Pta

Project or Program Name:

Mitigation (MT) Electronic Grants (eGrants)

Component:

Office or Program:

Federal Insurance and Mitigation Administration (FIMA)

Xacta FISMA Name (if applicable):

MT eGrants

Xacta FISMA Number (if applicable):

FEM-01843-MAJ-01843

Type of Project or Program:

Project or program status:

Date first developed:

August 1, 2003

Pilot launch date:

Click here to enter a date.

Date of last PTA update

February 10, 2011

Pilot end date:

Click here to enter a date.

ATO Status (if applicable)

ATO expiration date (if applicable):

July 15, 2016

Name:

Jennifer East

Office:

Risk Reduction/GDAT

Title:

System Team Lead

Phone:

202-646-2908

Email:

[email protected]

Name:

John Fowler

Phone:

202-264-2679

Email:

[email protected]

1. Reason for submitting the PTA:

The Federal Insurance and Mitigation Administration (FIMA) own and operate the Mitigation (MT) Electronic Grants (eGrants) system. FIMA conducts this MT eGrants PTA during this ongoing Security Authorization renewal process and as part of OMB ICR No. 1660-0072 review, update, and renewal process.

MT eGrants is both an internal (government-facing) system and an external facing system. This system is also part of OMB ICR No. 1660-0072. Grant applicants and sub-applicants (States, Federally-recognized Indian Tribal governments, territories, and local governments) access the external site to submit their applications. FEMA staff use the internal systems to review the applications and to award and monitor awarded grants. MT eGrants processes applications for the following components of the Hazard Mitigation Assistance (HMA) grant programs: Pre-Disaster Mitigation (PDM), Flood Mitigation Assistance (FMA), Repetitive Flood Claims (RFC) and Severe Repetitive Loss (SRL). During the application process, the grant applicant provides personally identifiable information (PII) of its point of contacts (POCs) for the sole purpose of correspondence between FEMA and the applicant. Also, MT eGrants collects the name, address, other property information such as the flood insurance policy information for the purpose of determining HMA funding eligibility and to prevent duplication of benefits. There are no forms associated with OMB ICR No. 1660-0072.

MT eGrants currently has coverage by the DHS/FEMA/PIA-006 FEMA National Emergency Management Information System MT eGrants System Privacy Impact Assessment (PIA) and the DHS/FEMA-009 Hazard Mitigation Assistance (HMA) Grant Programs System of Records System of Records Notice (SORN), 77 Fed. Reg. 17,783 (July 23, 2012).(PLEASE NOTE THAT THIS SORN IS BEING REVISED)

Individuals access MT eGrants through the FEMA Authentication and Provisioning Services (APS). FEMA APS is currently covered by the DHS/FEMA/PIA-031 Authentication and Provisioning Services (APS) PIA and the DHS/ALL-004 General Information Technology Access Account Records System (GITAARS) SORN 77 Fed. Reg. 70,792 (Nov. 27, 2012).

FIMA shares MT eGrant information with the FEMA Enterprise Data Warehouse (EDW). FIMA shares this information with EDW for storage and reporting purposes. The FEMA EDW is currently covered by the DHS/FEMA/PIA-026 Operational Data Store and Enterprise Data Warehouse PIA.

2. Does this system employ any of the following technologies:

If you are using any of these technologies and want coverage under the respective PIA for that technology please stop here and contact the DHS Privacy Office for further guidance.

Closed Circuit Television (CCTV)

Social Media

Web portal¹ (e.g., SharePoint)

Contact Lists

None of these

2. From whom does the Project or Program collect, maintain, use, or disseminate information?

Please check all that apply.

This program does not collect any personally identifiable information²

Members of the public

DHS employees/contractors (list components):

Contractors working on behalf of DHS

Employees of other federal agencies

2. What specific information about individuals is collected, generated or retained?

The FEMA MT eGrants system collects the following information from individual property owners that are included in a state’s HMA Grant Program grant application: name, telephone number(s) (home, work/business, and/or mobile), property address(es) (damaged, mailing, and email), flood insurance policy number, flood insurance policy provider, flood insurance policy/coverage status.

