Privacy Act of 1974; System of Records

Issuing agencies

Abstract

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO) and Infrastructure and Operations (IOO) is issuing a public notice of its intent to establish a Privacy Act System of Records Notice (SORN) titled "ServiceNow (SerNow)." ServiceNow (SerNow) includes core components and related modules that work together to support key HUD operations. It facilitates helpdesk operations, Information Technology (IT) management, software and asset tracking, facilities management operations, Human Resources activities, and limited financial planning functions. HUD utilizes multiple ServiceNow instances, with distinct environments tailored to specific purposes such as development, testing, and production, each of which maintains detailed information regarding users and network objects. This structure makes it easier for employees to efficiently locate and utilize required resources while ensuring system integrity across operations. ServiceNow collects and processes information from users either through submitted forms, internal workflows, or integrated systems via structured data repositories. The information maintained within ServiceNow is sourced from HUD systems such as Active Directory (AD)/LAN File Server (LFS), and Digital Identity and Access Management System (DIAMS).

Full Text

<html>
<head>
<title>Federal Register, Volume 91 Issue 65 (Monday, April 6, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 65 (Monday, April 6, 2026)]
[Notices]
[Pages 17292-17295]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-06607]


-----------------------------------------------------------------------

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

[Docket No. FR-7106-N-14]


Privacy Act of 1974; System of Records

AGENCY: Office of Chief Information Officer (OCIO), and Infrastructure 
and Operations (IOO), HUD.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of Housing and Urban Development (HUD), Office 
of Chief Information Officer (OCIO) and Infrastructure and Operations 
(IOO) is issuing a public notice of its intent to establish a Privacy 
Act System of Records Notice (SORN) titled ``ServiceNow (SerNow).''
    ServiceNow (SerNow) includes core components and related modules 
that work together to support key HUD operations. It facilitates 
helpdesk operations, Information Technology (IT) management, software 
and asset tracking, facilities management operations, Human Resources 
activities, and limited financial planning functions. HUD utilizes 
multiple ServiceNow instances, with distinct environments tailored to 
specific purposes such as development, testing, and production, each of 
which maintains detailed information regarding users and network 
objects. This structure makes it easier for employees to efficiently 
locate and utilize required resources while ensuring system integrity 
across operations. ServiceNow collects and processes information from 
users either through submitted forms, internal workflows, or integrated 
systems via structured data repositories. The information maintained 
within ServiceNow is sourced from HUD systems such as Active Directory 
(AD)/LAN File Server (LFS), and Digital

[[Page 17293]]

Identity and Access Management System (DIAMS).

DATES: Comments will be accepted on or before May 6, 2026. This 
proposed action will be effective on the date following the end of the 
comment period unless comments are received which result in a contrary 
determination.

ADDRESSES: You may submit comments identified by docket number or by 
one of the following methods:
    Federal e-Rulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. Follow the 
instructions provided on that site to submit comments electronically.
    Fax: 202-619-8365.
    Email: <a href="/cdn-cgi/l/email-protection#3343415a4552504a735b46571d545c45"><span class="__cf_email__" data-cfemail="7d0d0f140b1c1e043d150819531a120b">[email&#160;protected]</span></a>.
    Mail: Attention: Privacy Office; Shalanda Capehart, Acting Chief 
Privacy Officer; The Executive Secretariat; 451 7th Street SW, Room 
10139; Washington, DC 20410-0001.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to <a href="http://www.regulations.gov">http://www.regulations.gov</a> including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received go to <a href="http://www.regulations.gov">http://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: Shalanda Capehart; 451 7th Street SW, 
Room 10139; Washington, DC 20410-0001; telephone number (202) 402-5085 
(this is not a toll-free number). HUD welcomes and is prepared to 
receive calls from individuals who are deaf or hard of hearing, as well 
as individuals with speech or communication disabilities. To learn more 
about how to make an accessible telephone call, please visit <a href="https://www.fcc.gov/consumers/guides/telecommunications-relay-service-trs">https://www.fcc.gov/consumers/guides/telecommunications-relay-service-trs</a>.

SUPPLEMENTARY INFORMATION: The Department of Housing and Urban 
Development (HUD), Office of Chief Information Officer (OCIO), and 
Infrastructure and Operations (IOO), uses the ServiceNow Software as a 
Service (SaaS) Platform to streamline operations and centralize data 
management. ServiceNow helps HUD manage its data and services in one 
central system, and it's built around a tool called the Configuration 
Management Database (CMDB). This database stores important records 
about users, facilities, and shared resources like meeting rooms, 
servers, computers, printers, and accounts used to log in. The 
ServiceNow platform simplifies account management and integrates with 
HUD's existing technology to allow secure sign-ins using Personal 
Identity Verification (PIV) cards. It follows a clear management 
structure to help HUD keep track of network tools, protect user data, 
and keep systems working the same way across the agency. All ServiceNow 
programs use the CMDB within HUD's core platform. The system also 
includes specialized financial management tools, called Proven Optics, 
that help manage costs, optimize resources, and improve operational 
efficiency. These tools run in a secure government community cloud 
environment (GCC) and meet strict federal rules for safety and privacy. 
HUD's main goals in using ServiceNow are to reduce costs, eliminate 
manual processes, and improve productivity through automated workflows.
SYSTEM NAME AND NUMBER:
    ServiceNow (SerNow), HUD/OCIO-04.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at the following locations: HUD 
Headquarters, 451 7th Street SW, Washington, DC 20410-0001, and Bowhead 
UIC Government Services, LLC, 6564 Loisdale Court, Suite 900 
Springfield, VA 22150-1812.

