Privacy Act of 1974; System of Records

Issuing agencies

Abstract

ODNI provides notice of a modified Privacy Act system of records at the NCSC. This notice modifies the system of records ODNI/ NCSC-003, Continuous Evaluation Records. This modified notice is necessary to inform the public of revisions to the notice summary; supplementary information; system management; authority for maintenance of the system; purpose of the system; categories of individuals covered by the system; categories of records in the system; record source categories; routine uses of records maintained in the system; policies and practices for storage of records; policies and practices for retrieval of records; and policies and practices for retention and disposal of records. This modified notice for ODNI/NCSC-003, Continuous Evaluation Records, incorporates requirements established by Executive Order (E.O.) 13467, as amended. These updates to this notice complement efforts of Continuous Vetting (CV), a program under the E.O. which entails reviewing the background of a covered individual at any time to determine whether that individual continues to meet applicable requirements. Continuous Evaluation (CE) was developed to reduce risk by using automated records checks to generate alerts of potential security concerns on an individual between periodic reinvestigations. CV is a more robust approach that builds upon the automated records checks of CE and adds other agency-specific information and investigative activity as necessary.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 125 (Friday, June 28, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 125 (Friday, June 28, 2024)]
[Notices]
[Pages 54077-54082]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-14297]


-----------------------------------------------------------------------

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE


Privacy Act of 1974; System of Records

AGENCY: Office of the Director of National Intelligence (ODNI), 
National Counterintelligence and Security Center (NCSC).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: ODNI provides notice of a modified Privacy Act system of 
records at the NCSC. This notice modifies the system of records ODNI/
NCSC-003, Continuous Evaluation Records. This modified notice is 
necessary to inform the public of revisions to the notice summary; 
supplementary information; system management; authority for maintenance 
of the system; purpose of the system; categories of individuals covered 
by the system; categories of records in the system; record source 
categories; routine uses of records maintained in the system; policies 
and

[[Page 54078]]

practices for storage of records; policies and practices for retrieval 
of records; and policies and practices for retention and disposal of 
records. This modified notice for ODNI/NCSC-003, Continuous Evaluation 
Records, incorporates requirements established by Executive Order 
(E.O.) 13467, as amended. These updates to this notice complement 
efforts of Continuous Vetting (CV), a program under the E.O. which 
entails reviewing the background of a covered individual at any time to 
determine whether that individual continues to meet applicable 
requirements. Continuous Evaluation (CE) was developed to reduce risk 
by using automated records checks to generate alerts of potential 
security concerns on an individual between periodic reinvestigations. 
CV is a more robust approach that builds upon the automated records 
checks of CE and adds other agency-specific information and 
investigative activity as necessary.

DATES: Comments on this proposed modified system of records must be 
submitted by July 25, 2024. This modified System of Records Notice will 
go into effect thirty days after the date of publication in the Federal 
Register, unless changes are required as a result of public comment, 
per OMB A-108, Section 6(e).

ADDRESSES: You may submit comments by any of the following methods:
    Federal eRulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>.
    Mail: Director, Information Management Office, Chief Operating 
Officer, Office of the Director of National Intelligence (ODNI), 
Washington, DC 20511.

FOR FURTHER INFORMATION CONTACT: Rebecca J. Richards, Civil Liberties 
Protection Officer, Office of the Director of National Intelligence, 
(301) 243-0210, at the addresses provided above.

