ML19253A041

From kanterella
Jump to navigation Jump to search
Automated Access Control and Computer Enhanced Security System (Access)
ML19253A041
Person / Time
Issue date: 10/04/2019
From: Stephanie Blaney, Anna Mcgowan
NRC/OCIO
To:
References
Download: ML19253A041 (33)
v  d  e


Text

ADAMS ML19253A041 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

Automated Access Control and Computer Enhanced Security System (ACCESS)

Date: September 6, 2019 A. GENERAL SYSTEM INFORMATION

1. Provide a detailed description of the system:

The ACCESS FISMA boundary includes the systems to ensure the physical safety and security of agency facilities. The systems operate under U.S. NRC Privacy Act systems of records NRC-39, Personnel Security Files and Associated Records, NRC-40 Facility Security Access Controls Records, and NRC-45, Digital Certificates for Personal Identity Verification Records.

The ACCESS FISMA boundary has the following system components:

  • Physical Access Controller System (PACS)
  • Closed-Circuit Television (CCTV) System
  • Criminal History (CH)
  • Intrusion Detection System (IDS)
  • Radio Communications System (RCS)
  • Building Management System (BMS) - Heating, Ventilation & Air Conditioning (HVAC) and Lighting Some peripherals used by the NRC when issuing PIV cards are also within the ACCESS FISMA boundary.
2. What agency function does it support?

The systems in the ACCESS FISMA boundary are support-systems and do not directly drive the agency mission. They ensure the physical safety and security of personnel, property, information, infrastructure, and assets.

3. Describe any modules or subsystems, where relevant, and their functions.

The ACCESS FISMA boundary has six system components and some equipment used by the NRC when issuing PIV cards.

PIA Template (04-2019) Page 1 of 33

1. PACS: The NRC uses the PACS to control access to the NRC campus and buildings.
2. Closed-Circuit Television System: The NRC emergency-response personnel use the closed-circuit TV system, comprised of digital surveillance cameras, to monitor the headquarter campus and buildings.
3. Intrusion Detection System: The NRC uses the intrusion detection system to control the perimeter of the headquarter buildings.
4. Criminal History System: Licensees use the criminal history system to request criminal history background checks from the FBI.
5. Radio Communication System: The NRC emergency-response personnel use the radio communication system to talk among one another.
6. Building Management System: has two systems:
  • BMS Heating, Ventilation & Air Conditioning (HVAC) - used to configure heating, cooling, and air ventilation in buildings 1 and 2.
  • BMS Lighting - used to control lighting in buildings 1 and 2 (intensity and degree).
7. PIV Card Issuance Peripherals: The NRC uses fingerprint scanners, document scanners, and photographic cameras when issuing PIV cards.
4. What legal authority authorizes the purchase or development of this system?

The systems in the ACCESS FISMA boundary are authorized through several legal authorities:

  • 10 CFR parts 10, 11, 14, 25, 50, 73, 95
  • 42 U.S.C. 2011 et seq.
  • 42 U.S.C. 2165 and 2201(i)
  • 42 U.S.C. 2165-2169, 2201, 2201a, and 2284 et seq.
  • 42 U.S.C. 5801 et seq.
  • 44 U.S.C. 3501, 3504, and 3541
  • 44 U.S.C. 36
  • 5 CFR parts 731, 732
  • 5 U.S.C. 301 PIA Template (04-2019) Page 2 of 33
  • E-Government Act of 2002 (Pub. L. 107-347, 116 Stat. 2899, 44 U.S.C. § 101, H.R. 2458/S. 803)
  • Electronic Government Act of 2002, 44 U.S.C. 36
  • Executive Order 10450, as amended
  • Executive Order 10865, as amended
  • Executive Order 13462, as amended by Executive Order 13516
  • Executive Order 13467
  • Executive Order 13526
  • Executive Order 9397, as amended by Executive Order 13478
  • Federal Information Security Management Act of 2002 (Pub. L. 107-296, Sec. 3544)
  • Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004
  • Interagency security committee standards Physical Security Criteria for Federal Facilities, April 2010
  • OMB Circular No. A-130, Revised
5. What is the purpose of the system and the data to be collected?

The purpose of the systems in the ACCESS FISMA boundary and for the data they maintain is to ensure the physical safety and security of personnel, property, information, infrastructure, and assets.

6. Points of

Contact:

Name Role Office/Division/Branch Telephone Denis Brady Business Project Manager ADM/DFS/FSB 301-415-7056 Tamar Katz ACCESS ISSO ADM/PMDA/ITT 301-415-2500 Mary Muessle Executive Sponsor ADM 301-415-8742 PIA Template (04-2019) Page 3 of 33

7. Does this privacy impact assessment (PIA) support a proposed new system or a proposed modification to an existing system?
a. New System X Modify Existing System Other
b. If modifying or making other updates to an existing system, has a PIA been prepared before?

Yes.

