Beruflich Dokumente
Kultur Dokumente
authoritative directory service for the office by the individual to whom the requesting access must provide their full
purpose of ensuring the security of DOI record pertains. name and social security number. The
computer networks, resources and request must be in writing and signed
POLICIES AND PRACTICES FOR STORING,
information and protecting them from by the requester. (See 43 CFR 2.63).
RETRIEVING, ACCESSING, RETAINING, AND
unauthorized access, tampering or DISPOSING OF RECORDS IN THE SYSTEM: CONTESTING RECORD PROCEDURES:
destruction, (2) to authenticate and
verify that all persons accessing DOI STORAGE: An individual requesting amendment
computer networks, resources and Records are stored in electronic media of a record maintained on him or herself
information are authorized to access on hard disks, magnetic tapes. should address his/her request to the
them, (3) to ensure that persons signing office above. Individuals requesting an
RETRIEVABILITY: amendment must provide their full
official documents are indeed the
person represented and to provide for Records are retrievable from EACS by name and social security number. The
non-repudiation of the use of an name, digital certificate and personal request must be in writing and signed
electronic signature, and (4) to enable an identification number (PIN), and Web by the requester. (See 43 CFR 2.71).
individual to encrypt and decrypt home address.
RECORD SOURCE CATEGORIES:
documents for secure transmission. ACCESS SAFEGUARDS: Information in this system is obtained
Disclosures outside the DOI may be The computer servers in which from individuals covered by the system
made: records are stored are located in supervisors, designated approving
(a) To an expert, consultant, or officials, certificate issuing authority,
computer facilities that are secured by
contractor (including employees of the and network system administrators.
alarm systems and off-master key
contractor) of DOI that performs, on
access. EACS access granted to
DOI’s behalf, services requiring access EXEMPTIONS CLAIMED FOR THE SYSTEM:
individuals is password-protected.
to these records. None.
(b) To the Federal Protective Service Access to the certificate issuance
and appropriate Federal, State, local or portion of this system of records is [FR Doc. 05–289 Filed 1–5–05; 8:45 am]
foreign agencies responsible for controlled by a digital certificate in BILLING CODE 4310–RK–P
VerDate jul<14>2003 15:45 Jan 05, 2005 Jkt 205001 PO 00000 Frm 00043 Fmt 4703 Sfmt 4703 E:\FR\FM\06JAN1.SGM 06JAN1
Federal Register / Vol. 70, No. 4 / Thursday, January 6, 2005 / Notices 1263
Interior Building (MIB), 1849 C Street, Computer Access and Signature System operating system used by DOI that
NW., Washington, DC 20240. Comments (ACASS), follows. performs network management
received within 40 days of publication Dated: January 3, 2005. functions and is the repository for the
in the Federal Register will be Marilyn Legnini, computer access data. A contracted
considered. The system will be effective Departmental Privacy Act Officer,
certification authority provides the
as proposed at the end of the comment Department of the Interior. digital certificates and encryption
period unless comments are received services necessary for secure
which would require a contrary INTERIOR/DOI–15 authentication and verification. The
determination. The Department will SYSTEM NAME:
collected data will contain the
publish a revised notice if changes are individual’s user ID/e-mail address. The
Authenticated Computer Access and
made based upon a review of comments Active Directory will generate the date
Signature System—Interior, DOI–15
received. of entry to the computer network/
FOR FURTHER INFORMATION CONTACT: Bob SYSTEM LOCATION: system, time of entry, location of entry,
Donelson, Senior Property Manager, (1) Data covered by this system are time of exit, security access category,
Bureau of Land Management, maintained in the following locations: and access status which will also
Department of the Interior, 1620 L U.S. Department of the Interior (DOI), become part of the record. The collected
Street, NW., MS LS, Washington, DC Bureau of Land Management (BLM), data retained in Active Directory may
20036; 202–452–5190. National Information Resources also contain: office telephone number,
SUPPLEMENTARY INFORMATION: The Management Center, Denver Federal supervisor’s name and Web home page
primary purpose of ACASS is: (1) To Center, Lakewood, Colorado. A address. Records on former agency
ensure the security of DOI computer redundant, fail-over, server is located at employees are maintained in
networks in order to maintain BLM’s Network Operations Center in accordance with the proscribed records
continuous communications and protect Portland, Oregon. A repository of digital schedule.
the information attached to the certificates included in this system is AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
networks from unauthorized access, maintained by the certificate authority.
