Notice2023-05806
Privacy Act of 1974; System of Records
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
March 22, 2023
Effective
April 21, 2023
Issuing agencies
Environmental Protection Agency
Abstract
The U.S. Environmental Protection Agency's (EPA) Office of Mission Support (OMS) is giving notice that it proposes to modify a system of records pursuant to the provisions of the Privacy Act of 1974. The Office of Administrative Services Information System (OASIS) is being modified to update safeguard infrastructure and security measures, and add Routine Uses.
Full Text
<html>
<head>
<title>Federal Register, Volume 88 Issue 55 (Wednesday, March 22, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 55 (Wednesday, March 22, 2023)]
[Notices]
[Pages 17219-17222]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-05806]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
[FRL-10616-01-OMS]
Privacy Act of 1974; System of Records
AGENCY: Office of Mission Support (OMS), Environmental Protection
Agency (EPA).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. Environmental Protection Agency's (EPA) Office of
Mission Support (OMS) is giving notice that it proposes to modify a
system of records pursuant to the provisions of the Privacy Act of
1974. The Office of Administrative Services Information System (OASIS)
is being modified to update safeguard infrastructure and security
measures, and add Routine Uses.
DATES: Persons wishing to comment on this system of records notice must
do so by April 21, 2023. New routine uses for this modified system of
records will be effective April 21, 2023.
ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OEI-2006-0633, by one of the following methods:
Federal eRulemaking Portal: <a href="https://www.regulations.gov">https://www.regulations.gov</a>. Follow the
online instructions for submitting comments.
Email: <a href="/cdn-cgi/l/email-protection#365259555d534269595b457653465718515940"><span class="__cf_email__" data-cfemail="35515a565e50416a5a5846755045541b525a43">[email protected]</span></a>. Include the Docket ID number in the
subject line of the message.
Fax: (202) 566-1752.
Mail: OMS Docket, Environmental Protection Agency, Mail Code:
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334,
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are
only accepted during the Docket's normal hours of operation, and
special arrangements should be made for deliveries of boxed
information.
Instructions: Direct your comments to Docket ID No. EPA-HQ-OEI-
2006-0633. The EPA's policy is that all comments received will be
included in the public docket without change and may be made available
online at <a href="https://www.regulations.gov">https://www.regulations.gov</a>, including any personal
information provided, unless the comment includes information claimed
to be Controlled Unclassified Information (CUI) or other information
for which disclosure is restricted by statute. Do not submit
information that you consider to be CUI or otherwise protected through
<a href="https://www.regulations.gov">https://www.regulations.gov</a>. The <a href="https://www.regulations.gov">https://www.regulations.gov</a> website is
an ``anonymous access'' system for the EPA, which means the EPA will
not know your identity or contact information. If you submit an
electronic comment, the EPA recommends that you include your name and
other contact information in the body of your comment. If the EPA
cannot read your comment due to technical difficulties and cannot
contact you for clarification, the EPA may not be able to consider your
comment. If you send an email comment directly to the EPA without going
through <a href="https://www.regulations.gov">https://www.regulations.gov</a>, your email address will be
automatically captured and included as part of the comment that is
placed in the public docket and made available on the internet.
Electronic files should avoid the use of special characters, any form
of encryption, and be free of any defects or viruses. For additional
information about the EPA public docket, visit the EPA Docket Center
homepage at <a href="https://www.epa.gov/dockets">https://www.epa.gov/dockets</a>.
Docket: All documents in the docket are listed in the <a href="https://www.regulations.gov">https://www.regulations.gov</a> index. Although listed in the index, some
information is not publicly available, e.g., CUI or other information
for which disclosure is restricted by statute. Certain other material,
such as copyrighted material, will be publicly available only in hard
copy. Publicly available docket
[[Page 17220]]
materials are available either electronically in <a href="https://www.regulations.gov">https://www.regulations.gov</a> or in hard copy at the OMS Docket, EPA/DC, WJC West
Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460.
