Consolidated Financial Systems (CFS) Privacy Impact Assessment (PIA) Executive … · 2019-12-20 · V. PIA RESULTS . The PIA evaluation revealed that CFS contains PII due to the

Pension Benefit Guaranty Corporation (PBGC)

Privacy Impact Assessment (PIA)

Consolidated Financial System (CFS)

04/08/ 2019

1 Privacy Point of Contact

Name Edward Picard ... nP!

Title Information System Security Officer This point at rontad should be

, the per,onyou want the Privacy Office to iwtt 'Mth in c:ompleting this PIA For some ~= it might be the Phone 202-326-4100 ext. 3571

Info · Ovmer (IO) or

I Email [email protected] __ _ _ J In · nSy,tem Ownef{JSO). Mill1Y business units identify this a, the Information System Security Ofiicer (ISS0}. 00 what

makes smse for you!

2 Privacy Impact Assessment A Privacy lmpact Assessment (PIA) is an analysis of how information ls/wil l be handled:

1. To ensure handling wnforms to applicable legal, regula tory, and policy requirements regarding privacy,

ii. To determine risks and effect., of collecting, maintaining. and disseminating informallon in an identifiahle form in an electronic information system, and

iii. To examine and evalu~tc protections and alternative processes for handling information to mitigate potential privacy risks.

Privc1cy concerns arc highest for systems that contain Personally Identifiable Information (PII). Pl! is defined as information that can be used to distinguish or trace an individual 's identity, either alone or when comhined \~ith other information that is linked or linkable to a specific individual. Because there arc many types of information that can be used to

distinguish or trace an individual's identity, the term PII is

"TIP!

/nliomiati(· ,n that either a/one or ' · when considered with other

,n • th3t uniquely ltk,rJtifies a {Jef$Ofl is Persol1i11/y

..• ldentiffable Information (Pl/}. · G · · pieces of information

pnvate or publidy • iwa,"ljb{e /Ji1S l]Olverl'v/ '.tjmplications for uniquely ; Fd<!trtifying an individual ,~·~ .:.::-,-..:3- ., .

ncccssa rily broad.

For example, consider a person named Mary Jones. There arc over 200 million results in an internet search for this name. But if we combine information such as a date of birth, the last four digits of a (or worse. an en ti re) Social Security Number, or a spouse's name, the number of persons to whom we could be referring begins to narrow quite rapidly. These types of information arc considered identifiers. Identifiers that uniquely identify a person arc the focus of pnvacy protection .

Z.l The Compo r\ents of the System Name of - Describ,! lht• - ! Does lhis I In wlrnt sys tem of

I rnmponcnl t·o111poncnt (1 or 2 component I rC'cords (SORN) 1s

~rntrncr.q wnl~i 11 PII lhis informalion stored - ··--

Concur [bi- Cnnc:u r processes Yes GSA/GOVT-•~, tlirt-tction,11 flow) Lr:ivel vouch<'l's Conlractcd Travel

j :md d;ii111s for Services Program

<;ccu red l'.iym L'n I Sy~ll!ITI [ bi­tlirecl i(ll1~1 flow)

~urhnriwd 1 (June 3, 200'J). government Lravel. Scrn rr Paymem:--J Yes I PflGC-2, System i_s an . I l)is~t~1·s_cn_1cnts -aµpl1cat1nn rhat PB<,L B:l H< 6251 prnv,dcs a (February 1 :l, mechanism wh1d1 20 1 A]; ,1l luws persunncl PBGC-:3, P,1yrol l, al l'l.lGC and I.cave, ;111d

Whal is the Legal noes th is ~ystcm sh;1rc PII interna lly j AuLlwriLy for

collection of th is in formation ---- ~ -~--Z'J IJ.S.C. §§ 1302. :H ll.S.C. § 371 l(c) and ,i,1 U.S.C. §

I 3101.

2'! ll.S.C. §§ ·1302, 130b, 1307, 134 J, 1343, 31 u.s.c. §§ '37 1l{c) and44 11.S.C. §§'!,I 01 .

Yes

Yt!s

Fcd~ral Prngr<1m J\ttcnd,1 ncc ,\grncy locations Records - PUGC 1n to create paymenl FR 6256 (February

Data /\cl Schclll~

schedulc,,s in ;i 13, 20 111}; secure fash ion 1'BGC-l3, Dch1.

I C:oll cclion - PllGC

• The '"" A~ N, Schema combi11cs information fro~.

133 FR 6264 (February L3, 2nm)

Nol i\pplic;iblc --1 No, Apph"hle --\NiiAppl-lc,hle

-

CFS :inti the> Federal ProcurcmenL d;iw System (r:POS), (PD anti M [;I' ll}

I Llwt is uplo:-1<l!'d to ,1 Dat,1 Act broker

· 111.i intaincd hy the U.S. DeparLment of the Trec1sury. The Data Art Schema rnnla ins the s;unc I'll in Cf-Sor is

I made publidy availabk in 1-'PIJS.

I '

_J_

2.2 The System as a Whole 1. Please describe the purpose of the system, when considered as a whole, please

include 1fthis is an existing system (either an annual recertification update or a

major changt'}

The Consolidated Financial System (CFS) 1s a major information system within the Financial Operations Department (FOD). The CFS addresses the Pension Benefit Guaranty Corporation's budgetary, fiscal, financial, management, and reporting needs tor the enterprise revolving fund, trust accounting. and consolidated financial operations. lt is comprised of the following ledgers: CFS Revolving Fund, CFS Trust Accounting, and CFS Consolidated Ledgers. CFS includes cus tom designed interfaces with other PBGC and non-PF!GC systems, including Concur.com, a web-based end-to-end travel service application, and a 001-run payroll application.''