However, only the Department of 5 U.S.C. 301; Presidential
tampering or destruction; (2) To verify Memorandum on Upgrading Security at
that all persons accessing DOI networks Interior maintains a listing of
individuals to whom the certificates are Federal Facilities, June 28, 1995.
with ‘‘smart card’’ systems are Federal Information Security Act
authorized to access them; (3) To ensure issued.
(2) Limited access to data covered by (Pub.L. 104–106), section 5113.
that persons signing official documents E-Government Act (Pub.L. 104–347),
are indeed the person represented and this system is available at DOI locations,
section 203.
to provide assurance to the recipient both Federal buildings and Federally-
Government Paperwork Elimination
that the signature is authentic; and (4) leased space, where DOI computer
Act (Pub.L. 105–277).
To enable an individual to encrypt and systems are located. System
decrypt documents for secure Administrators at those locations have ROUTINE USES OF RECORDS MAINTAINED IN THE
transmission. access only to the information for SYSTEM INCLUDING CATEGORIES OF USERS AND
employees who attempt to access THE PURPOSES OF SUCH USES:
The new ‘‘smart card’’ access control
system is based on digitally encrypted computer systems at their location. The primary purposes of the system
certificates. The DOI is adding the are:
CATEGORIES OF INDIVIDUALS COVERED BY THE
capability for users to electronically sign (1) To ensure the security of DOI
SYSTEM:
documents and encrypt documents computer networks to maintain
All individuals who have ‘‘smart continuous communications and protect
using digital certificates. The current card’’ IDs with authentication capability
password access control system is used the information attached to the
who are granted access to DOI computer networks from unauthorized access,
to maintain access control to the various networks or certain isolated systems at
computer networks and computer tampering or destruction.
facilities that have the ‘‘smart card’’ (2) To verify that all persons accessing
systems in the DOI. The new access access control system installed and
control system will be used to maintain DOI networks with ‘‘smart card’’
individuals authorized to sign official systems are authorized to access them.
access control to all DOI computer DOI documents. These include, but are
networks and systems that have (3) To ensure that persons signing
not limited to, the following groups: official documents are indeed the
installed ‘‘smart card’’ access controls. current agency employees, former
In addition to the information collected person represented and to provide for
agency employees until the records are non-repudiation of the use of an
under the current access control system, disposed of in accordance with the
the new access control system will electronic signature.
proscribed records schedule, agency (4) To enable an individual to encrypt
record the personal identification contractors, other Government
numbers (PIN) of the ‘‘smart card’’ and decrypt documents for secure
employees from agencies with ‘‘smart transmission.
holder onto the ‘‘smart card’’. The PIN card’’ systems and volunteers.
will not be recorded elsewhere in the DISCLOSURES OF RECORDS WITHIN DOI:
system. The data will be stored on a CATEGORIES OF RECORDS IN THE SYSTEM:
Disclosure of these records may be
server located in the U.S. Department of Records maintained on current agency made: (1) To those officers and
the Interior, Bureau of Land employees and agency contractors employees of DOI who have a need for
Management, National Information include the following data fields: Name, the record in the performance of their
Resources Management Center, Denver organization/office of assignment, duties, or (2) when required by the
Federal Center, Lakewood, Colorado. A personal identification number (PIN), Freedom of Information Act, 5 U.S.C.
redundant, fail-over, server is located at number of ID security cards issued, ID 552.
BLM’s Network Operations Center in security card issue date, ID security card
Portland, Oregon. expiration date, and ID security card DISCLOSURES OUTSIDE THE DOI MAY BE MADE:
A copy of the system notice for serial number. The Active Directory is a (1) To an expert, consultant, or
Interior—DOI–15, Authenticated component of the computer network contractor (including employees of the
VerDate jul<14>2003 15:45 Jan 05, 2005 Jkt 205001 PO 00000 Frm 00044 Fmt 4703 Sfmt 4703 E:\FR\FM\06JAN1.SGM 06JAN1
1264 Federal Register / Vol. 70, No. 4 / Thursday, January 6, 2005 / Notices
contractor) of DOI that performs, on POLICIES AND PRACTICES FOR STORING, Building 40, P.O. Box 25047, Denver,
DOI’s behalf, services requiring access RETRIEVING, ACCESSING, RETAINING, AND Colorado 80225–0047.
