U.S. Department of Transportation
Federal Aviation Administration

Logical Access and Authorization Control Service (LAACS)

Privacy Impact Assessment
Version 1.0
February 2009

Prepared for the Federal Aviation Administration
800 Independence Avenue, Washington, DC 20591

TABLE OF CONTENTS

Overview of Privacy Management Process
Personally Identifiable Information (PII) and LAACS
Why LAACS Collects Information
How LAACS Uses Information
How LAACS Shares Information
How LAACS Provides Notice and Consent
How LAACS Ensures Data Accuracy
How LAACS Provides Redress
How LAACS Secures Information
How Long LAACS Retains Information
System of Records

Overview of Privacy Management Process

The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:

Regulating civil aviation to promote safety;
Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation; and
Regulating U.S. commercial space transportation.

One of the programs that helps the FAA fulfill this mission is the Logical Access and Authorization Control Service (LAACS).

The LAACS system consists of hardware, software, human capital, business functions, processes, and informational functionality. The LAACS Support System Infrastructure (LSSI) provides access to the IBM Rational tool set through a VMware Virtual Desktop Interface (VDI). The VDI provides web enabled access to FAA users and Technical Center LAACS team members. The LSSI is a fully functional test environment that will support Identity Management System (IDMS), vendor solutions for FAA testing. Once an IDMS vendor is selected, LAACS will provide automated mechanisms to support the secure authentication of users to system resources and will provide a cohesive solution for the management of information system accounts across the enterprise.

It will consist of two major components: a metadirectory services component and a policy management services component. The latter is positioned on the Logical Access Control Policy Server (LACPS). The metadirectory services will provide the capability to reconcile logical identities across multiple internal and external authoritative identity databases, such as the FAA personal identification verification (PIV) authoritative database (PAD), Network Logon, Email access, Human Resources (HR), and Customer Relationship Management (CRM) databases. The coded tables directory services reconciliation will ensure compliance with HSPD-12 requirements. The LACPS will integrate multi-level authentication, with multi-role and attribute authorization, and multi-level asset audit security controls for the DOT and FAA internal and external access of data and systems. This will apply to all organizations or individuals, whether domestic or foreign, that interact or collaborate with either. LAACS is a non-mission critical system.

Personally Identifiable Information (PII) and LAACS

The LAACS system contains both personally identifiable information (PII) and non-personally identifiable information pertaining to personal identification verification (PIV) card enrollees. PII collected in the LAACS system may include but is not limited to the following:

Name: First, Last, Middle Initial

Employee ID Number

Clearance Background Information

Organization

Telephone Number

Address: Business, Home

Unique Identification (UID)

Cardholder Unique Identifier (CHUID)

X 509 data

Finger Print data

Physical Description data

An individual’s PII is entered into the LAACS system electronically during issuance of the FAA PIV Card. The data is transferred to LAACS from the PIV authoritative database PAD Customer Service Management (CSM) registration process database.

Why LAACS Collects Information

LAACS collects information in order to verify logical access to information resources.

How LAACS Uses Information

Information in LAACS is used for individual authentication.

How LAACS Shares Information

PII contained in LAACS is shared electronically with the PIV Card CSM database for validation and query purposes.

How LAACS Provides Notice and Consent

For an individual’s PII to be included in the LAACS, that individual must have completed the PIV card enrollment process and be approved by a FAA sponsor. During enrollment a FAA approved privacy statement is presented to every individual requesting a PIV card.

How LAACS Ensures Data Accuracy

LAACS PII data is received through the electronic PIV Card enrollment process. LAACS protects the PII data by ensuring check sums are in place for certain PII data and labels.

Under the provisions of the Privacy Act, individuals may request searches of the LAACS file to determine if any records have been added that may pertain to them. This is accomplished by sending a written request directly to the LAACS program office that contains name, authentication information, and information regarding the request. FAA does not allow access through either the Internet or Intranet to the information stored in the LAACS Meta Directory.

How LAACS Provides Redress

Individuals requesting redress can contact the LAACS system Program Manager located at 600 Maryland Avenue Southwest, Suite 760-E, Washington, D.C. 20024

How LAACS Secures Information

LAACS takes appropriate security measures to safeguard PII and other sensitive data. LAACS is located in a locked and secured environment, 24/7, and access is strictly controlled and monitored. Access to the data is strictly monitored and limited to individuals that have a “need to know” for access.
In addition, access to LAACS PII is limited according to job function. LAACS access control privileges are set according to the following roles:

System Owner
System Administrator
LAACS Team Leads
IDMS Integrator

The matrix below describes the levels of access and safeguards around each of these roles as they pertain to PII.

ROLE	ACCESS	SAFEGUARDS
User (Level 3)	Submit new debarment, suspension, and conviction records for designated transportation oversight entity Change existing debarment, suspension, and conviction records for designated transportation oversight entity Access and change own profile information	User-set user name and password Account set-up approved by User (Level 2) and Administrator (Level 1) Passwords expire after a set period Minimum length of passwords is 8 characters Passwords must be combination of alpha/numeric/special characters Accounts are locked after a set number of incorrect log-in attempts
User (Level 2)	Submit new debarment, suspension, and conviction records for designated transportation oversight entity Change existing debarment, suspension, and conviction records for designated transportation oversight entity Request User (Level 3) account for designated transportation oversight entity Access and change own profile information Access and change User (Level 3) profile information	User-set user name and password Account set-up approved by Site Administrator (Level 1) Passwords expire after a set period Minimum length of passwords is 8 characters Passwords must be combination of alpha/numeric/special characters Accounts are locked after a set number of incorrect attempts
Site Administrator	Search and view user names and profile information Grant User (levels 2 and 3) accounts, reset account passwords, view access log information Delete profiles (without viewing full profile information) View, search, add, change, and delete all information in database	User-set user name and password Account set-up approved by OIG management Passwords expire after a set period Minimum length of passwords is 8 characters Passwords must be combination of alpha/numeric/special characters Accounts are locked after a set number of incorrect attempts Must access system from limited number of computers, each of which also has user name/password access control.

How Long LAACS Retains Information

The information is retained at FAA Headquarters by the system administrators and Regional Administrators. When there is no longer disk space available on the monitors' hard disks, the files are released to the operating system for re-write. This means the files are ``marked'' internally as eligible for the computer operating system to overwrite with subsequent data. FAA will comply with requirements of the National Archives and Records Administration (NARA). NARA regulations state that electronic files created to monitor system usage are authorized for erasure or deletion when the agency determines that they are no longer needed for administrative, legal, audit, or other operational purposes. Generally, these (and any associated hard copy) files will be authorized for deletion after 30 days unless needed for official purposes. Not all locations at HQ or in the regions, will be collecting information at all times.

System of Records

LAACS is a system of records subject to the Privacy Act because it is searched by a unique identifier. The Privacy Act System of Record is DOT/ALL 13 Internet/Intranet Activity and Access Records. You can find LAAC’s system of records notice at http://www.dot.gov/privacy/privacyactnotices/.