Summary of Security Requirements for



SECURITY ADDENDUM:

DEPARTMENT OF EDUCATION COMPUTER MATCH

WITH THE NATIONAL DIRECTORY OF NEW HIRES (NDNH)

BACKGROUND

Under provisions of Public Law 106-113, signed into law on 29 November 1999, the Department of Education (ED) was granted access to information resulting from comparisons between the National Directory of New Hires (NDNH) and data furnished by ED. This information will assist ED in the collection of defaulted student loans. The enabling legislation contained a number of specific safeguarding provisions to protect the privacy of the matched data. In addition, the comparison of information provided by ED with NDNH data constitutes a “matching program” within the meaning of the Privacy Act of 1974. 5 U.S.C. 552a(a)(8)(A)(i)(II). The Privacy Act requires that a matching agreement specify administrative, technical, and physical safeguards for the records matched and the results of the matching program. 5 U.S.C. 552a(o)(1)(G).

2 PURPOSE

ED has in place an overall security plan prepared by Student Financial Assistance (SFA). A copy of that plan has been provided to OCSE. In addition, ED and OCSE have signed and executed a Computer Matching Agreement (CMA) that provides an overview of administrative, technical and physical safeguards. The purpose of this addendum is to provide additional details on the safeguarding measures outlined in the CMA that will be implemented to ensure that access to the results of data matches between the NDNH and information furnished by ED is restricted to authorized persons. In addition, the addendum states that the use of such information is restricted to authorized purposes in accordance with Subsections 453(l), (m) and (j) of the Social Security Act and the provisions of the Federal Privacy Act of 1974.

Section 2 of the addendum provides an overview of the ED entities that will be involved in the matching program. Section 3 provides information on the data flow between OCSE, ED and its agents. Section 4 details administrative, technical and physical safeguards, and also discusses audit requirements to ensure the security of matched data. Section 5 contains signatures of the officials at ED and OCSE approving this addendum.

2.0 OVERVIEW OF DEPARTMENT OF EDUCATION OPERATIONS

Within ED, the Office of Student Financial Assistance Programs (SFA) is responsible for the student loan program. The Office of Collections (Collections) within SFA has sole responsibility for oversight of the collection of defaulted student loans and grant overpayments. Collections is responsible for recovering over $12 billion in defaulted student loans owed to the U.S. Government. ED currently has in place computer matching programs bound by the requirements of the Privacy Act with several government agencies, including Treasury, IRS, DOD, and USPS, to assist in the collection of defaulted student loans. The same ED organizations will now also be receiving matched NDNH data. ED already has provisions and policies in place to ensure that the privacy of data received under existing matching program is safeguarded. The same provisions and policies will be used to safeguard matched NDNH data. Sections 2-1 through 2-3 describe the ED organizations involved in the debt collection process.

2 GUARANTY AGENCIES

Under Section 453(j)(6)(E)(i)(I) of the Social Security Act, ED will share matched data with Guaranty Agencies (GA’s). The GA is a State or non-profit organization that has an agreement with ED under which it will administer a loan guaranty program under Section 428(b) of the Higher Education Act of 1965, as amended.

Under terms of Section I of the CMA, ED agrees to have signed security agreements in place with their GA’s prior to releasing NDNH data to them. The security agreements summarize the safeguarding responsibilities of the GA’s, and are further discussed in Section 4. A copy of a sample Disclosure and Safeguard Agreement between ED and a GA is attached as Appendix A. The GA is in most cases the first line insurer of federal student loans. It is the responsibility of the GA to work with the student borrower to ensure repayment of their loan. If the GA is unable to obtain repayment, ED purchases the loan from the GA and assumes collection activity. While the GA reports to ED on the activity of their student loan portfolio, a GA is an individual entity, and maintains its own computer system. The GA does not have access to ED’s collection system, the Debt Management Collection System (DMCS). A list of the 36 GA’s is found in Appendix B.

2.2 COLLECTION AGENCIES

Under Section 453(j)(6)(E)(i)(III) of the Social Security Act, collection agencies (CA’s) working directly for ED will also share matched NDNH data. Unlike the GA’s, the CA’s have direct access to ED’s collection system. CA’s who are involved in handling student loans have separate offices set up for that purpose. As will be explained further in Section 3 - Data Flow, the CA will not know that updated locate information was obtained from NDNH. CA’s are limited in their access to only those cases for which they are responsible. A copy of the Statement of Work (SOW) for the CA’s is found in Appendix C.