SUPPLEMENTARY INFORMATION: Updates to ODNI/NCSC-003, Continuous 
Evaluation Records, include (1) expanding the population of individuals 
covered by the system to encompass all covered individuals as defined 
by E.O. 13467, as amended; (2) adding personnel vetting surveys as a 
data source for enrollees; and (3) adding a new routine use for 
disclosure of records for oversight purposes to the Suitability and 
Credentialing Executive Agent programs, or successor programs, in the 
Office of Personnel Management. This SORN also includes select routine 
uses published in the ODNI rule implementing the Privacy Act subpart C 
of ODNI's Privacy Act Regulation published at 32 CFR part 1701 (73 FR 
16531, 16541).
    E.O. 13467, as amended, requires all covered individuals to be 
subject to CV under standards as determined by the Security Executive 
Agent and the Suitability and Credentialing Executive Agent. The E.O. 
also requires alignment using consistent standards, to the extent 
possible, of executive branch vetting policies and procedures relating 
to (1) eligibility for access to classified information; (2) 
eligibility to hold a sensitive position; (3) suitability; (4) 
contractor or Federal employee fitness; and (5) authorization to be 
issued a Federal credential for access to federally controlled 
facilities and information systems.
    Previously, the categories of individuals covered by the system 
only included executive branch employees, detailees, contractors, and 
other sponsored individuals determined to be eligible for access to 
classified information; eligible to hold a sensitive position; and 
applicants seeking employment with the executive branch in a position 
that requires a determination of eligibility for access to classified 
information or to hold a sensitive position. Individuals who held or 
applied for non-sensitive positions in the executive branch completed 
an initial vetting process and were subject to periodic 
reinvestigations, where applicable, but did not undergo CV. With the 
issuance of this SORN revision, the category of individuals covered by 
ODNI/NCSC-003, Continuous Evaluation Records, has been expanded to 
include individuals who hold or who applied for non-sensitive positions 
in the executive branch.
    E.O. 13467, as amended, defines covered individual as ``a person 
who performs, or who seeks to perform, work for or on behalf of the 
executive branch (e.g., Federal employee, military member, or 
contractor), or otherwise interacts with the executive branch such that 
the individual must undergo vetting, but does not include: (i) the 
President or (except to the extent otherwise directed by the President) 
employees of the President under section 105 or 107 of Title 3, United 
States Code; or (ii) the Vice President or (except to the extent 
otherwise directed by the Vice President) employees of the Vice 
President under section 106 of Title 3 or annual legislative branch 
appropriations acts.'' The inclusion of all covered individuals, as 
defined by E.O. 13467, as amended, in the category of individuals 
covered by ODNI/NCSC-003, Continuous Evaluation Records, permits the 
use of automated records checks available through the system to fulfill 
the requirements of CV established by the Federal Personnel Vetting 
Investigative Standards. Additionally, the inclusion of all covered 
individuals, as defined by E.O. 13467, as amended, in the category of 
individuals covered by the system enhances national security, promotes 
greater mobility amongst the trusted workforce, and ensures department 
and agency (D/A) compliance with applicable laws and vetting-related 
policies.
    ODNI/NCSC-003, Continuous Evaluation Records, retains the covered 
individual's enrollment information, which includes personal 
identifiers provided by the subscribing agency to facilitate ongoing 
automated records checks for enrollees, as well as other personnel 
vetting status information, previous investigative products, and 
records documenting suitability evaluations and decisions. This revised 
notice adds as a records source personnel vetting surveys required by 
the Federal Personnel Vetting Investigative Standards. Applicants do 
not complete a personnel vetting survey. Personnel vetting surveys are 
periodic information collections from the covered individual and his/
her supervisor(s) to inform ongoing consideration of potential risk, 
promote timely detection of behaviors of concern, and address potential 
issues or provide assistance before risks escalate. Employment 
applicants receive one-time checks of security-relevant information, 
are not enrolled for ongoing record checks, and personal identifiers 
and records returned for applicants are retained in the system only for 
the duration of their initial vetting. Records of applicants who are 
not hired will not be kept beyond the initial vetting process. Records 
returned from checks for any enrollee will be retained in accordance 
with an approved record control schedule. Data necessary to implement 
business rules, to perform program assessments, and to satisfy auditing 
requirements will be retained. D/As using ODNI/NCSC-003, Continuous 
Evaluations Records, must adhere to the principles articulated in the 
Federal Personnel Vetting Guidelines, the Federal Personnel Vetting 
Investigative Standards, subsequent implementation guidance, Security 
Executive Agent Issuances (when applicable), and other policy 
issuances. The modified routine uses will be effective 30 days after 
publication, unless they need to be changed as a result of public 
comment, per OMB A-108, Section 6(e).
    The system provides the technical capability to conduct automated 
record checks pursuant to the National