The Public Reading Room is normally open from 8:30 a.m. to 4:30 p.m.,
Monday through Friday excluding legal holidays. The telephone number
for the Public Reading Room is (202) 566-1744, and the telephone number
for the OMS Docket is (202) 566-1752. Further information about EPA
Docket Center services and current operating status is available
at<a href="https://www.epa.gov/dockets">https://www.epa.gov/dockets</a>.
FOR FURTHER INFORMATION CONTACT: James Cunningham,
<a href="/cdn-cgi/l/email-protection#6003150e0e090e0708010d4e0a010d0513200510014e070f16"><span class="__cf_email__" data-cfemail="c4a7b1aaaaadaaa3aca5a9eaaea5a9a1b784a1b4a5eaa3abb2">[email protected]</span></a>, 202-564-7212; Jackie Brown,
<a href="/cdn-cgi/l/email-protection#c3a1b1acb4adeda9a2a0a8aaa683a6b3a2eda4acb5"><span class="__cf_email__" data-cfemail="2a4858455d4404404b4941434f6a4f5a4b044d455c">[email protected]</span></a>, 202-564-0313; or <a href="/cdn-cgi/l/email-protection#e6a9abb5cba7b4abcba9a7cbb4abb5a6839687c8818990"><span class="__cf_email__" data-cfemail="46090b156b07140b6b09076b140b150623362768212930">[email protected]</span></a>.
SUPPLEMENTARY INFORMATION: EPA uses OASIS as a secure platform to
provide software services to EPA employees using EPA's intranet,
including a secure database for the software modules the system
supports. EPA is updating this SORN to reflect how OASIS has modernized
its operating system platform, implemented a more secure method for
user authentication, and completed a review and update to the software
modules the system supports. EPA is removing the following OASIS
software modules that are no longer in use: Physical Security;
Warehouse Management; Fitness Center Management; Combo Locks,
Incidents, Keys and Safe System; and Personnel Security System. EPA is
updating the following OASIS software modules with no impact to
personally identifiable information (PII): Building Service Desk,
Credential Badging, Driver Tracking, Mail Center, National Security
Information, and Parking System (previously Parking and Transit
System). EPA is adding the following OASIS software modules with no
addition of new PII data elements: Environmental Health and Safety, HQ
Project Management, Incident Reporting, Print Request Form, Print
Request Tracking, PSS1 Archive, Transit Management, Transit Subsidy
Program Enrollment, USA Performance (USAP), and User Management. All
OASIS modules were updated to incorporate Multi-Factor Authentication
(MFA). Additionally, EPA is updating this SORN to add Routine Uses L
and M per updated OMB requirements.
SYSTEM NAME AND NUMBER:
Office of Administrative Services Information System (OASIS), EPA-
41.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system is managed by the Office of Mission Support, EPA, 1301
Constitution Ave. NW, Washington, DC 20460. Electronically stored
information is hosted at the EPA National Computer Center (NCC), 109 TW
Alexander Drive, Research Triangle Park, Durham, NC 27711.
SYSTEM MANAGER(S):
James Cunningham, Information Technology Project Manager, 1301
Constitution Ave. NW, Washington, DC 20460, <a href="/cdn-cgi/l/email-protection#4427312a2a2d2a232c25296a2e25292137042134256a232b32"><span class="__cf_email__" data-cfemail="fc9f89929295929b949d91d2969d91998fbc998c9dd29b938a">[email protected]</span></a>.
Jackie Brown, Information System Security Officer, 1301 Constitution
Ave. NW, Washington, DC 20460, <a href="/cdn-cgi/l/email-protection#85e7f7eaf2ebabefe4e6eeece0c5e0f5e4abe2eaf3"><span class="__cf_email__" data-cfemail="ceacbca1b9a0e0a4afada5a7ab8eabbeafe0a9a1b8">[email protected]</span></a>.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
E-Government Act of 2002 (Pub. L. 104-347); the Paperwork Reduction
Act of 1995, as amended (44 U.S.C. 3501, et seq.); Executive Order
13571--Streamlining Service Delivery and Improving Customer Service
(April 2011).