2.3 PUBLIC INQUIRY CONTRACTOR

The Public Inquiry Contractor (PIC) works as an agent for ED, operating the Debt Collection Service Information Center. The PIC acts as their call center using a 1-800 number access, responding to consumer calls for information. The PIC has direct access to DMCS to assist in responding to written inquiries from the public, the financial aid community, and Congressional staff offices regarding defaulted student loans. The PIC is located is Iowa City, Iowa. Further information about the PIC can be found in their SOW, included as Appendix D.

3.0 DATA FLOW

The data flow from the development of information by GA’s through receipt and processing of matched NDNH data by ED organizations is shown in Figure 1 on the following page. The following paragraphs describe the steps involved in the process.

Figure 1 - Data Flow for NDNH Data Match with Department of Education

3.1 Guaranty Agencies Gather Data for Processing

GA’s gather data from their Defaulted Loan Portfolios and provide that information via direct airmail on a reel tape or 3480 cartridge to DMCS. Collections uses DMCS to store information on student loan collection efforts. The DMCS provides a vehicle for the storage, retrieval, and editing of debtor information. The DMCS is housed at a secure ED computer center located in Meridan, CT.

3.2 DMCS Sends Data to NDNH for Matching

The DMCS sends data received from the GA’s Defaulted Student Loan Portfolio’s, and information from ED’s defaulted loans to be matched against NDNH. This process involves two tapes, one from the GA’s, and one from ED. This information will be transmitted via reel tape or 3480 cartridge to the Social Security Administration’s (SSA) National Computer Center (NCC) in Baltimore where OCSE’s information systems are housed. The names in the GA and ED tapes will be matched against NDNH data: for matched files, five quarters of wage data will be gathered. Quarterly wage, unemployment insurance and new hire data from any match will be appended to the two tapes.

3.3 DMCS Provides Matched Data to Guaranty Agencies, Collection Agencies and the Public Inquiry Contractor

DMCS will further process matched data returned by NDNH to identify files where the debtor earns more than $16,000 a year. GA’s will receive matched files for which they are responsible from ED via direct airmail on a 3480 cartridge or a reel tape. These files will be loaded into the GA’s own information systems. The GA will be aware that the source of updated locate information included on the tape cartridge is the NDNH. Once loaded into the GA’s information system, the individual obligor files will not contain any NDNH identifiers, and the data will be commingled with existing data.

Files being handled by the CA’s will be maintained in the DMCS. CA’s will have access only to those matched files for which they are responsible. The CA’s will not know that updated information was received from the NDNH match. In addition, the Public Inquiry Contractor (PIC) will have access to all data files maintained in the DMCS to handle requests for information and to assist in the preparation of replies to inquiries.

4.0 SECURITY AND SAFEGUARDING PROVISIONS

This section provides details on the security and safeguarding policies and procedures that are being followed by ED to ensure the integrity and privacy of NDNH data. The information is separated into administrative, technical and physical safeguards required by the Privacy Act. A separate section covers audit requirements. Matrices have been used to cross reference the information supplied by ED in response to requirements provided by security staff at OCSE. Those requirements are drawn from two sources:

▪ The enabling legislation; and

▪ The Department of Health and Human Services (DHHS) Automated Information Systems Security Program (AISSP) Handbook dated May 1994.

Where references are made to the enabling legislation, a citation is included. A copy of the legislation is included as Appendix E.

4.1 ADMINISTRATIVE SAFEGUARDS

|Requirement |Covered In |

|Use of matched NDNH data is limited to collection of debt from |Section I(1) of OCSE-ED Computer Matching Agreement (CMA) |

|defaulted student loans (42 U.S.C. 653(j)(6)(A)) |Section G, ED-GA Disclosure and Safeguard Agreement |

|Income withholding for purpose of collecting child support shall be |Section E, ED-GA Disclosure and Safeguard Agreement. |

|given priority over collections of any defaulted student loans (42| |

|U.S.C. 653(j)(6)(C)(ii)) | |

|After personal identifiers are removed, use of NDNH data is limited |Section E(8), OCSE-ED CMA |