[[Page 54079]]

Security Act of 1947, as amended; The National Defense Authorization 
Act for Fiscal Year 2018, section 925, Public Law 115-91; 5 U.S.C. 
11001 (Enhanced Personnel Security Programs); 5 U.S.C. 1104 (Delegation 
of Authority for Personnel Management); 5 U.S.C. 3301 (Civil Service; 
Generally); Executive Order 10577, as amended (Amending the Civil 
Service Rules and Authorizing a New Appointment System for the 
Competitive Service); Executive Order 12333, as amended (United States 
Intelligence Activities); Executive Order 12968, as amended (Access to 
Classified Information); Executive Order 13467, as amended, (Reforming 
Processes Related to Suitability for Government Employment, Fitness for 
Contractor Employees, and Eligibility for Access to Classified National 
Security Information); Executive Order 13764 (Amending the Civil 
Service Rules, Executive Order 13488, and Executive Order 13467 to 
Modernize the Executive Branch-Wide Governance Structure and Processes 
for Security Clearances, Suitability and Fitness for Employment, and 
Credentialing, and Related Matters); Executive Order 13488, as amended 
(Granting Reciprocity on Excepted Service and Federal Contractor 
Employee Fitness and Reinvestigating Individuals in Positions of Public 
Trust); and Executive Order 13869 (Transferring Responsibility for 
Background Investigations to the Department of Defense).
    To protect classified and sensitive personnel or law enforcement 
information covered by this system of records, the Director of National 
Intelligence (DNI) has exempted this system from certain requirements 
of the Privacy Act where necessary, as permitted by law. By previously 
established rule, the DNI may exempt records contained in this system 
of records from the requirements of subsections (c)(3), (d)(1), (d)(2), 
(d)(3), (d)(4), (e)(1), (e)(4)(G), (H), (I), and (f) of the Privacy Act 
pursuant to 5 U.S.C. 552a(k)(1), (k)(2) and (k)(5). Additionally, the 
DNI may exercise derivative exemption authority by preserving the 
exempt status of records received from providing agencies when the 
reason for exemption remains valid. See 32 CFR part 1701.20(a)(2) (73 
FR 16531, 16537).

SYSTEM NAME AND NUMBER:
    ODNI/NCSC-003, Continuous Evaluation Records.

SECURITY CLASSIFICATION:
    The classification of records in this system ranges from 
UNCLASSIFIED to TOP SECRET.

SYSTEM LOCATION:
    Office of the Director of National Intelligence (ODNI), National 
Counterintelligence and Security Center (NCSC), Washington, DC 20511.

SYSTEM MANAGER(S):
    Assistant Director, Mission Capabilities Directorate, ODNI/NCSC, 
Washington, DC 20511.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Intelligence Reform and Terrorism Prevention Act of 2004, 
Public Law 108-458, 118 Stat. 3638; the National Security Act of 1947, 
50 U.S.C. 3023 et seq., as amended; the Counterintelligence Enhancement 
Act of 2002, 50 U.S.C. 3382, as amended; 5 U.S.C. 1104; 5 U.S.C. 3301; 
5 U.S.C 11001; The National Defense Authorization Act for Fiscal Year 
2018, Section 925, Public Law 115-91; Executive Order 10577, as 
amended; Executive Order 12333, as amended; Executive Order 12968, as 
amended; Executive Order 13467, as amended; Executive Order 13549; 
Executive Order 13764; Executive Order 13488, as amended; and Executive 
Order 13869.