PURPOSE(S) OF THE SYSTEM:
The purpose of OASIS is to administer and manage administrative
resources for the EPA. There are nineteen OASIS software modules. Each
module's business purpose is described in the following table:
------------------------------------------------------------------------
OASIS software module Business purpose
------------------------------------------------------------------------
Building Service Desk............. Manage Headquarters building
maintenance and service calls.
Credential Badging................ Generate and manage issuance and
expiration of Credential badges
used to access restricted EPA labs.
Driver Tracking................... Manage EPA Headquarters executive
motor pool fleet of vehicles and
track and report on EPA vehicle
usage trends.
Environmental, Health and Safety.. Track and report environmental,
health and safety regulatory
compliance.
EPA Automotive Statistical Tool Manage EPA's fleet life-cycle data
(AST). such as acquisition costs, vehicle
identification, operating costs,
fuel consumption, and disposal
proceeds.
Federal Real Property Profile Facilitate yearly submission of the
(FRPP). Federal Real Property Profile
(FRPP) data to the General Services
Administration (GSA).
HQ Project Management............. Provide Facility Management Services
Division with the capability to
manage EPA Headquarters facility
projects.
Incident Reporting................ Provide security incident reporting
system for EPA Headquarters.
Mail Center....................... Record and track postal transaction
costs associated with the Agency's
incoming and outgoing mail and
reconcile the costs with the Office
of the Chief Financial Officer
(OCFO) financial system.
National Security Information..... Support EPA Security Management
Division (SMD) in implementing the
agency's national security
information program.
Parking System.................... Manage EPA Headquarters parking
spaces.
Print Request Form................ Provide EPA Headquarters employees
with the capability to submit
document print requests.
Print Request Tracking............ Track and maintain information for
Headquarters Print Job Orders and
manage Print Shop costs associated
with these orders.
PSS1 Archive...................... Provide SMD Physical Security Branch
(PSB) the capability to read legacy
Personnel Security System data.
Real Estate Management............ Manage EPA real property assets.
Transit Management................ Provide Facility Management Services
Divison (FMSD) with the capability
to manage EPA Headquarters employee
Transit Subsidy accounts.
Transit Subsidy Program Enrollment Provide Headquarters employees with
the capability to register and
update their Transit Subsidy
accounts.
USA Performance................... Provide application programming
interface (API) access to the
Office of Personnel Management
(OPM) USA Performance (USAP) System
to maintain performance related
data for EPA employees.
User Management................... Manage user access and roles for
OASIS software modules.
------------------------------------------------------------------------
[[Page 17221]]
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Categories of individuals covered by this system include current
and former Agency federal employee, contractors, grantees, interns, and
volunteers.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include: personal information such as name,
home address, telephone number, workforce ID, work location, position,
date of birth, city of birth, and Social Security Number (SSN); work-
related information such as work address, work telephone number,
organization/office assignment, application role(s), email address, and
company name; personnel security records such as the results of a
background investigation, and information derived from documents used
to verify applicant's identity; security incident related information
such as names, incident date, type, description, contact information,
employment type; physical security information such as building
vulnerabilities, mitigations, costs associated with mitigation, and
risk designation levels at various EPA locations; driver tracking
information such as EPA vehicle license plate numbers, service records,
driver name, trip type, pickup date, and number of passengers utilizing
Agency buses; parking and transit information such as carpool members'
names, addresses, work addresses, license plate numbers, and type of
cars as well as transit subsidy information such as subsidy amount,
possession of a registered Smart Trip card, and serial number of Smart
Trip card if registered; Mail Center Management information used to
track registered mail, including mailing address of the recipient and
sender, name of individual who signed for the piece of mail, date and
time mail was signed for, and costs of postage for each office;
printing information such as name and telephone number of the office
requesting print jobs, the budget associated with the print job, and
completion and delivery of the print job; physical asset information
such as asset name, ID, type, location, address, legal interest,
primary use and disposition; and print request information such as
originator name, work phone number, mail code, title, statistics, data
requested, date submitted, and estimated cost.
