Download:
pdf |
pdfPrivacy Threshold Assessment
(PTA)
Federal Aviation Administration (FAA)
Office of Human Resource Management (AHR)
Automated Vacancy Information Access Tool for
Online Referral (AVIATOR)
9/17/2018
X
Claire W. Barrett
Claire W. Barrett
DOT Chief Privacy & Information Governance Offi...
Signed by: OSTHQ
CLAIRE W BARRETT
Digitally signed by CLAIRE W BARRETT
DN: c=US, o=U.S. Government, ou=OSTHQ, ou=DOT
Headquarters, cn=CLAIRE W BARRETT
Date: 2018.09.17 10:24:41 -04'00'
DOT Privacy Program
Template
Privacy Threshold Assessment (PTA) Template v2.0
Privacy Threshold Assessment (PTA)
The Privacy Threshold Assessment (PTA) is an analytical tool used to determine the scope of
privacy risk management activities that must be executed to ensure that the Department’s
initiatives do not create undue privacy risks for individuals.
The Privacy Threat Assessment (PTA) is a privacy risk management tool used by the
Department of Transportation (DOT) Chief Privacy Officer (CPO). The PTA determines
whether a Department system1 creates privacy risk for individuals that must be further
analyzed, documented, or mitigated, and determines the need for additional privacy
compliance documentation. Additional documentation can include Privacy Impact
Assessments (PIAs), System of Records notices (SORNs), and Privacy Act Exemption Rules
(Exemption Rules).
The majority of the Department’s privacy risk emanates from its direct collection, use,
storage, and sharing of Personally Identifiable Information (PII),2 and the IT systems used
to support those processes. However, privacy risk can also be created in the Department’s
use of paper records or other technologies. The Department may also create privacy risk
for individuals through its rulemakings and information collection requirements that
require other entities to collect, use, store or share PII, or deploy technologies that create
privacy risk for members of the public.
To ensure that the Department appropriately identifies those activities that may create
privacy risk, a PTA is required for all IT systems, technologies, proposed rulemakings, and
information collections at the Department. Additionally, the PTA is used to alert other
information management stakeholders of potential risks, including information security,
records management and information collection management programs. It is also used by
the Department’s Chief Information Officer (CIO) and Associate CIO for IT Policy and
Governance (Associate CIO) to support efforts to ensure compliance with other information
asset requirements including, but not limited to, the Federal Records Act (FRA), the
Paperwork Reduction Act (PRA), the Federal Information Security Management Act
(FISMA), the Federal Information Technology Acquisition Reform Act (FITARA) and
applicable Office of Management and Budget (OMB) guidance.
Each Component establishes and follows its own processes for developing, reviewing, and
verifying the PTA prior to its submission to the DOT CPO. At a minimum the PTA must be
reviewed by the Component business owner, information system security manager, general
counsel, records officers, and privacy officer. After the Component review is completed, the
Component Privacy Office will forward the PTA to the DOT Privacy Office for final
1
For the purposes of the PTA the term “system” is used throughout document but is not limited to traditional IT
systems. It can and does refer to business activity and processes, IT systems, information collection, a project,
program and/or technology, and proposed rulemaking as appropriate for the context of the assessment.
2
The term “personally identifiable information” refers to information which can be used to distinguish or trace an
individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined
with other personal or identifying information which is linked or linkable to a specific individual, such as date and
place of birth, mother’s maiden name, etc.
May 15, 2015
1
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
adjudication. Only PTAs watermarked “adjudicated” and electronically signed by the DOT
CPO are considered final. Do NOT send the PTA directly to the DOT PO; PTAs received by
the DOT CPO directly from program/business owners will not be reviewed.
If you have questions or require assistance to complete the PTA please contact your
Component Privacy Officer or the DOT Privacy Office at privacy@dot.gov. Explanatory
guidance for completing the PTA can be found in the PTA Development Guide found on the
DOT Privacy Program website, www.dot.gov/privacy.
May 15, 2015
PTA Template v 2.0
2
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
PROGRAM MANAGEMENT
SYSTEM name: Automated Vacancy Information Access Tool for Online Referral
(AVIATOR)
Cyber Security Assessment and Management (CSAM) ID: 1307
SYSTEM MANAGER CONTACT Information:
Name: Royal Purvis
Email: royal.purvis@faa.gov
Phone Number: (202) 267-0654
Is this a NEW system?
☐ Yes (Proceed to Section 1)
☒ No
☒ Renewal
☐Modification
Is there a PREVIOUSLY ADJUDICTED PTA for this system?