PURPOSE(S) OF THE SYSTEM:
    Records in this system of records are collected for the purpose of 
performing initial vetting of applicants and continuous vetting of 
enrollees. Vetting is accomplished by electronically comparing an 
individual's identifying data against U.S. Government databases (e.g., 
financial, law enforcement, terrorism, foreign travel, and clearance 
status) and commercial public records databases (e.g., civil, criminal, 
and tax information), as well as reviewing credit bureau data (e.g., 
credit reports) and background investigative records collected as part 
of personnel vetting (e.g., personnel vetting surveys). These 
comparisons and reviews serve to identify personnel vetting-relevant 
conduct, practices, activities, or incidents that personnel vetting 
officials use to evaluate an employment applicant's initial and an 
enrollee's continued eligibility to perform work for or on behalf of 
the executive branch. Evaluations by personnel vetting officials 
include determinations of suitability for Federal government 
employment; eligibility for logical and physical access to facilities 
and networks; eligibility for access to classified information; 
eligibility to hold a sensitive position; and fitness to perform work 
for or on behalf of the Federal government as a contractor employee.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include ``covered individuals'' 
as defined in E.O. 13467, as amended. A covered individual is ``a 
person who performs, or who seeks to perform, work for or on behalf of 
the executive branch (e.g., Federal employee, military member, or 
contractor), or otherwise interacts with the executive branch such that 
the individual must undergo vetting, but does not include: (i) the 
President or (except to the extent otherwise directed by the President) 
employees of the President under section 105 or 107 of Title 3, United 
States Code; or (ii) the Vice President or (except to the extent 
otherwise directed by the Vice President) employees of the Vice 
President under section 106 of Title 3 or annual legislative branch 
appropriations acts.''

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains: (i) Biographic enrollment data including 
name, date and place of birth, Social Security number, gender, current 
address, other first or last names, prior address(es), personal email 
address(es), personal phone numbers, passport information, employment 
type (contractor/government) or other status, and; (ii) data returned 
from or about the automated record checks conducted against current 
clearance status information and against financial, law enforcement, 
credit, terrorism, foreign travel, and commercial databases; and (iii) 
personnel vetting surveys as required by CV.

RECORD SOURCE CATEGORIES:
    Record source categories include department and agency enrollment 
information about covered individuals under E.O. 13467, as amended; 
government-owned databases; credit and commercial entities; and 
providers of aggregated public source data.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, as amended, these records may 
specifically be disclosed outside ODNI as a routine use pursuant to 5 
U.S.C. 552a(b)(3) and in accordance with the following routine uses, 
including select routine uses published in the ODNI rule implementing 
the Privacy Act Subpart C of ODNI's Privacy Act Regulation published at 
32 CFR part 1701 (73 FR 16531, 16541):
    (a) Except as noted on Standard Forms 85, 85P and 86 or the 
successor

[[Page 54080]]

