89 FR 20 pgs. 5926-5928 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 20Pages: 5926 - 5928
Pages: 5926, 5927, 5928Docket number: [Docket No. FR-7092-N-12]
FR document: [FR Doc. 2024-01765 Filed 1-29-24; 8:45 am]
Agency: Housing and Urban Development Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT
[Docket No. FR-7092-N-12]
Privacy Act of 1974; System of Records
AGENCY:
Office of Chief Information Officer (OCIO) and Infrastructure and Operations (IOO), HUD.
ACTION:
Notice of a new system of records.
SUMMARY:
Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO) and Infrastructure and Operations (IOO) is issuing a public notice of its intent to create a Privacy Act System of Records titled "Active Directory (a component of the Local Area Network (LAN) File Server system-LFS)". The purpose of the LFS is to provide the infrastructure needed to support internal HUD systems locally at all HUD locations. This technology includes Active Directory. Active Directory (AD) stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information. The information in Active Directory originates from the Digital Identity and Access Management System (DIAMS).
DATES:
Comments will be accepted on or before February 29, 2024. This proposed action will be effective on the date following the end of the comment period unless comments are received which result in a contrary determination.
ADDRESSES:
You may submit comments, identified by docket number or by one of the following methods:
Federal e-Rulemaking Portal: https://www.regulations.gov. Follow the instructions provided on that site to submit comments electronically.
Fax: 202-619-8365.
Email: www.privacy@hud.gov.
Mail: Attention: Privacy Office; LaDonne White, Chief Privacy Officer; Office of the Executive Secretariat; 451 Seventh Street SW, Room 10139; Washington, DC 20410-0001.
Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to https://www.regulations.gov. including any personal information provided.
Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT:
LaDonne White; 451 Seventh Street SW, Room 10139; Washington, DC 20410-0001; telephone number 202-708-3054 (this is not a toll-free number). HUD welcomes and is prepared to receive calls from individuals who are deaf or hard of hearing, as well as individuals with speech or communication disabilities. To learn more about how to make an accessible telephone call, please visit https://www.fcc.gov/consumers/guides/telecommunications-relay-service-trs.
SUPPLEMENTARY INFORMATION:
HUD maintains the Active Directory (AD) system of records. Active Directory Domain Services (ADDS) are the foundation of every Windows domain network. It stores information about domain members, including devices and users, verifies their credentials, and defines their access rights. The server running this service is called a domain controller. A domain controller is contacted when a user logs into a device, accesses another device across the network, or runs a line-of-business Metro-style app sideloaded into a machine. Other Active Directory services and most Microsoft server technologies rely on or use Domain Services.
SYSTEM NAME AND NUMBER:
Active Directory (a component of P209 LAN File Server) HUD/CIO-03.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained at the U.S Housing of Urban and Development 451 7th Street SW, Washington, DC 20410-1000. HUD Data Center locations include the Mid-Atlantic Data Center at 250 Burlington Drive, Clarksville Virginia, 23927 and and the Stennis Data Center at 9300 Building Complex, Stennis, Mississippi 35929.
SYSTEM MANAGER(S):
Jacquelyn Rosales, Network Services Branch Chief, Unified Communication Services Division, 451 7th Street SW, Washington DC, 20410-1000.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
[top] The Information Technology Management Reform Act of 1996 (Pub. L. 104-106, 40 U.S.C. 11101 et seq. ), E-Government Act (Pub. L. 107-347, sec. 203, 44 U.S.C. 3501 note), Federal Information Security Management Act, as amended (Pub. L. 107-347, 44 U.S.C. 3554), Paperwork Reduction Act of 1995
PURPOSE(S) OF THE SYSTEM:
The purpose of the LAN File Server (LFS) is to provide the infrastructure needed to support internal HUD systems locally at all HUD locations. This technology includes Active Directory. Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information. This data store, also known as the directory, contains information about Active Directory objects. These objects typically include shared resources such as servers, volumes, printers, and the network user and computer accounts.
A. Supports the provision of user accounts and authenticates users to HUD enterprise Web applications for non-dual personal personnel with HUD's Personal Identity Verification (PIV)-Authentication (Auth) certificate.
B. Provides an Enterprise-wide hierarchical directory structure designed to employ greater centralization and standardization of network management for user data, security, and distributed resources and services across the HUD Enterprise; and
C. Synchronizes with HUD's Azure Active Directory instance for the purpose of Microsoft Azure Cloud Service collaboration, wherein HUD employees and contractors use cloud applications available in the Microsoft 365 application suite.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current HUD employees and contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
Full Name, Work Phone Number, Work Email Address, and Unique User ID ( e.g., H or C ID number), Device Identifier, and internet Protocol (IP)/Media Access Control (MAC) Address of assigned Device Identifier (if applicable).
