US flag   Official website of the Department of Homeland Security

Privacy Documents for the National Protection and Programs Directorate (NPPD)

Privacy Impact Assessments (PIAs) for NPPD are listed here under several categories:

  • Cybersecurity-Related Privacy Impact Assessments

  • Retired Privacy Impact Assessments: Cybersecurity

  • All Other Active Privacy Impact Assessments

  • Retired Privacy Impact Assessments: Non-Cybersecurity

 

Cybersecurity-Related Privacy Impact Assessments

DHS/NPPD/PIA-026 National Cybersecurity Protection System (NCPS)

National Cybersecurity Protection System (NCPS), July 30, 2012 (PDF, 37 Pages – 7.91MB) The National Cybersecurity Protection System (NCPS) is an integrated system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that are used to defend the federal civilian government’s information technology infrastructure from cyber threats. The NCPS includes the hardware, software, supporting processes, training, and services that are developed and acquired to support its mission. The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), National Cyber Security Division (NCSD) is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected by the NCPS, or through submissions of known or suspected cyber threats received by the United States–Computer Emergency Readiness Team (US-CERT) for analysis. This PIA will serve as a replacement for previously published PIAs submitted by NSCD for the 24/7 Incident Handling Center (March 29, 2007), and the Malware Lab Network (May 4, 2010), and is a program-focused PIA to better characterize the efforts of NCPS and US-CERT.

Associated SORN(s):

DHS/NPPD/PIA-001 EINSTEIN

The EINSTEIN Program, September 2004 (PDF, 12 pages - 153 KB)

Note:  This system received a PIA 3-year review on June 28, 2013.

EINSTEIN provides US-CERT a situational awareness snapshot of the health of the federal governments' cyber space. Based upon agreements with participating federal agencies, US-CERT installs systems at their Internet access points to collect network flow data. The agencies are provided tools to analyze their collected data. In addition, the data is shared with US-CERT Security Operations Center, which aggregates it from all EINSTEIN participants to identify network anomalies spanning the federal government.

DHS/NPPD/PIA-008 EINSTEIN 2 

EINSTEIN 2, May 19, 2008 (PDF, 23 pages - 423 KB).

Note:  This system received a PIA 3-year review on June 28, 2013.

The original PIA for EINSTEIN 1, dated September 2004, explained that EINSTEIN 1 analyzes network flow information from participating federal executive government agencies and provides a high-level perspective from which to observe potential malicious activity in computer network traffic of participating agencies' computer networks. The updated version, EINSTEIN 2, will incorporate network intrusion detection technology capable of alerting the United States Computer Emergency Readiness Team (US-CERT) to the presence of malicious or potentially harmful computer network activity in federal executive agencies' network traffic. EINSTEIN 2 principally relies on commercially available intrusion detection capabilities to increase the situational awareness of the US-CERT.

DHS/NPPD/PIA-027 EINSTEIN 3 Accelerated

EINSTEIN 3 Accelerated (E3A), April 19, 2013 (PDF, 260 KB, 27 pages).  DHS’ Office of Cybersecurity and Communications (CS&C) continues to improve its ability to defend federal civilian Executive Branch agency networks from cyber threats.  Similar to EINSTEIN 1 and EINSTEIN 2, DHS will deploy EINSTEIN 3 Accelerated (E3A) to enhance cybersecurity analysis, situational awareness, and security response.  With E3A, DHS will not only be able to detect malicious traffic targeting Federal Government networks, but also prevent malicious traffic from harming those networks. This will be accomplished through delivering intrusion prevention capabilities as a Managed Security Service provided by Internet Service Providers (ISP). Under the direction of DHS, ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian Executive Branch agency networks.  This was conducted because E3A includes analysis of federal network traffic, which may contain PII.

