ML20063L612

From kanterella
Revision as of 16:05, 6 January 2021 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
License Verification System (LVS) Pia
ML20063L612
Person / Time
Issue date: 05/06/2020
From: Anna Mcgowan
NRC/OCIO
To:
References
Download: ML20063L612 (15)


Text

ADAMS ML20063L612 U.S. Nuclear Regulatory Commission Privacy Impact Assessment Designed to collect the information necessary to make relevant determinations regarding the applicability of the Privacy Act, the Paperwork Reduction Act information collection requirements, and records management requirements.

License Verification System (LVS)

Date: May 6, 2020 A. GENERAL SYSTEM INFORMATION

1. Provide a detailed description of the system:

The License Verification System (LVS) is a component application within the Integrated Source Management Portfolio (ISMP). LVS is a national verification system that accesses Nuclear Regulatory Commission (NRC) and Agreement State license information in order to detect and prevent unauthorized parties with malicious intent from obtaining radioactive materials. The LVS is an integrated service that brokers information stored in the Web-based Licensing (WBL) system and the National Source Tracking System (NSTS) to handle request transactions for validation functions. LVS itself does not store licensing or source information and maintains read-only access to WBL and NSTS. WBL and NSTS are also component applications within ISMP.

2. What agency function does it support?

The LVS supports the effort of the Office of Nuclear Material Safety and Safeguards (NMSS) to develop an integrated source management program.

LVS facilitates the requirement for licensees to verify license authorizations involving transfers of Category 1 and Category 2 quantities of radioactive materials pursuant to Title 10 of the Code of Federal Regulations (CFR) Part 37.71(a) and (b). It also provides an additional measure of assurance beyond the license verification methods allowed in 10 CFR 30.41(d) for other quantities of radioactive materials, to confirm that license information provided before a transfer occurs is accurate. LVS was developed and implemented as a direct response to Recommendation S-3, The NRC should act quickly to establish a web-based licensing system to ensure that source materials can be obtained only in authorized amounts by legitimate users of the Action Plan to Respond To Recommendations To Address Security Issues In The U.S. Nuclear PIA Template (04-2019) Page 1 of 15

Regulatory Commission Materials Program (see SECY-07-0147, ADAMS ML072360062 and ML072360206).

3. Describe any modules or subsystems, where relevant, and their functions.

The following major business processes / features are provided by LVS.

Verification of Receiver (Purchaser) Licenses The system allows a Supplier Licensee to verify that a Receiver Licensees license is valid and that the Receiver is allowed to obtain the amount and type of radioactive material requested. This verification is enabled in on-line and batch modes.

Verification of Possession Limit Compliance The system checks if a licensees current inventory of Category 1 and 2 sources exceeds its maximum possession limit and automatically notifies the appropriate regulatory agency when potential compliance issues arise. This verification is enabled in on-line and batch modes.

Advanced Searching The system enables authorized users to search for verification request activity information via advanced search capabilities and present the results for in-depth analysis.

LVS has the following interfaces:

Web-based Licensing System (WBL) - LVS can retrieve the official license image from the WBL for the user to determine whether a transfer of radioactive material is authorized. LVS can also retrieve license information (e.g.

possession limits) from the WBL system to determine if the licensees inventory of Category 1 and 2 sources in NSTS exceeds or is near the maximum possession limits.

National Source Tracking System (NSTS) - LVS can retrieve current Category 1 and 2 source inventory information from the NSTS and compare it to the maximum possession limits in WBL. If the current inventory possession exceeds or is near the authorized possession limits, the user receives a message to contact the regulatory agency in order to continue the license verification process.

Lightweight Directory Access Protocol (LDAP) - LVS connects to the ISMP LDAP to retrieve authentication and authorization information about a user.

4. What legal authority authorizes the purchase or development of this system?

LVS facilitates the requirement for licensees to verify license authorizations PIA Template (04-2019) Page 2 of 15

involving transfers of Category 1 and Category 2 quantities of radioactive materials pursuant to Title 10 of the Code of Federal Regulations (CFR) Part 37.71 (a) and (b) to provide assurance that license information provided is accurate.

5. What is the purpose of the system and the data to be collected?

The purpose of the LVS and the verification activity data collected is to identify the licensees intending to transfer material and the material to be transferred, so that authorization and Category 1 or 2 source inventory information on the potential recipient licensee can be obtained from WBL and NSTS to perform the validation assessment.