|to analyses of defaulted student loans | |

|(42 U.S.C. 653(j)(6)(D)(ii)) | |

|Disclosure of matched NDNH data is limited to contractors or agents |Section I(1), OCSE-ED CMA |

|of the Department of Education, its guaranty agencies and their |Section E, ED-GA Disclosure and Safeguard Agreement. |

|collection agents, and the Attorney General. | |

|(42 U.S.C. 653(j)(6)(E)(i)) | |

|Redisclosure of matched NDNH data is limited to the purpose of |Section I(1), OCSE-ED CMA |

|collecting defaulted student loans or grant overpayments under Title|Section E, ED-GA Disclosure and Safeguard Agreement |

|IV of the Higher Education Act of 1965. | |

|(42 U.S.C. 653(j)(6)(E)(iii)) | |

|Describe approval process for users of NDNH matched data, including |ED/SFA Security Plan, Section 3.5, 3.7.1 |

|process to remove those who no longer require such access. |Section G(1), ED-GA Disclosure and Safeguard Agreement |

|Develop record of users who have approved access to matched NDNH |ED/SFA Security Plan, Sections 3.5 and 3.7.2 (audit trail for users |

|data. |of data) |

|Describe the anticipated frequency of access. |ED/SFA Security Plan, Section 3.5 |

| |DMCS programmers will require at least quarterly access to process |

| |matched files received from NDNH. After processing is completed, |

| |NDNH data is fully commingled with existing data in the Defaulted |

| |Loan Portfolio. CA staff accessing this information will not be |

| |able to identify separate NDNH data elements. |

|Describe the programming performed by the Department of Education |Attachment C, ED SFA Security Plan provides details on the |

|and the guaranty agencies on matched NDNH data. |programming done by ED. |

|Establish security awareness training program for users handling |ED/SFA Security Plan, Section 2.2.2, 2.2.3, 3.16, 3.16.1, 3.16.2 |

|matched NDNH data. The training shall include Department of |Section E, ED-GA Disclosure and Safeguard Agreement |

|Education, guaranty agency, and collection agency staff. | |

|Prepare non-disclosure oaths signed by all of the staff with |ED/SFA Security Plan: Attachment A |

|approved access to matched NDNH data. Non-disclosure oaths shall be|Attachment B, ED-GA Disclosure and Safeguard Agreement |

|resigned on an annual basis. |Section I, OCSE-ED CMA |

|Establish incident reporting system to deal with unauthorized access|ED/SFA Security Plan, Section 2.2.4, 2.2.5, 2.2.6, 3.15 |

|to or improper disclosure of NDNH data, including transmission of |Section I(1), OCSE-ED CMA |

|incident reports to OCSE. | |

|Establish procedures to ensure that matched NDNH data is removed |Sections E(8) and H, OCSE-ED CMA |

|from system as soon as repayment of defaulted student loans has been| |

|completed, except for that data which will be used for further | |

|analysis. Any of the data used for further analysis shall have | |

|personal identifiers removed. | |

4.1.1 Additional Administrative Safeguard Information

Access to the DMCS is controlled. Staff can only access those portions of the DMCS that apply to their work.

GA and CA staff will be briefed on the sensitivity of the data they are handling. They are required to sign annual confidentiality and non-disclosure statements, and are provided security awareness training. Administrative procedures are in place to ensure that users are removed from the access list when they leave the project.

4.2 TECHNICAL SAFEGUARDS

|Requirement |Covered In |

|Describe security features that are built into the platforms to be |ED/SFA Security Plan, Sections 3.1, 3.1.1, 3.7.2 |

|used to process matched NDNH data. Examples of such features are |Sections G(2) and (3), ED-GA Disclosure and Safeguard Agreement |

|access controls and built in audit trail capabilities. | |

|Describe authentication techniques used to ensure that only |Section G(1), ED-GA Disclosure and Safeguard Agreement |

|authorized users have access to NDNH matched data. |Section I, OCSE-ED CMA |

|Describe technical provisions in place to ensure the security of |There are no system interfaces between DMCS and the GA information |

|interfaces between systems involved in processing and transmitting |systems. Matched data is transmitted to the GA’s via 3480 cartridge|

|matched NDNH data to avoid data compromise. Examples of interfaces |or reel tape. |