2. What are the Confiden tia lity, Availahllity, and Integrity ,,1tings for the system as a

whole? Conlidemiality Integrity /1\'<1 ila b!lity

Moderate Moderate Low

5. List and discuss the sources trom which the system collci:L~ PII (for instance. from an individual. another federal agency. Cle.); the format in which Pll is collected (for instance, \'ia a form, face-to-face. phone, etc.); thr notification given at time uf collection from an indi\'idual regarding the Privacy Act and the ability Lo opt-out ,,f collection (and the conseqLiences of opting out). Include a copy of all fom1s and

Privacy Act statements used to collect information.

CFS uses PII that is collected by the following interconnected systems: My Plan Adn1!nism1tion Account (My PAA}, Case Mc1nagement System (f.MS), Federal Pe rsonnel Payroll System (!'PPS). Secured P~yment Sysrem (SPSJ, Comprizon,

l'edOcbr, and !JS llank.

4. Discuss any privacy controls that PI.IGC inherits from an external pro,· ider (cloud

provider, third party provider, another government agency, etc.) If an lnlcrconnectinn Security Agreement (ISA), Memorandum of Understanding (MOU), or similar document is an place, please summarize the privacy applicable porlions of

CFS does not inherit any controls from an external provider, and there are lSAs and MOUs in place hcLween Treasury (SPS) and GSA (Concur). The privacy applicable ponions of tho~c documents pertain to the descriptions in Section

2.1 The Components 01 che System.

thac document.

S. For thC' user roles in the system:

See imbedded excel file

C~S Arrive Us.er 2C19 xh>

6. Docs the SysLem leverage the Enterprise Access Controls'/

~ Yes L No

7. Discuss the Ph ·sical, Tcclln ical, and Adrninistrati\'C controls that are employed to

The r:rs has the following Physical, Tec/micol, and Administrative co11trols in

place

(1) l'hysical controls - Securiry guards, key e1my, locked file wbi11r.ts, secured facility, closed circuit television, cipher locks, iclemification badges, and locked offil'e,.

(2) Technical controls- Passwortl protection, virwol private nenvork, firewalls, 1miqt1e user identification names, encryption, intrusion deteltion, and personal 1cle11tlty verificotio11.

(3) Administrative controls - :. ecurlcy audits, monitoring of user activity, refr11:.her security. privacy. records management, and role-based training, backups secured off-site, encryption of backups, leastµ, ivilege to restrict access to Pl/ and Persrmal Identity Verification.

{4} Access and least privilege contrnl.~· The Finonciol Operucians Department documents its access procedures in the 6.0 Production Support and System Admimscranon c/owment.

User.~ ore granced acce}S via Gec/1' which is the flutomated eLAN process. Requests are approved by che user's supervisor cmd che primary or alternate Information Systt'm Owner. The user's supen•isor determines syscem responsibilit)~ us approved by the primary or alternute Information .\vscem Owner. Quarterly, a review i~ performed to verify thac users still have an occivc Local Arca Network account. .4nnua/ly, u recertification of oil active users and tht:ir mies is conduaed by the Finon,ial Operations Depanment. Policies Prncedures find Control Division, as per the 2.0 u~er Recertification document.

The Fmanc,al Operocio11s Department aim separates du tie} of Individuals as nee,es.~a,y. Unique roles and responsibilities are e:.cahlished to promote separotion ofdut,e~ and to prevenc one user from having access tJ,ar would allow them to violate 111ternal con tr-al. Holes and responsibilities thar may pose a conflict hal'e been ide11tified. Any new roles and responsibilities ore reviewed to ensure that the Finantiol 0f1era11011s Dcpanment retain~ separation of duties. When users request acccs.~ via Get IT, the user's supervfaor and the infom1ation ,y~rcm owner arc required to review and apJJrove the request before the acte.,s is _qr(l/1/ed, The 1-'mancial Operations DcpartmeHc, /-rn(lndol Systems Rrm1d1 afan review, euch reque~l ta ensure that separadon of duties is mai11t11i11cd for each user, und the re,1vestcd (lccess does not violate the canflias that huve already bee11 idenUjied. In th<•~e cases where conflKIS arc ic/ent1Jled, the Financial Systems [/ranch will not grant tire access until the conjlia has betm re,olved.

secure the PII in the sy,tem.

8. For the Pl! in the S}'Sll'rtl, discuss the actual /intended uses of the PII; the steps caken to limit the Pll .:ollected t.o the minimum needed; and the reasons the PH is

necessary and rchivam.

The PII records are mainta ined for: Determining amounts to he paid ,rnd in effecting payments by the Department of the Treasury on behaH of PBGC. Collecting debts owed to PflGC by various individuals, including, but not limited to, pension plans and/ or sponsors owing insurance premiums, interest and penalties; PBGC employees and former employees; consultants and vendors; participants, alternate payees, and beneficiaries in terminating and terminated pension plans covered by ERISA; and individuals who rece ived payments from PBGC. to whid1 they

are not entitled. Facilitating PllGC's compliance with the Debt Collection Improvement

Act of 1 996.

CJ. Oiscuss the data nows wnhin the system (include sources of data tor data nowing into the system, destinations for d~ta flowing out of the system, and any routine use, applicable w the system). For any information that is shared mtcrnally. be sure to discuss whether these data interconnections are noted in CSAM. Be sure to include any '-IOU, 1SA, or lnteragency Agreements.

