PTAĀ āTo determine if system deals with PII. PTA is positive if PII is collected if not PTA is negative. SP 800-122
PIAĀ is conducted if PTA is positive-Identify risk for collecting PII and controls in place to protect the PII. PIA applies to system (Federal Facilitated Market Place website) and SORN applies to program (e.g. Obamacare-the Affordable Care Act). Federal Facilitated Market Place website is one of the numerous systems that support the Obamacare. SP 800-122
TPWA:Ā OMBĀ Memorandum 10-23 requires that agencies assess third-party Websites and applications to ensure privacy before using them. Example CMS page on Facebook. CMS needs to complete TPWA on Facebook before creating a Facebook page
SORNĀ is generally required when a group of records maintained by aĀ federal system contains PIIĀ and that PII is retrieved by information unique (name, address, email address, telephone number, social security number, etc.) to the individual whose PII is being retrieved(SORN identifies purpose for collecting PII, ensuring accuracy and how the PII is protected). SORN applies toĀ ProgramsĀ (e.g. Obamacare) not systems.
OMB Number:Ā The Paperwork Reduction Act mandates that all federal government agencies receive approval from OMBāin the form of a “control number”ābefore promulgating a paper form, website, survey or electronic submission that will impose an information collection burden on the general public. This only applies if the agency is collecting the information directly from the public not from another agency or system.
E-authenticationĀ is applicable when system is accessible remotely. This identify the appropriate authentication mechanism base on risk-Ā single multifactor etcā¦ SP 800-63.
Login
Accessing this course requires a login. Please enter your credentials below!