ML20342A303

From kanterella
Jump to navigation Jump to search
Safeguards Information Local Area Network and Electronic Safe (Sles) Privacy Threshold Analysis (Pta)
ML20342A303
Person / Time
Issue date: 12/15/2020
From: Natalya Bobryakova
NRC/OCIO/GEMSD/CSB
To:
Natalya Bobryakova, 301-287-0671
References
Download: ML20342A303 (5)


Text

Privacy Threshold Analysis Template (To be used to determine whether a privacy impact assessment is required in accordance with the E-Government Act of 2002.)

Date submitted for review: December 03, 2020 Name of Project/System: Safeguards Information Local Area Network and Electronic Safe (SLES)

Sponsoring Office: Office of the Chief Information Officer and Office of Nuclear Security and Incident Response (NSIR)

Project manager name and phone number: Claire Robb, 301-287-0779

1. Describe (in detail) the project/system and its purpose:

Safeguards Information Local Area Network and Electronic Safe (SLES) supports the automated processing, handling, and storing of Safeguards Information (SGI) on a secured isolated network at the U.S. Nuclear Regulatory Commission (NRC).

The NRC developed SLES to support the agencys need to better manage SGI. SLES, a secure electronic repository and records management system, provides the agency with increased effectiveness in processing, handling, and storing the SGI documents electronically and making them readily available to the individuals with a need-to-know.

2. What agency function does it support:

SLES supports the agencys regulatory process for governing nuclear reactor and materials safety to ensure that the commercial use of nuclear materials in the United States is safely conducted. As part of the regulatory process, the four regional offices conduct inspection, enforcement, and emergency response programs for licensees within their borders. SLES contains the SGI records created and received by the NRC and enables qualified NRC staff to access and collaborate on SGI.

3. Status:

New development effort.

X Existing system.

Date first developed: 2005.

Date last updated: December 19, 2019.

PTA Template (12-2020) 1

Provide the Agencywide Documents Access and Management System (ADAMS) accession number: Main Library (ML) ML19353B978.

o Provide a general description of the update:

The system was virtualized in April - August 2017, the software was upgraded to replace the end-of-life products, and the new thin clients were deployed in May 2018.

4. Do you have a U.S. Nuclear Regulatory Commission (NRC) Enterprise Architecture (EA)/Inventory number?

Yes.

1. If yes, please provide EA/Inventory number.

EA Number 20060086.

2. If no, please contact EA Service Desk to get EA/Inventory number.
5. Could the project/system relate in any way to individuals?

X No Yes Provide a general description of the way the project could relate to an individual.

N/A.

6. Does this project collect, process, or retain information on: (Check all that apply)

NRC employees?

Other Federal employees?

Contractors working on behalf of NRC?

Members of the public or other individuals?

X System does not contain any such information.

7. Does this project use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs, such as the last four.)

X No Yes PTA Template (12-2020) 2

Why is the SSN collected or used? Provide the function of the SSN and the legal authority to do so.

N/A.

Is the SSN full or partial SSN?

N/A.

8. What information about an individual could be collected, generated or retained?

Provide a detailed description of the information that might be collected, generated, or retained such as names, addresses, phone numbers, etc.

SLES may contain the following information about an individual:

Name An individual's title Work telephone number Official work location/address Work e-mail address

9. Does the system share personally identifiable information with any other NRC systems?

X No Yes Identify the systems:

N/A.

10. Does this system relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?

No X Yes If yes, is there a log kept of communication traffic?

Yes.

If yes, what type of data is recorded in the log? List the data elements in the log.

The data elements that are recorded in the communication traffic log are:

severity, date, time, syslog ID, source Internet Protocol (IP), source port, destination IP, destination port, and description.

PTA Template (12-2020) 3

11. Can the system be accessed remotely?

X No Yes If yes, how?

N/A.

12. Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule (NUREG-0910), or the National Archives and Records Administrations (NARAs) General Records Schedules (GRS)?

X Yes If yes, please provide the schedule number, approved disposition, and describe how this is accomplished.

The approved records retention and disposition schedule for the records containing SGI is SF115 N1-431-08-1, NSIR Subject and Case Records. The copies of the records containing SGI are retained in electronic formats in the SLES eSafe filing system. Paper copies that were used to create the electronic files may be destroyed two months after digitizing and verification in eSafe.

No If no, please contact the Records and Information Management (RIM) staff at ITIMPolicy.Resource@nrc.gov.

13. Is there an Authority to Operate record (ATO)?

Unknown No In progress X Yes: Indicate the impact levels approved by the Computer Security Organization for the following:

Confidentiality: Low Moderate X High Undefined Integrity: Low Moderate X High Undefined Availability: Low X Moderate High Undefined PTA Template (12-2020) 4

PRIVACY THRESHOLD ANALYSIS REVIEW (To be completed by: Cyber Security Branch, Governance and Enterprise Management Services Division, Office of the Chief Information Officer)

System Name: Safeguards Information Local Area Network and Electronic Safe (SLES)

Date reviewed: December 08, 2020 Name of the reviewer: Sally A. Hardy, Privacy Officer X No, this is NOT a privacy sensitive system - the system contains no personally identifiable information.

Yes, this IS a privacy sensitive system. A privacy impact assessment is required.

COMMENTS:

I concur with this analysis:

Signed by Partlow, Benjamin on 12/15/20 Acting Chief Cyber Security Branch Governance and Enterprise Management Services Division Office of the Chief Information Officer PIA Template (12-2020) 5