☒ Yes:
Date: 08/29/2013
☐ No:
1 SUMMARY INFORMATION
1.1
System TYPE
☒ Information Technology and/or Information System
Unique Investment Identifier (UII): 021-752206662
Cyber Security Assessment and Management (CSAM) ID: 1307
☐ Paper Based:
☐ Rulemaking
Rulemaking Identification Number (RIN):
Rulemaking Stage:
☐ Notice of Proposed Rulemaking (NPRM)
☐ Supplemental NPRM (SNPRM):
☐ Final Rule:
Federal Register (FR) Notice:
May 15, 2015
PTA Template v 2.0
3
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
☐ Information Collection Request (ICR)3
☐ New Collection
☐ Approved Collection or Collection Renewal
☐ OMB Control Number:
☐ Control Number Expiration Date:
☐ Other:
1.2
System OVERVIEW:
The purpose of this PTA is to update the Privacy Threshold Assessment (PTA) currently
on file for the Federal Aviation Administration (FAA) Automated Vacancy Information
Access Tool for Online Referral (AVIATOR) system, which was adjudicated August 29,
2013. Since that time, several system applications have been decommissioned and new
interconnections were recently added.
AVIATOR is a web-based application used by the Office of Human Resource
Management (AHR) to automate the FAA hiring process. Current employees of the
Federal Aviation Administration (FAA) use AVIATOR for the purpose of developing
FAA job announcements, and the general public use the system to respond and/or apply
to the job announcements. AVIATOR facilitates the hiring process with instant
certification of qualified candidates for employment. It allows simultaneous online
application submittal; screening and testing; scoring and notification; eligibility list
placement; and referral for interview. AVIATOR reduces the time and effort associated
with announcing vacancies, and also expedites the screening and selection process as
well.
Data Exchange
AVIATOR has an active data exchange with 5 systems:
1) USAJOBS.gov4: is the Office of Personnel Management’s (OPM) web-based
application for hiring federal employees. There is a real-time, one-directional data
transfer between AVIATOR and USAJOBS via SSL HTTP. There is no outgoing
PII of AVIATOR data to the USAJOBS.GOV application; however, there is
incoming PII from USAJOBS.GOV to AVIATOR which includes but is not
limited to profile and demographic data and documents that contain employment
history, work history, and other PII that a user deems pertinent when applying for
consideration for a federal job vacancy. There is a current agreement between the
FAA and the Office of Personnel Management (OPM)/USAJOBS that outlines
roles and responsibilities, and the service agreements terms.
3
See 44 USC 3201-3521; 5 CFR Part 1320
USAJOBS is the Federal Government’s official employment site that connects job seekers with federal
employment opportunities across the United States and around the world.
4
May 15, 2015
PTA Template v 2.0
4
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
USAJOBS MOU FAA
083017.pdf
USAJOBS ISA FAA
083017.pdf
2) Tableau5: The FAA AFN, Information Technology (AIT) Organization’s Tableau
application pulls non-PII data for aggregate reports to formulate business office
visuals and analysis. No PII is exchanged between AVIATOR and Tableau and an
MOU is not required.
3) MyAccess6: AVIATOR is PIV-enabled leveraging MyAccess to authenticate the
FAA users accessing the application internally, thus authentication information
including username and pin numbers are used by the system. No MOU is
required for the data exchange with MyAccess.
In June 2017, AVIATOR was updated with a new automated system enhancement
feature called, Air Traffic Control Specialist (ATCS) Tracking, which includes new
interconnections with the two systems 1) Covered Positions Decision Support System
(CPDSS) and 2) Investigations Tracking System (ITS). ATCS Tracking is used to help
AHR track the status of all ATCS applications through the FAA hiring process. This
tracking was created in response to an OIG audit recommendation that improvements in
the hiring process for Air Traffic Control Specialists were needed.
The CPDSS and ITS system connections are secure, encrypted, and password protected
and feeds with AVIATOR electronically. There is an MOA on file for these new
exchanges.
4) Covered Positions Decision Support System (CPDSS) 7: CPDSS is an internal
subsystem of the Medical Support System (MSS), owned by the Office of
Aerospace Medicine (AAM) to manage medical clearance data on FAA coveredposition employees (e.g. ATCS, not airmen). CPDSS has an interconnection with
AVIATOR to help support FAA’s mission to streamline the ATCS onboarding
process. CPDSS is used only for a specific position description related to ATCS.