(1) If yes, provide the date approved and ADAMS accession number.

Approval Date: September 25, 2018 Accession Number: ML18208A326 (2) If yes, provide a summary of modifications or other changes to the existing system.

Building Management System (BMS) has been added to the ACCESS FISMA boundary as a new subsystem, including the resubmission of a periodic review.

8. Do you have an NRC system Enterprise Architecture (EA)/Inventory number?

Yes

a. If yes, please provide Enterprise Architecture (EA)/Inventory number.

EA Number H0008

b. If no, please contact EA Service Desk to get Enterprise Architecture (EA)/Inventory number.

B. INFORMATION COLLECTED AND MAINTAINED

1. INFORMATION ABOUT INDIVIDUALS
a. Does this system maintain information about individuals?

PACS: Yes.

Closed-Circuit Television System: No.

Intrusion Detection System: No.

PIA Template (04-2019) Page 4 of 33

Criminal History System: Yes.

Radio Communication System: No.

Building Management System: No.

PIV Card Issuance Peripherals: No. Although the operators of the ITI ICAM system use the PIV card issuance peripherals to collect fingerprints, facial images, and identity documents about individuals; this information is not maintained on the peripherals.

(1) If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public (provide description for general public (non-licensee workers, applicants before they are licenses etc.)).

PACS: The PACS system has information about current and former federal employees and contractors.

Closed-Circuit Television System: N/A.

Intrusion Detection System: N/A.

Criminal History System: The criminal history system has information about applicants in the criminal history program.

Radio Communication System: N/A.

Building Management System: N/A.

PIV Card Issuance Peripherals: N/A.

(2) IF NO, SKIP TO QUESTION B.2.

b. What information is being maintained in the system about an individual (be specific - e.g. SSN, Place of Birth, Name, Address)?

PACS: The PACS system has names, facial images, badge numbers, campus, clearance level, and information about readers used with date and time.

Closed-Circuit Television System: None.

Intrusion Detection System: None.

Criminal History System: The criminal history system has information about applicants, names, addresses, dates of birth, places of birth, social security numbers, citizenships, fingerprints, and criminal history records.

Radio Communication System: None.

PIA Template (04-2019) Page 5 of 33

Building Management System: None.

PIV Card Issuance Peripherals: None.

c. Is information being collected from the subject individual?

No.

(1) If yes, what information is being collected?

d. Will the information be collected from individuals who are not Federal employees?

Yes.

(1) If yes, does the information collection have OMB approval?

Yes.

(a) If yes, indicate the OMB approval number:

PACS. Yes.

OMB Approval Control Number: 3150-0218.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. Yes.

OMB Approval Control Number: 3150-0046.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

e. Is the information being collected from existing NRC files, databases, or systems?

PACS. Yes.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. No.

Radio Communication System. N/A.

Building Management System. N/A.

PIA Template (04-2019) Page 6 of 33

PIV Card Issuance Peripherals. N/A.

(1) If yes, identify the files/databases/systems and the information being collected.

PACS. The PACS system receives information from the ITI ICAM system.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

f. Is the information being collected from external sources (any source outside of the NRC)?

PACS. No.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. Yes.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

(1) If yes, identify the source and what type of information is being collected?

PACS. N/A.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. Licensees. (see B.1.b)

Radio Communication System. N/A.

Building Management System. N/A.

PIA Template (04-2019) Page 7 of 33

PIV Card Issuance Peripherals. N/A.

g. How will information not collected directly from the subject individual be verified as current, accurate, and complete?

PACS. The PACS system relies on the operators of the ITI ICAM system to verify the accuracy or completeness of the information that the system passes to the PACS system.

Closed-Circuit Television System. The closed-circuit television system does not collect information from individuals.

Intrusion Detection System. The intrusion detection system does not collect information from individuals.

Criminal History System. The NRC does not verify the accuracy of the information. The operators of the criminal history system rely on the third parties that collected the information to verify the accuracy and completeness of the information.

Radio Communication System. The radio communication system does not collect information from individuals.

Building Management System. The building management system does not collect information from individuals.

PIV Card Issuance Peripherals. The PIV card issuance peripherals do not have any information which is not collected directly from the subject.

h. How will the information be collected (e.g. form, data transfer)?

PACS. Data transfer.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. Data transfer.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

2. INFORMATION NOT ABOUT INDIVIDUALS
a. Will information not about individuals be maintained in this system?

PACS. Yes.

Closed-Circuit Television System. Yes.

PIA Template (04-2019) Page 8 of 33

Intrusion Detection System. No. Although the intrusion detection system generates security management information (alarms) as part of its function, this information is maintained in the PACS system.

Criminal History System. No.

Radio Communication System. Yes.

Building Management System. No.

PIV Card Issuance Peripherals. No.

(1) If yes, identify the type of information (be specific).

PACS. Security management information (access logs, alarms).

Closed-Circuit Television System. Security management information (camera-feeds).