The r.omo/11/oted Financial Sy.seem (Ci:SJ ,so mojor information system within the Finonciol Operations Department (FUUj. The CFS addresses the Pension Rene/it Guaranty (.nrpormion's hudgetary. fiscol,financic1/. management, and rcparti119 needs /or the enterprisf! revolving {11ncl, lru,t accounting, and consolidoced

{i11C1ncial apercwons. The fo/lowi119 diagrnm depicts daw flows.

-·· = __ ,__

l [ ,._ I,.:,~~ • ...,1¥' - •~!llr,,..r ·-

Consolidated Financial System c.ndit Rnencilt• - .. s:usin9$$ Suite t :BS)

GI-~ I

--

c.:ve .... -.. -- I E u:;::~ ~ ··­lr'=-1·--- rc_.C..,! --_ ___.,

t ..... . - l P'!,

11 L'"" t •i.s-,.. .. n_ ··-" ....

-While Secdon 2.1 Componenr:s of the Sy~tem describe the datajlaws and SectiOfl 8 describe; routine usrs. information is lro11.1111itted vm e/ecrronic connections ocrnrriny wit/Im the boundaries al the f'BGC internal network in{rastrnctare to external parties. These inrercnnneawn, are /is red in the Cyber Security Assessment and Managenumt Tool {0:4M). System Scwrity P/011 (SSP). The /SAs and MOUs ore a\•c1i/c1ble i11 [SAM. hut the mteragency agreements are 11ot uva,lable to sernrity pcrso11nel lnfarmation i~ l/'ansmirted l'ia e/eccronic canne~Lions occurriny within the boundaries of the PBGC inrerrwl network inftustructure as \\'ell as hard and \'Oji

W/JY 1eports with i/Je following (I/fices:

• Office vj tl!P. freneral Cv1111,P.f (OGC) • Corpora re Finc111, e & Resrructuririg Depa, tment ([PRV)

1'0/1cy, flesearcl! and Analysis D<Zpartment (PRAO) • Offile of Hene(,11 ArlmimstrnUcw (OBA) • Mult1cmployer Proym•~ Divmon (Mf:'PU)

,_

• Prnrnremellt Dcpar1111~11t ( PV) Pl/ is ,iwred wllh Contraaorsj(ir Operul!OllS and Maintena11u, (O&MJ of the' system. These arc 11nt 111wrco11r.P.cl iuns an<! ore noc 1ri:_ntificd in rhe CS,L\!. SSP.

I

\

10. Dues the system leverage the commonly u!Jercd control for f\ccounting of Disclvsurcs?

X Yes

No

2.3 Privacy Office Review

t Name of Reviewer

I Date Rcviewed ___ -4--

~ation Date

I _A_p_p_r_o-ved without conditions

Result ::Approved wich conditions (see below).

::Denied <--~- - - - -{For Privacy Office Use Only)

Discuss analysis of risks and compensating controls (or ocher mitigation steps.

I Encer description here.

Discuss any conditions on Approval

Enter description here.

J

2.4 Signatures and Approval

.. {nformation System Owner/ Lnformation Owner

Name: Bruce Johnson

Dept/Office: FOO, CCRD Phone: 202-32(,-4062 Ext 6774 Email:Johnson.Brucl'@ PBGC.Gov

--I certify thal this PIA ban accurate representation of the sec urit}' and privary comrob in place to protect th• PII Uiat the sy,tem

does/will rnllect or maintaie.µu.A ~ S1gnarure ·.

Date signed r.tj.it.Q i 11a:t :t

Chief Privacy Officer - - --'-

Name: M~rgaret Peake Sh~~ ~·~~~--l I certify thJl l ha,·c re,frwcd this PIA and have tully considered the priv.Ky risks that this system

crc.atL-"~

Sign:mm:

Date signed

Authorizing Orficial .___

Name: Theodore J. Winlcr, Jr. Dept/Oftice: FOD, Director Phone: 202-326-4060 Ext 6296 -Email: Winter.Theodore@. PRGC.Go\' I certify that this PIA i~ an accura<e reprcsentut1on of the secumy and poivacy controls in pl.;1t ... e to pr tet" ;;PH that the system docs/will . I! , _.."' r <.t < Signature }

Daw signed 1/1 1111 "{

This page is for internal routing purposes of documentation of approvals. Upon final approval, this page must be removed prior to publication of the

PIA.

\ umber 11t li,er.-. 1t1 1 h;tl I ull

H.ok \<1111t' t Kt·) 111,1h1ililitY , . 11111: l 1.Ht·r.,puusibilth I :\ppr"\ ('f R('l t=rtitic.ttw11 D,.ilt'

All us~r,; on ll<lar<l a, ol June 20th, 2018 wen• 1-eccrtJ5e<l on ]11ne21. 2018, and are being recertified ,so( ~\arch 31st,

Alert M,,nagcr :; Uscr·s su p2rvi~or & JSO 2019 ,m users on hoar o as ot June 20th. 2018 were rec:t"rtificd on June 21. 2018 a nd are being rc,certili ed as of March 31st

Application Developer 2 User's supcl'\isnr & !SU 2019 '"AU u~er., onti oan J JS or June 20th. :Wl 8 v.ere recertilkd on lune 21. ZO 18. and are being recerlified as of '-kirrh 31st

CH'I i\dministrator 1 l1-;er ssupcn·1sor& ISO 2019. ,-u1 users on-lmarn as ot J unt!

20d1, 201 A were rererlified on funr 21, 20 I 8 and .r·e bdni: reeenified a, of March 31st.