SYSTEM MANAGER(S):
    George Hurley, Infrastructure and Operations (IOO), HUD HQ, 451 7th 
Street SW, Washington, DC 20410-0001; telephone (202) 475-8662.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Information Technology Management Reform Act of 1996 (Pub. L. 
104-106, 40 U.S.C. 11101 et seq.); E-Government Act (Pub. L. 107-347, 
sec. 203, 44 U.S.C. 3501 note); Federal Information Security Management 
Act, as amended (Pub. L. 107-347, 44 U.S.C. 3554); Paperwork Reduction 
Act of 1995 (Pub. L. 104-13, 44 U.S.C. 3501 et seq.); Government 
Paperwork Elimination Act (Pub. L. 105-277, Title XVII, 44 U.S.C. 
3504); Homeland Security Presidential Directive 12 (HSPD-12), Policy 
for a Common Identification Standard for Federal Employees and 
Contractors, August 27, 2004; OMB Circular No. A-130, Managing 
Information as a Strategic Resource (7/28/2016); OMB Memo M-05-24, and 
Executive Order 13636--Improving Critical Infrastructure Cyber Security 
(February 12, 2013); Department of Housing and Urban Development Act of 
1965, Section 7(d) (Pub. L. 89-174, 42 U.S.C. 3535(d)--``Administrative 
provisions''); and 5 U.S.C. 3301--``Civil service; generally''.

PURPOSES OF THE SYSTEM:
    The purpose of ServiceNow is to help HUD employees efficiently 
track and manage all service requests for help from start to finish. 
The system serves as the central repository for HUD policies, 
procedures, and frequently asked questions (FAQs), empowering employees 
to quickly find answers independently. It also provides a digital 
foundation that supports HUD's internal systems across the agency, 
streamlining operations through automated workflows and replacing 
manual processes. ServiceNow's functions as a centralized platform for 
managing HUD assets, giving administrators and employees easy access to 
critical tools and information, reducing mistakes, and enhancing 
productivity.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current HUD employees and contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Full Name, Phone Number, Email address, User Verification PIN, 
Device Identifier, internet Protocol (IP)/Media Access Control (MAC) 
Address of assigned Device Identifier (if applicable), Work Address, 
Home Address, Employee Identification Number and Employment Status/
History.

RECORD SOURCE CATEGORIES:
    Individuals, Digital Identity and Access Management System (DIAMS), 
and Active Directory (AD)/LAN File Server (LFS).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    (1) To a congressional office from the record of an individual in 
response to an inquiry from the congressional office made at the 
request of that individual.
    (2) To contractors, grantees, experts, consultants, and their 
agents, or others performing or working under a contract, service, 
grant, cooperative agreement, or other agreement with HUD or under 
contract to another agency when necessary to accomplish an agency 
function related to a system of records. Disclosure requirements are 
limited to only those data elements considered relevant to 
accomplishing an agency function.
    (3) To appropriate agencies, entities, and persons when: (1) HUD 
suspects or has confirmed that there has been a

[[Page 17294]]

