training programs.
Any persons interested in commenting on the new system of records may do so by submitting comments in writing to Margaret P. Grafeld, Director, Office of Information Programs and Services, A/GIS/IPS, Department of State, SA-2, 515 22nd Street, Washington, DC 20522-8001. This system of records will be effective 40 days from the date of publication, unless we receive comments that will result in a contrary determination.
The new system description, “Network User Account Records, State-56,” will read as set forth below.Start Signature
Dated: August 16, 2010.
Steven J. Rodriguez,
Deputy Assistant Secretary of Operations, Bureau of Administration, U.S. Department of State.
Network User Account Records.
Records are maintained by the Department of State in secure facilities wherever a domain controller is automatically compiling a visitors' log of individuals who authenticate to a particular server.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Department of State employees and other organizational users who have access to Department of State computer networks.
CATEGORIES OF RECORDS IN THE SYSTEM:
This Privacy Act system consists of the network user account records that Department information systems, applications, and services compile and maintain about users of a network. These records include user data such as the user's name, system-assigned username; e-mail address; employee or other user identification number; organization code; job title; business affiliation; work contact information; systems, applications, or services to which the individual has access; systems, applications, or services used; dates, times, and durations of use; user profile; and IP address of access. The records also include system usage files and directories when they contain information about specific users.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
To administer network user accounts; to help document and/or control access to computer systems, platforms, services, applications, and databases within a Department network; to monitor security of computer systems; to investigate and make referrals for disciplinary or other actions if unauthorized access or inappropriate usage is suspected or detected; and to identify the need for training programs.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
The routine uses applicable to this system of records are published at 73 FR 40650-40651 (July 15, 2008).
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:
Electronic and paper records.
Records are indexed by the user's name, system-assigned username; e-mail address; or other searchable data fields or codes.Start Printed Page 63254
All individuals with access to the records covered by this system of records receive cyber security awareness training which covers the procedures for handling classified and Sensitive-but-Unclassified information, including personally identifiable information. Annual refresher training is mandatory. Individuals with access undergo a background security investigation. All paper records are maintained in secured filing cabinets or in restricted areas, access to which is limited to authorized personnel only. Access to electronic records is password-protected and under the supervision of the information owner. Access privileges reflect separation of duties and least privilege, and are only extended to those Department personnel who have a need for the records in the performance of their duties. Individuals who are authorized to examine detailed information about the network and system usage of specific users are assigned privileged system accounts for that purpose. When it is determined that an individual no longer requires access, his or her account is disabled.
RETENTION AND DISPOSAL:
See National Archives and Records Administration General Records Schedule 20.1 (Files/Records Relating to the Creation, Use, and Maintenance of Computer Systems, Applications, or Electronic Records) and 24.6 (User Identification, Profiles, Authorizations, and Password Files). Records are deleted when no longer needed for administrative, legal, audit, or other operational purposes.
SYSTEM MANAGER AND ADDRESS:
Chief Information Officer, Department of State, 2201 C Street, NW., Washington, DC 20520.
Individuals who have reason to believe that this system of records may contain information pertaining to them may write the Director, Office of Information Programs and Services, Department of State, SA-2, 515 22nd Street, NW., Washington, DC 20522-8001. At a minimum, the individual should include the name of this system of records; their name, current mailing address, zip code, and signature; and a brief description of the circumstances that caused the individual to believe that the system of records contains records pertaining to them, including the specific geographic locations, overseas missions, or individual offices in which the individual believes he or she may have accessed or is believed to have accessed the Department's computer systems.
RECORD ACCESS AND AMENDMENT PROCEDURES:
Individuals who wish to gain access to or amend records pertaining to them should write to the Director, Office of Information Programs and Services, Department of State, SA-2, 515 22nd Street, NW., Washington, DC 20522-8001.
RECORD SOURCE CATEGORIES:
Individuals about whom the record is maintained; information systems, applications, and services within a Department network that record usage by individuals assigned a user account on that network.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
[FR Doc. 2010-25884 Filed 10-13-10; 8:45 am]
BILLING CODE 4710-00-P