Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 138 / Thursday, July 22, 2021 / Proposed Rules participate in this rulemaking by submitting written data, views, or arguments on all aspects of this rule by one of the methods and by the deadline stated above. All comments must be submitted in English, or accompanied by an English translation. The Department also invites comments that relate to the economic, environmental, or federalism effects that might result from this rule. Comments that will provide the most assistance to the Department in developing these procedures will reference a specific portion of the rule, explain the reason for any recommended change, and include data, information, or authority that support such recommended change.
Please note that all comments received are considered part of the public record and made available for public inspection at www.regulations.gov. Such information includes personally identifying information PII such as your name, address, etc.. Interested persons are not required to submit their PII in order to comment on this rule. However, any PII
that is submitted is subject to being posted to the publicly-accessible www.regulations.gov site without redaction.
Confidential business information clearly identified in the first paragraph of the comment as such will not be placed in the public docket file.
The Department may withhold from public viewing information provided in comments that they determine may impact the privacy of an individual or is offensive. For additional information, please read the Privacy Act notice that is available via the link in the footer of http www.regulations.gov. To inspect the agencys public docket file in person, you must make an appointment with the agency. Please see the FOR

lotter on DSK11XQN23PROD with PROPOSALS1

FURTHER INFORMATION CONTACT

paragraph, below, for agency contact information.
FOR FURTHER INFORMATION CONTACT:
Nickolous Ward, DOJ Chief Information Security Officer, 202 5143101, 145 N
Street NE, Washington, DC 20530.
SUPPLEMENTARY INFORMATION: In accordance with the Federal Information Security Modernization Act of 2014, among other authorities, DOJ is responsible for complying with information security policies and procedures requiring information security protections commensurate with the risk and magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of DOJ
information and information systems.
See, e.g., 44 U.S.C. 3554 2018.

VerDate Sep<11>2014

16:30 Jul 21, 2021

Jkt 253001

Consistent with these requirements, DOJ
must ensure that it maintains accurate audit and activity records of the observable occurrences on its information systems and networks also referred to as events that are significant and relevant to the security of DOJ information and information systems. These audit and activity records may include, but are not limited to, information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event. Additionally, monitored eventswhether detected utilizing information systems maintaining audit and activity records, reported to the Department by information system users, or reported to the Department by the cybersecurity research community and members of the general public conducting good faith vulnerability discovery activitiesmay constitute occurrences that 1 actually or imminently jeopardize, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or 2 constitute a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
The Department has developed a formal process to track and document these reported incidents, which may, in limited circumstances, include records of individuals reporting, or otherwise associated with, an actual or suspected event or incident.
The DOJ notice that published in the July 14, 2021 issue of the Federal Register, at 86 FR 37188 has proposed modifications to a Department-wide system of records retitled, Department of Justice Information Technology, Information System, and Network Activity and Access Records, JUSTICE/
DOJ002. This system covers the Departments tracking of all DOJ
information technology, DOJ
information system, and DOJ network activity and access by users. These records assist Department information security professionals in protecting DOJ
information, ensuring the secure operation of DOJ information systems, and tracking and documenting incidents reported to the agency. The revisions to this notice reflect changes in technology, including the increased ability of the Department to link individuals to information technology, information system, or network activity, and to better describe the Departments records linking individuals to reported cybersecurity incidents or their access
PO 00000

Frm 00036

Fmt 4702

Sfmt 4702

38625

to certain information technologies, information systems, and networks through the internet or other authorized connections.
In this rulemaking, the Department proposes to exempt JUSTICE/DOJ002
from certain provisions of the Privacy Act in order to avoid interference with the responsibilities of the Department to prevent the unauthorized access, use, disclosure, disruption, modification, or destruction of DOJ information and information systems. Additionally, the Department proposes to exempt JUSTICE/DOJ002 from certain provisions of the Privacy Act to protect activity and audit log records on DOJ
classified networks.
Executive Orders 12866 and 13563
Regulatory Review In accordance with 552ak, this proposed action is subject to formal rulemaking procedures by giving interested persons an opportunity to participate in the rulemaking process through submission of written data, views, or arguments, pursuant to 5
U.S.C. 553. This proposed rule will promulgate certain Privacy Act exemptions for a DOJ system of records titled, Department of Justice Information Technology, Information System, and Network Activity and Access Records, JUSTICE/DOJ002.
This proposed rule does not raise novel legal or policy issues, nor does it adversely affect the economy, the budgetary impact of entitlements, grants, user fees, loan programs, or the rights and obligations of recipients thereof in a material way. The Department of Justice has determined that this rule is not a significant regulatory action under Executive Order 12866, section 3f, and accordingly this rule has not been reviewed by the Office of Information and Regulatory Affairs within the Office of Management and Budget pursuant to Executive Order 12866.
Regulatory Flexibility Act This proposed rule will only impact Privacy Act-protected records, which are personal and generally do not apply to an individuals entrepreneurial capacity, subject to limited exceptions.
Accordingly, the Chief Privacy and Civil Liberties Officer, in accordance with the Regulatory Flexibility Act 5 U.S.C.
605b, has reviewed this regulation and by approving it certifies that this regulation will not have a significant economic impact on a substantial number of small entities.

E:FRFM22JYP1.SGM

22JYP1