Privacy
The DHS Privacy Office is responsible for evaluating the Department programs, systems, and initiatives for potential privacy impacts, and providing strategies to reduce the privacy impact.
-
DHS/CISA/PIA-017 National Infrastructure Coordinating Center Suspicious Activity Reporting Initiative
The Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) Office of Infrastructure Protection (IP) National Infrastructure Coordinating Center (NICC) is publishing this PIA to reflect activities under its Suspicious Activity Reporting (SAR) Initiative. The NICC SAR Initiative serves as a mechanism by which a report involving suspicious behavior related to an observed encounter or reported activity is received and evaluated to determine its potential nexus to terrorism. NICC is conducting this PIA because SAR occasionally contain personally identifiable information (PII) and NICC will be collecting and contributing SAR data for reporting and evaluation proceedings. DHS is updating this PIA to clarify that Redacted NICC Patriot Reports are reports that have been scrubbed of any identifiable information to include business and PII.
-
DHS/CISA/PIA 018 Chemical Facility Anti-Terrorism Standards Personnel Surety Program
The Department of Homeland Security (DHS) / Cybersecurity and Infrastructure Security Agency (CISA) / Infrastructure Security Division (ISD) / Infrastructure Security Compliance Division (ISCD) is conducting this Privacy Impact Assessment (PIA) to detail the privacy impact associated with the Chemical Facility Anti-Terrorism Standards (CFATS) Personnel Surety Program and the required security assessments performed by high-risk chemical facilities. This PIA: (1) consolidates the original PIA published in May 2011 along with multiple updates since published, and (2) provides notice that CISA is commencing full implementation of the CFATS Personnel Surety Program at all high-risk chemical facilities, to now include Tier 3 and Tier 4 chemical facilities.
-
DHS/CISA/PIA-019 Ammonium Nitrate Security Program
The Department of Homeland Security (DHS or the Department), Cybersecurity and Infrastructure Security Agency (CISA), is publishing this Privacy Impact Assessment (PIA) to provide a comprehensive analysis of the proposed Ammonium Nitrate Security Program. The proposed Ammonium Nitrate Security Program seeks to prevent the misappropriation or use of ammonium nitrate in an act of terrorism by regulating the sale and transfer of ammonium nitrate by ammonium nitrate facilities (AN Facilities). This PIA provides transparency into how the proposed Ammonium Nitrate Security Program will support the homeland security and infrastructure protection missions of DHS/CISA through the collection of personally identifiable information (PII), and describes reasonable mitigation solutions proposed to be implemented to address privacy and security risks. This PIA will be updated with any changes to the program concurrently with the rulemaking process.
-
DHS/CISA/PIA-023 CISA Gateway
The U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Infrastructure Security Division (ISD) maintains the CISA Gateway, a system formerly known as Infrastructure Protection (IP) Gateway, a web-based portal that supports the collection, analysis, and dissemination of critical infrastructure information. CISA published the original IP Gateway Privacy Impact Assessment (PIA) in 2015 and provided a subsequent update in 2018. CISA is updating and reissuing DHS/CISA/PIA-023 to document a new sign-on mechanism, an interface with a two-factor authentication system, migration to a cloud environment, a system name change from IP Gateway to CISA Gateway, and to reflect the agency name change from the National Protection and Programs Directorate (NPPD) to CISA. This PIA reflects these updates and fully re-assesses privacy risks and mitigations for the system.
-
DHS/CISA/PIA-026 National Cybersecurity Protection System (NCPS)
The National Cybersecurity Protection System (NCPS) is an integrated system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that are used to defend the federal civilian government’s information technology infrastructure from cyber threats. The NCPS includes the hardware, software, supporting processes, training, and services that are developed and acquired to support its mission. The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), National Cyber Security Division (NCSD) is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected by the NCPS, or through submissions of known or suspected cyber threats received by the United States–Computer Emergency Readiness Team (US-CERT) for analysis. This PIA will serve as a replacement for previously published PIAs submitted by NSCD for the 24/7 Incident Handling Center (March 29, 2007), and the Malware Lab Network (May 4, 2010), and is a program-focused PIA to better characterize the efforts of NCPS and US-CERT.
