NASA Center: MSFC
Application Name: Mini-MAX Visitor Request Management System
Is this application or information collection new or is an existing one being modified? Existing
Does this application collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes
Mission Program/Project Supported: MSFC Protective Services Office (PSO) (AS50)
Identifying Numbers (Use N/A, where appropriate)
Privacy Act System of Records Number: NASA 10SECR
OMB Information Collection Approval Number and Expiration Date:
Other Identifying Number(s): IT Security plan MSFC 1710
Provide an overview of the application or collection and indicate the legislation authorizing this activity. - Mini-Max is a DOD Application which provides the means for individuals to visit Marshall Space Flight Center (MSFC). MSFC employees create visit requests on the Mini-MAX Website hosted at MSFC. All data collected in this manner is immediately transferred to the DOD visitor system (MAX). In so doing, the visitor can be processed at the Army visitor center. The MSFC system sends non-validated visit request records to the Army system. The Army enrolls visitors and creates its own validated visitor record.
Describe the information the agency will collect, maintain, or disseminate and how the agency will use the information. In this description, indicate whether the information contains IIF and whether submission is voluntary or mandatory. - When a visit request is initiated, the visitor’s full name, driver’s License and state of issue, duration of visit, purpose of visit, Employer, and MSFC Sponsor is required. This information is mandatory for access to the Federal installation.
Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort. - Requirements for access to Federal Facilities mandate that IIF data be collected and verified before approval.
Explain why the IIF is being collected, maintained, or disseminated. - IIF is collected and maintained to comply with the DOD requirements for Federal facility access. All data collected is sent to DOD where it is validated upon visitor enrollment ultimately resides for physical validation and system of record.
Identify with whom the agency will share the IIF. - United States Department of Defense
Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.- IIF data is obtained from the prospective visitor by the sponsor employee and entered by the MSFC Request web page. Visitors are notified that the information provided is mandatory and will be validated when they present themselves for entry. These requirements are stated on the Protective Services website, and are verbally provided at the time the visit is requested.
State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children’s Online Privacy Protection Act of 1998) - No information will be collected from children under the age of 13 via the website without parental/guardian consent. MSFC employees and contractors may sponsor visits for their own children. General requests such as school tours, special events, and/or other occasions where children are involved are made by formal request to the MSFC Public Relations Office by a duly authorized entity.
Describe how the IIF will be secured.- IIF data is secured under standard policies for Data Security as provided by NASA contract stipulations. This involves, data encryption, SSL, and Oracle ANO enabled data link.
Describe plans for retention and destruction of IIF. – Policies are covered under NASA SORN 10SECR. Details of tis policy can be found at http://www.nasa.gov/privacy/index.html.
Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained. - NASA SORN 10SECRResultant Decision:
System IT Security Plan must be completed.
A process will be developed to log non-routine disclosures from this system.
Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it - Phillip Jones, (256) 544-7849
| Justin Jackson
Information Technology Specialist
NASA GRC Cooperative Education Program Manager
[Center Privacy Act Manager]
NASA Privacy Act Officer
[Center Chief Information Officer]
Approved for Publication:
Jonathan Q. Pettus
Chief Information Officer