The Department of Homeland Security National Protection and Programs Directorate (NPPD) National Cyber Security Division (NCSD) launched the EINSTEIN program in 2004 as a computer network intrusion detection system to help protect federal executive agency information technology enterprises. NCSD conducted Privacy Impact Assessments (PIAs) for each phase of the EINSTEIN program, which the DHS Privacy Office reviewed and approved. As NCSD looks ahead toward the next phase of the program to EINSTEIN 3, the DHS Privacy Office determined that conducting a Privacy Compliance Review (PCR) would be timely to ensure the accuracy of compliance documentation and transparency of the EINSTEIN program moving forward.
The DHS Privacy Office found NPPD/NCSD generally compliant with the requirements outlined in the EINSTEIN 2 PIA and Initiative 3 Exercise PIA. Specifically, NPPD/NCSD is fully compliant on collection of information, use of information, internal sharing and external sharing with federal agencies, and accountability requirements. The DHS Privacy Office identified actions taken to address retention and training requirements as outlined in the relevant EINSTEIN PIAs, but additional actions by the program are needed to bring them into full compliance with these requirements. The DHS Privacy Office is making five recommendations to strengthen program oversight, external sharing, and bring NPPD/NCSD into full compliance with retention and training requirements. NPPD agreed with our findings and is taking steps to address our recommendations.
|Privacy Compliance Review for the EINSTEIN Program||117.34 KB||07/28/2015|
|PCR Follow Up Letter||1.57 MB||09/02/2014|