AHR requires certain data from CPDSS to complete this process, including but
not limited to: First Name, Last Name, Middle Name, Suffix, Applicant ID, Date
of Birth, Gender, City, State, Zip, First Contact with Region, Schedule Date for
Exam, Final Medical Determination (i.e. Pending, Cleared, Not Cleared), Date of
Final Disposition, Clearance Expiration Date, Actual Date of Drug Test
5
Tableau is an application server that connects to AVIATOR via certain database views that provide reporting data
on Fiscal Year hiring goals. Reported data includes quarterly announcement data and aggregate hiring statistics data.
Tableau is not FISMA-reportable; thus it is not a CSAM system. Tableau has a PTA currently under development.
6
The MyAccess system has privacy compliance documents on file. The PTA was adjudication on 12/20/2016 and
the PIA was adjudicated on 5/31/2017.
7
CPDSS is an internal subsystem of the Medical Support System (MSS), which has a PTA on file that was
adjudicated on 9/22/2014.
May 15, 2015
PTA Template v 2.0
5
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
5) Investigations Tracking System (ITS)8: ITS is a web-based application, owned by
the Office of Security and Hazardous Materials Safety (ASH), that records, tracks,
and provides reporting on personnel security investigations and internal
administrative investigations. ITS has an interconnection with AVIATOR to
complete AHR’s mission to properly oversee the ATCS background investigation
process. This includes but is not limited to: SSN, Last Name, First Name, Middle
Name, City, State, Zip, Date of Birth, Gender, Create Date, e-QIP9 Initiated Date,
# Days applicant in e-QIP, # Days applicant with agency, Fingerprint submission
Date, Cleared for Hire Date, Waiver Status, Effective Date of Waiver, Current
Status (will always be applicant)
System Users, Functionality and Transactions
FAA Human Resources (HR) administrative users will login to the internal AVIATOR
system using their Personal Identify Verification (PIV) card. AVIATOR authenticates the
HR administrative user via MyAccess10. HR administrative users include the HR
Specialists who can create a job vacancy, perform qualification reviews and create a
referral list. Each process is discussed below.
Step I, Job Vacancy Creation: No PII is utilized during this step, however the HR pointof-contact’s name and work contact information is listed in the vacancy announcement in
case applicants have questions about the vacancy. The HR Specialist creates a job
vacancy by clicking the Create Case tab and navigating through the pages and prompts of
the module to create the job vacancy including the information to post it to the USAJOBS
site, using the position description library11. Once the case is approved, AVIATOR will
automatically upload the job vacancy announcement data to USAJOBS on the open date
of the job announcement.
Step II, Qualification Reviews: The HR specialist can perform qualification reviews on
submitted applications for a job vacancy announcement which they created and have
access. The HR specialist selects the job vacancy, and navigates to the list of applicants’
names and profiles. The Specialist can select a particular applicant, review the submitted
questionnaire, review the attached documents, and perform any adjudications or
exclusions. The adjudication and exclusions process entails a review by staff within AHR
of the application and supplementary documentation. The AHR staff, then make a
determination based on HR best practices, HR standards, and federal law. This is an
initial AHR vetting process to ensure applications are complete and that individuals meet
basic qualifications before an application is submitted to hiring officials. There are no
8
ITS has a PTA currently under development.
Electronic Questionnaires for Investigations Processing (e-QIP) is the Federal Government’s official employment
system that was designed to facilitate the processing of standard investigative forms used when conducting
background investigations for Federal security, suitability, fitness and credentialing purposes.
10
MyAccess provides a simplified, sign-on process that is designed to verify the identities of – and authentication
for – users accessing FAA applications. The PTA was adjudicated by DOT on 12/20/2016.
11
The Position Description Library (PDLibrary) provides basic features and functions that allow users to look for,
view, and print nationally Standardized Position Descriptions (SPDs) used in the FAA. This program also allows
users to assemble a personal list of SPDs they are most likely to use on a regular basis.
9
May 15, 2015
PTA Template v 2.0
6
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
outputs or reports generated during this review process within the system. In this step, the
following applicant’s information is reviewable by an HR specialist, when applicable:
• Full Name
• Full Address
• DOB
• Home Address
• Email Address
• Phone number(s)
• Citizenship status
• Selective Service status
• Military Service status (for military preference)
• Employment history (i.e. resume)
• Education level (resume, transcripts)
Step III, Referral List Creation: HR specialists can create a referral list of qualified
applicants for a job vacancy announcement on which they have access. The HR Specialist
then selects the vacancy announcement, and navigates to the “create referral list module”
within the system and enters the criteria required to create the list of referred applicants.
The criteria entered is dependent upon the job vacancy to be filled. Each vacancy is
different and the hiring office is looking for different criteria depending on the job. The
HR specialist enters the grade, duty location, and type of referral list they want created.
For example, HR can put multiple duty locations and grades in one announcement.
