DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
PRIVACY IMPACT ASSESSMENT
Enterprise Architecture and Solutions Environment (EASE)
July 7, 2010
Title 49, US Code, Transportation, gives the Department of Transportation's Federal Aviation Administration (FAA) the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. FAA is responsible for:
- Regulating civil aviation to promote safety;
- Encouraging and developing civil aeronautics, including new aviation technology;
- Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
- Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
- Regulating United States (U.S.) commercial space transportation.
One of the programs that helps the FAA fulfill these responsibilities is the Enterprise Architecture and Solutions Environment (EASE). The business process for EASE is the mainframe hosting of Departmental systems. EASE directly supports FAA administration and program areas described above with a full range of general-purpose computing services on a fee-for-service basis. EASE is in the operations/maintenance life cycle phase of the system.
EASE mainframe computing platforms are a combination of government-owned (FAA) and contractor-owned components operated under contract. The FAA Office of Information Technology (AMI), Mike Monroney Aeronautical Center, Oklahoma City, Oklahoma, is the organization responsible for EASE. The EASE contract is held by the United States Department of Agriculture (USDA) National Information Technology Center (NITC), Kansas City, Missouri.
The Computer Access Request System (CARS) is considered system software and is an integral component for EASE, providing automated processing of account requests for all EASE customer applications that reside on the EASE platform. CARS is not available to the public, and is used for account access for only those systems that reside on the EASE platform.
Information, Including Personally Identifiable Information (PII) in the System
The CARS account management software for EASE contains both PII and non-PII for EASE mainframe users including but not limited to:
CARS Job Location Information:
- Name: First, Last, Middle Initial (Suffix)
- Social Security Number
- Routing Symbol and Region Code
- Business Mailing Address, Business Phone Number, and Business E-mail
- Employee Supervisor Name and Business Phone Number
- Contract Employee Information: Contract Company Name and Business Phone Number, Contractor Supervisor (Task Lead) Name, and Business Phone Number ost Accounting System (CAS) Reports,
Information above is entered into CARS by manual data entry by authorized personnel. Automated agency downloads from the Investigation Tracking System (ITS) for FAA contractors and the DOT Interface Repository (DOT-IR) for federal employees are used to verify employee name and SSN information prior to creation of each EASE mainframe account.
The account management software (CARS) contains name and social security number of current or former employees and contractors, and other government employees and contractors who require access to systems and software that reside on the EASE mainframe.
Why EASE Collects Information
EASE collects PII in order to verify logical access to information resources before a user account and associated application access are created for those customers with systems that reside on the EASE platform. CARS is also used to provide a means to satisfy user re-certification requirements by system access control officers and certification specialists. CARS maintains a repository of user account details, and maintains audit record of all actions taken by any user within the account management software.
EASE customers that use the CARS account management software support FAA missions identified in the overview above.
Legal Authority for Information Collection
49 U.S.C. 322, 49 U.S.C. 40122(g), 49 U.S.C. 40101, 40 U.S.C. 1441, 5 U.S.C. 302
How EASE Uses Information
The information that EASE stores is used to support FAA missions for account management and user access re-certification requirements. CARS historic information is stored in natural databases that are accessible to only authorized users via the FAA intranet.
PII from DOT-IR and ITS is used to verify the identity and active status of federal employees or contractors before user accounts, associated application and/or software access are granted to EASE customer systems. For example, If a user enters a request in CARS, the user's active status is verified against the interface files received from DOT-IR (federal employees) and ITS (FAA contractors). If the user is verified as active on the interface files,, the request in CARS for an EASE user account is processed. If the user cannot be validated as an active federal employee or FAA contractor against the interface files received from DOT-IR (federal) and ITS (contractors), the user account request is rejected.
PII from DOT-IR and ITS is matched daily against CARS, and associated logon-IDs and application access are deleted (Monday-Friday) if employees are separated. Data in CARS is used by Access Control Officers to review account access and re-certify federal employee access annually, and contractor access semi-annually for their designated systems. Access that is not re-certified within 90 days by the access control officers for the designated system and/or software is automatically removed.
Users inactive for 150 days result in the automatic deletion of accounts and all associated application access using the account management software. EASE Customer Support personnel use CARS data for user authentication before performing password resets for EASE customers.
How EASE Shares Information
PII information in CARS is shared electronically with a limited group of authorized personnel (less than 25) located within the Office of Information Services (AMI), Mike Monroney Aeronautical Center (MMAC). Authorized AMI personnel with access to SSN via the CARS software perform technical support functions for EASE and password reset for EASE users.
A Memorandum of Understanding (MOU) is in place with the DOT Interface Repository (DOT-IR). The Office of Financial Management, B-30, has ownership of DOT-IR which maintains data on active and separated DOT employees. The interface information is detailed in the EASE DOT-IR MOU.
An MOU is in place with the Investigation Tracking System (ITS). ITS records, tracks, and reports on investigations pertaining to security background checks and clearances on employees, contractors, and other individuals with access to FAA facilities and systems. The Office of Investigations (AIN-1) has ownership of ITS. The interface information is detailed in the EASE-ITS MOU.
DOT-IR and ITS share data with EASE per interconnection agreements, and interrelationships among EASE, ITS and DOT-IR are detailed in the EASE System Characterization Document (SCD).
