Quiero saber acerca de...

lotter on DSK11XQN23PROD with RULES1

61688

Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Rules and Regulations
source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event. Additionally, monitored eventswhether detected utilizing information systems maintaining audit and activity records, reported to the Department by information system users, or reported to the Department by the cybersecurity research community and members of the general public conducting good faith vulnerability discovery activitiesmay constitute occurrences that 1 actually or imminently jeopardize, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or 2 constitute a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
The Department has developed a formal process to track and document these reported incidents, which may, in limited circumstances, include records of individuals reporting, or otherwise associated with, an actual or suspected event or incident.
In the Federal Register of July 14, 2021 86 FR 37188, the Department modified a Department-wide system of records retitled, Department of Justice Information Technology, Information System, and Network Activity and Access Records, JUSTICE/DOJ002.
This system of records covers the Departments tracking of all DOJ
information technology, DOJ
information system, and DOJ network activity and access by users. These records assist Department information security professionals in protecting DOJ
information, ensuring the secure operation of DOJ information systems, and tracking and documenting incidents reported to the agency. The revisions to this notice reflect changes in technology, including the increased ability of the Department to link individuals to information technology, information system, or network activity, and to better describe the Departments records linking individuals to reported cybersecurity incidents or their access to certain information technologies, information systems, and networks through the internet or other authorized connections.
The Department received no comments in response to the NPRM for JUSTICE/DOJ002 86 FR 38624 July 22, 2021, and now finalizes this rule without changes. In this rulemaking, the Department exempts JUSTICE/DOJ002
from certain provisions of the Privacy Act in order to avoid interference with the responsibilities of the Department to prevent the unauthorized access, use, disclosure, disruption, modification, or
VerDate Sep<11>2014

16:24 Nov 05, 2021

Jkt 256001

destruction of DOJ information and information systems. Additionally, the Department exempts JUSTICE/DOJ002
from certain provisions of the Privacy Act to protect activity and audit log records on DOJ classified networks.
The Department notes that the name of the system of records which is the subject of this rule was changed from Department of Justice Computer Systems Activity and Access Records to Department of Justice Information Technology, Information System, and Network Activity and Access Records in the notice that was published on July 14, 2021. The NPRM, which was published on July 21, 2021, inadvertently referred to the system of records by the previous name.
Additionally, the NPRM indicated in one place an exemption from subsection d, and in another place an exemption from subsections d14. In an effort to reduce potential confusion, the language in the final rule has been modified to consistently identify the system of records as being exempted from subsections d14. Further, corrections have been inserted in the final rule in multiple places where the NPRM had used the term system, although system of records was clearly intended. Finally, the proposed rule stated that, in determining the relevance and utility of certain exempted information, it would be vetted and matched with other information necessarily and lawfully maintained by the DOJ, external federal agency subscribers, or other entities.
Such information need only be maintained lawfully by the DOJ, external federal agency subscribers, or other entities for use in the vetting and matching described. The Department has determined that these changes do not significantly alter the efficacy of the notice that was provided to the public.
The Department has made the adjustments in the final rule, which is published herein.
Executive Orders 12866 and 13563
Regulatory Review This regulation has been drafted and reviewed in accordance with Executive Order 12866, Regulatory Planning and Review section 1b, Principles of Regulation, and Executive Order 13563
Improving Regulation and Regulatory Review section 1b, General Principles of Regulation.
The Department of Justice has determined that this rule is not a significant regulatory action under Executive Order 12866, section 3f, and accordingly this rule has not been reviewed by the Office of Information and Regulatory Affairs within the Office
PO 00000

Frm 00024

Fmt 4700

Sfmt 4700

of Management and Budget pursuant to Executive Order 12866.
Regulatory Flexibility Act This regulation will only impact Privacy Act-protected records, which are personal and generally do not apply to an individuals entrepreneurial capacity, subject to limited exceptions.
Accordingly, the Chief Privacy and Civil Liberties Officer, in accordance with the Regulatory Flexibility Act 5 U.S.C.
605b, has reviewed this regulation and by approving it certifies that this regulation will not have a significant economic impact on a substantial number of small entities.
Executive Order 13132Federalism This regulation will not have substantial direct effects on the States, on the relationship between the National Government and the States, or on distribution of power and responsibilities among the various levels of government. Therefore, in accordance with Executive Order 13132, it is determined that this rule does not have sufficient federalism implications to warrant the preparation of a Federalism Assessment.
Executive Order 12988Civil Justice Reform This regulation meets the applicable standards set forth in sections 3a and 3b2 of Executive Order 12988 to eliminate drafting errors and ambiguity, minimize litigation, provide a clear legal standard for affected conduct, and promote simplification and burden reduction.
Executive Order 13175Consultation and Coordination With Indian Tribal Governments This regulation will have no implications for Indian Tribal governments. More specifically, it does not have substantial direct effects on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes.
Therefore, the consultation requirements of Executive Order 13175
do not apply.
Unfunded Mandates Reform Act of 1995
This regulation will not result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100,000,000, as adjusted for inflation, or more in any one year, and it will not significantly or uniquely affect small governments.

E:FRFM08NOR1.SGM

08NOR1