personnel vetting questionnaire and supplemental forms thereto 
(questionnaires for employment within the Federal government), a record 
that on its face or in conjunction with other information indicates or 
relates to a violation or potential violation of law, whether civil, 
criminal, administrative, or regulatory in nature, and whether arising 
by general statute, particular program statute, regulation, rule, or 
order issued pursuant thereto, may be disclosed as a routine use to an 
appropriate federal, state, territorial, tribal, local law enforcement 
authority, foreign government, or international law enforcement 
authority, or to an appropriate regulatory body charged with 
investigating, enforcing, or prosecuting such violations.
    (b) A record from a system of records maintained by ODNI may be 
disclosed as a routine use, subject to appropriate protections for 
further disclosure, in the course of presenting information or evidence 
to an administrative law judge or to the presiding official of an 
administrative board, panel or other administrative body.
    (c) A record from a system of records maintained by ODNI may be 
disclosed as a routine use to representatives of the Department of 
Justice or any other entity responsible for representing the interests 
of ODNI in connection with potential or actual civil, criminal, 
administrative, judicial or legislative proceedings or hearings, for 
the purpose of representing or providing advice to: (1) ODNI, or any 
component thereof; (2) any employee of ODNI in his or her official 
capacity; (3) any employee of ODNI in his or her individual capacity 
where the employee has submitted a request for representation by the 
United States or for reimbursement of expenses associated with 
retaining counsel, or; (4) the United States or another Federal agency, 
when the United States or the agency is a party to such proceeding and 
the record is relevant and necessary to such proceeding; provided, 
however, that in each case, the agency determines that disclosure of 
the records to the Department of Justice is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    (d) A record from this system of records may be disclosed as a 
routine use in a proceeding before a court, magistrate, special master, 
or adjudicative body when any of the following is a party to litigation 
or has an interest in such litigation, and ODNI, Office of General 
Counsel, determines that use of such records is relevant and necessary 
to the litigation: ODNI; any staff of ODNI in his or her official 
capacity; any staff of ODNI in his or her individual capacity where the 
Department of Justice has agreed to represent the staff or has agreed 
to provide counsel at government expense; or the United States or 
another D/A, where ODNI, Office of General Counsel, determines that 
litigation is likely to affect ODNI.
    (e) A record from this system of records may be disclosed as a 
routine use to representatives of the Department of Justice and other 
U.S. Government entities, to the extent necessary to obtain advice on 
any matter within the official responsibilities of such representatives 
and the responsibilities of ODNI.
    (f) A record from this system of records may be disclosed as a 
routine use to a Federal, state or local agency or other appropriate 
entities or individuals from which/whom information may be sought 
relevant to: a decision concerning the hiring or retention of an 
employee or other personnel action; the issuing or retention of a 
security clearance or special access, contract, grant, license, or 
other benefit; or the conduct of an authorized investigation or 
inquiry, to the extent necessary to identify the individual, inform the 
source of the nature and purpose of the inquiry, and identify the type 
of information requested.
    (g) A record from this system of records may be disclosed as a 
routine use to any Federal, state, local, tribal or other public 
authority, or to a legitimate agency of a foreign government or 
international authority to the extent the record is relevant and 
necessary to the other entity's decision regarding the hiring or 
retention of an employee or other personnel action; the issuing or 
retention of a security clearance or special access, contract, grant, 
license, or other benefit; or the conduct of an authorized inquiry or 
investigation.
    (h) A record from this system of records may be disclosed to the 
Office of Management and Budget in connection with the review of 
private relief legislation, as set forth in Office of Management and 
Budget Circular No. A-19, at any stage of the legislative coordination 
and clearance process as set forth in the Circular.
    (i) A record from this system of records may be disclosed as a 
routine use to any agency, organization, or individual for authorized 
audit operations, and for meeting related reporting requirements, 
including disclosure to the National Archives and Records 
Administration for records management inspections and such other 
purposes conducted under the authority of 44 U.S.C. 2904 and 2906, or 
successor provisions.
    (j) A record from this system of records may be disclosed as a 
routine use pursuant to Executive Order to the President's Foreign 
Intelligence Advisory Board, the President's Intelligence Oversight 
Board, to any successor organizations, and to any intelligence 
oversight entity established by the President, when the Office of the 
General Counsel or the Office of the Inspector General determines that 
disclosure will assist such entities in performing their oversight 
functions and that such disclosure is otherwise lawful.
    (k) A record from this system of records may be disclosed as a 
routine use to contractors, grantees, experts, consultants, or others 
when access to the record is necessary to perform the function or 
service for which they have been engaged by ODNI.
    (l) A record from this system of records may be disclosed as a 
routine use to legitimate foreign, international, or multinational 
security, investigatory, law enforcement or administrative authorities 
in order to comply with requirements imposed by, or to claim rights 
conferred in, formal agreements and arrangements to include those 
regulating the stationing and status in foreign countries of Department 
of Defense military and civilian personnel.
    (m) A record from this system of records may be disclosed as a 
routine use to any Federal D/A when documents or other information 
obtained from that D/A are used in compiling the record and the record 
is relevant to the official responsibilities of that D/A, provided that 
disclosure of the recompiled or enhanced record to the source agency is 
otherwise authorized and lawful.
    (n) A record from this system of records may be disclosed as a 
routine use to appropriate agencies, entities, and persons when: the 
security or confidentiality of information in the system of records has 
or may have been compromised; and the comprise may result in economic 
or material harmto individuals (e.g., identify theft or fraud) or harm 
to the security or integrity of the affected information or information 
technology systemsor programs(whether or not belonging to ODNI) they 
rely upon the compromised information; and disclosure is necessary to 
enable ODNI to address te cause(s) of the compromise and to prevent, 
minimize, or remedy potential harm resulting from the compromise.
    (o) A record from this system of records may be disclosed as a 
routine use for the purpose of conducting or supporting authorized