to these records. DISPOSING OF RECORDS IN THE SYSTEM:
(2) To another agency with a similar NOTIFICATION PROCEDURES:
STORAGE:
‘‘smart card’’ system when a person An individual requesting notification
Records are stored in electronic media
with a ‘‘smart card’’ requires access to of the existence of records on himself or
on hard disks, magnetic tapes and the ID
that agency’s facilities on a ‘‘need-to- herself should address his/her request to
authentication card itself and on paper
know’’ basis. the local office Information Technology
records stored in file cabinets in secured
(3) To the Federal Protective Service Security Manager. The individual
locations.
and appropriate Federal, State, or local requesting notification must provide
agencies responsible for investigating RETRIEVABILITY: their full name and social security
emergency response situations or Records are retrievable from Active number. Interior bureaus/offices are
investigating or prosecuting the Directory by organization, agency point listed at the Department of the Interior
violation of or for enforcing or of contact, security access category that Web site at http://www.doi.gov. The
implementing a statute, rule, regulation, describes the type of access the user is request must be in writing and signed
order or license, when DOI becomes allowed, date of system entry, time of by the requester. (See 43 CFR 2.60.)
aware of a violation or potential entry, location of entry, time of exit, RECORDS ACCESS PROCEDURES:
violation of a statute, rule, regulation, location of exit, ID security card issue
order or license. An individual requesting access to
date, ID security card expiration date,
(4)(a) To any of the following entities records maintained on himself or herself
and ID security card serial number.
or individuals, when the circumstances should address his/her request to the
set forth in (b) are met: ACCESS SAFEGUARDS: local office Information Technology
(i) The Department of Justice (DOJ); The computer servers in which Security Manager. The individual
(ii) A court, adjudicative or other records are stored are located in requesting access must provide their full
administrative body; computer facilities that are secured by name and social security number. The
(iii) A party in litigation before a court alarm systems and off-master key request must be in writing and signed
or adjudicative or administrative body; access. Active Directory access granted by the requester. (See 43 CFR 2.63.)
or to individuals is password-protected.
(iv) Any DOI employee acting in his CONTESTING RECORD PROCEDURES:
Access to the certificate issuance
or her individual capacity if DOI or DOJ An individual requesting amendment
portion of this system of records is
has agreed to represent that employee or of a record maintained on himself or
controlled by a digital certificate in
pay for private representation of the herself should address his/her request to
employee; combination with a personal
the local office IT Security Manager.
(b) When identification number (PIN). Each
The individual requesting the
(i) One of the following is a party to person granted access to the system
amendment must provide their full
the proceeding or has an interest in the must be individually authorized to use
name and social security number. The
proceeding: the system. A Privacy Act Warning
request must be in writing and signed
(A) DOI or any component of DOI; Notice appears on the monitor screen
by the requester. (See 43 CFR 2.71.)
(B) Any DOI employee acting in his or when records containing information on
her official capacity; individuals are first displayed. Backup RECORD SOURCE CATEGORIES:
(C) Any DOI employee acting in his or tapes are stored in a locked and Individuals covered by the system,
her individual capacity if DOI or DOJ controlled room in a secure, off-site supervisors, and designated approving
has agreed to represent that employee or location. A Privacy Impact Assessment officials, certificate issuing authority,
pay for private representation of the was used to ensure that Privacy Act network system administrators.
employee; requirements and safeguard
(D) The United States, when DOJ requirements were met. EXEMPTIONS CLAIMED FOR THE SYSTEM:
determines that DOI is likely to be None.
RETENTION AND DISPOSAL:
affected by the proceeding; and
(ii) DOI deems the disclosure to be: Records relating to persons covered [FR Doc. 05–292 Filed 1–5–05; 8:45 am]
(A) Relevant and necessary to the by this system are retained in BILLING CODE 4310–RK–P
VerDate jul<14>2003 15:45 Jan 05, 2005 Jkt 205001 PO 00000 Frm 00045 Fmt 4703 Sfmt 4703 E:\FR\FM\06JAN1.SGM 06JAN1