Associated SORN(s):

DHS/NPPD/PIA-028 Enhanced Cybersecurity Services (ECS)

Enhanced Cybersecurity Services (ECS), January 16, 2013, (PDF 22 pages, 4.3 MB).  ECS is a voluntary program based on the sharing of indicators of malicious cyber activity between DHS and participating Commercial Service Providers.  The purpose of the program is to assist the owners and operators of critical infrastructure to enhance the protection of their systems from unauthorized access, exploitation, or data exfiltration through a voluntary information sharing program.  ECS consists of the operational processes and security oversight required to share unclassified and classified cyber threat indicators with companies that provide internet, network, and communication services to enable those companies to enhance their services to protect U.S. Critical Infrastructure entities. ECS is intended to support U.S. Critical Infrastructure, however, pending deployment of EINSTEIN intrusion prevention capabilities, ECS may also be used to provide equivalent protection to participating Federal civilian Executive Branch agencies.  NPPD conducted this PIA because PII may be collected.  This PIA consolidates and serves as a replacement to the DHS/NPPD/PIA-021 National Cyber Security Division Joint Cybersecurity Services Pilot PIA, published on January 13, 2012, and the DHS/NPPD/PIA-021(a) National Cyber Security Division Joint Cybersecurity Services Program (JCSP), Defense Industrial Base (DIB) – Enhanced Cybersecurity Services (DECS) PIA Update, published on July 18, 2012.

Retired Privacy Impact Assessments: Cybersecurity

 

ALL OTHER ACTIVE PIAs 

DHS/NPPD/PIA-001(j) – Comprehensive Exit Program: Air Exit Pilot

Comprehensive Exit Program: Air Exit Pilot, May 20, 2009 (PDF, 15 pages – 203 KB) OBIM implemented a new pilot phase of a comprehensive exit program for integrating non-U.S. citizen departure with existing arrival information. The Exit Program requires the collection of minimal biometric and biographic data from covered aliens, enablingOBIM Entry/Exit matching, identity verification, and cross-checking against a list of subjects of interest. This Privacy Impact Assessment (PIA) is conducted because OBIM collects PII on non-U.S. citizens. 

Associated SORN(s):

DHS/NPPD/PIA-002 Automated Biometric Identification System (IDENT)

Automated Biometric Identification System (IDENT), December 7, 2012.  IDENT is the central DHS-wide system for storage and processing of biometric and associated biographic information for national security; law enforcement; immigration and border management; intelligence; background investigations for national security positions and certain positions of public trust; and associated testing, training, management reporting, planning and analysis, or other administrative uses. This PIA and the attached appendices provide transparency into how the system uses PII and details the system’s sharing partners and functions.

Associated Appendix

Associated SORN(s):

DHS/NPPD/PIA-003 Authentication of e-Passports

Authentication of e-Passports, August 18, 2006 (PDF, 21 pages - 256 KB) This is an update to previous OBIM PIAs to address the changes to the port of entry (POE) processing that will result from the deployment of the capability to biometrically compare and authenticate RFID chip-enabled, International Civil Aviation Organization (ICAO)-compliant passports (e-Passports).

DHS/NPPD/PIA-004 Technical Reconciliation Analysis Classification System (TRACS)

Technical Reconciliation Analysis Classification System (TRACS), June 6, 2008, (PDF, 20 Pages – 370KB) TRACS will serve as an information management tool used for management and analysis of OBIM records to enhance the integrity of the United States immigration system by detecting, deterring, and pursuing immigration fraud, and by identifying persons who pose a threat to national security and/or public safety. OBIM conducted this PIA because TRACS will use PII.

Associated SORN(s):

DHS/NPPD/PIA-006(a) - Protected Critical Infrastructure Information Management System (PCIIMS)

Protected Critical Infrastructure Information Management System (PCIIMS) Final Operating Capability (FOC), July 13, 2011 (PDF, 28 pages – 333 KB). The Protected Critical Infrastructure Information (PCII) Program, part of the Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of Infrastructure Protection (IP), Infrastructure Information Collection Division (IICD), facilitates the sharing of PCII between the government and the private sector. The Protected Critical Infrastructure Information Management System (PCIIMS) Final Operating Capability (FOC) is an Information Technology (IT) system and the means by which PCII submissions from the private sector are received and cataloged, and PCII Authorized Users are registered and managed. The PCII Program conducted this privacy impact assessment (PIA) to analyze and evaluate the privacy impact resulting from the consolidation of the PCIIMS Initial Operating Capability (IOC) functionalities into PCIIMS FOC, as well as the collection of limited personally identifiable information (PII) from the submitting individuals and PCII Authorized Users for contact purposes.

DHS/NPPD/PIA-007 - National Infrastructure Coordinating Center INSight Application (NICC INSight)

National Infrastructure Coordinating Center INSight Application, November 23, 2007 (PDF, 20 Pages - 253 KB) This system is designed to support the identification of potentially significant changes in the operational status of the nation's Critical Infrastructures and Key Resources (CI/KR) so that trained analysts can provide timely coordination with the NOC, respective Information Sharing and Analysis Centers (ISAC), and other involved agencies in the public sector and federal sectors.