When HR is ready to generate a referral list, they input the grade/duty location for the
referral list. The system screens the applicants and generates a list. The HR specialist
will provide the hiring manager with the list so they can select an applicant for the
position.
General Public Users
Step I, Application Submission: The applicant enters their username and password into
USAJOBS, which provides the interface for real-time data transfer to the site and is the
interactive display for job seekers. Within USAJOBS, job seekers review FAA job
announcements. When the job seeker elects to apply to a FAA job announcement online,
USAJOBS redirects them to AVIATOR to apply. AVIATOR verifies the job seeker via
USAJOBS Single Sign-On (SSO)12 and downloads the USAJOBS job seekers’ profile
data (full name, full address, country, phone numbers) into AVIATOR and any
supplemental documents that they have attached to the application. The job seeker
completes the FAA job specific questionnaire and submits it along with their
supplementary documents for hiring consideration. AVIATOR displays applicant
questionnaires on various screens and reports and ranks the applicants.
Step II, Application Status Review: A job seeker can assess USAJOBS to check the status
of their application, which will redirect them to the AVIATOR application status page.
12
Single Sign On (SSO) occurs when a user logs in to one application and is then signed in to other applications
automatically, regardless of the platform, technology, or domain the user is using. The user signs in only one time
hence the naming of the feature.
May 15, 2015
PTA Template v 2.0
7
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
AVIATOR verifies the job seeker via USAJOBS SSO and displays a more detailed
description of the application status, which includes but is not limited to: application
complete, application received, application under review, application forwarded to hiring
official, application not forwarded.
Public users access the system via an external Uniform Resource Locators (URL) web
link: https://jobs.faa.gov/aviator, which automatically redirects to USAJOBS.GOV.
Administrative FAA users also access AVIATOR through an internal URL:
https://aviator.faa.gov. These web-links are hosted using Secure Sockets Layer (SSL)
technology. FAA internal access to AVIATOR is role-based and is limited only to staff in
the HR office.
Additionally, when required, the system generates ad hoc reports (encrypted email of
these reports may be sent to applicable hiring offices) in additional to necessary “Referral
List” reports that are subsequently made accessible to hiring managers either via hard
copy or hiring managers have access to view and print forwarded electronically to hiring
managers. The “Referral List” reports contain applicant PII such as name and contact
information. The system uses a database from which to query and review applicant
history and changes that occurred to the system. Server logs can also be pulled manually
and be accessible via the server itself. No automated logs are maintained on the servers.
The system is hosted out of the Enterprise Service Center (ESC) data center located at the
FAA Mike Monroney Aeronautical Center in, Oklahoma City, Oklahoma.
2 INFORMATION MANAGEMENT
2.1
SUBJECTS of Collection
Identify the subject population(s) for whom the system collects, maintains, or
disseminates PII. (Check all that apply)
☒ Members of the public:
☒ Citizens or Legal Permanent Residents (LPR)
☒ Visitors
☒ Members of the DOT Federal workforce
☒ Members of the DOT Contract workforce
2.2
☐ System Does Not Collect PII. If the system does not collect PII, proceed directly
to question 2.3.
What INFORMATION ABOUT INDIVIDUALS will be collected, used, retained, or
generated?
Information about individuals in the AVIATOR system includes but is not limited to the
following:
May 15, 2015
PTA Template v 2.0
8
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
SSN (only required for job series related to ATCS, however it may be contained
on forms or voluntarily included in supplementary documents an applicant
provides with their application)
Full Name
Mailing Address
Telephone Numbers (Home, Work, Cell, Other)
Email Address(es)
Date of Birth
Phone Number(s)
Citizenship Status
Education Records (transcripts)
Work History (resume, SF-5013)
Military Status and Records (DD-21414)
Medical Qualification/Disqualification (for jobs that require medical testing)
Drug Testing (for jobs that require drug testing)
Employment Status and Records (optional)
Race, National Origin, and Disability Information (optional)
Applicant ID (system generated record number)
Internal system users, such as FAA government and contract staff, authenticate using
their PIV-card and MyAccess, thus authentication information including username and
pin number are used by the system.
2.3
Does the system RELATE to or provide information about individuals?
☒ Yes: All subjects of collection voluntarily enter their personally identifiable
information (PII) when applying for a job from an Internet web page interface in
USAJOBS.GOV. Additionally, user name and pin codes are used by System
Administrators to access and utilize the system internally.
☐ No
13
Form SF50 is a federal standard form of the GSA which notates Notification of Personnel Actions of federal
employees. A copy of the form, which displays all required data fields, is located in Appendix 1 of this document.