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. Security management information (radio traffic recordings).

Building Management System. N/A PIV Card Issuance Peripherals. N/A.

b. What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

PACS. The PACS system generates security management information (access logs) as part of its function. It also receives security management information (alarms) from the intrusion detection system.

This information is maintained in the PACS system.

Closed-Circuit Television System. The closed-circuit television system generates security management information (camera-feeds) as part of its function. This information is maintained in the closed-circuit television system.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. The radio communication system generates security management information (radio traffic recordings) as part of its function. This information is maintained in the radio communication system.

PIA Template (04-2019) Page 9 of 33

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

C. USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

1. Describe all uses made of the data in this system.

PACS.

The NRC uses the access control information in the PACS system to control access to the NRC campus and buildings.

The NRC emergency-response personnel use security management information (alarms) from the intrusion detection system, displayed in the PACS system, to control the perimeter of the headquarter buildings (this is not PII).

Closed-Circuit Television System.

The NRC emergency-response personnel use security management information (camera-feeds) captured by the closed-circuit TV system to monitor the headquarter campus and buildings (this is not PII).

Intrusion Detection System.

Federal protective-services emergency-response personnel use security management information (alarms) from the intrusion detection system to control the perimeter of the headquarter buildings (this is not PII).

Security management information (alarms) captured by the closed-circuit TV system is also passed to the PACS system (this is not PII).

Criminal History System.

The FBI uses the information the licensees obtain from personnel through the criminal history system to conduct criminal history background checks.

The licensees use the information the FBI passes back to them through the criminal history system to assess personnel.

Radio Communication System.

The NRC emergency-response personnel use the radio communication system to communicate security management information (talk among one another).

(this is not PII).

PIA Template (04-2019) Page 10 of 33

Building Management System.

The NRC uses the BMS Heating, Ventilation & Air Conditioning (HVAC) to configure heating, cooling and air ventilation in buildings 1 and 2 and the BMS Lighting system to control lighting in buildings 1 and 2.

PIV Card Issuance Peripherals.

The NRC uses the information captured by the PIV card issuance peripherals (fingerprint scanners, document scanners, and cameras) when issuing PIV cards.

2. Is the use of the data both relevant and necessary for the purpose for which the system is designed?

PACS. Yes.

Closed-Circuit Television System. Yes.

Intrusion Detection System. Yes.

Criminal History System. Yes.

Radio Communication System. Yes.

Building Management System. Yes.

PIV Card Issuance Peripherals. Yes.

3. Who will ensure the proper use of the data in this system?

PACS.

The operators of the PACS system protect the information maintained in the system.

The information is protected under

  • Privacy Act Systems of Records
  • SORN NRC-40, Facility Security Access Control Records
  • SORN NRC-45, Digital Certificate for Personal Identity Verification Records.

Closed-Circuit Television System.

The operators of the closed-circuit television system protect the security management information (camera-feeds) maintained in the system.

PIA Template (04-2019) Page 11 of 33

Intrusion Detection System.

Security management information (alarms) is transferred to the PACS system.

The intrusion detection system does not retain information.

Criminal History System.

The administrators of the criminal history system protect the privacy rights of the individuals whose information is held and transferred by the criminal history system. They sign a notification of responsibilities regarding the use, disclosure, and protection of privacy act information.

The information is protected under

  • Privacy Act Systems of Records
  • SORN NRC-39, Personnel Security Files and Associated Records Radio Communication System.

The emergency response personnel will protect the information maintained in the system.

Building Management System.

The building management system does not preserve data information.

PIV Card Issuance Peripherals.

The administrators of the ITI ICAM system protect the privacy rights of individuals whose information they capture using the PIV card issuance peripherals. They sign a Trusted Person Agreement.

The information is protected under

  • Privacy Act Systems of Records
  • SORN NRC-45, Digital Certificate for Personal Identity Verification Records.
4. Are the data elements described in detail and documented?

Yes.

a. If yes, what is the name of the document that contains this information and where is it located?

The ACCESS Security Categorization Report (ADAMS accession number ML19234A214, August 20, 2019) describes the data elements of the systems in the ACCESS FISMA boundary.

PIA Template (04-2019) Page 12 of 33

5. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

PACS. No.

Closed-Circuit Television System. No.

Intrusion Detection System. No.

Criminal History System. No.

Radio Communication System. No.

Building Management System. No.

PIV Card Issuance Peripherals. No.

a. If yes, how will aggregated data be maintained, filed, and utilized?
b. How will aggregated data be validated for relevance and accuracy?
c. If data are consolidated, what controls protect it from unauthorized access, use, or modification?

The systems in the ACCESS FISMA boundary complies with organizational defined computer security controls. These controls are applied to harden the system against unauthorized access, insider threat, compromise, or disaster.

They also comply with the change management procedures of the Office of Chief Information Officer (OCIO) to make sure only authorized work is performed on the system.