Associated SORN(s):

DHS/NPPD/PIA-007(b) Biometric Interoperability Between DHS and DOJ

Biometric Interoperability Between the U.S. Department of Homeland Security and the U.S. Department of Justice October 13, 2011.  In  2006,  OBIM and the Criminal Justice Information Services (CJIS) Division of the Federal Bureau of Investigation (FBI), Department of Justice (DOJ), developed an interoperability project to support the sharing of information among DHS, DOJ, and their respective stakeholders.   This Privacy Impact Assessment (PIA) update was conducted to reflect the expansion of DHS–DOJ interoperability to include users and  uses  not  previously  covered  under  the  interim  Data  Sharing  Model  (iDSM)  for  the IDENT/IAFIS  Interoperability  Project  (iDSM)  and  First  Phase  of  the  Initial  Operating Capability (IOC) of Interoperability between the DHS and the DOJ PIA (IOC) PIAs. In addition, DHS-DOJ Interoperability is expanding to allow approved users access to a more comprehensive IDENT response, containing up to all data fields captured in IDENT.

DHS/NPPD/PIA-009 - Chemical Facility Anti-Terrorism Standards (CFATS)

Chemical Facility Anti-Terrorism Standards (CFATS), July 26, 2012 (PDF, 23 pages - 4.5MB). The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD) is consolidating and updating the Privacy Impact Assessment (PIA) for the Chemical Facility Anti-Terrorism Standards (CFATS) regulations, 6 CFR Part 27.  This PIA replaces the former PIAs for the Chemical Security Assessment Tool (CSAT) and CFATS, in order to provide a unified analysis of the collection and use of personally identifiable information (PII) as part of CFATS.  CFATS is the DHS regulation that governs security at high-risk chemical facilities and represents a national-level effort to minimize terrorism risk to such facilities.

Associated SORN(s):

DHS/NPPD/PIA-010(b) - FPS Dispatch Incident Records Management System Update

FPS Dispatch Incident Records Management System Update, March 25, 2014 (PDF, 13 pages).  NPPD’s Federal Protective Service (FPS) owns and operates a suite of systems, collectively referred to as the Dispatch and Incident Record Management Systems.  These systems track the daily activities of FPS officers and perform case management for the incidents that occur in and around the federal facilities that FPS secures.  This update to the PIA provides additional transparency into how FPS uses its case management data, to include using U.S. Customs and Border Protection’s TECS system as an investigative case management tool and incorporating limited FPS case management data into the DHS Pattern Information Collaboration Sharing System. 

Associated SORN(s):

DHS/NPPD/PIA-011 - Federal Protective Service Information Support Tracking System (FISTS)

[Note: The 2009 PIA was reviewed in 2012 and no changes were deemed necessary.]

Federal Protective Service Information Support Tracking System (FISTS) Contract Suitability Module September 16, 2009 (PDF, 17 pages - 229 KB) The Department of Homeland Security (DHS) U.S. Immigration and Customs Enforcement (ICE) Federal Protective Service (FPS) Information Support Tracking System (FISTS) Contract Suitability Module is a web-based application used to automate the process for assessing the suitability of FPS and General Services Administration (GSA) contract personnel to work in secure Federal buildings, and to track periodic background re-investigations of those contract employees. The system collects and maintains information on applicants and contractor personnel who work in secure Federal buildings such as security officers, childcare workers, cleaners, and other contracted service positions. ICE is conducting this Privacy Impact Assessment (PIA) because FISTS collects and uses personally identifiable information (PII) on members of the public who seek or are currently employed in these positions within Federal facilities.

Associated SORN(s):

DHS/NPPD/PIA-017(a) - National Infrastructure Coordinating Center Suspicious Activity Reporting Initiative Update

National Infrastructure Coordinating Center Suspicious Activity Reporting Initiative Update, August 12, 2011 (PDF, 15 pages – 196 KB). The Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) Office of Infrastructure Protection (IP) National Infrastructure Coordinating Center (NICC) is publishing this PIA to reflect activities under its Suspicious Activity Reporting (SAR) Initiative. The NICC SAR Initiative serves as a mechanism by which a report involving suspicious behavior related to an observed encounter or reported activity is received and evaluated to determine its potential nexus to terrorism. NICC is conducting this PIA because SAR occasionally contain personally identifiable information (PII) and NICC will be collecting and contributing SAR data for reporting and evaluation proceedings. DHS is updating this PIA to clarify that Redacted NICC Patriot Reports are reports that have been scrubbed of any identifiable information to include business and PII.