Ot",ktop lntegrator . User's supervisor & lSO 201q. J\11 11\jcrs on uoar<I as ot Jun~ 20th, 2018 were recertified on June 21 ZOl8,and~1cbeing recertified ~s of MJrth 31st

Oracle Web ADI ; User ·s supcr\'i!-Of !< ISO 201 'J. IAIJ ust':r-: on ooanj as 01 June-20th, ;w 18 were recertified 1111

June 21. 201tl, and are being rcccrt1fted as of :>lard• 'H st,

PA REl-'ORTS PB(;c t Ui,;t-r'> 5upervisnr & ISO 201 ?. IA!J users on boartl " ~ of lune 201..h.1018 w~re rcccn:Uiet1 on Jur.c.· 21, ~018.and are 11l'tng reci:rtificri ;1:-. ut March 31,t

rBGl AP Invoice lncry r, User's sup~1'\aisor & 150 201') 11\11 u~t'rS on tioani a!, ot Jone 20th. 2018 were re< erllftcd on 111 ne 21. 2018, Jnd arc being rccertili f.'d as of March 31st.

PBG( AP r,..1,rnagcn1t:nt lnqotr:; ~2 User'(, .;;npC'r\'1!'!nr & ISO 201') l\ll u,t:r~ on 1>0.1nl J .s ot Jun? 20th 201 A we,c recertified on 1unc 21. 201u. and <lrt'" hc,in~ rert>rtific-d as ot March .Hsi

PBGC ,\P '1.loa~N 2 U!)rr's St1J)('J'\"i~or & ISO 201~.

Alt u..,t:~ on bo:?rd a~ ot (unc

20th 201A "er,: r<'Ccrtlfoe,I on Juno 21, 2018. and are bein~ reccrcifird "' of M,u·ch 31,~

rBG<. AP Payment Prucessln; 3 User's supervi;or & ISO 2019. 1\11 u,ers on uoanl as oOunr 20th, 20·18 were recet lificd on Jun" 21 20:s. and arc bcinR rcc~rtified as of Marrh :! Isl,

PBt;l AP Sy-L~m Accountant ., User's ,upen1sor & ISO 2019.

f\.11 users on bv:ua as ot June 20thJ 2018 ,·v~rc- recertified on

June 2l.2018, and 3re bcini;

PBGC AP Trawl Voucher ln,nicc recertified ,is l)f ~arch 31st

F.nrry i llscr·s sup~rvisol' & ISO 2019. IAU USf'r"i on boarcJ as ol June 20th.2018 "ere rcceni lied on June21 2018.andan.'bemg reccrntk<l as of Manh Jl~t

PllGC ,\pplicatinn DiJgnostic.s ! Usl'r·s supef\isor & ISO 2019. !rn users on hoard as ofjune 20th. 20 !8 were recertified un June, l. 201 R, and are being rccerttfied as of March 31st

PBGC BAPV Bl 0 3 t:ser'~ supcrvi:;nr &. tSO 2019. rt.11 use-rs on t>oarct as 01 June 20th, 201Bwere recertified on June 21. 2018, and are oeing rc,:cnifi..,J as of March 31st.

PUGC BD BLU t lls~r's supervisor & ISO 201'.l. IJ\ll u-.ers on ooard Js or June 20th. 2018 w~re reccmlie<l on lurn• 21, 2018. and are bcini: rccc1-ctficd a-.: of March l1 ~t.

PBGC <.UHl RLO 2 User's supervisor & 1:;o 2019. Jm u,ers on ooaru as of Junr 20th 2018 were recertified 0 11

June 21 2018. tint.I ~rl! being recertified as of Marrh ~ ht.

rBG( Lrn R, 0 l Users super,;sor & 1SO 2019 1.'\11 users on hoJ.rct as tr June lUfh 2018 \\.'\''r (' rl"cert.mcd on J_ne 21 . 201 R. and an· being Ti?( urtificd as of \1.!rCh J !st.

ree,c. Ch1effounsel 1\1.0 ] U,cr's sur~rvt<or c- ISO 2019. All US"'"' nn ooaru a-. ol (unc 20th. 2.0.ifi ""'t'!'re 1tccrrifietJ un Jmit1 21 2018. and ari:- bcmg ~·cccrtil it!U as of March 31st.

PRGC Clll 01.0 3 User's su11ervisor & ISO :!!119.

1:m t~srr.s nn boa.re. as of June 20th 20lll were rceertifiro on June 21. 2n1 8, and are h~ing re,erLified as of "larch 3 I st.

PilGC c.MO lll.0 2 U$r.r's supci-;imr &: ISO 201~. All users on htia;·d as of Junt:' 20th. ZOU! were r...:ertified on

Jun< 21 20:8, and are being

PBGC c:o:,.SOLmATHJ GI. M:-;c;·1 recertified o' nf March 31,l

11'.QU!RY s m~, s sup,,r.tsor & rso 201g. All users on ooard as ofJun~ 20th. 201 H "·ere recertified on June 21 . Wl8. and are being

PBGC Consoiidatirm CL Sy,tem r£·ccnifi~d as of \brch 31st.

At:c:ountant ~ User's su perv,sor & ISO 2019. t\11 u<;ers on hoard as ol June 20th. 20i 8 were re.-ertified on lune 21, 2018. and arc bein~ reccmfic<l as of March 31st.

PBCC Cnn,olidation GL User ~ User's supervisor & ISO 20l9 11u1 users on noaro as ot June 20th. 2018 were recertified on Ju~e 21 . 2018. and are being rcccrtifi~d as of March 31sr.