6. Points of

Contact:

Project Manager Office/Division/Branch Telephone Joel Bristor NMSS/PMDA 301-415-0299 Business Project Manager Office/Division/Branch Telephone Ernesto Quinones NMSS/MSST/SMPB 301-415-0271 Technical Project Manager Office/Division/Branch Telephone Joel Bristor NMSS/PMDA 301-415-0299 Executive Sponsor Office/Division/Branch Telephone John W. Lubinski NMSS 301-415-5975 ISSO Office/Division/Branch Telephone Richard Kristobek NMSS/PMDA 301-415-5638 System Owner/User Office/Division/Branch Telephone John W. Lubinski NMSS 301-415-5975

7. Does this PIA support a proposed new system or a proposed modification to an existing system?
a. New System Modify Existing System X Other
b. If modifying or making other updates to an existing system, has a PIA been prepared before? YES (updating PIA information elements)

(1) If yes, provide the date approved and ADAMS accession number.

PIA Template (04-2019) Page 3 of 15

The previously approved LVS PIA is ML19206B221 dated 10/11/2019.

(2) If yes, provide a summary of modifications or other changes to the existing system.

No changes to the application at this time.

8. Do you have an NRC system Enterprise Architecture (EA)/Inventory number? YES
a. If yes, please provide Enterprise Architecture (EA)/Inventory number. 20080039
b. If, no, please contact EA Service Desk to get Enterprise Architecture (EA)/Inventory number.

B. INFORMATION COLLECTED AND MAINTAINED These questions are intended to define the scope of the information requested as well as the reasons for its collection. Section 1 should be completed only if information is being collected about individuals. Section 2 should be completed for information being collected that is not about individuals.

1. INFORMATION ABOUT INDIVIDUALS
a. Does this system maintain information about individuals? NO The LVS does not store, process, or transmit any information about individuals.

(1) If yes, identify the group(s) of individuals (e.g., Federal employees, Federal contractors, licensees, general public).

(2) IF NO, SKIP TO QUESTION B.2.

b. What information is being maintained in the system about an individual (be specific - e.g. SSN, Place of Birth, Name, Address)?
c. Is information being collected from the subject individual?

To the greatest extent possible, collect information about an individual directly from the individual.

(1) If yes, what information is being collected?

d. Will the information be collected from individuals who are not Federal employees?

PIA Template (04-2019) Page 4 of 15

(1) If yes, does the information collection have OMB approval?

(a) If yes, indicate the OMB approval number:

e. Is the information being collected from existing NRC files, databases, or systems?

(1) If yes, identify the files/databases/systems and the information being collected.

f. Is the information being collected from external sources (any source outside of the NRC)?

(1) If yes, identify the source and what type of information is being collected?

g. How will information not collected directly from the subject individual be verified as current, accurate, and complete?
h. How will the information be collected (e.g. form, data transfer)?
2. INFORMATION NOT ABOUT INDIVIDUALS
a. Will information not about individuals be maintained in this system?

YES (1) If yes, identify the type of information (be specific).

LVS maintains records of licensee validation requests and the LVS validation request result.

b. What is the source of this information? Will it come from internal agency sources and/or external sources? Explain in detail.

The source of the information maintained in LVS comes from external user input (a validation request) and the users validation determination.

LVS processes license data from the WBL and inventory data from the NSTS, but does not maintain information obtained from either of these systems.

C. USES OF SYSTEM AND INFORMATION These questions will identify the use of the information and the accuracy of the data being used.

PIA Template (04-2019) Page 5 of 15

1. Describe all uses made of the data in this system.

Licensee and other government agency users use the information to verify license authorizations involving transfers of Category 1 and Category 2 quantities of radioactive materials pursuant to 10 CFR 37.71(a) and (b) It also provides an additional measure of assurance beyond the license verification methods allowed in 10 CFR 30.41(d) for other quantities of radioactive materials, to confirm that license information provided is accurate. The NRC and Agreement States use the information as a licensing and inspection tool (e.g., to verify compliance with the regulations, confirm authorizations for licensees not within their jurisdiction, or to respond to potential unauthorized transfer requests).