[[Page 54081]]

counterintelligence activities as defined by section 3003(3) of the 
National Security Act of 1947, as amended, to elements of the 
Intelligence Community, as defined by section 3003(4) of the National 
Security Act of 1947, as amended; to the head of any Federal D/A; and 
to selected counterintelligence officers within the Federal government.
    (p) A record from this system of records may be disclosed as a 
routine use to a Federal, state, local, tribal, territorial, foreign, 
or multinational government agency or entity, or to other authorized 
entities or individuals, but only if such disclosure is undertaken in 
furtherance of responsibilities conferred by, and in a manner 
consistent with, the National Security Act of 1947, as amended; the 
Counterintelligence Enhancement Act of 2002, as amended; Executive 
Order 12333 or any successor order together with its implementing 
procedures approved by the Attorney General; and other provisions of 
law, Executive Order or directive relating to national intelligence or 
otherwise applicable to ODNI. This routine use is not intended to 
supplant the other routine uses published by ODNI.
    (q) A record from this system of records may be disclosed as a 
routine use to any Federal D/A that has provided enrollment data for 
employees or applicants to ODNI for purposes of conducting personnel 
vetting when records obtained by ODNI are relevant to the subscribing 
D/A's adjudication of the covered individual's eligibility to perform 
work for or on behalf of the executive branch.
    (r) A record from this system of records may be disclosed as a 
routine use to appropriate agencies, entities, and persons when: (1) 
ODNI suspects or has confirmed that there has been a breach of the 
system of records; (2) ODNI has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
ODNI (including its information systems, programs, and operations), the 
federal government, or national security, and; (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Department's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (s) A record from this system of records may be disclosed as a 
routine use to another Federal agency or Federal entity, when ODNI 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk ofharm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (t) A record from this system of records may be disclosed for 
oversight purposes as a routine use to the Suitability and 
Credentialing Executive Agent programs, or successor programs, in the 
Office of Personnel Management. Records disclosed pursuant to this 
routine use must be narrowly focused to encompass only information 
pertaining to automated records checks in support of authorized 
Investigative Service Providers conducting personnel vetting 
activities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records are stored in secure fileservers located in 
government-managed facilities on secure private cloud-based systems 
that are connected only to a government network. Paper records are 
stored in secured areas of facilities within the control of the federal 
government.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records in this system are retrieved by name, Social Security 
number, or other unique identifier. Information may be retrieved from 
this system of records by automated capabilities used in the normal 
course of business. All searches of this system of records are 
performed by authorized executive branch vetting personnel.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Pursuant to 44 U.S.C. 3303a(d) and 36 CFR chapter 12, subchapter 
B--Records Management, records in ODNI/NCSC-003, Continuous Evaluation 
Records are covered by the National Archives and Records Administration 
(NARA) General Records Schedule (GRS) 5.6, Security Records. All 
records in ODNI/NCSC-003, Continuous Evaluation Records will be 
retained and disposed of according to the applicable NARA GRS 
provisions. Personal identifiers and records returned for applicants 
are retained in the system for the duration of their initial vetting. 
Biographic data and data about protecting and accessing information 
will be retained consistent with the Privacy Act of 1974, 5 U.S.C. 
552a, and GRS 4.2, Information Access and Protection Records. Records 
about security data and information systems are listed in GRS 3.2, 
Information Systems Security Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information in this system is safeguarded in accordance with 
recommended and/or prescribed administrative, physical, and technical 
safeguards. Records are maintained in secure government-managed 
facilities with access limited to authorized personnel. Physical 
security protections include guards and locked facilities requiring 
badges and passwords for access.
    Records are accessed only by current government-authorized 
personnel whose official duties require access to the records. 
Electronic authorization and authentication of users is required at all 
points before any system information can be accessed. Communications 
are encrypted where required and other safeguards are in place to 
monitor and audit access, and to detect intrusions. System backup is 
maintained separately.