The systems comply with the policies and procedures of the OCIO information security policy and oversight branch and undergoes independent continuous monitoring assessments to secure the system.

The data in the systems is restricted to application administrators in the ADM facilities security branch. These administrators have undergone rigorous background screening and are trained in their administrator duties to secure the ACCESS systems.

The system owner has also assigned primary and alternate information system security officers to the ACCESS FISMA boundary to make sure system security controls are operating as designed and intended.

6. How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier (name, unique number or symbol)?

(Be specific.)

Yes PIA Template (04-2019) Page 13 of 33

a. If yes, explain, and list the identifiers that will be used to retrieve information on the individual.

PACS. Authorized application administrators can retrieve information about an individual in the PACS system by name or by the unique identifier assigned to the person by the ITI ICAM system.

Closed-Circuit Television System. The closed-circuit television system does not maintain information about individuals.

Intrusion Detection System. The intrusion detection system does not maintain information about individuals.

Criminal History System. Information about individuals are not retrievable by any personal identifier in the criminal history system.

Radio Communication System. The radio communication system does not maintain information about individuals.

Building Management System. The building management system does not maintain information about individuals.

PIV Card Issuance Peripherals. The PIV card issuance peripherals do not maintain information about individuals.

7. Has a Privacy Act System of Records Notice (SORN) been published in the Federal Register?

Yes.

a. If Yes, provide name of SORN and location in the Federal Register.

PACS.

  • Privacy Act Systems of Records
  • SORN NRC-40, Facility Security Access Control Records
  • SORN NRC-45, Digital Certificate for Personal Identity Verification Records.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System.

  • Privacy Act Systems of Records
  • SORN NRC-39, Personnel Security Files and Associated Records PIA Template (04-2019) Page 14 of 33

Radio Communication System. N/A Building Management System. N/A PIV Card Issuance Peripherals.

  • Privacy Act Systems of Records
  • SORN NRC-45, Digital Certificate for Personal Identity Verification Records.
8. If the information system is being modified, will the SORN(s) require amendment or revision?

No.

9. Will this system provide the capability to identify, locate, and monitor (e.g.,

track, observe) individuals?

PACS. Yes.

Closed-Circuit Television System. Yes.

Intrusion Detection System. No.

Criminal History System. No.

Radio Communication System. No.

Building Management System. No.

PIV Card Issuance Peripherals. No.

a. If yes, explain.

(1) What controls will be used to prevent unauthorized monitoring?

PACS.

Logical access to the PACS system is limited to authorized users.

Physical access to equipment displaying information is limited to the same authorized users.

Persons must have a need-to-know to become authorized users. They can only access information and features of the system appropriate for their job responsibility. They undergo a rigorous background screening process. Their need-to-know and access privileges are reviewed yearly.

Furthermore, data is encrypted during transport to make sure unauthorized monitoring does not occur.

PIA Template (04-2019) Page 15 of 33

Closed-Circuit Television System.

Logical access to the closed-circuit television system is limited to authorized users. Physical access to equipment is limited to the same authorized users.

Persons must have a need-to-know to become authorized users. They can only access information and features of the system appropriate for their job responsibility. They undergo a rigorous background screening process. Their need-to-know and access privileges are reviewed yearly.

Furthermore, data is encrypted during transport to make sure unauthorized monitoring does not occur.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

10. List the report(s) that will be produced from this system.

PACS.

Credential history reports Alarm history reports Operator history reports Device reports (number of card readers, number of alarm points, and so forth)

Closed-Circuit Television System. None.

Intrusion Detection System. None.

Criminal History System.

Criminal history billing report Radio Communication System. None.

Building Management System. None.

PIV Card Issuance Peripherals. None.

PIA Template (04-2019) Page 16 of 33

a. What are the reports used for?

PACS.

Investigate unauthorized activity, unauthorized access, and malfunctioning equipment, and report on compliance with federal standards Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System.

Produce invoices for licensees Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

b. Who has access to these reports?

PACS.

Access to the reports in PACS system is limited to authorized users.

Persons must have a need-to-know to become authorized users and they can only access reports appropriate for their job responsibility. They undergo a rigorous background screening process and their need-to-know and access privileges are reviewed yearly.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System.

Access to the reports in criminal history system is limited to authorized users. Persons must have a need-to-know to become authorized users and they can only access reports appropriate for their job responsibility.

They undergo a rigorous background screening process and their need-to-know and access privileges are reviewed yearly.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. N/A.

PIA Template (04-2019) Page 17 of 33

D. ACCESS TO DATA

1. Which NRC office(s) will have access to the data in the system?

PACS.