2. Is the use of the data both relevant and necessary for the purpose for which the system is designed? YES
3. Who will ensure the proper use of the data in this system? NRC/NMSS
4. Are the data elements described in detail and documented? YES
a. If yes, what is the name of the document that contains this information and where is it located?

The data dictionary, which covers all ISMP applications is maintained in BitBucket. The data dictionary resides in:

Project: ISMP Repository: ISMP_Int Folder: DB Filename: ISMP_Data_Dictionaries_Revised_V2.66.xlxs.

5. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected? NO
a. If yes, how will aggregated data be maintained, filed, and utilized?
b. How will aggregated data be validated for relevance and accuracy?
c. If data are consolidated, what controls protect it from unauthorized access, use, or modification?
6. How will data be retrieved from the system? Will data be retrieved by an individuals name or personal identifier? (Be specific.)

Using Web-based access for responses to license validation requests. Data from NSTS and WBL is examined to formulate the LVS response, no data is stored from those systems. The LVS does not retrieve any data by an individuals name or personal identifier.

PIA Template (04-2019) Page 6 of 15

7. Has a Privacy Act System of Records Notice (SORN) been published in the Federal Register? NO
a. If Yes, provide name of SORN and location in the Federal Register.
8. If the information system is being modified, will the SORN(s) require amendment or revision? NO
9. Will this system provide the capability to identify, locate, and monitor (e.g.,

track, observe) individuals? NO

b. If yes, explain.

(1) What controls will be used to prevent unauthorized monitoring?

10. List the report(s) that will be produced from this system.

The following reports can be produced from LVS:

  • A report that shows a list of licensees that have possession limit compliance issues based on the license information in WBL and the inventory information in NSTS. Sent to NRC Regional offices and/or Agreement State agencies.
  • A report that checks for a specified number of verifications (e.g. 4 or 5 -

to be configurable) occurring against the same Receiving Licensee during a specified time frame (e.g. within a week - to be configurable). Sent to NRC Regional offices and/or Agreement State agencies.

  • A report that checks WBL for licenses that have expired. Sent to NRC Regional offices and/or Agreement State agencies.
a. What are the reports used for?

The reports are used to support the license verification activities and monitor the use, effectiveness, and misuse of the system.

b. Who has access to these reports?

Only NRC system administrators have online access to these reports.

The reports are also sent to NRC Regional offices and Agreement State agencies.

D. ACCESS TO DATA

1. Which NRC office(s) will have access to the data in the system?

NMSS and Regional offices.

PIA Template (04-2019) Page 7 of 15

(1) For what purpose?

To monitor use, effectiveness, and identify misuse of the system, and to identify or assess transfer and validation trends.

(2) Will access be limited? YES - need to know basis.

2. Will other NRC systems share data with or have access to the data in the system? NO (1) If yes, identify the system(s).

(2) How will the data be transmitted or disclosed?

3. Will external agencies/organizations/public have access to the data in the system? YES (1) If yes, who?

Agreement State Government Regulators, licensees, and certain Federal Government Agencies will be able to access the system to verify the validity of licenses.

(2) Will access be limited? YES, no general public access.

(3) What data will be accessible and for what purpose/use?

Licensees are able to access the system online to see license information (text and/or image) based on their level of authentication and perform license verifications (e.g. Verification Completed, Unauthorized Request, Verification Cancelled, License Changed, License Unchanged, etc).

Agreement State Government Regulators have access to verification results of their own licensees and also have access to all official licenses nationwide. Certain Federal Government Agencies only have access to all official license images.

(4) How will the data be transmitted or disclosed?

Web-based screen display to the online users. And reports can be sent via email or postal mail to the Agreement State agencies.

E. RECORDS AND INFORMATION MANAGEMENT (RIM) - RETENTION AND DISPOSAL The National Archives and Records Administration (NARA), in collaboration with federal agencies, approves whether records are temporary (eligible at some point for destruction/deletion because they no longer have business value) or permanent (eligible at some point to be transferred to the National Archives because of historical or PIA Template (04-2019) Page 8 of 15

evidential significance). These determinations are made through records retention schedules and NARA statutes (44 U.S.C., 36 CFR). Under 36 CFR 1234.10, agencies are required to establish procedures for addressing records management requirements, including recordkeeping requirements and disposition, before approving new electronic information systems or enhancements to existing systems. The following question is intended to determine whether the records and data/information in the system have approved records retention schedule and disposition instructions, whether the system incorporates Records and Information Management (RIM) and NARAs Universal Electronic Records Management (ERM) requirements, and if a strategy is needed to ensure compliance.