PllGC COTR Inquiry i53 U~er', supcrnsor & ISO 201'). ,-,11 'JScrs on hoara as ul June 20:h 20 IR were recertified on June 21, 2018. and are being rec,:rtified as of March ~1,t.

PBGC f.P/\D BLO ., u~e(s supervi,;or !It 150 2019 .

1.'11 user- on ooa.ra a~ nf]unc 20Lh. 2018 were reccrnfi ed nn

June 2 1, 2018. and are heing rererllfied as ot ~tarch 31st.

PBGC L>AT/\ Att Approwr 2 J lse:r s supervkmr & ISO 2019 All users on ooaro.as of June 20th. 2018 wert> r,!C<'.'rniied on June 21. 2018. anci arc bt"ing rC'n~rtilied as of \iiarc:h 31st.

PBGL llA'l'/\ Act MF~O Subnllncr I Us:e:-·s sup~rvisor & ISO 2019 nl1 u:-;t?rson tJo~nJ :.1so11une 2Uth, 201 R \•.ere rcct."ni1ied un

[U1w 21. '.!018. ancl art: being ;,,ccrtifieu "01 March ~ hl.

PU1.,l. [>AT A Act Pl> 5u1Hllltt•?r 1 Llser·s ~upcrv1~or & lSO 201Q. 1:UL USC"f5 on ho .. 1rct a.s of June 20t.h :?.018 wer~ r-t?ccrttfird 011

J1111e l l. 20 I 8, and ;;re being r ~certified J~ of March :t 1 s~

PRGC VATA ,\ct Pr~p.ire, l Users ,uper.'1Sor & ISO 201CJ

1 r\ll usrrs on ho~\rd as of June

20th. 20J 8 were reeertificd on Jun<- 21, 2018. and arc being rt.~1 Lific-d dS cat MJr<.'h Jlst,

rsr.r. DISC Ill 0 ., User's supervL<or & !SO 2019. -

1.J\11 user~ on 1>0ard as or Jun~ 20th, 201t:l \,·rrP rr<.·~rtific-d on Jun<- 21. 2018. and are being rc,ert,fied as oi March '.Hst,

P!JGC EF.O BLO 2 H,1:1 s supl'rVtMJr & ISO 201'). All user:"- mt hoard a, ot 1uuc 20tl1. 2018 wer~ 1'CCl'rtili•d on June 21. 2(118, and are heing rcccrtifi~d as of ~\f(!r<.:h '.Hst,

PRGC Fed Ad111in BudJ<,'I Analyst ,. User's supen<:sor & ISO 201g_ " Al1 user~ 1 n this group art:'

current},• hf"'mg , cccrttfled J,

PRGC Fe-d Admlft Budget lmpurt. j User s supt-!rvisor &• 1SO of '.~an:h 31st. 2(1\g_ 1\11 users on ooaro as ot June 20th, 2018 were recertified on June 21 ,018, .rnd arc bein~ recertified as of \la rd1 31st.

PllGC frd Admin GAR Acct 3 User's supcn1sor & ISO 2019. 1\11 us~rs on hoJra as Oi June 20th 2018 were ren,rtifiod on Jun: 21. 2018, and arc being rcrcrtifi~J as of :V-tan.h 31Sl,

l'UGC Fed Admm GAB Acer Inquiry 11 U~e,·!'> supcrviso~ & ISO 2019 /\II use.rs on n,,atd as or Jun~ 20th, 20 18 ,, r!r~ recc,, ttfted on

June 21 2018, and ~re b~ing rt"c.:er Li!:ed 3S 01 MJrch 31st,

P!lGC Fed Admin CAI< Supcn.i sor 4 us~rs sup~1,1sor & ISO 2o;q 1/'\11 u~~rs on boanJ as of JttnC' 20th, 2018 were recernficd on June 2 i , 2018, and are heing

PUG( fr"d Admm .Managt!m~~r n.·u ·rti.ficd us ol :•..ia:-ch 31 ~t.

lnq\:\r; 6 User\ !->upervisor & ISO 2019. ,,\ti users on ooanl a< o t June 20th, 20 JR were rccer.ilie<l on jUMt: 2 1 2l l t!. ancl arc b~mJ?, 1 t:'Li.:rl!ficd ,1!-, of Mar(h .; 1 o.;L

PllGC Feil Ad min Sy,tem Accoun:,,nl 4 User', ,upcn;sor & ISO 201Q 1 :,.u users on h• ,arct as or June 20:h 20 I 8 wc·re re<:ort1iicd on Ju11c 21.2018, and atX' being rert>rtiii.:d JS o f \1..11l.h )1st.

Pl!GC FOO BLO .. Uscr·s sup~n·isor & ISO 201'? All ll~l-'l"S on tmat U as ol June

20th, 20l 8 '"'Crt> rt>c.:en.itl.-d un J<>11< 21 2018, and are bring r L'C<"rtt!itd as ol March J 1st

PHGC GAM All 11in:;;tra1_(11' 2 u::-.r·s supf'n·,svr & lSO 2n irJ.

:Afl users on board as 01 J1mt-20lh. ZO!U were re.:enificd on June 2 l 20lU, and art' being rc<:c1 Lilied as of M.ir, h 31st.

PBGC CAB u,~r i usu s supervisor & ISO ZOl~l. All users rm t>oa..ra as ot June 20th, 2018 were rec.rlilied on

June 2 1 20:s. and al'c being rcc-rtified as of March 31,L

PBGC: GAB \\'orkllow User ~ User·!, suprrnsor & lSO 201'l. 1\11 users on t'lci..-irLI as ot June ~0th. 2018 .verc rccertifird on June 21. 2018, and are being r2,-cmt1ed a, of ~larch 31,l

PB(,(. HR Enter Fmp!oyces q User'!\ supcrv1s-t)r & ISO 20i9. 1\II use-rs on hnaro as or Jtme 20th 2018 were re,,•rtitled on Junt" 21, 1:018 and an:- bcin~t 1-ccC'rtifit"II .Hi 01 March 31st.

l'IJuC HRD BLO l U-.t>r's supervi'ior & ISO 2019. A.II USC'fS rm ho3t'd a.s 01 June

20th. 2018 were rec~rLJfied on June 21. 20i R, a~d arc being r~L~rt1fied as of'A:1n.:h Jlsr,

Pf!C.C IPO llLO j User's ,up::rvisor & JSO 2019. ;\II users in this 5roup are n 1rrt>ntly hcing recertified as

l'lJGC IN' lntcrfate 4 b,er"s superv1'-ur & tSO nf March 3l>L, 201 'J. AU users or1 board as ot Junt;> 20Lh, 2018 were recertified nn June 21, 2018 and are being r...,e, tilicd as nf March Jbt.

PBGL LRll Rl.O 1 Users .,-upe1 \ isor &, 1SO 2019 1\11 users on ooi\rc.J as Ctl June 20th L018 warcrcccrr.netl on Jun~21, 2018.antl Jrebeing recertified ;i, nf March 3bt,

PHGC orn llLU I User's ,upcn-1sor & lSO 20J'l. I All ustff" on boarrt as ol 1unc 20th. 2018 \\Trc l'C'CCrt:fiP-t..1 on

Junt! l. _, "J..() 1 R ;1ml 1.11'C being rcccrtlfi:""J .!S of March 11 sL

PIIGC or.c BLU 2 us~r·s supcr .. ·h.or & ISO 21)19 AU use-rs w• ho.ird as 0' June 20•11 2018 \vere reccrttftcd cm Ju~e 21 2(>1U, and are being !""r, t'l't1fkd as of \.tarch 3 ist,

i'IJGC OGC. 81.U i I u,er·s sup .. r .. sm & l:>O 2019. AU usrr:- m1 coaro a~ ot Jun.: 20th, 20 iS wcrt'. recertified on June 21 2018. and are teing r~cer tlficci ri, n! March 31 <:.:t,.

P!lr.C 01-. BLO 3 1!~1:.1 s sup,..r~i(,ul' & iSO :Wl'J

Alt users on no,u·d as of]nnti-Wth 2018 were rrcertified on fun~ ;!1, 201 R. J ud arc b(·ing reCt.!n.ified as of M;1rd1 31st.

rs<;c OIT BI.O z User's supervisor & JSO 20 19. ,.\U us('ri.. on boarct as ot June 20th. 2018 wert> r~t:u rtfie<l nn

June Ll, 2018. and are heing rccertifi~d as of March 31st,

PBGC OPEA RI.O 1 lbc:r's supc·n·b,or & ISO 20 l 'J. All user~ on t>oaro as of 1unc 20th 2018 wen• ,ecei~ifiet! on June 21, 2018, and are hfing rcccnified as of M;irch :HM

i'BGL OPJ>SA BLO ~ User's supct'.~sor & ISO 201q ,,11 us~rs on oo.lt'd as of June Wth, 2018 were recertified nn June 21, 2018 and are bcini:: rcce• 1ifocd as 01 !,larch 31~1.

PUGC Pay, oll lnrrrlacc ' U~er ~ supen·p,m & ISO 201'). tt.u U!-iers on bf,an..1 ,1s: o! Junt'

20L'\ 2018 wercrecertificd Oil

June 21.2018, alid arc bein~ r~cct'tified a:-; of March 31st

PUGC PD BLO ., User':) suµcrvisor & ISO 2019. - :,\11 user:, on l>tmrd as o t June

Wth. 2018 were recertified on June 21, 201A and arc- b~mg_ r~cnilleu as of March 31st.

P!!GC Pl1 Accounrng Mgr 2 Ut,.~r·~ s1.;perv1',n".'" & ISO 2019. All users on boai·d as nl lune 20th. 20 l8 w~re rcccrtifis,d nn June 2i. 2010, and are bcini: r~certificd ;i.., of ~.tarch 31 ~t

PUGC PD Jnd Rtquisirion f.ntry ,1 U,er's suptrYi,ur & ISO 2019. I till user-. on boa.rd .a'\ of J unc 20lh 2018 wt"re , cccrtitie·d on 1unC' 21, 2018 and ar~ h~ing

l'BGC PO and Re.1u i,tion t nl •) rt-certified cl~ o! March 31 s~

511017 1 User ~ :,upct v isor 8: tSO 2019 11\li u,ers on ooart.J as oflune 20th, 20 tA wer( r<'crrh1icJ on June 21. ~018. and a,·e being rc-certifi~ as of _M,11-c:h 31st,

PBGC !'0 Management ln4u,ty 20 llsrr·~ !'-.Uptn·:sor & ISO 201<.J. /,II us~rs on board as ot J1mi:: 20th . :?O L8 were r~c.:enifkd on Ju11c "ll , 20 Ill. and art heir;~ r~',:\"rlillrd u:- u! f'.!ord1 31 sl

PBGC ro Supplicrtl,1i11tcnanc, . U-;~r's !'>\t(1':"C"\iSor & \SO 2019 .,

All use is on board"' ol Junc ioth. 2018 »ere rc.:erti li,<l on

June 21 20 IU. anll are bcmg recertified es ui ~iarch ~ 1 sl,

PBGC PO Sy~lem i\crount.,nl 4 lf~cr ~ superv1sor & TSO 20!9 l-'\H u..,.-,-s on bo.ird ac; of Junt'

20th, 2018 were rcccrtiie<l on Junc2t 20lll,am!arebeing

rccerl ified as or \1Jrch 31S1

PBGC PO Tra,·cl Authorization Enrt)' -; Uscr·s ... upcn.isor & ISO 2019. All users on hoard~ ofjunc-

20th. 2018w~r.e reccrn~1rd on June 21, 201 S, and ar~ heing rccertiried as ol M•rch 31st.