14
Form DD214 is a federal standard form of the Department or Defense which establishes Proof of Military Service.
A copy of the form, which displays all required data fields, is located in Appendix 2 of this document.
May 15, 2015
PTA Template v 2.0
9
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
If the answer to 2.1 is “System Does Not Collect PII” and the answer to 2.3 is “No”,
you may proceed to question 2.10.
If the system collects PII or relate to individual in any way, proceed to question 2.4.
2.4
Does the system use or collect SOCIAL SECURITY NUMBERS (SSNs)? (This includes
truncated SSNs)
☒ Yes:
Authority: The FAA has the authority to collect and maintain SSN in AVIATOR
under Executive Order 9397, as amended by Executive Order 13478; 5 United States
Code (U.S.C.) 1302, 3109, 3301, 3302, 3304, 3305, 3307, 3309, 3313, 3317, 3318,
3319, 3326, 4103, 5533 and 7201; and 29 CFR 720.301.
Purpose: SSN collection is only required for job series related to ATCS. The
purpose of SSN collection is to uniquely identify applicants for certain job series
related to ATCS in order to verify individuals Air Traffic Control Specialist Skills
Assessment (ATSA) test results for users that have completed testing at an approved
external testing facility. Test scores are kept and matched with SSN to match those
up with the tester. A lower risk solution is currently under consideration by OPM.
Additionally, SSN may be contained on forms or voluntarily included in
supplementary documents an applicant provides with their application. While SSN
may be saved or contained on forms or voluntarily included in supplementary
documents of non-ATCS applicant, it is not a required collection for the AVIATOR
or USAJOBS systems.
2.5
☐ No: The system does not use or collect SSNs, including truncated SSNs. Proceed
to 2.6.
Has an SSN REDUCTION plan been established for the system?
☐ Yes:
☒No: According to the FY2017 SSN Reduction Plan Version 3.0 (pending finalization),
the AVIATOR system (pg. 21) has the authority to contain SSN and will retain SSN,
either the whole number or truncated. SSN has been encrypted in the system and SSN is
contained in one master table and link to other system tables using the system’s
Universally Unique Identifier (UUID).
FAA SSN Reduction
Elimination Plan V3 09
May 15, 2015
PTA Template v 2.0
10
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
2.6
Does the system collect PSEUDO-SSNs?
☒ Yes:
2.7
☐ No: The system does not collect pseudo-SSNs, including truncated SSNs.
Will information about individuals be retrieved or accessed by a UNIQUE
IDENTIFIER associated with or assigned to an individual?
☒ Yes: Data can be retrieved from the system using an individual’s name, SSN, and
applicant ID.
Is there an existing Privacy Act System of Records notice (SORN) for the
records retrieved or accessed by a unique identifier?
☒ Yes:
SORN:
•
OPM/GOVT-5 - Recruiting, Examining, and Placement Records, June 19, 2006
71 FR 35351.
• OPM/GOVT-7 - Applicant Race, Sex, National Origin, and Disability Status
Records, June 19, 2006 71 FR 35356.
• DOT/ALL 13, Internet/Intranet Activity and Access Records, May 7, 2002 67 FR
30757.
☐ No:
Explanation:
Expected Publication:
2.8
☐ Not Applicable: Proceed to question 2.9
Has a Privacy Act EXEMPTION RULE been published in support of any
Exemptions claimed in the SORN?
☒ Yes
Exemption Rule:
OPM/GOVT-5 Exemptions:
“This system contains investigative materials that are used solely to determine the
appropriateness of a request for approval of an objection to an eligible’s qualifications
for Federal civilian employment or vouchers received during the processing of an
application. The Privacy Act, at 5 U.S.C. 552a(k)(5), permits an agency to exempt
such investigative material from certain provisions of the Act, to the extent that
release of the material to the individual whom the information is about would:
a. Reveal the identity of a source who furnished information to the Government
under an express promise (granted on or after September 27, 1975) that the
identity of the source would be held in confidence; or b. Reveal the identity of
a source who, prior to September 27, 1975, furnished information to the
Government under an implied promise that the identity of the source would be
held in confidence. This system contains testing and examination materials
used solely to determine individual qualifications for appointment or
May 15, 2015
PTA Template v 2.0
11
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
promotion in the Federal service. The Privacy Act, at 5 U.S.C. 552a(k)(6),
permits an agency to exempt all such testing or examination material and
information from certain provisions of the Act, when disclosure of the
material would compromise the objectivity or fairness of the testing or
examination process. OPM has claimed exemptions from the requirements of
5 U.S.C. 552a(d), which relate to access to and amendment of records.
The specific material exempted include, but are not limited to, the following:
a. Answer keys.
b. Assessment center exercises.
c. Assessment center exercise reports.
d. Assessor guidance material.
e. Assessment center observation reports.
f. Assessment center summary reports.
g. Other applicant appraisal methods, such as performance tests, work samples
and simulations, miniature training and evaluation exercises, structured
interviews, and their associated evaluation guides and reports.
h. Item analyses and similar data that contain test keys and item response data.
i. Ratings given for validating examinations.
j. Rating schedules, including crediting plans and scoring formulas for other
selection procedures.
k. Rating sheets.
l. Test booklets, including the written instructions for their preparation and
automated versions of tests and related selection materials and their complete
documentation.
m. Test item files.
n. Test answer sheets”
☐ No
Explanation:
Expected Publication:
2.9
☐ Not Applicable: SORN does not claim Privacy Act exemptions.
Has a PRIVACY IMPACT ASSESSMENT (PIA) been published for this system?
☒ Yes: Previously, AVIATOR was named Automated Staffing Application Process
(ASAP) and was a part of the Selection within Faster Time Frame (SWIFT) suite of HR
applications. A PIA was published for SWIFT covering ASAP (now AVIATOR) in
February 6, 2008.
☐ No:
2.10
☐ Not Applicable: The most recently adjudicated PTA indicated no PIA was
required for this system.
Does the system EXCHANGE (receive and/or send) DATA from another INTERNAL
(DOT) or EXTERNAL (non-DOT) system or business activity?
☒ Yes:
May 15, 2015
PTA Template v 2.0
12
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
AVIATOR has an active data exchange with 5 systems:
1) USAJOBS.gov: is the Office of Personnel Management’s (OPM) web-based
application for hiring federal employees. There is a real-time, one-directional data
transfer between AVIATOR and USAJOBS via SSL HTTP. There is no outgoing
PII of AVIATOR data to the USAJOBS.GOV application, however, there is
incoming PII from USAJOBS.GOV to AVIATOR which includes but isn’t
limited to profile and demographic data and documents that contain employment
history, work history, and other PII that a user deems pertinent when applying for
consideration for a federal job vacancy. There is a current agreement between the
FAA and the Office of Personnel Management (OPM)/USAJOBS that outlines
roles and responsibilities, and the service agreements terms.
2) Tableau: The FAA AFN, Information Technology (AIT) Organization’s Tableau
application pulls non-PII data for aggregate reports to formulate business office
visuals and analysis. No PII is exchanged between AVIATOR and Tableau and an
MOU is not required.
3) MyAccess: AVIATOR is PIV-enabled leveraging MyAccess to authenticate the
FAA users accessing the application internally, thus authentication information
including username and pin numbers are used by the system. No MOU is
required for the data exchange with MyAccess.
4) CPDSS: CPDSS is an internal subsystem of the Medical Support System (MSS),
owned by the Office of Aerospace Medicine (AAM) to manage medical clearance
data on FAA covered-position employees (e.g. ATCS, not airmen). CPDSS has an
interconnection with AVIATOR to help support FAA’s mission to streamline the
ATCS onboarding process. CPDSS is used only for a specific position description
related to ATCS. AHR requires certain data from CPDSS to complete this
process, including but not limited to: First Name, Last Name, Middle Name,
Suffix, Applicant ID, Date of Birth, Gender, City, State, Zip, First Contact with
Region, Schedule Date for Exam, Final Medical Determination (i.e. Pending,
Cleared, Not Cleared), Date of Final Disposition, Clearance Expiration Date,
Actual Date of Drug Test.
5) ITS: ITS is a web-based application, owned by the Office of Security and
Hazardous Materials Safety (ASH), that records, tracks, and provides reporting on
personnel security investigations and internal administrative investigations. ITS
has an interconnection with AVIATOR to complete AHR’s mission to properly
oversee the ATCS background investigation process. This includes but is not
limited to: SSN, Last Name, First Name, Middle Name, City, State, Zip, Date of
Birth, Gender, Create Date, e-QIP Initiated Date, # Days applicant in e-QIP, #
Days applicant with agency, Fingerprint submission Date, Cleared for Hire Date,
Waiver Status, Effective Date of Waiver, Current Status (will always be
applicant).
☐ No
May 15, 2015
PTA Template v 2.0
13
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
2.11
Does the system have a National Archives and Records Administration (NARA)approved RECORDS DISPOSITION schedule for system records?
