Privacy
The DHS Privacy Office is responsible for evaluating the Department programs, systems, and initiatives for potential privacy impacts, and providing strategies to reduce the privacy impact.
-
DHS/CISA/PIA-023 CISA Gateway
The U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Infrastructure Security Division (ISD) maintains the CISA Gateway, a system formerly known as Infrastructure Protection (IP) Gateway, a web-based portal that supports the collection, analysis, and dissemination of critical infrastructure information. CISA published the original IP Gateway Privacy Impact Assessment (PIA) in 2015 and provided a subsequent update in 2018. CISA is updating and reissuing DHS/CISA/PIA-023 to document a new sign-on mechanism, an interface with a two-factor authentication system, migration to a cloud environment, a system name change from IP Gateway to CISA Gateway, and to reflect the agency name change from the National Protection and Programs Directorate (NPPD) to CISA. This PIA reflects these updates and fully re-assesses privacy risks and mitigations for the system.
-
DHS/CISA/PIA-026 National Cybersecurity Protection System (NCPS)
The National Cybersecurity Protection System (NCPS) is an integrated system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that are used to defend the federal civilian government’s information technology infrastructure from cyber threats. The NCPS includes the hardware, software, supporting processes, training, and services that are developed and acquired to support its mission. The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), National Cyber Security Division (NCSD) is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected by the NCPS, or through submissions of known or suspected cyber threats received by the United States–Computer Emergency Readiness Team (US-CERT) for analysis. This PIA will serve as a replacement for previously published PIAs submitted by NSCD for the 24/7 Incident Handling Center (March 29, 2007), and the Malware Lab Network (May 4, 2010), and is a program-focused PIA to better characterize the efforts of NCPS and US-CERT.
-
DHS/CISA/PIA-027 EINSTEIN 3 Accelerated
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is conducting this Privacy Impact Assessment (PIA) Update to describe the addition of a new intrusion prevention security service, known as Web Content Filtering (WCF), to the EINSTEIN 3 Accelerated (E3A) program. WCF provides protection at the application layer for web traffic by blocking access to suspicious websites, preventing malware from running on systems and networks, and detecting and blocking phishing attempts as well as malicious web content. This service will be added to the existing E3A intrusion prevention security services that are already in place and are described in the original E3A PIA published April 19, 2013.
-
DHS/CISA/PIA-029 Automated Indicator Sharing
The Department of Homeland Security (DHS) National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities. These cyber threat indicators and defensive measures are shared consistent with the need to protect information systems from cybersecurity threats, mitigate cybersecurity threats, and comply with any other applicable provisions of law authorized by the Cybersecurity Information Sharing Act of 2015 (CISA) in a manner that ensures appropriate incorporation of privacy, civil liberties, and other compliance protections. Central to the AIS initiative and consistent with the requirements of CISA, the DHS National Cybersecurity and Communications Integration Center (NCCIC) serves as the centralized hub for exchanging cybersecurity threat information using a DHS-accredited infrastructure. NPPD is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be submitted as part of or accompanying a cyber threat indicator or defensive measure. This PIA updates and retires DHS/NPPD/PIA-029 Automated Indicator Sharing PIA, issued October 28, 2015.
-
DHS/CISA/PIA-030 Continuous Diagnostics and Mitigation (CDM)
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Division (CSD) developed the Continuous Diagnostics and Mitigation (CDM) program to support government-wide and agency-specific efforts to implement adequate, risk-based, and cost-effective cybersecurity. CDM provides continuous monitoring, diagnostics, and mitigation tools and services to strengthen the security posture of participating federal civilian departments and agencies’ systems and networks through the establishment of a suite of capabilities that enables network security officials and administrators to know the state of their respective networks at any given time, informs Chief Information Officers (CIO) and Chief Information Security Officers (CISO) on the relative risks of threats, and makes it possible for government personnel to identify and mitigate vulnerabilities. This PIA Update is being conducted to assess the privacy risks related to the CDM Shared Service Platform, which makes CDM capabilities available for use by non-Chief Financial Officer (CFO) Act agencies. The Shared Service Platform is provided to non-CFO Act agencies using a third-party contractor to CISA that connects the agency’s network(s) to the platform. Additionally, this PIA Update examines the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) capability. The CDM AWARE capability allows participating agencies to better assess and prioritize cybersecurity risks by assigning a risk score to agency vulnerabilities.
-
DHS/CISOMB/PIA-001 – Ombudsman Case Assistance Analytic Data Integration System
The U.S. Department of Homeland Security (DHS), Office of the Citizenship and Immigration Services Ombudsman (CISOMB) as mandated by Section 452 of the Homeland Security Act of 2002, is an independent office that reports directly to the Deputy Secretary of Homeland Security. CISOMB’s mission is to: (1) assist individuals and employers who are experiencing difficulty resolving immigration benefit-related matters with U.S. Citizenship and Immigration Services (USCIS); (2) identify systemic challenges or trends with the delivery of immigration benefits; and (3) propose changes to mitigate those issues pursuant to 6 U.S.C. § 272(b). To accomplish this mission, CISOMB uses the Case Assistance Analytics and Data Integration (CAADI) system to process, track, and respond to requests for assistance, and to manage the workflow of cases.
-
DHS/FEMA/PIA-001 EP&R Individual Assistance Privacy Impact Assessment
DHS/FEMA/PIA-001 EP&R Individual Assistance Privacy Impact Assessment
-
DHS/FEMA/PIA-006 FEMA National Emergency Management Information System Mitigation Electronic Grants Management System
DHS/FEMA/PIA-006 FEMA National Emergency Management Information System Mitigation Electronic Grants Management System
-
DHS/FEMA/PIA-008 First Responder Training System (FRTS)
DHS/FEMA/PIA-008 First Responder Training System (FRTS)
-
DHS/FEMA/PIA-009 Document Management and Records Tracking System (DMARTS)
The U.S. Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), Mission Support Bureau (MSB), Office of the Chief Information Officer (OCIO) uses the Document Management and Records Tracking System (DMARTS) to store and retrieve documents for several FEMA program areas.