DOT-IR and ITS are not hosted in the EASE platform. The required interconnection agreements also identify the types of permissible and impermissible flows of information and data elements transmitted in the daily files received from ITS and DOT-IR. ITS and DOT-IR provide daily interfaces only (one-way) to EASE per the SCD.
CARS software resides solely on the EASE platform and is only used for account management and for only those applications that process on EASE. CARS is not available to the public.
How EASE Provides Notice and Consent
For an individual's PII to be included in CARS, that individual must have business need to have access to systems or software that process on EASE, and require a user account. The CARS system Access Control Officer previously approved all user access to their respective systems or software electronically using CARS.
While providing PII information for the account management software is voluntary, if individuals do not provide the requested information, the individual is denied access to a user account for any application or software that resides on EASE.
Individuals are notified of the scope of the information collected within CARS upon enrollment. An approved and standardized log-on banner is displayed on the FAA network to EASE users and complies with FAA Order 1370.102 System Use Policy. Also, on a user's initial login to the account management software, Rules of Behavior are displayed and repeated semi-annually thereafter.
How EASE Ensures Data Accuracy
PII, full name and social security number, is entered electronically into the CARS account management software by authorized personnel. Authorized personnel are responsible for accuracy of the data.
The PII entered by authorized personnel is automatically verified through programmatic checks of name and SSN for identity verification using the separate one-way electronic interfaces received weekdays from DOT-IR and ITS to prevent records with duplicate names and social security numbers from being stored in CARS. If an incorrect SSN is entered that cannot be authenticated on either the DOT-IR interface (federal) file or ITS file (FAA contractor), the EASE account request is rejected.
How EASE Provides Redress
EASE users are instructed to contact their applicable Servicing Security Organization (SSO) to challenge any PII data item that requires correction used in account verification for the electronic interface systems of DOT-IR for federal employees and ITS for FAA contractor employees.
There is no FOIA POC for this system.
How EASE Secures Information
EASE takes appropriate security measures to safeguard PII and other sensitive data. The EASE-supported terminal emulation software provides a secure SSL connectivity link that enables browser-based access to the mainframe system and resources. EASE IBM z/OS environment is secured by IBM's Resource Access Control Facility (RACF). The browser-based user access is also secured by RACF. RACF operates using identity-based control (user-id/password), resource-based, and hardware-based encryption. RACF restricts the functions that an authorized user can perform on defined resources such as computing systems, databases, and peripheral devices. RACF includes a complete audit log capability which is fully implemented.
Computer processing of information is conducted according to established FAA computer security regulations. A security assessment performed by an independent assessment audit organization occurs annually. FISMA-mandated continuous monitoring requirements (NIST 800-53) provide assurance that privacy-applicable controls are consistent with the EASE Certification and Accreditation (C&A) status. Technical, Management, and Operational controls are documented in the EASE Information Systems Security Plan (ISSP). The EASE System Characterization documents the system description, including the system overview and mission; system architecture; hardware and software; internal and external connectivity; system data/information types, sensitivity, and criticality. The SCD is included as part of the EASE Initial, Re-certification, or annual Security Assessment. The certification and accreditation (C&A) occurs every three years, and the last EASE C&A was completed on February 20, 2009.
The system Contingency/Disaster Recovery Plan (C/DRP) is developed in compliance with contingency roles and responsibilities, assigned individuals with contact information, and activities associated with restoring the system after a disruption or failure using the guidance of NIST 800-34, Contingency Planning Guide for Information Technology Systems.
US Department of Agriculture's National Information Technology Center (NITC) - NITC is responsible for security of the processing facility in Kansas City, Missouri and the EASE processors. The security requirements that are maintained by NITC are established by the FAA through the EASE contract. A risk assessment of the computer facility that has physical controls for EASE has been performed and any weaknesses identified and mitigated.
US Department of Transportation, FAA, Office of Information Technology, Production Control Branch (AMI-320) is responsible for EASE program management, operation security, and providing direction and oversight. Access to and use of the CARS account management software is limited to job function and those individuals whose official duties require such access and use. System Owners, National Access Control Officers, and CARS Access Control Officers have each signed a Rule of Behavior document. Rules of Behavior are also presented initially to all other users at first logon to CARS account management software and semi-annually thereafter.
All Sensitive Security Information (SSI) and/or For Official use Only (FOUO) information is protected in accordance with the requirements defined in FAA 1600.75, Protecting Sensitive Unclassified Information (SUI).
The matrix below describes the levels of access and safeguards around each of these roles as they pertain to PII.
|Access Control Officers|
|Technical Control Officers|
|Customer Support Center|
|FAA National Access Control Officer (NACO)|
FAA Site Administrator
|USDA NITC Security|
How Long EASE Retains Information
Audit and log records that contain PII are retained in the account management software for one year for audit and investigative purposes. FAA Order, 1350.15C, Records, Organization, Transfer, and Destruction, 1880 - Management Information is the applicable policy that covers this.
Electronic interface files used for account verification from DOT-IR and ITS comply with the MOU requirements and are erased within 90 days or when the data is no longer required.
System of Records
The account management software for EASE is a system of records subject to the Privacy Act because it is searched by name.
DOT/ALL 13, Internet/Intranet Activity and Access Records.
The last EASE C&A was completed on February 20, 2009. Certification and Accreditation occurs every three years unless a major architecture change occurs earlier that requires reauthorization.