breach of the system of records; (2) HUD has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HUD (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) The 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HUD's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (4) To another Federal agency or Federal entity, when HUD 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    (5) To appropriate Federal, State, local, tribal, or governmental 
agencies or multilateral governmental organizations responsible for 
investigating or prosecuting the violations of, or for enforcing or 
implementing, a statute, rule, regulation, order, or license where HUD 
determines that the information would assist in the enforcement of 
civil or criminal laws and when such records, either alone or in 
conjunction with other information, indicate a violation or potential 
violation of law.
    (6) To a court, magistrate, administrative tribunal, or arbitrator 
while presenting evidence, including disclosures to opposing counsel or 
witnesses during civil discovery, litigation, mediation, or settlement 
negotiations; or in connection with criminal law proceedings; when HUD 
determines that use of such records is relevant and necessary to the 
litigation and when any of the following is a party to the litigation 
or have an interest in such litigation: (1) HUD, or any component 
thereof; or (2) any HUD employee in his or her official capacity; or 
(3) any HUD employee in his or her individual capacity where HUD has 
agreed to represent the employee; or (4) the United States, or any 
agency thereof, where HUD determines that litigation is likely to 
affect HUD or any of its components.
    (7) To any component of the Department of Justice or other Federal 
agency conducting litigation or in proceedings before any court, 
adjudicative, or administrative body, when HUD determines that the use 
of such records is relevant and necessary to the litigation and when 
any of the following is a party to the litigation or have an interest 
in such litigation: (1) HUD, or any component thereof; or (2) any HUD 
employee in his or her official capacity; or (3) any HUD employee in 
his or her individual capacity where the Department of Justice or 
agency conducting the litigation has agreed to represent the employee; 
or (4) the United States, or any agency thereof, where HUD determines 
that litigation is likely to affect HUD or any of its components.
    (8) To officials of labor organizations recognized under the Civil 
Service Reform Act when relevant and necessary to their duties of 
exclusive representation concerning personnel policies, practices, and 
matters affecting work conditions.
    (9) To the Office of Personnel Management (OPM), the Merit Systems 
Protection Board (and its office of the Special Counsel), the Federal 
Labor Relations Authority (and its General Counsel), or the Equal 
Employment Opportunity Commission when requested in performance of 
their authorized duties of exclusive representation concerning 
personnel policies, practices, and matters affecting work conditions.
    (10) To the National Archives and Records Administration, Office of 
Government Information Services (OGIS), to the extent necessary to 
fulfill its responsibilities in 5 U.S.C. 552(h), to review 
administrative agency policies, procedures and compliance with the 
Freedom of Information Act (FOIA), and to facilitate OGIS' offering of 
mediation services to resolve disputes between persons making FOIA 
requests and administrative agencies.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Full Name, Email Address, and Employee Identification Number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Under General Records Schedule 3.2, System Access Records, items 
030 and 031. Item 030 applies to systems not requiring special 
accountability for access. Item 030 records can be destroyed when the 
business use ceases. Item 031 applies to systems requiring special 
accountability for access. Item 031 requires records to be destroyed/
deleted 6 years after the user account is terminated or password is 
altered, or when no longer required for business us, whichever is 
later. Backup and Recovery digital media will be destroyed or otherwise 
rendered irrecoverable per NIST SP 800-88, Rev. 1 ``Guidelines for 
Media Sanitization'' (December 2014). The records used within the 
budgeting application are ``temporary'' and their destroy clauses are 
listed in the following disposition instructions: General Record 
Schedule (GRS) 1.3: Budgeting Records. The records used for facilities 
management are ``temporary'' and their destroy clauses are listed in 
the following disposition instructions: General Record Schedule (GRS) 
5.4 Facility, Equipment, Vehicle, Property, and Supply Records. The 
records for the IT Service Desk and IT Asset Management modules are 
``temporary'' and their destroy clauses are listed in the following 
disposition instructions: General Record Schedule (GRS) 3.1 General 
Technology Management Records and General Record Schedule (GRS) 5.8 
Administrative Help Desk Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    For Electronic Records: Comprehensive electronic records are 
maintained and stored in an electronic encryption database system. 
These records can only be accessed based on the user's rights and 
privileges to the system. Electronic records are stored in the 
``ServiceNow Enterprise'' environment on the department's network 
(HUD). This environment complies with the security and privacy controls 
and procedures as described in the Federal Information Security 
Management Act (FISMA), National Institute of Standards and Technology 
(NIST) Special Publications, and Federal Information Processing 
Standards (FIPS). A valid HSPD-12 ID Credential, access to HUD's LAN, a 
valid User ID and Password, and a Personalized Identification Number 
(PIN) are required to access the HR Service Delivery, ServiceNow 
system. These records are restricted to only those stakeholders needing 
to access the system to perform their official duties.
    For Electronic Records (cloud-based): Comprehensive electronic 
records are secured and maintained on a cloud-based software server and 
operating system that resides in the Federal Risk and Authorization 
Management Program (FedRAMP) and Federal Information Security 
Management Act (FISMA) Moderate dedicated hosting environment. All data 
in the cloud-based server is firewalled and encrypted at rest and in 
transit. PII is secured in cipher locks, combination locks, key cards, 
security guards, closed circuit TV

[[Page 17295]]

and safes. Identification badges are required to ensure the records are 
not accessed and strict access controls are governed for electronic 
records using a user ID and password that require multi-factor 
authentication before access is granted to ServiceNow. The security 
mechanisms for handing data at rest and in transit are in accordance 
with HUD encryption standards.

RECORD ACCESS PROCEDURES:
    Individuals requesting records of themselves should address written 
inquiries to the Department of Housing Urban and Development 451 7th 
Street SW, Washington, DC 20410-0001. For verification, individuals 
should provide their full name, current address, and telephone number. 
In addition, the requester must provide either a notarized statement or 
an unsworn declaration made under 24 CFR 16.4.

CONTESTING RECORD PROCEDURES:
    The HUD rule for contesting the content of any record pertaining to 
the individual by the individual concerned is published in 24 CFR 16.8 
or may be obtained from the system manager.

NOTIFICATION PROCEDURES:
    Individuals requesting notification of records of themselves should 
address written inquiries to the Department of Housing Urban 
Development, 451 7th Street SW, Washington, DC 20410-0001. For 
verification purposes, individuals should provide their full name, 
office or organization where assigned, if applicable, and current 
address and telephone number. In addition, the requester must provide 
either a notarized statement, or an unsworn declaration made under 24 
CFR 16.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Shalanda Capehart,
Acting Chief Privacy Officer, Office of Administration.
[FR Doc. 2026-06607 Filed 4-3-26; 8:45 am]
BILLING CODE 4210-67-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>