RECORD SOURCE CATEGORIES:
Personnel information is obtained from EPA's Office of Human
Resources (OHR). Remaining information is obtained from users and
managers for each OASIS module.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The routine uses below are both related to and compatible with the
original purpose for which the information was collected. The following
general routine uses apply to this system (86 FR 62527): A, B, C, D, E,
F, G, H, I, J, K, L, and M.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained electronically on computer storage devices,
located at U.S. EPA National Computer Center, 109 T.W. Alexander Drive,
Research Triangle Park, NC 27711. Paper records are not collected nor
maintained for OASIS.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Only users authorized to use the National Security Information
(NSI) module can retrieve information by SSN. Other modules require one
or more of the following fields to retrieve records: Name, Work Force
ID, LAN ID, Personnel ID, Email Address, Smart Trip Number, Incident
Number, Business Service Desk (BSD) Ticket Number, Asset ID, or Project
Number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with EPA's
records control schedule approved by the National Archives and Records
Administration (NARA): EPA Record Schedules 0740 and 0063.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Security controls used to protect personal sensitive data in OASIS
are commensurate with those required for an information system rated
MODERATE for confidentiality, integrity, and availability, as
prescribed in National Institute of Standards and Technology (NIST)
Special Publication, 800-53, ``Security and Privacy Controls for
Information Systems and Organizations,'' Revision 5.
1. Administrative Safeguards: All EPA system users are expected to
follow the Agency Rules of Behavior. All employees, contractors,
volunteers, and grantees are required to complete EPA's annual
Information Security and Privacy Awareness Training and Controlled
Unclassified Information (CUI) Awareness Training.
2. Technical Safeguards: Access to OASIS is role-based using the
principle of least privilege. Role-based access ensures that
individuals only have the roles granted to them that are necessary to
complete their job function. These roles could include the ability to
view, create, or modify records. A PIV Credential is used for MFA user
authentication. OASIS data elements are stored in an ORACLE Enterprise
Edition database and uses AES256 bit encryption algorithms to protect
PII data as it resides in the database and when the data is in use by
authenticated users.
3. Physical Safeguards: All OASIS records are maintained on
computer servers that are located in secure, access-controlled
buildings.
RECORD ACCESS PROCEDURES:
All requests for access to personal records should cite the Privacy
Act of 1974 and reference the type of request being made (i.e.,
access). Requests must include: (1) the name and signature of the
individual making the request; (2) the name of the Privacy Act system
of records to which the request relates; (3) a statement whether a
personal inspection of the records or a copy of them by mail is
desired; and (4) proof of identity. A full description of EPA's Privacy
Act procedures for requesting access to records is included in EPA's
Privacy Act regulations at 40 CFR part 16.
CONTESTING RECORD PROCEDURES:
Requests for correction or amendment must include: (1) the name and
signature of the individual making the request; (2) the name of the
Privacy Act system of records to which the request relates; (3) a
description of the information sought to be corrected or amended and
the specific reasons for the correction or amendment; and (4) proof of
identity. A full description of EPA's Privacy Act procedures for the
correction or amendment of a record is included in EPA's Privacy Act
regulations at 40 CFR part 16.
NOTIFICATION PROCEDURES:
Individuals who wish to be informed whether a Privacy Act system of
records maintained by EPA contains any record pertaining to them,
should make a written request to the EPA, Attn: Agency Privacy Officer,
MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, or by email
at: <a href="/cdn-cgi/l/email-protection#5727253e2136342e1732273679303821"><span class="__cf_email__" data-cfemail="5424263d2235372d143124357a333b22">[email protected]</span></a>. A full description of EPA's Privacy Act procedures
is included in EPA's Privacy Act regulations at 40 CFR part 16.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
[[Page 17222]]
HISTORY:
71 FR 51814 (August 31, 2006).
Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2023-05806 Filed 3-21-23; 8:45 am]
BILLING CODE 6560-50-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on March 22, 2023.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.