RECORD SOURCE CATEGORIES:
The information originates from the Digital Identity and Access Management System (DIAMS) managed by HUD.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
1. To contractors, grantees, experts, consultants and their agents, or others performing or working under a contract, service, grant, cooperative agreement, or other agreement with HUD, when necessary to accomplish an agency function related to this system of record. Disclosure requirements are limited to only those data elements considered relevant to accomplishing an agency function.
2. To contractors, experts and consultants with whom HUD has a contract, service agreement, assignment, or other agreement of the Department, when necessary to utilize relevant data for the purpose of testing new technology and systems designed to enhance program operations and performance.
3. To appropriate agencies, entities, and persons when: (1) HUD suspects or has confirmed that there has been a breach of the system of records; (2) HUD has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HUD (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HUD's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
4. To another Federal agency or Federal entity, when HUD determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
5. To appropriate Federal, State, local, tribal, or other governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where HUD determines that the information would assist in the enforcement of civil or criminal laws and when such records, either alone or in conjunction with other information, indicate a violation or potential violation of law.
6. To a court, magistrate, administrative tribunal, or arbitrator in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, mediation, or settlement negotiations, or in connection with criminal law proceedings; when HUD determines that use of such records is relevant and necessary to the litigation and when any of the following is a party to the litigation or have an interest in such litigation: (1) HUD, or any component thereof; or (2) any HUD employee in his or her official capacity; or (3) any HUD employee in his or her individual capacity where HUD has agreed to represent the employee; or (4) the United States, or any agency thereof, where HUD determines that litigation is likely to affect HUD or any of its components.
7. To the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures, and compliance with the Freedom of Information Act (FOIA), and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.
8. To a congressional office from the record of an individual, in response to an inquiry from the congressional office made at the request of that individual.8. To any component of the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when HUD determines that the use of such records is relevant and necessary to the litigation and when any of the following is a party to the litigation or have an interest in such litigation: (1) HUD, or any component thereof; or (2) any HUD employee in his or her official capacity; or (3) any HUD employee in his or her individual capacity where the Department of Justice or agency conducting the litigation has agreed to represent the employee; or (4) the United States, or any agency thereof, where HUD determines that litigation is likely to affect HUD or any of its components.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
[top] Electronic Records.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Full Name and HUD Network ID (H or C ID).
POLICIES AND PRACTICIES FOR RETENTION AND DISPOSAL OF RECORDS:
Under General Records Schedule 3.2, System Access Records, items 030 and 031. Item 030 applies to systems not requiring special accountability for access. Item 030 records can be destroyed when the business use cases. Item 031 applies to systems requiring special accountability for access. Item 031 requires records to be destroyed/deleted 6 years after the user account is terminated or password is altered, or when no longer required for business us, whichever is later. Backup and Recovery digital media will be destroyed or otherwise rendered irrecoverable per NIST SP 800-88, Rev. 1 "Guidelines for Media Sanitization" (December 2014).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
PII is secured in cipher locks, combination locks, key cards, security guards, closed circuit TV and safes. Identification badges are required to ensure the records are not accessed and strict access controls are governed for electronic records using a user ID and password that require authentication before access is granted to Active Directory.
RECORD ACCESS PROCEDURES:
Individuals requesting records of themselves should address written inquiries to the Department of Housing Urban and Development 451 7th Street SW, Washington, DC 20410-0001. For verification, individuals should provide their full name, current address, and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made under 24 CFR 16.4.
CONTESTING RECORD PROCEDURES:
The HUD rule for contesting the content of any record pertaining to the individual by the individual concerned is published in 24 CFR 16.8 or may be obtained from the system manager.
NOTIFICATION PROCEDURES:
Individuals requesting notification of records of themselves should address written inquiries to the Department of Housing Urban Development, 451 7th street SW, Washington, DC 20410-0001. For verification purposes, individuals should provide their full name, office or organization where assigned, if applicable, and current address and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made under 24 CFR 16.4.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
N/A
HISTORY:
N/A.
LaDonne White,
Chief Privacy Officer, Office of Administration.
[FR Doc. 2024-01765 Filed 1-29-24; 8:45 am]
BILLING CODE 4210-67-P