|are those between the Debt Management Collection System (DMCS) and | |

|the systems used by the guaranty agencies. | |

|Describe how audit trail reports will be generated and reviewed by |ED/SFFA Security Plan, Section 3.7.2 |

|management at the Department of Education and the guaranty agencies |Section E, ED-GA Disclosure and Safeguard Agreement |

|to detect possible unauthorized use of matched NDNH data. Audit | |

|trail reports shall cover access by Department of Education, | |

|guaranty agency, and collection agent staff. | |

|Describe process that will be followed to notify OCSE of any changes|ED/SFA Security Plan, Section 3.10 |

|in the Education and guaranty agency system architecture that may |See CMA; Guaranty Agency Agreement; ED/SFA Security Plan. If |

|affect the provision of matched data. |current system processes or procedures change, ED will provide OCSE |

| |with the most recent copy of the document including those changes. |

4.2.1 Additional Technical Safeguard Information

The DMCS has password access controls to ensure that only approved users gain access. In addition, the system has audit trail capabilities to track the use made of the system by individual users.

CA staff will not be aware that the source of updated information they receive is the NDNH. CA and GA staff will be limited in their access to only those records for which they are responsible. They will not be able to “browse” through other records assigned to other CA’s and GA’s.

4.3 PHYSICAL SAFEGUARDS

|Requirement |Covered In |

|Provide secure work area to ensure that NDNH matched data is not |ED/SFA Security Plan, Sections 3.2, 3.3, and 3.6 |

|disclosed to unauthorized staff. |Central Data Center in Meridan, CT houses DMCS: it is a secure |

| |location. NDNH data will be stored in a secured, controlled area |

| |within the data center. |

| |CA work area involved in handling student loans is separate from |

| |other CA work activities. |

| |Matched data provided by DMCS to CA’s does not contain separate NDNH|

| |identifiers. |

|Provide secure storage for tape media developed as part of the |ED/SFA Security Plan, Section 3.6 |

|matching process (e.g. tape cartridges delivered by OCSE to | |

|Education Computing Center). | |

|Develop procedures to ensure the secure storage of records |ED/SFA Security Plan, Section 3.6 |

|containing NDNH matched data, including ADP and paper records. | |

|Describe physical safeguards that are in place to ensure destruction|ED/SFA Security Plan, Attachment A |

|of paper and media records on closed cases (with exception of data |Section F, ED-GA Disclosure and Safeguard Agreement |

|used for research and analysis processes after removal of personal |Section H, OCSE-ED CMA |

|identifiers) | |

4.3.1 Additional Physical Safeguard Information

The DMCS is housed at a computer center in Meridan, CT. Entry to the facility is strictly controlled. All staff working there are required to wear ID badges, and visitors are escorted.

CA staff responsible for defaulted student loans is housed in a separate work area. This limits the possibility that student loan information would be mixed with collection efforts ongoing in other parts of the CA office. Staff working in offices are required to wear badges and visitors are required to sign in and be escorted.

4.4 AUDIT REQUIREMENTS

|Requirement |Covered In |

|Develop procedures to support performance of audits by an |Section I(2), OCSE-ED CMA |

|independent entity designated by OCSE. The purpose of the audits is|Upon notification to ED, periodic audits may be performed by an |

|to ensure the proper use of NDNH matched data by the Department of |independent entity designated by OCSE to ensure the proper use of |

|Education and its agents, including guaranty agencies and their |NDNH data by ED and its agents. |

|collection agents. |ED audits are performed by SFA Security in the Office of the Chief |

| |Information Officer (CIO). |

|Develop procedures to perform internal audits and reviews on an |Section I(2), OCSE-ED CMA |

|annual basis to ensure that security and disclosure requirements are|Audit and review procedures are currently in place, and are |

|complied with. |performed by SFA Security in the Office of the Chief Information |

| |Officer. There are, however, daily production jobs that track |

| |unauthorized attempts to process any data. |

| |ED will perform audits of at least three GA’s a year to verify |

| |compliance. |

5.0 Signatures

| | |

|Approved by (Signature of Authorized ED Official) |Approved by (Signature of Authorized Office of Child Support Enforcement|

| |Official) |

| | |

| | |

| | | | |

|Title |Date |Title |Date |

|Chief Operating Officer, Student | |Associate Commissioner, Automation | |

|Financial Assistance | |and Program Operations | |

-----------------------

[pic]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download