National Security Agency/Central Security Service

GNSA 18

SYSTEM NAME:

Operations Records  (October 21, 2015,  80 FR 63749)

SYSTEM LOCATION:

National Security Agency/Central Security Service, Ft. George G. Meade, MD 20755-6000.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals identified in foreign intelligence, counterintelligence, or information assurance/cybersecurity reports and supportive materials, including individuals involved in matters of foreign intelligence interest, information assurance/cybersecurity interest, the compromise of classified information, or terrorism.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records may consist of any type of information acquired or maintained about an individual as NSA pursues its lawfully authorized missions, including but not limited to: an individual's name; Social Security Number (SSN); employee identification number; administrative information; biographic information when associated with an individual, such as phone number and email address; intelligence requirements; foreign intelligence, counterintelligence, and information assurance/cybersecurity analysis and reporting; operational records; articles, public-source data, and other published information on individuals and events of interest to NSA/CSS; actual or purported compromises of classified intelligence; countermeasures in connection therewith; and identification of classified source documents and distribution thereof.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

National Security Agency Act of 1959, as amended (Pub. L. 86-36) (codified at 50 U.S.C. 3601 et seq.); the Foreign Intelligence Surveillance Act (FISA), as amended (Pub. L. 95-511) (codified at 50 U.S.C. 1801 et seq.); 44 U.S.C. 3541-3549, Federal Information Security Management (FISMA); E.O. 12333, as amended, United States intelligence activities; E.O. 13526, Classified National Security Information; National Security Directive 42, National Policy for the Security of National Security Telecommunications and Information Systems; and E.O. 9397 (SSN), as amended.

PURPOSE(S):

To maintain records on foreign intelligence, counterintelligence, and information assurance/cybersecurity matters relating to the missions of the National Security Agency.

The National Security Agency does not collect such records for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging individuals based on their ethnicity, race, gender, sexual orientation, or religion.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended these records contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

To U.S. Government agencies, including state and local agencies, and in some circumstances, foreign government agencies or their representatives, and private entities to provide, and in order to obtain, foreign intelligence, counterintelligence, information assurance/cybersecurity information, and other information, in accordance with applicable law and policy. The National Security Agency does not collect or provide such records to afford a competitive advantage to U.S. companies or U.S. business sectors commercially.

To U.S. Government officials regarding compromises of classified information including the document(s) apparently compromised, implications of disclosure of intelligence sources and methods, investigative data on compromises, and statistical and substantive analysis of the data.

To any U.S. Government or foreign government organization in order to facilitate any security, employment, detail, liaison, or contractual decision by any U.S. Government organization.

To the President's Foreign Intelligence Advisory Board, the Intelligence Oversight Board, and the Privacy and Civil Liberties Oversight Board, and any successor organizations, when requested by those entities, or when NSA/CSS determines that disclosure will assist in oversight functions.

Records may further be disclosed to agencies involved in the protection of intelligence sources and methods to facilitate such protection and to support intelligence analysis and reporting.

The DoD Blanket Routine Uses set forth at the beginning of the NSA/CSS compilation of systems of records notices may apply to this system. The complete list of DoD blanket routine uses can be found online at: http://dpcld.defense.gov/Privacy/SORNsIndex/BlanketRoutineUses.aspx.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:


STORAGE:

Paper records in file folders and electronic storage media.

RETRIEVABILITY:

Information may be retrieved by any unique identifier or other criteria, to include an individual's name, Social Security Number (SSN), and/or employee identification number.

SAFEGUARDS:

Buildings are secured by a series of guarded pedestrian gates and checkpoints. Access to facilities is limited to security-cleared personnel and escorted visitors only. Within the facilities themselves, access to paper records and computer printouts are controlled by limited-access facilities and lockable containers. Access to electronic records is controlled by computer password protection and those who are cleared on a need to know basis in the performance of their duties.

RETENTION AND DISPOSAL:

SIGINT Operational Data: Temporary, review annually for destruction.

SIGINT Collection Records: Temporary, close inactive files annually and transfer to the NSA/CSS Records Center. Review every 5 years for destruction.

SIGINT Analysis Information and Records: Permanent, transfer to the NSA/CSS Records Center when 5 years old, transfer to the NSA/CSS Archives after 20 years, and transfer to the National Archives and Records Administration when 25 years old.

SIGINT Product: Permanent, transfer to NSA/CSS Records Center when 5 years old, transfer to the NSA/CSS Archives after 20 years, and transfer to the National Archives and Records Administration when 50 years old.

Counterintelligence Records: Permanent, transfer to the NSA/CSS Records Center when 3 years old, transfer to the NSA/CSS Archives when 20 years old, and transfer to the National Archives and Records Administration when 25 years old.

Information Assurance and Communication Security data: Temporary, review every year for destruction.

Information Assurance and Communications Security Monitoring Reports: Permanent, transfer to the NSA/CSS Records Center when 5 years old, transfer to the NSA/CSS Archives when 20 years old, and transfer to the National Archives and Records Administration when 25 years old.

SYSTEM MANAGER(S) AND ADDRESS:

Director, National Security Agency/Central Security Service, Ft. George G. Meade, MD 20755-6000.

NOTIFICATION PROCEDURE:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

Written inquiries should contain the individuals full name, and mailing address.

RECORD ACCESS PROCEDURES:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Act Office, 9800 Savage Road, Suite 6248, Ft. George G. Meade, MD 20755-6248.

Written inquiries should contain the individuals full name, and mailing address.

CONTESTING RECORD PROCEDURES:

The NSA/CSS rules for contesting contents and appealing initial determinations are published at 32 CFR part 322 or may be obtained by written request addressed to the National Security Agency/Central Security Service, Freedom of Information Act/Privacy Office, 9800 Savage Road, Ft. George G. Meade, MD 20755-6000.

RECORD SOURCE CATEGORIES:

Individuals themselves; U.S. agencies and organizations; media, including periodicals, newspapers, and broadcast transcripts; public and classified sources; intelligence source documents; investigative reports; and correspondence.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

Information specifically authorized to be classified under E.O. 13526, as implemented by DoDM 5200.1, may be exempt pursuant to 5 U.S.C. 552a(k)(1).

Investigatory material compiled for law enforcement purposes, other than material within the scope of subsection 5 U.S.C. 552a(j)(2), may be exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is denied any right, privilege, or benefit for which he would otherwise be entitled by Federal law or for which he would otherwise be eligible, as a result of the maintenance of the information, the individual will be provided access to the information exempt to the extent that disclosure would reveal the identity of a confidential source. NOTE: When claimed, this exemption allows limited protection of investigative reports maintained in a system of records used in personnel or administrative actions.

Investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for federal civilian employment, military service, federal contracts, or access to classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), but only to the extent that such material would reveal the identity of a confidential source.

An exemption rule for this record system has been promulgated according to the requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) and (e) and published in 32 CFR part 322. For additional information contact the system manager.

FEDERAL REGISTER HISTORY:

November 30, 2010, 75 FR 74019;