1) Can you map this system to an applicable retention schedule in NRCs Comprehensive Records Disposition Schedule(NUREG-0910), or NARAs General Records Schedules?

NO Additional information/data/reports kept in this system may need to be scheduled; therefore, NRC records personnel will need to work with staff to develop a records retention and disposition schedule for records created or maintained. Until the approval of such schedule, these records and information are Permanent. Their willful disposal or concealment (and related offenses) is punishable by fine or imprisonment, according to 18 U.S.C., Chapter 101, and Section 2071. Implementation of retention schedules is mandatory under 44 U.S.

3303a (d), and although this does not prevent further development of the project, retention functionality or a manual process must be incorporated to meet this requirement.

LVS is a web-based system and is related to WBL and NSTS, which contain the source records for LVS. There are current NARA approved schedules for WBL and NSTS that may apply to LVS, however RIM Staff must work with the subject matter experts to determine the most appropriate retention policy for LVS data maintained in the system.

a. If yes, please cite the schedule number, approved disposition, and describe how this is accomplished (then move to F.1).
1. For example, will the records or a composite thereof be deleted once they reach their approved retention or exported to an approved file format for transfer to the National Archives based on their approved disposition?
b. If no, please contact the Records and Information Management (RIM) staff at ITIMPolicy.Resource@nrc.gov.

PIA Template (04-2019) Page 9 of 15

F. TECHNICAL ACCESS AND SECURITY

1. Describe the security controls used to limit access to the system (e.g.,

passwords).

Licensees Per the LVS E-Authentication Risk Assessment, licensee users that only need to see license information about publicly available licenses use user ID/password authentication. Licensee users that need to see sensitive licenses (e.g. licenses protected from public disclosure) will use soft certificate authentication.

NRC Agency Users (LVS Analyst and System Administrator users)

NRC agency users use their PIV card to authenticate.

LVS accesses the ISMP Lightweight Directory Access Protocol (LDAP) repository to retrieve user account information and authorization (roles) information about a user.

2. What controls will prevent the misuse (e.g., unauthorized browsing) of system data by those having access?

All user access to LVS is controlled via Role Based Access Controls.

3. Are the criteria, procedures, controls, and responsibilities regarding access to the system documented? YES (1) If yes, where?

The LVS System Architecture Document (SAD), version 3.2, dated April 4, 2018 (ML18102B264) the ISMP Operations Support Guide, version 5.5, dated October 11, 2019 (ML19298C470) and the most recent ISMP System Security Plan (SSP), version 4.5, dated February 7, 2020 (ML20041E324).

4. Will the system be accessed or operated at more than one location (site)?

YES

a. If yes, how will consistent use be maintained at all sites?

As a component resident application of the ISMP, LVS operates in the Microsoft Azure Government Cloud Virginia Region. LVS is supported at the Leidos Gude Drive, Rockville, Maryland location via an Express Route connection to Microsoft Azure. LVS is supported at the Leidos Richland, Washington location via an IPSEC tunnel to ISMP.

5. Which user groups (e.g., system administrators, project managers, etc.)

have access to the system?

PIA Template (04-2019) Page 10 of 15

Supplier Licensees - This actor represents organizations licensed by the NRC or Agreement State Agencies to possess and transfer to other licensees, radioactive materials in specific quantities and types.

LVS Analyst - This actor represents a specific type of Super User who has controlled access to LVS Radioactive Materials Request verification information for purposes of analysis and reporting.

System Administrator - This actor represents an individual with special access privileges in LVS who is responsible for performing maintenance and system utility functions, and troubleshooting system problems.

6. Will a record of their access to the system be captured? YES
a. If yes, what will be collected? Date, time, user ID.
7. Will contractors be involved with the design, development, or maintenance of the system? YES If yes, and if this system will maintain information about individuals, ensure Privacy Act and/or PII contract clauses are inserted in their contracts.
  • FAR clause 52.224-1 and FAR clause 52.224-2 should be referenced in all contracts, when the design, development, or operation of a system of records on individuals is required to accomplish an agency function.
  • PII clause, Contractor Responsibility for Protecting Personally Identifiable Information (June 2009), in all contracts, purchase orders, and orders against other agency contracts and interagency agreements that involve contractor access to NRC owned or controlled PII.
8. What auditing measures and technical safeguards are in place to prevent misuse of data?