  • Office of Administration, Division of Facilities and Security
  • Region I, Division of Resource Management
  • Region II, Division of Resource Management and Administration
  • Region III, Division of Resource Management and Administration
  • Region IV, Division of Resource Management and Administration
  • Office of the Chief Human Capital Officer, Technical Training Center
  • Office of Chief Information Officer, IT Services Development and Operations Division Closed-Circuit Television System.
  • Office of Administration, Division of Facilities and Security
  • Region I, Division of Resource Management
  • Region II, Division of Resource Management and Administration
  • Region III, Division of Resource Management and Administration
  • Region IV, Division of Resource Management and Administration
  • Office of the Chief Human Capital Officer, Technical Training Center
  • Office of Chief Information Officer, IT Services Development and Operations Division Intrusion Detection System.
  • Office of Administration, Division of Facilities and Security Criminal History System.
  • Office of Administration, Division of Facilities and Security
  • Office of Chief Information Officer, IT Services Development and Operations Division Radio Communication System.
  • Office of Administration, Division of Facilities and Security
  • Region I, Division of Resource Management
  • Region II, Division of Resource Management and Administration
  • Region III, Division of Resource Management and Administration
  • Region IV, Division of Resource Management and Administration Building Management System.
  • Office of Administration, Division of Facilities and Security PIA Template (04-2019) Page 18 of 33

PIV Card Issuance Peripherals.

  • Office of Administration, Division of Facilities and Security
  • Region I, Division of Resource Management
  • Region II, Division of Resource Management and Administration
  • Region III, Division of Resource Management and Administration
  • Region IV, Division of Resource Management and Administration
  • Office of Chief Information Officer, IT Services Development and Operations Division (1) For what purpose?

PACS.

The Office of Administration, Division of Facilities and Security operates the PACS system.

The Region I Division of Resource Management, Region II Division of Resource Management and Administration, Region III Division of Resource Management and Administration, Region IV Division of Resource Management and Administration, and Office of the Chief Human Capital Officer, Technical Training Center operates the PACS system in the respective regions.

The Office of Chief Information Officer, IT Services Development and Operations Division maintains the infrastructure on which the PACS system operates.

Closed-Circuit Television System.

The Office of Administration, Division of Facilities and Security operates the closed-circuit television system.

The Region I Division of Resource Management, Region II Division of Resource Management and Administration, Region III Division of Resource Management and Administration, and Region IV Division of Resource Management and Administration, operates the closed-circuit television system in the respective regions.

The Office of Chief Information Officer, IT Services Development and Operations Division maintains the infrastructure on which the closed-circuit television system operates.

Intrusion Detection System.

The Office of Administration, Division of Facilities and Security operates and maintains the intrusion detection system.

PIA Template (04-2019) Page 19 of 33

Criminal History System.

The Office of Administration, Division of Facilities and Security operates the criminal history system.

The Office of Chief Information Officer, IT Services Development and Operations Division maintains the infrastructure on which the criminal history system operates.

Radio Communication System.

The Office of Administration, Division of Facilities and Security operates and maintains the radio communication system.

The Region I Division of Resource Management, Region II Division of Resource Management and Administration, Region III Division of Resource Management and Administration, and Region IV Division of Resource Management and Administration, operates and maintains the radio communication system in the respective regions.

Building Management System.

The Office of Administration, Division of Facilities and Security operates the building management system.

PIV Card Issuance Peripherals.

The Office of Administration, Division of Facilities and Security operates the PIV card issuance peripherals.

The Region I Division of Resource Management, Region II Division of Resource Management and Administration, Region III Division of Resource Management and Administration, and Region IV Division of Resource Management and Administration, operates the PIV card issuance peripherals in the respective regions.

Office of Chief Information Officer, IT Services Development and Operations Division maintains the infrastructure on which the PIV card issuance peripherals reside.

(2) Will access be limited?

PACS. Yes.

Closed-Circuit Television System. Yes.

Intrusion Detection System. Yes.

Criminal History System. Yes.

Radio Communication System. Yes.

PIA Template (04-2019) Page 20 of 33

Building Management System. Yes.

PIV Card Issuance Peripherals. Yes.

2. Will other NRC systems share data with or have access to the data in the system?

PACS. Yes.

Closed-Circuit Television System. No.

Intrusion Detection System. No, not outside of the ACCESS FISMA boundary.

Criminal History System. No. Although, the EIE system sends the submission information from the licensees to the criminal history system, it does not have access to the data because it is encrypted.

Radio Communication System. No.

Building Management System. No.

PIV Card Issuance Peripherals. Yes.

(1) If yes, identify the system(s).

PACS. The ITI ICAM system passes PIV credential information to the PACS system.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

Building Management System. N/A.

PIV Card Issuance Peripherals. The PIV card issuance peripherals pass information to the ITI ICAM system.

(2) How will the data be transmitted or disclosed?

PACS. The data is encrypted during transport.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

PIA Template (04-2019) Page 21 of 33

Building Management System. N/A.

PIV Card Issuance Peripherals. The data is encrypted during transport.

3. Will external agencies/organizations/public have access to the data in the system?

PACS. No.

Closed-Circuit Television System. No.

Intrusion Detection System. No.

