National Security Agency/Central Security Service

GNSA 15

SYSTEM NAME:

NSA/CSS Computer Users Control System.  (February 05, 2010,  75 FR 6000)

SYSTEM LOCATION:

National Security Agency/Central Security Service, Ft. George G. Meade, MD 20755-6000.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Users of National Security Agency/Central Security Service computers and software.

CATEGORIES OF RECORDS IN THE SYSTEM:

The user's name, Social Security Number, an assigned identification (I.D.) code, organization, work phone number, terminal identification, system name, programs accessed or attempted to access, data files used and date and time logged onto and off the system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Subchapter III of the Federal Information Security Management Act of 2002 (Title III of Public Law 107-347); Subtitle III of 40 U.S.C., Information Technology Management; 10 U.S.C. 2224, Defense Information Assurance Program; E.O. 12333, as amended, United States Intelligence Activities; Department of Defense Directive 8500.1, Information Assurance; Department of Defense Instruction 8500.2, Information Assurance Implementation and E.O. 9397 (SSN), as amended.

PURPOSE(S):

To administer, monitor, and track the use and access of NSA/CSS networks, computers, software, and databases. The records may also be used to identify the occurrence of and assist in the prevention of computer misuse.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

To appropriate governmental agencies and the judicial branch where litigation or anticipated civil or criminal litigation is involved or where sensitive national security investigations related to protection of intelligence sources and methods are involved.

The `DoD Blanket Routine Uses' set forth at the beginning of the NSA/CSS' compilation of systems of records notices apply to this system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:


STORAGE:

Paper in file folders and electronic storage media.

RETRIEVABILITY:

Records are retrieved by the user's name, Social Security Number, or assigned identification (I.D.) code.

SAFEGUARDS:

Buildings are secured by a series of guarded pedestrian gates and checkpoints. Access to facilities is limited to security-cleared personnel and escorted visitors only. Within the facilities themselves, access to paper and computer printouts are controlled by limited-access facilities and lockable containers. Access to electronic means is controlled by computer password protection.

RETENTION AND DISPOSAL:

Delete/destroy when agency determines they are no longer needed for administrative, legal, audit, or other operational purposes.

Records are destroyed by pulping, burning, shredding, or erasure or destruction of electronic media.

SYSTEM MANAGER(S) AND ADDRESS:

Deputy Director, Enterprise Information Technology Services, National Security Agency/Central Security Service, Ft. George G. Meade, MD 20755-6000.

NOTIFICATION PROCEDURE:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the, National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

Written inquiries should contain the individuals full name, and mailing address.

RECORD ACCESS PROCEDURES:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

Written inquiries should contain the individuals full name, and mailing address.

CONTESTING RECORD PROCEDURES:

The NSA/CSS rules for contesting contents and appealing initial determinations are published at 32 CFR part 322 or may be obtained by written request addressed to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Office, 9800 Savage Road, Ft. George G. Meade, MD 20755-6000.

RECORD SOURCE CATEGORIES:

Contents of the record are obtained from the individual about whom the record pertains, from administrative personnel and computer system administrators, and a self-generated computer program.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

Portions of this file may be exempt pursuant to 5 U.S.C. 552a (k)(2), as applicable.

Investigative material compiled for law enforcement purposes may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of such information, the individual will be provided access to such information except to the extent that disclosure would reveal the identity of a confidential source.

An exemption rule for this record system has been promulgated according to the requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) and (e) and published in 32 CFR part 322. For additional information contact the system manager.

FEDERAL REGISTER HISTORY: