SSI USDA Physical Security Access Control System (PSACS) Privacy Impact Assessment

DA_Physical_Security_Access_Control_System_(PSACS)_PIAOffice of Security Services (OSS)

  • Protective Operations Division (POD)
  • Version 1.2
  • Internal and USDA Only
  • Sensitive Security Information
  • July 10, 2008

Download

The Office of Departmental Administration (DA) Office of Security Services (OSS) Protective Operations Division (POD) is within the US. Department of Agriculture (USDA). This Privacy Impact Assessment evaluates privacy information residing on the Physical Security Access Control System (PSACS).

The DA/OSS is responsible for providing physical, personal, and document security services. These POD services are provided in the USDA South Building/Whitten complex and at leased buildings in the National Capital Region (NCR).

The PSACS supports access of USDA employees and contractors to the USDA facilities in the National Capital Region (NCR) The system possesses identification (ID) and access control information. These will be addressed separately in this assessment. PSACS manages and maintains employee and contractor badge control system information and monitors access to the various USDA sites and offices within the NCR. PSACS is composed of two (2) servers running MDI software; eight (8) desktops; two (2) laptops, two (2) badging stations, Cisco routers in the USDA South building and four (4) other buildings, an internal private network in the USDA South/Whitten: complex to various card leaders, and dedicated Integrated Services Digital Network (ISDN) lines to the other 4 buildings.

One server is the primary server and the other the secondary server. The information is minored from the primary to the secondary SeIver Both servers reside in the same computer room. If the primary server goes down, the secondary server automatically takes over. Back up data is stored off-site.

DATA IN THE SYSTEM

The data in the DA/OSS/POD PSACS was evaluated to detezmine the collection, use, and disclosure. The following document addresses the PSACS Privacy Impact as required.
1. Generally describe the information to be used in the system:

The information contained on the PSACS is used for USDA employee and contractor access to the facility the system holds Identification (ID) info, mafion and access information. The information inputted and contained within the PSACS includes:

  • Name
  • Agency (Name of Company,  if Contractor)
  • Employee Status (Permanent, Temporary, Retired, or Contractor)
  • Building Location (City, State)
  • Clearance Status (General Status)
  • Facility Access Privileges
  • Work Telephone (Phone Number, Room Number and Badge Number)
  • Pictures
  • Fingerprints (only for those individuals using Biometrics)
  • Signatures

The system has other available fields, which are not being used at this time those fields
available are identified in the next section, 2a.
2a. What are the sources of the information in the system?

The sources of’ the information in the system include USDA personnel and contractors with physical access to the USDA buildings (Headquarters Complex, the George Washington Carver Center, and at selected leased headquarters buildings in the NCR). All personnel requiring access to the USDA facilities must complete the “Request for USDA Identification (ID) Badge” Form AD-1197, OMB Control #0505-00221 The form is compliant with information required for Homeland Security Presidential Directive-12 (HSPD-12), and thus collects information not
stored in PSACS. Personal information that is documented in the from includes, but is not limited to, the following section those identified with an asterisks mean those fields are not available in the system.

  • Name
  • Compliant 1D Badge (Federal Employee, Press Co~p, Law Enforcement, Contractor, etc )
  • Non-Compliant ID Badge (Site, Temporary, Retiree)
  • BI Application Completion*
  • Expiration Date
  • Work Phone
  • Social Security Number*
  • Position*
  • Birth Date*
  • Organization
  • Work Address (Building location)
  • E-mail*
  • Identity Source Documents (eg, Personal Identifying Federal or State governed identification)*
  • Access Requirements
  • FBI Fingerprint Check/NAC results (“yes” or “no” field only)*

Some of the information contained in this form is used for input into the PSACS, but not al/the information is placed into the system Ihe information from the form that is contained in the system is stated above, #1.

1. Who will have access to the data in the system (Users. Managers, System Administrators, Developers, Others)?

USDA personnel with access to the PSACS include a total of’ seven (7) DA/OSS/POD staff members, all with access only to that data which they need to complete their jobs Two individuals are responsible for input of information into the system (the security officer and the security assistant). The other five (5) include the system manages, developers and administrators. Each level of access is defined by user level, technician support level, and system administration levels.

The hard copy information on Form AD-1197 has controlled access once placed into the safe, as described previously. Only three (3) DA/OSS/POD personnel have access to this safe.

2. How is access to the data by a user determined? Are criteria, procedures, controls, and responsibilities regarding access documented?

Only authorized personnel ate allowed into the system with access restricted based upon the job function, there are no USDA employees outside of the DA/OSS/POD with access to the PSACS Access for those who are authorized is determined by the Chief of the Technical Security Branch Criteria for access are based on need to know and access levels are determined by their job functions.

2c. What are the retention periods of data in this system?

The peri0d 0f retention for electonic files in the system is five (5) years. At that time, information is updated. In the event personnel leave, the information is held for one (1) year in accordance with NARA.

The hard copy forms are maintained for a period of’ two (2) years after termination of’ employment.

Share this:

Facebooktwitterredditlinkedinmail