Criminal History System. No.

Radio Communication System. No.

Building Management System. Yes.

PIV Card Issuance Peripherals. No.

(1) If yes, who?

PACS. N/A.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

Building Management System. The system will be accessed remotely by the vendor, Alerton.

PIV Card Issuance Peripherals. N/A.

(2) Will access be limited?

PACS. N/A.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

PIA Template (04-2019) Page 22 of 33

Building Management System. Yes, users will use a Virtual Private Network (VPN) connection to the system in compliance with OMB M 04, 30 Oct 2015.

PIV Card Issuance Peripherals. N/A.

(3) What data will be accessible and for what purpose/use?

PACS. N/A.

Closed-Circuit Television System. N/A.

Intrusion Detection System. N/A.

Criminal History System. N/A.

Radio Communication System. N/A.

Building Management System. Configure heating, cooling, air ventilation, and controlling lighting.

PIV Card Issuance Peripherals. N/A.

(4) How will the data be transmitted or disclosed?

PACS. N/A Closed-Circuit Television System. N/A Intrusion Detection System. N/A Criminal History System. N/A Radio Communication System. N/A Building Management System. Through a network segmentation on a separate Citrix Virtual Desktop PIV Card Issuance Peripherals. N/A E. RECORDS AND INFORMATION MANAGEMENT (RIM) - RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or evidential significance). These determinations are made through records retention schedules and NARA statutes (44 U.S.C., 36 CFR). Under 36 CFR 1234.10, agencies are required to establish procedures for addressing records management requirements, including recordkeeping requirements and disposition, before approving new electronic PIA Template (04-2019) Page 23 of 33

information systems or enhancements to existing systems. The following question is intended to determine whether the records and data/information in the system have approved records retention schedule and disposition instructions, whether the system incorporates Records and Information Management (RIM) and NARAs Universal Electronic Records Management (ERM) requirements, and if a strategy is needed to ensure compliance.

1) Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule(NUREG-0910), or NARAs General Records Schedules?

Yes.

a. If yes, please cite the schedule number, approved disposition, and describe how this is accomplished (then move to F.1).

For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to an approved file format for transfer to the National Archives based on their approved disposition?

See GRS Schedule 5.6 and table below which will be used for the retention of the information. If information does not fall into the items listed in GRS 5.6, then data will need to be scheduled; therefore, NRC records personnel will need to work with staff to develop a records retention and disposition schedule for records created or maintained.

Until the approval of such schedule, these records and information are permanent. Their willful disposal or concealment (and related offenses) is punishable by fine or imprisonment, according to 18 U.S.C., Chapter 101, and Section 2071. Implementation of retention schedules is mandatory under 44 U.S. 3303a (d), and although this does not prevent further development of the project, retention functionality or a manual process must be incorporated to meet this requirement.

PIA Template (04-2019) Page 24 of 33

Notes/Comments Temporary/

Records Citation Disposition Instructions Permanent Personnel Security administrative records. Destroy when 3 BASED ON NRC SORN 39 Security Files years old, but longer retention is authorized if required and Associated GRS 5.6 item 010 T for business use.

Records Visitor processing records. Areas requiring highest BASED ON NRC SORN 39 level security awareness. Destroy when 5 years old, but longer retention is authorized if required for GRS 5.6 item 110 T business use.

Visitor processing records. All other facility security BASED ON NRC SORN 39 areas. Destroy when 2 years old, but longer retention GRS 5.6 item 111 T is authorized if required for business use.

Personnel security and access clearance records. BASED ON NRC SORN 39.

Records of people issued clearances. Destroy 5 years after employee or contractor relationship ends, According to Section E.2 of PIA but longer retention is authorized if required for dated 7/26/2018, retain records business use. for 7 years from the date personnel are deactivated (month of separation). Security management records (alarms) are retained for 7 years.

GRS 5.6 item 181 T Facility Security Visitor processing records. All other facility security BASED ON NRC SORN 40 Access Control areas. Destroy when 2 years old, but longer retention Records GRS 5.6 item 111 T is authorized if required for business use.

Index to personnel security case files. Destroy when BASED ON NRC SORN 40 GRS 5.6 item 190 T superseded or obsolete.

Records of routine security operations. Destroy when BASED ON NRC SORN 40 30 days old, but longer retention is authorized if GRS 5.6 item 090 T required for business use.

Personal identification credentials and cards. BASED ON NRC SORN 40.

Application and activation records. Destroy mandatory and optional data elements According to section E.2 of PIA housed in the agency identity dated 7/26/2018, Physcial access management system and printed control records for a person are on the identification card 6 years retained for 7 years from the date after terminating an employee or they are deactivated (month of contractors employment, but separation). Security longer retention is authorized if management records (alarms) required for business use. are also retained for 7 years.

GRS 5.6 item 120 T Personnel security investigative reports. Personnel BASED ON NRC SORN 40 suitability and eligibility investigative reports. Destroy in accordance with the investigating agency GRS 5.6 item 170 T instruction.