DHS/NPPD/PIA-017 NICC SARS: National Infrastructure Coordinating Center Suspicious Activity Reporting Initiative December 29, 2010 (PDF, 14 pages – 228 KB).

Associated SORN(s):

DHS/NPPD/PIA-018 - Chemical Facilities Anti-Terrorism Standards Personnel Surety

Chemical Facilities Anti-Terrorism Standards Personnel Surety, May 4, 2011, 2011 (PDF, 27 pages – 253 KB) The Department of Homeland Security (DHS) / National Protection & Programs Directorate (NPPD) / Office of Infrastructure Protection (IP) / Infrastructure Security Compliance Division (ISCD) is conducting this Privacy Impact Assessment (PIA) to detail the privacy impact associated with the Chemical Facility Anti-Terrorism Standards (CFATS) Personnel Surety Program and the required security assessments performed by high-risk chemical facilities in fulfillment of Risk-Based Performance Standard # 12 (6 CFR 27.230(a)(12)). This PIA describes the procedures for submitting personally identifiable information (PII) on individuals impacted by this program to NPPD, and also describes NPPD’s uses of that PII.

Associated SORN(s):

DHS/NPPD/PIA-019 - Ammonium Nitrate Security Program

Ammonium Nitrate Security Program July 25, 2011 (PDF, 31 pages -287.25KB) The Department of Homeland Security (DHS or the Department), National Protection and Programs Directorate (NPPD), is publishing this Privacy Impact Assessment (PIA) to provide a comprehensive analysis of the proposed Ammonium Nitrate Security Program. The proposed Ammonium Nitrate Security Program seeks to prevent the misappropriation or use of ammonium nitrate in an act of terrorism by regulating the sale and transfer of ammonium nitrate by ammonium nitrate facilities (AN Facilities). This PIA provides transparency into how the proposed Ammonium Nitrate Security Program will support the homeland security and infrastructure protection missions of DHS/NPPD through the collection of personally identifiable information (PII), and describes reasonable mitigation solutions proposed to be implemented to address privacy and security risks. This PIA will be updated with any changes to the program concurrently with the rulemaking process.

  • This PIA is made available concurrently with the Department’s publication in the Federal Register of a Notice of Proposed Rulemaking for the Ammonium Nitrate Security Program, see 76 FR 46908 (August 3, 2011)

DHS/NPPD/PIA-020 - Critical Infrastructure Private Sector Clearance Program

Critical Infrastructure Private Sector Clearance Program November 2, 2011 (PDF, 19 pages - 244 KB) The U.S. Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office of Infrastructure Protection sponsors security clearances for certain private sector officials through the Critical Infrastructure Private Sector Clearance Program. These officials are identified through the National Infrastructure Protection Plan (NIPP) partnership framework and are Critical Infrastructure owners/operators, sector leadership (i.e., Sector Coordinating Council members), or subject matter experts identified by DHS to assist in analyzing Critical Infrastructure-related national security information to further enhance the Department’s infrastructure protection mission. NPPD conducted this PIA because sponsoring individuals for security clearances involves the collection of PII, such as the applicant’s Social Security Number, date and place of birth, and employment contact information.

Associated SORN(s):

DHS/NPPD/PIA-022 – Linking Encrypted Network System (LENS)

Linking Encrypted Network System (LENS), February 9, 2012 (PDF, 25 Pages – 238.51 KB) The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Critical Infrastructure Technology and Architecture (CITA) Project maintains the Linking Encrypted Network System (LENS), a data repository and application set that acts as a network of online portals or modules, allowing authorized users to obtain, post and exchange information and access common resources. NPPD conducted this PIA to examine the privacy impact associated with the collection of personally identifiable information (PII) related to individuals who are LENS users or seeking access to LENS, as well as PII related to points of contact (POCs) that may be maintained within the LENS data repository. NPPD will conduct separate PIAs, as necessary, for those modules or applications residing on the LENS platform where the scope of the collection is beyond that of this PIA.

Associated SORN(s):

Retired Privacy Impact Assessments: Non-Cybersecurity

Back to Top