☒ Yes:
Schedule Identifier: National Archives and Records Administration, General
Records Schedule 2.1: Employee Acquisition Records, Approved July 2017.
grs02-1.pdf
Schedule Summary: This schedule covers records agencies create in the process of
hiring employees for Federal civilian service, whether career service, senior executive
service, political appointment, excepted service appointment, or temporary/special
appointment. It also covers records documenting job or position descriptions and
classification. The Office of Personnel Management (OPM) exercises oversight of
many—but not all—Federal agencies’ employee selection processes. Its procedural
rules and best practices are spelled out in its “Delegated Examining Operations
Handbook.” This schedule reflects OPM’s determinations on appropriate records
retention periods.
Records Included:
• Position Descriptions
• Job Vacancy Case Files
• Job application packages
Disposition:
Position Descriptions: Temporary. Destroy when position description is final, but
longer retention is authorized if required for business use. (DAA-GRS-2014-00020003).
Job Vacancy Case Files:
•
•
Records of one-time competitive and Senior Executive Service
announcements/selections: Temporary. Destroy 2 years after selection
certificate is closed or final settlement of any associated litigation; whichever
is later. (DAA-GRS-2014-0002-0006).
Records of standing register competitive files for multiple positions filled over
a period of time: Temporary. Destroy 2 years after termination of register.
(DAA-GRS-2014-0002-0007).
Job Application Packages: Temporary. Destroy 1 year after date of submission.
(DAA-GRS-2014-0002-0011).
☐ In Progress:
☐ No:
May 15, 2015
PTA Template v 2.0
14
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
3 SYSTEM LIFECYCLE
3.1
3.2
The systems development life cycle (SDLC) is a process for planning, creating,
testing, and deploying an information system. Privacy risk can change depending on
where a system is in its lifecycle.
Was this system IN PLACE in an ELECTRONIC FORMAT prior to 2002?
The E-Government Act of 2002 (EGov) establishes criteria for the types of systems
that require additional privacy considerations. It applies to systems established in
2002 or later, or existing systems that were modified after 2002.
☐ Yes:
☒ No:
☐Not Applicable: System is not currently an electronic system. Proceed to Section
4.
Has the system been MODIFIED in any way since 2002?
☒ Yes: The system has been modified since 2002.
☒ Maintenance.
☒ Security.
☐ Changes Creating Privacy Risk:
☒ Other:
• The ASAP application name has been changed to AVIATOR application and has
been updated from the Microsoft Visual Basics platform to the Microsoft .NET
platform.
• The Centralized Applicant Pool System (CAPS), Air Traffic Transfer Program
(ATTP), and Remote Electronic Vacancy Announcements for Merit Promotion
(REVAMP) modules comprising the legacy SWIFT system were sunset15 in 2013.
• In March 2012, AVIATOR was converted from a physical web server
environment to a virtual web server environment.
• In February 2015, AVIATOR was converted from a physical database server
environment to a virtual database server environment.
• In June 2017, a system enhancement took place and included two new system
data exchanges with the ITS and CPDSS systems.
3.3
☐ No: The system has not been modified in any way since 2002.
Is the system a CONTRACTOR-owned or -managed system?
☐ Yes: The system is owned or managed under contract.
15
SDAs are expected to be completed for each module by November 2017.
May 15, 2015
PTA Template v 2.0
15
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
Contract Number:
Contractor:
3.4
☒ No: The system is owned and managed by Federal employees.
Has a system Security Risk CATEGORIZATION been completed?
The DOT Privacy Risk Management policy requires that all PII be protected using
controls consistent with Federal Information Processing Standard Publication 199
(FIPS 199) moderate confidentiality standards. The OA Privacy Officer should be
engaged in the risk determination process and take data types into account.
☒ Yes: A risk categorization has been completed.
Based on the risk level definitions and classifications provided above, indicate
the information categorization determinations for each of the following:
Confidentiality:
Integrity:
Availability:
☐ Low
☒ Moderate
☐ High
☐ Undefined
☐ Low
☒ Moderate
☐ High
☐ Undefined
☐ Low
☒ Moderate
☐ High
☐ Undefined
Based on the risk level definitions and classifications provided above, indicate
the information system categorization determinations for each of the following:
Confidentiality:
Integrity:
Availability:
3.5
☐ Low
☒ Moderate
☐ High
☐ Undefined
☐ Low
☒ Moderate
☐ High
☐ Undefined
☐ Low
☒ Moderate
☐ High
☐ Undefined
☐ No: A risk categorization has not been completed. Provide date of anticipated
completion.
Has the system been issued an AUTHORITY TO OPERATE?
☒ Yes:
Date of Initial Authority to Operate (ATO): 09/29/2015
Anticipated Date of Updated ATO: 09/29/2018
☐ No:
☐ Not Applicable: System is not covered by the Federal Information Security Act
(FISMA).
