Download:
pdf |
pdfDEFENSE LOGISTICS AGENCY
HEADQUARTERS
8725 JOHN J. KINGMAN ROAD
FORT BELVOIR, VIRGINIA 22060-6221
MEMORANDUM FOR DEFENSE PRIVACY CIVIL LIBERTIES AND TRANSPARENCY
DIVISION
SUBJECT: Social Security Number Justification for DLA Form 1822, “End-Use Certificate.”
Department of Defense Instruction (DODI) 1000.30, “Reduction of Social Security
Number (SSN) Use Within DoD,” (August 1, 2012), requires all DoD personnel to reduce or
eliminate the use of SSNs wherever possible, except when the use of the SSN meets one or
more of the acceptable use criteria DoDI 1000.30 establishes. To continue use of the SSN in a
system or form, DLA must provide a memorandum justifying the continued use to the
Defense Privacy, Civil Liberties, and Transparency Division.
This memorandum serves to justify the continuing need for the collection and use of
the SSN for DLA Form 1822, “End-Use Certificate.” DLA Forms 1822 are stored in the
DLA Criminal Incident Reporting System (DCIRS) information system which has a Privacy
Impact Assessment (PIA) and which maintains records from the following DLA Privacy Act
systems of records notices (SORNs):
S500.20 – DLA Criminal Incident Reporting System Records
S640.45 – End Use Certificates
Please note that DLA is working to update the above referenced SORNs. When the revised
SORNs are published a revised SSN Justification Memo will be provided.
Under the DODI 1000.30, Enclosure 2, section 2, paragraph c, there are 13 designated
acceptable uses for SSNs. The designated acceptable uses for DLA Form 1822, “End-Use
Certificate,” is as follows:
“(2). Law Enforcement, National Security, and Credentialing. Almost every law
enforcement application available to Federal, State, and local law enforcement and
other criminal justice agencies reports and tracks individuals, and makes
application information available to other agencies, through the use of the SSN. This
includes, but is not limited to, checks of the National Crime Information Center;
State criminal histories; and Federal Bureau of Investigation records checks.”
“(3). Security Clearance Investigation or Verification. The initiation, conduct,
adjudication, verification, quality assurance, and billing fund control of background
investigations and security clearances requires the use of the SSN. The SSN is the
single identifier that links all of the aspects of these investigations together. This use
case is also linked to other Federal agencies that continue to use the SSN as a
primary identifier.”
DLA Form 1822, “End-Use Certificate,” is used in the management of transfers of
export-controlled personal property and technical data to determine bidder or transferee
eligibility to receive export-controlled property and technical data, and to ensure that
transferees comply with the terms of the sale or transfer regarding end use of the property
and technical data. Transfers of export-controlled personal property/technical data
includes information necessary for the development, production, or use of an item.
2
Records are used in the management of the property disposal program and in connection
with Military Critical Technical Data Agreements to determine bidder/transferee
eligibility to receive export-controlled personal property and technical data. The purpose
of which is to ensure that transferees comply with the terms of the sale or transfer
regarding end use of the property/data.
The SORNs used in association with DLA Form 1822, “End-Use Certificate,” cite
several authorities for the collection and maintenance of the records it contains. These include:
10 U.S.C. Sec. 133b, “Under Secretary of Defense for Acquisition and Sustainment;” 22
U.S.C. Chapter 39, “Arms Export Control;” 50 U.S.C. Chapter 58, “Export Control
Reform”; Executive Order 13478, “Amendments to Executive Order 9397 Relating to
Federal Agency Use of Social Security Numbers;” Executive Order 13222, “Continuation
of Export Control Regulations,” as amended; Executive Order 12738, “Administration of
foreign assistance and related functions and arms export controls,” as amended; Executive
Order 12981, “Administration of Export Controls,” as amended; 22 CFR Part 122,
“Registration of Manufacturers and Exporters;” 15 CFR Part 762, “Recordkeeping;” 41
CFR Part 101, “Regulation System,” and 41 CFR Part 102, “Federal Management
Regulation System;” DoD Instruction 2030.08, “Implementation of Trade Security Controls
(TSC) for Transfers of DoD Personal Property to Parties Outside DoD Control;” DoD
Directive 2040.3, “End-Use Certificates (EUCs);” DoD Instruction 2040.02, “International
Transfers of Technology, Articles, and Services;” DoD Instruction 4161.02,
“Accountability and Management of Government Contract Propert;” DoD Instruction
5240.04, “Counterintelligence (CI) Investigations;” and DoD Instruction 5505.02,
“Criminal Investigations of Fraud Offenses.”
Information collected directly from the public is captured via DLA Form 1822, “EndUse Certificate.” This collection is in accordance with Sections 3501-3520 of the Paperwork
Reduction Act and has an OMB Collection number (0704-0382).
DLA Office of the Inspector General gather this information and safeguards it. DLA
Form 1822 is stored in the DCIRS information system and will be protected by DLA policies
on Information Assurance. All infrastructure supporting the DCIRS information system will
have all applicable Security Technical Implementation Guides (STIGs), checklists, and
vulnerability scans applied. Additionally, only DLA Office of the Inspector General are
authorized access to the DCIRS information system. Personnel are vetted by the designated
DCIRS information system application administrative officer, prior to granting access to the
system. Access will be solely via Common Access Card (CAC) authentication. Insider and
outsider threats for information theft, hacking, etc., are mitigated through the use of
encryption, CAC authentication requirements, unique user identification and passwords in
addition to CAC authentication where required, and ensuring compliance with information
assurance and other DOD Directives, policies, and procedures. The assigned Information
System Security Manager (ISSM) reviews associated risks and provides detailed information
to both the DLA Chief Privacy and FOIA Officer and the DLA decision authority for
acceptable/non-acceptable use and maintains applicable Plan of Action and Milestones
(POA&M) for security and privacy controls. Significant changes to the DCIRS information
system are reviewed by the DLA CIO and the DLA Chief Privacy and FOIA Officer.
3
My signature below constitutes approval and justification for continued use and
collection of SSNs on the DLA Form 1822 and in the DCIRS information system.
My points of contact are Mr. Steven Nace (DLA Form 1822) at (571)767-6582, DSN
392-6582, e-mail: [email protected]; and Mr. Jerold Unruh (DCIRS information
system/DLA OIG), at or (571)767-5454, DSN 392-5454, email: [email protected].
Digitally signed by
OLEINICK.LEWIS OLEINICK.LEWIS.W.128675193
4
.W.1286751934 Date: 2019.02.20 09:25:52
-05'00'
LEWIS OLEINICK, CIPP/US/G
DLA Chief FOIA and Privacy Officer
File Type | application/pdf |
File Title | Microsoft Word - SSN Justification Memo for End Use Certificate 02202019.docx |
Author | RDP0004 |
File Modified | 2019-02-20 |
File Created | 2019-02-20 |