-
DHS/CISA/PIA-027 EINSTEIN 3 Accelerated
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is conducting this Privacy Impact Assessment (PIA) Update to describe the addition of a new intrusion prevention security service, known as Web Content Filtering (WCF), to the EINSTEIN 3 Accelerated (E3A) program. WCF provides protection at the application layer for web traffic by blocking access to suspicious websites, preventing malware from running on systems and networks, and detecting and blocking phishing attempts as well as malicious web content. This service will be added to the existing E3A intrusion prevention security services that are already in place and are described in the original E3A PIA published April 19, 2013.
-
DHS/CISA/PIA-029 Automated Indicator Sharing
The Department of Homeland Security (DHS) National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities. These cyber threat indicators and defensive measures are shared consistent with the need to protect information systems from cybersecurity threats, mitigate cybersecurity threats, and comply with any other applicable provisions of law authorized by the Cybersecurity Information Sharing Act of 2015 (CISA) in a manner that ensures appropriate incorporation of privacy, civil liberties, and other compliance protections. Central to the AIS initiative and consistent with the requirements of CISA, the DHS National Cybersecurity and Communications Integration Center (NCCIC) serves as the centralized hub for exchanging cybersecurity threat information using a DHS-accredited infrastructure. NPPD is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be submitted as part of or accompanying a cyber threat indicator or defensive measure. This PIA updates and retires DHS/NPPD/PIA-029 Automated Indicator Sharing PIA, issued October 28, 2015.
-
DHS/CISA/PIA-030 Continuous Diagnostics and Mitigation (CDM)
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Division (CSD) developed the Continuous Diagnostics and Mitigation (CDM) program to support government-wide and agency-specific efforts to implement adequate, risk-based, and cost-effective cybersecurity. CDM provides continuous monitoring, diagnostics, and mitigation tools and services to strengthen the security posture of participating federal civilian departments and agencies’ systems and networks through the establishment of a suite of capabilities that enables network security officials and administrators to know the state of their respective networks at any given time, informs Chief Information Officers (CIO) and Chief Information Security Officers (CISO) on the relative risks of threats, and makes it possible for government personnel to identify and mitigate vulnerabilities. This PIA Update is being conducted to assess the privacy risks related to the CDM Shared Service Platform, which makes CDM capabilities available for use by non-Chief Financial Officer (CFO) Act agencies. The Shared Service Platform is provided to non-CFO Act agencies using a third-party contractor to CISA that connects the agency’s network(s) to the platform. Additionally, this PIA Update examines the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) capability. The CDM AWARE capability allows participating agencies to better assess and prioritize cybersecurity risks by assigning a risk score to agency vulnerabilities.
-
DHS/CISOMB/PIA-001 – Ombudsman Case Assistance Analytic Data Integration System
The U.S. Department of Homeland Security (DHS), Office of the Citizenship and Immigration Services Ombudsman (CISOMB) as mandated by Section 452 of the Homeland Security Act of 2002, is an independent office that reports directly to the Deputy Secretary of Homeland Security. CISOMB’s mission is to: (1) assist individuals and employers who are experiencing difficulty resolving immigration benefit-related matters with U.S. Citizenship and Immigration Services (USCIS); (2) identify systemic challenges or trends with the delivery of immigration benefits; and (3) propose changes to mitigate those issues pursuant to 6 U.S.C. § 272(b). To accomplish this mission, CISOMB uses the Case Assistance Analytics and Data Integration (CAADI) system to process, track, and respond to requests for assistance, and to manage the workflow of cases.
-
DHS/FEMA/PIA-001 EP&R Individual Assistance Privacy Impact Assessment
DHS/FEMA/PIA-001 EP&R Individual Assistance Privacy Impact Assessment