RECORD ACCESS PROCEDURES:
    As specified below, records in this system have been exempted from 
certain notification, access, and amendment procedures. A request for 
access shall be made in writing with the envelope and letter clearly 
marked ``Privacy Act Request.'' Requesters shall provide their full 
name and complete address. The requester must sign the request and have 
it verified by a notary public. Alternately, the request may be 
submitted under 28 U.S.C. 1746, certifying the requester's identity and 
understanding that obtaining a record under false pretenses constitutes 
a criminal offense. Requests for access to information must be 
addressed to the Director, Information Management Office, Chief 
Operating Officer, Office of the Director of National Intelligence, 
Washington, DC 20511. Regulations governing access to one's records or 
for appealing an initial determination concerning access to records are 
contained in the ODNI regulation implementing the Privacy Act, 32 CFR 
part 1701 (73 FR 16531).

CONTESTING RECORD PROCEDURES:
    As specified below, records in this system are exempt from certain 
notification, access, and amendment procedures. Individuals seeking to 
correct or amend non-exempt records should address their requests to 
ODNI at the address and according to the requirements set forth above 
under the heading ``Record Access Procedures.'' Regulations governing 
access to and amendment of one's records or for appealing an initial 
determination concerning access or amendment of

[[Page 54082]]

records are contained in the ODNI regulation implementing the Privacy 
Act, 32 CFR part 1701 (73 FR 16531).

NOTIFICATION PROCEDURES:
    As specified below, records in this system are exempt from certain 
notification, access, and amendment procedures. Individuals seeking to 
learn whether this system contains non- exempt information about them 
should address inquiries to ODNI at the address and according to the 
requirements set forth above under the heading ``Record Access 
Procedures.''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Privacy Act authorizes ODNI to exempt records contained in this 
system of records from the requirements of subsections (c)(3), (d)(1), 
(d)(2), (d)(3), (d)(4), (e)(1), (e)(4)(G), (H), (I), and (f) of the 
Privacy Act pursuant to 5 U.S.C. 552a(k)(1), (k)(2) and (k)(5). In 
addition, pursuant to published rule, ODNI may derivatively exempt 
records from other agencies in this system from the requirements of the 
subsections listed above, as well as subsections (c)(4), (e)(2), 
(e)(3), (e)(5), (e)(8), (e)(12), and (g) of the Privacy Act consistent 
with any exemptions claimed under 5 U.S.C. 552a(j) or (k) by the 
originator of the record, provided the reason for the exemption remains 
valid and necessary.

HISTORY:
    This is a revision to an existing ODNI/NCSC system of records, 
ODNI/NCSC-003, Continuous Evaluation Records, 86 FR 61325 (Nov. 05, 
2021). In accordance with 5 U.S.C. 552(r), ODNI has provided a report 
of this revision to the Office of Management and Budget and to 
Congress.

    Dated: June 24, 2024.
Rebecca (``Becky'') Richards,
Civil Liberties Protection Officer, Office of the Director of National 
Intelligence.
[FR Doc. 2024-14297 Filed 6-27-24; 8:45 am]
BILLING CODE 9500-01-P


</pre></body>
</html>