4 COMPONENT PRIVACY OFFICER ANALYSIS
The Component Privacy Officer (PO) is responsible for ensuring that the PTA is as complete
and accurate as possible before submitting to the DOT Privacy Office for review and
adjudication.
COMPONENT PRIVACY OFFICER CONTACT Information
May 15, 2015
PTA Template v 2.0
16
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
Name:
Email:
Phone Number:
COMPONENT PRIVACY OFFICER Analysis
5 COMPONENT REVIEW
Prior to submitting the PTA for adjudication, it is critical that the oversight offices within
the Component have reviewed the PTA for completeness, comprehension and accuracy.
Component Reviewer
Business Owner
Name
Review Date
Royal Purvis
8/31/2017
None
None
General Counsel
Sarah Leavitt
Privacy Officer
Bud Gordon
Information System
Security Manager (ISSM)
Records Officer
Beth Mathison
9/19/2017
09/08/2017
9/5/2017
Table 1 - Individuals who have reviewed the PTA and attest to its completeness, comprehension and accuracy.
TO BE COMPLETED BY THE DOT PRIVACY OFFICE
Adjudication Review COMPLETED: September 16, 2018
DOT Privacy Office REVIEWER: Claire W. Barrett
DESIGNATION
This is NOT a Privacy Sensitive System – the system contains no Personally
Identifiable Information.
This IS a Privacy Sensitive System
IT System.
National Security System.
Legacy System.
HR System.
Rule.
Other: Study
May 15, 2015
PTA Template v 2.0
17
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
DETERMINATION
PTA is sufficient at this time.
Privacy compliance documentation determination in progress.
PIA
PIA is not required at this time: <>
PIA is required.
System covered by existing PIA: <>
New PIA is required. new collection/analysis of PII
PIA update is required. PIA for predecessor system not sufficient
SORN
SORN not required at this time. <>
SORN is required.
System covered by existing SORN: see referenced SORNs in 2.7
New SORN is required. <>
SORN update is required. SORN incomplete, no ER Rule
May 15, 2015
PTA Template v 2.0
18
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
DOT Chief Privacy Officer Adjudication Statement
The DOT Privacy Office (DOT PO) has determined that the AVIATOR constitutes a privacy sensitive
system.
POA&Ms
•
AR-2(a) - Privacy Impact and Risk Assessment/Risk Assessment
Issue: PTA is incomplete and therefore privacy risk determination and establishment of
appropriate plan is not possible. Requirement. Update internal system management
processes to ensure PTA is complete and accurate prior to submission Timeline: 90 days
prior to next PTA update.
•
AR-2(b) – Privacy Impact and Risk Assessment/PIA
Issue: Current PIA for precursor system is incomplete and does not accurately reflect
AVIATOR: Requirement: Submit PIA to DOT CPO. Timeline: 90 days.
•
SE-1(a) – Inventory of Personally Identifiable Information/Inventory
Issue: reference is made to generic SSN reduction plan, however no specific activities vis-à-vis
this system for reducing SSN holdings is identified. Requirement: Establish system specific SSN
reduction plan. Timeline: 90 days. Requirement: Update CSAM record to reflect system SSN
reduction activities. Timeline: 30 days from issuance of DOT guidance for maintaining SSN
reduction plan in CSAM.
NOTE: In addition to records created in support of the primary functions of the system, information
about users of the system are collected for the purposes of creating and maintaining accounts. These
records are protected under the Privacy Act and must be maintained in accordance with DOT/ALL 13 Internet/Intranet Activity and Access Records - 67 FR 30757 - May 7, 2002.
The Adjudicated PTA should be uploaded into CSAM as evidence that the required privacy analysis for
this system has been completed.
The PTA should be updated not later than the next security certification and accreditation (C&A) cycle
and must be approved by the DOT PO prior to the accreditation decision. Component policy or
substantive changes to the system may require that the PTA be updated prior to the next C&A cycle.
May 15, 2015
PTA Template v 2.0
19
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
Appendix 1. Office of Personnel Management -Standard Form 50
May 15, 2015
PTA Template v 2.0
20
DOT Privacy Program
FAA/AVIATOR
Privacy Threshold Assessment (PTA)
Appendix 2. Office of Personnel Management -Standard Form 50
May 15, 2015
PTA Template v 2.0
21
File Type | application/pdf |
File Title | PTA-AHR-AVIATOR-9/15/2017 |
Author | Barrett, Claire (OST) |
File Modified | 2018-10-24 |
File Created | 2018-09-17 |