ML19353B978
| ML19353B978 | |
| Person / Time | |
|---|---|
| Issue date: | 12/19/2019 |
| From: | Anna Mcgowan NRC/OCIO |
| To: | |
| References | |
| Download: ML19353B978 (5) | |
Text
Privacy Threshold Analysis (To be used to determine whether a privacy impact assessment is required in accordance with the E- Government Act of 2002.)
Date submitted for review: December 19, 2019 Name of Project/System: Safeguards Information Local Area Network and Electronic Safe (SLES)
Sponsoring Office: Office of the Chief Information Officer (OCIO) and Office of Nuclear Security and Incident Response (NSIR)
Project manager name and Claire Robb, 301-287-0779 phone number:
- 1. Describe (in detail) the project/system and its purpose:
Safeguards Information Local Area Network and Electronic Safe (SLES) supports the automated processing, handling, and storing of Safeguards Information (SGI) on a secured isolated network at the Nuclear Regulatory Commission (NRC).
The NRC developed SLES to support the agencys need to better manage SGI. SLES, a secure electronic repository and records management system, provides the agency with increased effectiveness in processing, handling, and storing the SGI documents electronically and making them readily available to the individuals with a need-to-know.
- 2. What agency function does it support:
SLES supports the agencys regulatory process for governing nuclear reactor and materials safety to ensure that the commercial use of nuclear materials in the United States is safely conducted. As part of the regulatory process, the four regional offices conduct inspection, enforcement, and emergency response programs for licensees within their borders. SLES contains the SGI records created and received by the NRC and enables qualified NRC staff to access and collaborate on SGI.
- 3. Status:
New development effort.
Existing system.
- Date first developed: 2005
- Date last updated: August 7, 2019
- Provide ADAMS accession number: ML19219A227 PTA Template (04-2019) 1
o Provide a general description of the update:
The system was virtualized in April-August 2017, the software was upgraded to replace the end-of-life products, and the new thin clients were deployed in May 2018.
- 4. Do you have an NRC Enterprise Architecture (EA)/Inventory number?
- 1. If yes, please provide Enterprise Architecture (EA)/Inventory number.
EA Number 20060086
- 5. Could the project/system relate in any way to individuals?
No Yes
- Provide a general description of the way the project could relate to an individual.
- 6. Does this project collect, process, or retain information on: (Check all that apply.)
NRC employees?
Other Federal employees?
Contractors working on behalf of NRC?
Members of the public or other individuals?
System does not contain any such information.
- 7. Does this project use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs, such as the last four.)
No Yes
Is the SSN full or partial SSN?
PTA Template (04-2019) 2
- 8. What information about an individual could be collected, generated or retained?
Provide a detailed description of the information that might be collected, generated, or retained such as names, addresses, phone numbers, etc.
SLES may contain the following information about an individual:
- Name
- An individual's title
- Work telephone number
- Official work location/address
- Work e-mail address
- 9. Does the system share personally identifiable information with any other NRC systems?
No Yes
- Identify the systems:
- 10. Does this system relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?
No Yes
- If yes, is there a log kept of communication traffic? Yes
- If yes, what type of data is recorded in the log? List the data elements in the log.
The data elements that are recorded in the communication traffic log are: Severity, Date, Time, Syslog ID, Source IP, Source Port, Destination IP, Destination Port, and Description.
- 11. Can the system be accessed remotely?
No Yes
- If yes, how?
- 12. Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule(NUREG-0910), or NARAs General Records Schedules?
PTA Template (04-2019) 3
Yes
- If yes, please provide the schedule number, approved disposition, and describe how this is accomplished The approved records retention and disposition schedule for the records containing SGI is SF115 N1-431-08-1, NSIR Subject and Case Records. The copies of the records containing SGI are retained in electronic formats in the SLES eSafe filing system. Paper copies that were used to create the electronic files may be destroyed two months after digitizing and verification in eSafe.
No
- If no, please contact the Records and Information Management (RIM) staff at ITIMPolicy.Resource@nrc.gov.
- 13. Is there an Authority to operate record?
Unknown No In progress Yes: Indicate the impact levels approved by CSO - Computer Security Organization for the following:
Confidentiality: Low Moderate High Undefined Integrity: Low Moderate High Undefined Availability: Low Moderate High Undefined PTA Template (04-2019) 4
PRIVACY THRESHOLD ANALYSIS REVIEW (To be completed by: Information Services Branch, Governance &
Enterprise Management Services Division, Office of the Chief Information Officer)
System Name: Safeguards Information Local Area Network and Electronic Safe (SLES)
Date reviewed: December 19, 2019 Name of the reviewer: Sally A. Hardy, Privacy Officer
_X_ No, this is NOT a privacy sensitive system - the system contains no personally identifiable information.
___ Yes, this IS a privacy sensitive system. A privacy impact assessment is required.
COMMENTS:
I concur with this analysis:
/RA/ Date: December 19, 2019 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer PTA Template (04-2019) 5