PRGC: PPS ,,r 1ntc-1fac:~ . User·~ supervisor.~ JSO 201 'J All user, on ooar<J •' 01 June 20th. 2018 wer~ re,:cnifled on J~nc 21. 2018. and are heing t't!terlil icd as of March 31 ".'it

PBGC PPS Ca~h l1t--concili<lL1on 3 User ~ ~opcrv"i:-or & 150 201 1),

fall users on ooan1 a, 01 Junt' 20th. 2018 we.re recertified on June 21. 201B,and are bemg ,~certified ,,sol March 31st,

Pl.lGC PPS CCU SSGO 8 fo,tff ~ supervi.,or & 1$0 2019. AH u,ers on t1oard as ot Jun~

20th, 2018 ,•.ere rcrert,fie<l on

Jttnc 21. 2018, and are bC'ini r~( e"rtilkd as ol M:tt('h 31st,

PBGC PPS CCD Analyst 26 User's su11el'\isor Iv ISO 20J9 IAII users on ho.ua as ot Jun!' 20th, 2018 were re,·ertiOed on June 21. ~018, .iml arc bcini; t i:l."i'rUfit'd <J, of ?¥larch 31 "L

PRGC: PPS CCD C:ontrac:or ,"ippru·,c~ ~ User's sup~r\'1Ser & ISO ~019. 1111 u:-.~rs on tioiln.l ..1s ol )une 20th. 2018 were n·..:t"rLlficd on

Jt.ne 21 201 fl ;ind arc being recertified ;is of March 31,l.

PB(,( PPS CCO fed ,\pprovcr 17 Ust'r·-; '.'IUp~rvi,)01 & 1~0 2019. AH l1SCN un tioard ~sol June 2()~ h, 20 lD wnt- , tc·ccrtifie-cl on

June 21. 201 R. and are being l'('i t 111-ifi~d as ot \1J.rch J l st.

PRC-S: PPS CCD ~lanager ., User's sor~n·1sor & ISO 2019 -

11\U u:-.erc: on oo=in.J .>sot lune ltlth. 2018 wcN' re.~rlificd on

'""" 21. 2018. and arc being rfLt!t'tifi '."d a, of Ma nil 11 c;t,

PRGC. PPS CC!\D PCL 5 User·, supcrv1,or 6. 1SO ~Ul9.

I Ah users on noa1·a as {lJ June 20th, 20 18 were recerulicd on June 21, 2018,dnd al'C being

reccrtifiecl as of March 3 1 ~t,

l'ClGC rrs O.;ra Manager J O Usor's supcrYlsor & ISO 2019. All users 011 no~u·a_ as ofJu11e 20th. 2018 wcr~ recertified on June Z l, 20 18, and are bein~ recertified as of Marth '.Hsr.

PBGC PPS GAil USER 4 User's supcrvi,ur & ISO 2019. IAII users on ooard as ol Junc 20th, 2018 w"re r..ccrrlfled on June 21. 2018. and are heing reccrtilied as of March 31st.

PBGl PPS f,J, lntcrf,1t.e User 10 Usc:i s sup~rv:sor & l~O 201g. 111 11 users on noard as nf]unc 10th. 2018 \Vt'rt! t·ecctdfled on Ju1:c 21. 2018, and arc being r~,~rtiflcd as 1)1 March 3lsl,

PBGC PPS GL Rcp<Jrt, 10 Uwr·-. supcn'lsor & ISO 2019. All u..,ers on h11Jra as or June 20t'1, 2018 ,.·ere r~<r1 tincd on June Zl , l018, and arc b~ing recertified JS of Mar<:h 31st,

PUGC rrs MES J\dmin 3 User's snr~rvisor & ISO 2019. n u users on hoarCl as 01 Junc 20th. 2018wrr<· recernfied on

June ll, 2018. and are being n:,cc,·tilis<l as of ;.1;irch 31st.

PBc;c PPS MES Rcan Only 9 User~ supervl-;nr& lSO 2019. AU user, 011 boarcJ ~1.:> ot June 20th. 21118 were ,eartlfie<l on June 2 l 2018. and .,re bt?inA rt:c.ertified t1:- of March 3ht

PBGC ~PS OGCUL T USER \ Usr.r', supcn ssm & ISO 20!9 !UJ U$Cr . .; on ooord as ot June 20th.2018 wer~ rt.·ccrrifir.<l on June 21, '.!018, and dre being reL't?rtified a, of )-!arch 31st,

l'BGC PPS Kearl Ooly ;5o u~~(s s12pervi-.or & ISO 2019. IAU ns~rs on boa.rtl as Oi IUnf' 20th.201fl "~re rec~rtilled on June 21 2018.an<l arcb<ein!i

recernft..J as of March 31st

PRr.r l't'S STCO US£R i u~tr·~ !tU pr:nisor &. lSO 2(11 <J.