The FEMA MT eGrants system also collects the following point of contact information from grant applicants: name, work/business address, work/business telephone number, and work/business email address.

4(a) Does the project, program, or system retrieve information by personal identifier?

No. Please continue to next question.

Yes. If yes, please list all personal identifiers used:

4(b) Does the project, program, or system use Social Security Numbers (SSN)?

No.

Yes.

4(c) If yes, please provide the specific legal basis and purpose for the collection of SSNs:

Click here to enter text.

4(d) If yes, please describe the uses of the SSNs within the project, program, or system:

Click here to enter text.

4(e) If this project, program, or system is an information technology/system, does it relate solely to infrastructure?

For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)?

No. Please continue to next question.

Yes. If a log kept of communication traffic, please answer the following question.

4(f) If header or payload data³ is stored in the communication traffic log, please detail the data elements stored.

Click here to enter text.

2. Does this project, program, or system connect, receive, or share PII with any other DHS programs or systems⁴?

No.

Yes. If yes, please list:

FEMA’s Enterprise Data Warehouse

2. Does this project, program, or system connect, receive, or share PII with any external (non-DHS) partners or systems?

No.

Yes. If yes, please list:

Click here to enter text.

6(a) Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)?

Please describe applicable information sharing governance in place:

7. Does the project, program, or system provide role-based training for personnel who have access in addition to annual privacy training required of all DHS personnel?

No.

Yes. If yes, please list:

http://www.fema.gov/mitigation-egrants-system-0

8. Per NIST SP 800-53 Rev. 4, Appendix J, does the project, program, or system maintain an accounting of disclosures of PII to individuals who have requested access to their PII?

No. What steps will be taken to develop and maintain the accounting:

Yes. In what format is the accounting maintained: MT eGrants audit logs are generated via syslog. The audit records capture event information including user account name, user IP address, timestamp of event, and type of event. MT eGrants administrators following the Enterprise Audit Logging SOP, dated April 30, 2012.

8. Is there a FIPS 199 determination?⁴

Unknown.

No.

Yes. Please indicate the determinations for each of the following:

Confidentiality:

Low Moderate High Undefined

Integrity:

Low Moderate High Undefined

Availability:

Low Moderate High Undefined

Component Privacy Office Reviewer:

LeVar J. Sykes

Date submitted to Component Privacy Office:

Click here to enter a date.

Date submitted to DHS Privacy Office:

Click here to enter a date.

Component Privacy Office Recommendation:

Please include recommendation below, including what new privacy compliance documentation is needed.

The FEMA Privacy Office recommends that FEMA MT eGrants be classified as a Privacy Sensitive System with coverage by the following existing PIA and SORN:

PIA: DHS/FEMA/PIA-006 National Emergency Management Information System Mitigation (MT) Electronic Grants (eGrants) System

SORN: DHS/FEMA-009 – HMA Grant Programs SORN, 77 Fed Reg. 17,783 (July 23, 2012).

DHS Privacy Office Reviewer:

Click here to enter text.

PCTS Workflow Number:

Click here to enter text.

Date approved by DHS Privacy Office:

Click here to enter a date.

PTA Expiration Date

Click here to enter a date.

Privacy Sensitive System:

If “no” PTA adjudication is complete.

Category of System:

If “other” is selected, please describe: Click here to enter text.

Determination: PTA sufficient at this time.

Privacy compliance documentation determination in progress.

New information sharing arrangement is required.

DHS Policy for Computer-Readable Extracts Containing Sensitive PII applies.

Privacy Act Statement required.

Privacy Impact Assessment (PIA) required.

System of Records Notice (SORN) required.

Paperwork Reduction Act (PRA) Clearance may be required. Contact your component PRA Officer.

A Records Schedule may be required. Contact your component Records Officer.

PIA:

If covered by existing PIA, please list: Click here to enter text.

SORN:

If covered by existing SORN, please list: Click here to enter text.

DHS Privacy Office Comments:

Please describe rationale for privacy compliance determination above.

Click here to enter text.