SSN Justification Memo

Download: docx | pdf

MEMORANDUM FOR DEFENSE PRIVACY CIVIL LIBERTIES AND TRANSPARARENCY DIVISION

SUBJECT: Social Security Number Justification for DLA Form 1822, “End-Use Certificate.”

Department of Defense Instruction (DoDI) 1000.30. “Reduction of Social Security Number (SSN) Use Within DoD,” (August 1, 2012), requires all DoD personnel to reduce or eliminate the use of SSNs where possible, except when the use of the SSN meets one or more of the acceptable use criteria DoDI 100.30 establishes. To continue use of the SSN in a system or form, DLA must provide a memorandum justifying the continued use to the Defense Privacy, Civil Liberties, Transparency Division.

This memorandum serves to justify the continuing need of collecting using SSNs for DLA Form 1822, End-Use Certificate.” DLA Forms 1822 are stored in the DLA Criminal Incident Reporting System (DCIRS) Information System which has a Privacy Impact Assessment (PIA), and maintains records from the following DLA Privacy Act Systems of Records Notices (SORNs):

S500.20 – DLA Criminal Incident Reporting System Records

S640.45 – End Use Certificates

Please note that DLA is working to update the above referred SORNs. When the revised SORNs are published a revised SSN Justification Memo will be provided.

Under the DoDI 1000.30, Enclosure 2, section 2, paragraph c, there are 13 designated acceptable uses for SSNs. The designated acceptable uses for DLA Form 1822, “End-Use Certificate,” is as follows:

“(2). Law Enforcement, National Security, and Credentialing. Almost every law enforcement application available to Federal, State and local law enforcement and other criminal justice agencies report and track individuals making applicable information available to other agencies, using the SSN. This includes, but is not limited to, checks of the Nation Crime Information Center: State criminal histories: and Federal Bureau of Investigation records checks.”

“(3) Security Clearance Investigation or Verification. The initiation, conduct, adjudication, verification, quality assurance, billing fund control of background investigations and security clearances requires the use of the SSN. The SSN is the single identifier that links all the aspects of these investigations together. This use case is also linked to other Federal agencies that continue to use the SSN as a primary identifier.”

“DLA Form 1822, “End-Use Certificate,” is used in the management of transfers of DoD Export-Controlled Personal Property (articles, items, technical data and software to determine bidder or transferee eligibility to receive DoD personal property and to ensure that transferees comply with terms of the sales regarding end-use of the DoD personal property. Transfers of DoD personal property includes information necessary for the development, production, or use of an item. Records are used in the management of the property disposal program and in connection with Military Critical Technical Data Agreements to determine bidder/transferee eligibility to receive export-controlled DoD personal property. The purpose of which is to ensure that transferees comply with the terms of the sale or transfer regarding end-use of the property/data.

The SORNs used in association with DLA Form 1822, “End-Use Certificate,” cite several authorities for the collection and maintenance of records it contains. These include: 10 U.S.C. Sec. 133b, “Under Secretary of Defense for Acquisition and Sustainment;” ss U.S.C. Chapter 39, Arms Export Control;” 50 U.S.C. Chapter 58, Export Control Reform;” Executive Order 13478, Amendments to Executive Oder 9397 Relating to Federal Agency Use of Social Security Numbers;” Executive Order 13222, “Continuation of Export Control Regulation, “ as amended; Executed Order 12738, Administration of foreign assistance and related functions and arms export controls,” amended; Executive Oder 12981, “ Administration of Export Controls,” as amended 22 CFR Part 122, Registration of Manufacturers and Exporters;” 15 CFR Part 762, Recordkeeping;” 41 CFR Part 101, “Regulation System,” and 41 CFR Part 102, Federal Management Regulation System;” DoD Instruction 2030.08, “Implementation of Trade Security Controls (TSC) for Transfers of DoD Personal Property to Parties Outside DoD Control;” DoD Directive2040.3. “End-Use Certificates (EUCs);” DoD Instructions 2040.02, “International Transfer of Technology, Article, Articles, and Services;” DoD Instruction 4161.02, “Accountability and Management of Government Contract Property,” DoD Intruction5240.04, “Counterintelligence (CI) Investigations;” and DoD Instruction 5505.02, “Criminal Investigations of Fraud Offenses.”

Information collected directly from the public is captured via DLA Form 1822, “End-Use Certificate.” This collection is in accordance with Sections 3501-3520 of the Paperwork Reduction Act and has an OMB Collection Number (0704-0382).

DLA Office of the Inspector General gather this information and safeguards it. DLA Form 1822 is stored in the DCIRS information system and will be protected by DLA policies on Information Assurance. All infrastructure supporting the DCIRS information system will have all applicable Security Technical Implementation Guides (STIGs), checklists, and vulnerability scans applied. Additionally, only DLA Office of the Inspector General are authorized access to DCIRS information system. Personnel are vetted by the designated DCIRS information system application administrative officer, prior to granting access to the system. Access will solely be via Common Access Card (CAC) authentication. Insider and outsider threats for information theft, hacking, etc., are mitigated using encryption, CAC authentication requirements, unique user identification and passwords in addition to CAC authentication where required, and ensuring compliance with information assurance and other DoD Directives, polices, and procedures. The assigned Information System Security Manager (ISSM) reviews associated risks and provides detailed information to both the DLA Chief Privacy and FOIA Officer and the DLA decision authority for acceptable/non-acceptable use and maintains applicable Plan of Action and Milestones for security and privacy controls. Significant changes to the DCIRS information system are reviewed by the DLA CIO and the DLA Chief Privacy and FOIA Officer.

My signature below constitutes approval and justification for continued use and collection of SSNs on the DLA Form 1822 and/in the DCIRS information system

My points of contacts are Mr. Thomas Presley (DLA Form 1822) at 571-767-8144, DSN 392-8144, e-mail: [email protected]: and Mr. Jerold Unruh (DCIRS Information System/DLA OIG) at (571)767-5454, DSN 392-5454, email: [email protected].

LEWIS OLEINICK, CIPP/US/G

DLA Chief FOIA and Privacy Officer

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	MEMORANDUM FOR
Author	OUSD(AT&L)
File Modified	0000-00-00
File Created	2025-01-01