Personnel security investigative reports. Reports and BASED ON NRC SORN 40 records created by agencies conducting investigations under delegated investigative authority. Destroy in accordance with delegated authority agreement or GRS 5.6 item 171 T memorandum of understanding.

Electronic Personal identification credentials and cards. BASED ON NRC SORN 45 Credentials for Application and activation records. Destroy mandatory Personal and optional data elements Identity housed in the agency identity Verification management system and printed on the identification card 6 years after terminating an employee or contractors employment, but longer retention is authorized if GRS 5.6 item 120 T required for business use.

Cards. Destroy after expiration, confiscation, or return. BASED ON NRC SORN 45 GRS 5.6 item 121 T PIA Template (04-2019) Page 25 of 33

Local facility identification and card access records. BASED ON NRC SORN 45 Destroy upon immediate collection once the temporary credential or card is returned for potential reissuance due to nearing expiration or not to exceed 6 months from time of issuance or when individual no longer requires access, whichever is sooner, but longer GRS 5.6 item 130 T retention is required for business use.

Intrusion Destroy when 30 days old, but longer retention is According to Section C.4 of PIA, Detection authorized if required for business use. intrusion detection system does (Routine) GRS 5.6 item 090 T not retain information.

Intrusion Destroy 3 years after final investigation or reporting Detection action or when 3 years old, whichever is later, but (Incident) GRS 5.6 item 100 T longer retention is authorized for business use.

Criminal Records of personnel security and access clearance BASED ON NRC SORN 39 History System records. Records of people not issued clearances.

Records Destrooy 1 year after consideration of the candidate According to Section E2 of PIA ends, but longer retention is authorized if required for dated 7/26/2018, this system business use. retains submission records for 30 days.

GRS 5.6 item 180 T Records of personnel security and access clearance According to Section E2 of PIA records. Records of people issued clearances. dated 7/26/2018, this system Destroy 5 years after employee or contractor retains submission records for 30 relationship ends, but longer retention is authorized if days.

GRS 5.6 item 181 T required for business use.

Closed-circuit Records of routine security operations. Destroy when See Section E.2 of PIA dated Television 30 days old, but longer retention is authorized if 7/26/2018, Closed-circuit Records required for business use. Television System. Retains security management records (camera feeds) for 30 days.

GRS 5.6 item 090 T Radio Records of routine security operations. Destroy when See Section E.2 of PIA dated Transmissions 30 days old, but longer retention is authorized if 7/26/2018, Radio required for business use. Communications System. The radio communication system retains security management records (radio traffic recordings) for a duration of a dispatch session, typically less than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

GRS 5.6 item 090 T Heating, Detroy when 3 years old or 3 years after superseded, Administrative and operational Ventilation & as appropriate, but longer retention is authorized if records Air required for business use.

Conditioning GRS 5.4 item 010 T (HVAC) and Destroy when 3 years old, but longer retention is Inspection, maintenance and Lighting GRS 5.4 item 070 T authorized if required for business use. service records Records Destroy when 90 days old, but longer retention is tracking completion of custodial GRS 5.4 item 071 T authorized if required for business use. and minor repair work

a. If no, please contact the Records and Information Management (RIM) staff at ITIMPolicy.Resource@nrc.gov.

PIA Template (04-2019) Page 26 of 33

F. TECHNICAL ACCESS AND SECURITY

1. Describe the security controls used to limit access to the system (e.g.,

passwords).

Access to the systems in the ACCESS FISMA boundary is controlled by PIV card authentications both to the network infrastructure and to the individual system applications. It, along with role-based access controls (RBAC), ensures only authorized persons can access data and only data they need to conduct their job duties.

The infrastructure components of the ACCESS systems are separated through network segmentation. This architecture makes sure only authorized and authenticated devices exchange data.

The system administrators review system logs daily for unauthorized and or suspicious activities. The network administrators monitor the infrastructure for intrusions and other suspicious activities.

2. What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

All system transactions are tied to a specific, unique persons identity by strict identification and authentication protocols. The system logs all user activities.

3. Are the criteria, procedures, controls, and responsibilities regarding access to the system documented?

Yes.

(1) If yes, where?

The criteria, procedures, controls, and responsibilities regarding access to the system are documented

  • NRC PIV Card Issuance Specialized Hardware Operations plan
  • ACCESS Security Policies and Procedures (SPP), (ADAMS accession number: ML19140A374), version 3.0, May 17, 2019
  • FY19 ACCESS Consolidated System Security Plan (SSP), August 14, 2019 (CSO FISMA Repository Link:

https://usnrc.sharepoint.com/:x:/r/teams/OCIO-CSO/CSO_FISMA_Repository/FISMA_Systems/ADM-ACCESS/SSP/FY19_ACCESS_System_Security_Plan_Consolidated

_v7.0_20190814.xlsx?d=waf43864e53f64140a80ae54598126caf&csf

=1&e=fCWVVL)

The documents are reviewed yearly.