Auditing - LVS provides the capability to maintain a history of data changes to facilitate auditing activities.

  • Audit Data - LVS retains a history record of the before image of the data and will include audit data such as: the date and time the data changed and the user that changed the data.
  • Audit Data Security - LVS provides the capability to restrict access to the audit records to authorized roles in the system.
  • View Audit History - LVS provides the capability for authorized users to view PIA Template (04-2019) Page 11 of 15

the audit histories.

9. Are the data secured in accordance with FISMA requirements? YES
a. If yes, when was Certification and Accreditation last completed?

The ISMP Authority to Operate (ATO) was last renewed on July 16, 2018 (ML18197A165) and ISMP has since maintained its ATO via continuous monitoring. The LVS ATO was approved on June 17, 2013 (ML13149A136) and was incorporated into ISMP via the Security Impact Assessment process.

PIA Template (04-2019) Page 12 of 15

PRIVACY IMPACT ASSESSMENT REVIEW/APPROVAL (For Use by OCIO/GEMS/ISB Staff)

System Name: License Verification System (LVS)

Submitting Office: Office of Nuclear Material Safety and Safeguards (NMSS)

A. PRIVACY ACT APPLICABILITY REVIEW X Privacy Act is not applicable.

Privacy Act is applicable.

Comments:

Reviewers Name Title Date Sally A. Hardy Privacy Officer 5/15/2020 B. INFORMATION COLLECTION APPLICABILITY DETERMINATION No OMB clearance is needed.

OMB clearance is needed.

X Currently has OMB Clearance. Clearance No. 3150-0223 Comments:

Reviewers Name Title Date David Cullison Agency Clearance Officer 5/7/2020 PIA Template (04-2019) Page 13 of 15

C. RECORDS RETENTION AND DISPOSAL SCHEDULE DETERMINATION No record schedule required.

Additional information is needed to complete assessment.

X Needs to be scheduled.

Existing records retention and disposition schedule covers the system - no modifications needed.

Comments:

Additional information/data/reports kept in this system may need to be scheduled; therefore, NRC records personnel will need to work with staff to develop a records retention and disposition schedule for records created or maintained. Until the approval of such schedule, these records and information are Permanent. Their willful disposal or concealment (and related offenses) is punishable by fine or imprisonment, according to 18 U.S.C., Chapter 101, and Section 2071. Implementation of retention schedules is mandatory under 44 U.S. 3303a (d), and although this does not prevent further development of the project, retention functionality or a manual process must be incorporated to meet this requirement.

Reviewers Name Title Date Marna B. Dove Sr. Program Analyst, Electronic Records Manager 5/8/2020 D. BRANCH CHIEF REVIEW AND CONCURRENCE This IT system does not collect, maintain, or disseminate information in identifiable form from or about members of the public.

This IT system does collect, maintain, or disseminate information in identifiable form from or about members of the public.

I concur in the Privacy Act, Information Collections, and Records Management reviews:

/RA/ Date: May 19, 2020 Anna T. McGowan, Chief Information Services Branch Governance & Enterprise Management Services Division Office of the Chief Information Officer PIA Template (04-2019) Page 14 of 15

TRANSMITTAL OF PRIVACY IMPACT ASSESSMENT/

PRIVACY IMPACT ASSESSMENT REVIEW RESULTS TO: Office of Nuclear Material Safety and Safeguards (NMSS)

Name of System: License Verification System (LVS)

Date ISB received PIA for review: Date ISB completed PIA review:

May 6, 2020 May 15, 2020 Noted Issues:

Privacy Act does not apply. No personally identifiable information.

Anna T. McGowan, Chief Signature/Date:

Information Services Branch Governance & Enterprise Management /RA/ May 19, 2020 Services Division Office of the Chief Information Officer Copies of this PIA will be provided to:

Thomas Ashley, Director IT Services Development & Operation Division Office of the Chief Information Officer Jonathan Feibus Chief Information Security Officer (CISO)

Governance & Enterprise Management Office of the Chief Information Officer PIA Template (04-2019) Page 15 of 15