SSN Justification

DEPARTMENTS OF THE ARMY AND AIR FORCE
ARMY & AIR FORCE EXCHANGE SERVICE
Office of the General Counsel
P.O. Box 650060
Dallas, TX 75265-0060

GC-C

01 AUG 2019

MEMORANDUM THRU:
Army Privacy Office (AAHS-RDF), 9301 Chapek Rd. Bldg. 1458 Fort Belvoir, VA 22060-5605
FOR Defense Privacy, Civil Liberties and Transparency Division, 4800 Mark Center Drive,
Alexandria, VA 22350-3100
SUBJECT: Justification for the Use of the Social Security Number (SSN); Exchange Form
3900-002 “Trusted Associate Sponsorship Systems (TASS), Exchange Form
3900-006 “Background Check for Vendors/Contractors”, Exchange Form 3900013 “e-QIP Request Form; AAFES Resource Onboarding Application (ROBA)
Web-based system; and AAFES Electronic system of Personnel Security
Clearance Case Files.
1. This memorandum is to satisfy the requirements of DoDI 1000.30, “Reduction of Social
Security Number (SSN) Use Within the DoD,” requiring justification to collect and use the SSN.
2. AAFES System for Personnel Security Clearance Case Files consists of information collected
from persons affiliated with AAFS by assignment, employment, contractual relationship, or as
the result of an inter-service support agreement. Records contain security clearance
determination that have been completed, in process, or pending.
AAFES uses the SSN to aid the Exchange Force Protection in determining and providing
security clearance for individuals stationed at AAFES facilities. This includes providing security
clearance, denial of clearance, or removal of clearance into classified locations or sensitive
positions.
3. The applicable acceptable uses for collection and use of the SSN are (2) Law Enforcement,
National Security, and Credentialing, (3) Security Clearance Investigation or Verification, (4)
Interactions with Financial Institutions, (5) Confirmation of Employment Eligibility, (8)
Computer Matching, and (9) Foreign Travel. Information collected and maintained is obtainable
by the individual’s name or SSN. SSN collected is used to assist in the location of all relevant
data within AAFES and outside sources associated with reviewing the individual’s criteria,
background, and trustworthiness for security clearance and providing such clearance.
4. The System of Records Notice (SORNs) associated with the AAFES Personnel
Security Clearance is AAFES 1703.03, “Personnel Security Clearance Case Files.” AAFES
systems are stand-alone .com technology and not part of Department of Defense Business
Information Systems. Therefore, there is not DIPTR number to provide.

GC-C
SUBJECT: Justification for the Use of the Social Security Number (SSN); Exchange Form
3900-002 “Trusted Associate Sponsorship Systems (TASS), Exchange Form 3900-006
“Background Check for Vendors/Contractors”, Exchange Form 3900-013 “e-QIP Request Form;
AAFES Resource Onboarding Application (ROBA) Web-based system; and AAFES Electronic
system of Personnel Security Clearance Case Files.
5. The prescribing directives for the AAFES Forms 3900-002, 3900-006 and 3900-013 and the
collection of information on the AAFES Resource Onboarding Application (ROBA) Web-based
system is DoDI 5200.01, May 1, 2018, DoD Information Security Program and Protection of
Sensitive Compartmental Information and DoDI 5200.02, May 11, 2018, DoD Personnel
Security Program (PSP). Appropriate authorities supporting collection of the SSN are: Title 10
U.S.C. 7013, Secretary of the Army; Title 10 U.S.C. 9013, Secretary of the Air Force; Executive
Order 10450, Security Requirements for Government Employment; Department of Defense
5200.02-R, DoD Personnel Security Program; Army Regulation 215-8/AFI 34-211(I), Army and
Air Force Exchange Service Operations; Army Regulation 380.67, Personnel Security Program;
Air Force Instruction 31-501, Personnel Security Program Management; Air Force Instruction
31-401, Information Security Program Management; and E.O. 9397 (SSN), as amended.
6. The security clearance files are not made publically available. Only personnel with a need to
know have access to these files. A thorough effort has been made to evaluate the risk associated
with the use of the SSN. Paper and electronic copies of the applications are disposed of as
required by the records disposition schedule. Personnel monitoring, reviewing, or using the
applications are required to follow the established safeguards to protect individual’s privacy.
Administrative, technical, and physical safeguards are in place limiting access to personnel
with an official need to know. AAFES conducts periodic security audits and regular monitoring
to prevent unauthorized access. Two-point login criteria exists for assessing system, using
official AAFES username and password. Intrusion detection systems, encryption and firewall
protection furtherly protects unauthorized access. Physical safeguards include security guards,
identification badges, key cards, safes, and cipher locks. Hard copy files are kept in secured areas
under lock and key accessible only to authorized individuals.
7. My POC is Ms. Teresa Schreurs, Paralegal, Privacy Manager, [email protected], 214312-6103.

On behalf of:
TROY C. WALLACE
Deputy General Counsel
Office of the General Counsel

2