PIA Template (04-2019) Page 27 of 33

4. Will the system be accessed or operated at more than one location (site)?

Yes.

a. If yes, how will consistent use be maintained at all sites?

All persons in the same role, go through the same training, sign the same agreements, have the same access restrictions, and are subject to the same oversight independent of their physical location.

5. Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

Access to the data is strictly controlled and limited to those with an operational need to access the information.

PACS.

Application Users Application Administrators Server Administrators Database Administrators Closed-Circuit Television System.

Application Users Application Administrators Intrusion Detection System.

Engineers Criminal History System.

Application Administrators Server Administrators Radio Communication System.

Application Users Application Administrators Server Administrators PIA Template (04-2019) Page 28 of 33

Building Management System.

Application Users Application Administrators Server Administrators PIV Card Issuance Peripherals.

Application Users

6. Will a record of their access to the system be captured?

PACS. Yes.

Closed-Circuit Television System. Yes.

Intrusion Detection System. No.

Criminal History System. Yes.

Radio Communication System. Yes.

Building Management System. Yes.

PIV Card Issuance Peripherals. No, not on the peripheral.

a. If yes, what will be collected?

PACS. All operator transactions are logged within the system. Audit logs are generated for all transactions and security events.

Closed-Circuit Television System. All operator transactions are logged on the workstations used to access the system. Audit logs are generated for all transactions and security events.

Intrusion Detection System. N/A.

Criminal History System. All operator transactions are logged within the system. Audit logs are generated for all transactions and security events.

Radio Communication System. All operator transactions are logged within the system. Audit logs are generated for all transactions and security events.

Building Management System. All operator transactions are logged within the system. Audit logs are generated for all transactions and security events.

PIV Card Issuance Peripherals. N/A.

PIA Template (04-2019) Page 29 of 33

7. Will contractors be involved with the design, development, or maintenance of the system?

Yes If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses are inserted in their contracts.

  • FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
  • PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.
8. What auditing measures and technical safeguards are in place to prevent misuse of data?

All system in the ACCESS FISMA boundary have role-based restrictions, and persons with access privileges have undergone personnel security screening.

These persons undergo mandatory user awareness, role-based cybersecurity, and PII training related to their role on the information system. Data is safeguarded in transmission using encryption and access controlled private virtual networks. The information system security officers receive audit logs daily.

9. Is the data secured in accordance with FISMA requirements?

Yes.

a. If yes, when was Certification and Accreditation last completed?

April 2014.

PIA Template (04-2019) Page 30 of 33

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMS/ISB Staff)

System Name: Automated Access Control and Computer Enhanced Security System (ACCESS)

Submitting Office: Office of Administration A. PRIVACY ACT APPLICABILITY REVIEW Privacy Act is not applicable.

X Privacy Act is applicable.

Comments:

This system is covered under NRC Privacy Act systems of records NRC-39, Personnel Security Files and Associated Records, NRC-40, Facility Security Access Controls Records, NRC-45, Digital Certificates for Personal Identity Verification Records. and the Criminal History Check System is maintained as part of the NRCs Privacy Act System of Records NRC-19, Personnel Security Files and Associated Records.

Reviewers Name Title Date Sally A. Hardy Privacy Officer 10/04/2019 B. INFORMATION COLLECTION APPLICABILITY DETERMINATION No OMB clearance is needed.

OMB clearance is needed.

X Currently has OMB Clearance. Clearance No. 3150-0046 (10 CFR Part 25) and 3150-0218 (NRC Form 850)

Comments:

Reviewers Name Title Date David Cullison Agency Clearance Officer 9/19/19 PIA Template (04-2019) Page 31 of 33

C. RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

Needs to be scheduled.

X Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Reviewers Name Title Date Marna B. Dove Sr. Program Analyst, Electronic Records 10/1/19 Manager D. BRANCH CHIEF REVIEW AND CONCURRENCE This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

X This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

/RA Stephanie Blaney for/ Date 10/04/2019 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer PIA Template (04-2019) Page 32 of 33

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Mary Muessle, Office Director, Office of Administration Name of System: Automated Access Control and Computer Enhanced Security System (ACCESS)

Date ISB received PIA for review: Date ISB completed PIA review:

September 6, 2019 October 04, 2019 Noted Issues:

Anna T. McGowan, Chief Signature/Date:

Information Services Branch Governance & Enterprise Management /RA Stephanie Blaney for/

Services Division Office of the Chief Information Officer 10/04/2019 Copies of this PIA will be provided to:

Thomas Ashley, Acting Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO)

Governance & Enterprise Management Office of the Chief Information Officer PIA Template (04-2019) Page 33 of 33

Retrieved from "https://kanterella.com/w/index.php?title=ML19253A041&oldid=2212914"