• All users on t>oaru Ch of 1unr 20th. 20Hi wer~ 1 eccrtlflttl ,m June£ 1. 20 l R, and art' hcing rc.r::-rttlied a<: m March 31 i.t.

P[IG( PJ'S Sy,1e111 Adm1m,t1-ator b thc:1·s S\•p~n,isur & ISO ZOJ<l.

All users on board as o l June 20th_, 2018 wrrt! rc-u~rt1ttc.:l 1m June 21 . 20 I a. and are being retert~fitd a~ ut Mat·ch 3 IM,

PBG( Pl-'5 TC,\ '.1amJ~t~r 6 User·, SUJ)('J'\,~Sor & ISO 2019. All usN~ on boar,t a, ol June 20th. 2018 wPre rccen:ifie<l on June 21. 201 H, and ar~ bem~ nxcrtifit-d ~,s of March 31st.

PRGf. Pl'S TC:A Read Only :; 1 11,~r s supervisor& ISO 2019 1AU us.crs on hoard as 01 Juni:

20th. 201 R ,.,;crC' rt"n•rtificrl on

Junr 21. 2018, and ate being recertified as of M~rch 31st

PBGC PRAO BU> J User's super :isor &. ISO 2019. 1rt11 u..;ers on tmara as ot June 20th. 2018 ,,..·ere rPccrtifierl cm June 21, 2018, and are teing rccc:-1 drit"d as ot March 31st.

PBGC: Rc-volv1ng GL Managl'r i. lfs~r·~ )U~~1 visor & TSO 2019 ,..n users on ooard ai.. oI I une lOth, 2018 w~r<' recertifi~I on Jun< 2 l. 20 IR, and are ll<!ing

PBGC Re,oi;in~ GL System rccrrt1fied as of\larch 31st.

i\('.UlUOtam. .; User's supen,snr & ISO 2019. /U1 ust"r, nu board iH of June 20Lh, io18 w~re recertified on June 2 J. 2018, and are being 1wertificd as ril March 31,~

PBGC R~\'Ol\1ng Journal Fn1ry 4 Users s:upcrv1:,,or & 150 2019. fA II users on ttnar<l as o t Junt:' 20th. 201 R w~re recertified on Jum• 21 . W!O, antl arc bcin,

PllGC RevoMng Jountal [mi; - 1 ~c..:,'t.ificd ;:1s or \1arch 31 s~

rmpurt 0 Ust>r', .~upcn'isor & ISO 2019. [AJl u.,r, , on ooarcl a,; ol June 20th, 2018 v.erc rcrertifi~d on lur,c 21 2018. a,~d ar~ being rPn:>rUficd ;1s ol March 3 i '.:>L.

PRr.C Rcvolvmg 1ournal ln~ui:,· 30 Uw, s supervisor & 150 2019 l:·ill u:-.~rs on bn;1rU as or Junt>

20\h 2016 \'\'(fC' Tf~Ct:rtded on Junf'.' 21, 20 t tt, Jnd ar .... · 1:wing r(\c~rrtnt-d .is of M;1rd1 3 ls-;,

PBG( Suppl,or View 8 User·,. ,uµt.·rv,~or & 1SU 201°. .au1 user, on board .,sot Junl' 20th l01S we1 c r'-'<.t-'rlifit.,i on

Jun'-' 2J . 2018. and arr being rct:t"rtifi,::.d as ot M:lrch ~1-.;t.

PBGC Trust GI Systems i\c.:o\:nlalll 4 Uil!I s supt'1 .iisor & ISO 201<)

1/\11 u~ers on Ot.>Jrd as of funt 20th. 2018 wc>rc rc.:crtitit"d on jU11!! 21. 2018.~nd .irt'bcing r,,(er tificd a, of March 31st,

PBGC Trust Joi:rna, Ently " IJ'icr·s supervisor & 150 Z019. All user'S on t>oanl as oi June 20th l0!8 "ere rcc.:rtilied on lu ne 21, ~UJ8. ,111<l arc b~ing rec~rtified ;,s of March 31st.

PRIX !'rusl Journal T nquiry ,~ User's supervisor & ISO Wl9. All users on hoard as ot June 20th, 2018 were rt<·ertfficd on Jun~ 21, 2018. and arc being receraficd ;is of March 31st.

PBGC Workr111w Ownc1r b User~ ~upN'\' ",fl ! & ISO 201'). All users in this group ar• cum!ntly hcinta recertified as

PBGC wsn BLO 4 User's supe1,1sor & 1;0 ol March 31st, 2019. All use" on ooaro as 0 1 June 201h. ZOI O wer~ reccrtified on )u11c 21, 2018, and are being rec•rtilicd as of March 3 ht.

Productjon OBA · lnqmry ; User's supervi<or & 150 zu1q IAJI users or. uvaro as oi June 20th 2018 w?rc recerulicd on lun~ 21, :!018, and arc being

recertified as of March 31st.

Se1v:cc l User's super,isor & ISO 2019. r\JJ u .... ers on Oli.trd as ot Jun~ 20th. 2018 were rct:ertificd on

June 21 2018, and .ire being re,crtifi"l as of ~!arch 31st.

Sysn~m AJ1 11ul1S:'"alur " User·~ sup~nis:or & lSO 2019. All user:,, on ooaro a~ of June 20th. 2018 were recerrifiect on June 2 !. l018, and .,re being rcccrtiti~tl a~ of .~1.,rth 31st.

X'.-IL PubHshe1 .~dmini..:traLor 3 U!,er':, .... upcrnsor ~~ ISO 2019.