









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
The CEAC system is used by foreign nationals to complete and submit U.S. visa applications, pay fees, and provide biometric information. The system collects extensive PII, including name, birthdate, address, and financial information. CEAC primarily collects data on foreign nationals but also on U.S. sponsors/petitioners. Information is used to determine visa eligibility and shared with various U.S. government departments for immigration and border protection purposes. Privacy concerns are addressed through frequent security training, access controls, and regular system scans.
What you will learn
Typology: Summaries
1 / 17
This page cannot be seen from the preview
Don't miss anything!
A/GIS Deputy Assistant Secretary Bureau of Administration Global Information Services
2. System Information (a) Name of system: Consular Electronic Application Center (b) Bureau: Consular Affairs (CA) (c) System acronym: CEAC (d) iMatrix Asset ID Number: # 2712 (e) Reason for performing PIA: ☐ New system ☐ Significant modification to an existing system ☒ To update existing PIA for a triennial security reauthorization (f) Explanation of modification (if applicable): Click here to enter text. 3. General Information (a) Does the system have a completed and submitted Security Categorization Form (SCF)? ☒Yes ☐No - Contact IRM/IA at IASolutionCenter@state.gov for assistance. (b) What is the security Assessment and Authorization (A&A) status of the system? The system is currently undergoing an Assessment and Authorization (A&A) in order to receive an Authorization to Operate (ATO) status. CEAC is expected to receive an ATO by Spring 2018. (c) Describe the purpose of the system: The Consular Electronic Application Center (CEAC) is a website supporting a number of web application components (listed below) that form an Internet-based, full-service Immigrant Visa (IV) and Non Immigrant Visa (NIV) application service center. Immigrant Visa and Non Immigrant Visa applicants use the CEAC components to complete and submit applications, pay consular service fees, submit photos and biometric information with applications, and track application status. The user base varies by component, but overall the system is used by the public as well as domestic and overseas consular posts.
The CEAC components that are currently in use and operating today include: General Nonimmigrant Visa (GENNIV) (Nonimmigrant application customers) The GENNIV application data collection component, also referred to as the DS-160 form, allows users to complete and electronically submit a DS- 1 60 application to posts worldwide. Nonimmigrant applicants provide U.S. point of contact information via Form DS-160. A-Class/G-Class Non Immigrant Visa/North Atlantic Treaty Organization (AGNATO) (Nonimmigrant application customers) The AGNATO application data collection component, also referred to as the DS-1648, allows users to complete and electronically submit a DS-1648 application online. Consular Tracking (CTRAC) (Immigrant Visa Applicants) CTRAC is a fee invoice component that allows immigrant Visa applicants to view their consular fee invoices and select those unpaid fees which they would like to pay. Once payment is initiated, the component presents the user with a receipt and allows the user to print and/or email the receipt to one or more specified recipients.CTRAC collects Immigrant data only. Payment Processing System (PPS) (Immigrant Visa applicants) The PPS component is utilized when a user chooses to pay a fee from CTRAC. PPS collects immigrant data only. Remote Data Collection (RDC) (Immigrant and Non Immigrant customers) The RDC component is used by third party vendors to collect biometric information (i.e. fingerprints, photos) of applicants who have completed any one of the CEAC applications so they can be sent to posts for additional processing. RDC collects immigrant and nonimmigrant data. Image Quality over the Web (IQOTW) (Nonimmigrant Visa application customers) As part of the electronic submission of NIV applications and medical forms, applicants are asked to provide an electronic copy of a facial photo for use in the travel document. The photo must meet quality requirements for photo submission. The IQOTW component provides photo submission and quality assessment functionality of the facial photo images submitted by applicants. IQOTW collects nonimmigrant data only. Consular Electronic Application Center Web (CEAC Web) (Immigrant and nonimmigrant applicants) CEAC Web is a reporting application used by OpenNet users at posts that displays the data collected from AGNATO, GENNIV, IV Agent, and IV App. CEAC WEB can have information about immigrant, nonimmigrant and U.S. persons, if information is provided by the applicant. CEAC Status Check (VSC) (Immigrant and non immigrant applicants) CEAC status check is used by applicants worldwide to check the status of their Non-Immigrant Visa (NIV) or Immigrant Visa (IVO) cases. No U.S. citizen data involved in the CEAC status check. Electronic Immigrant Visa Application forms (IV App) (Immigrant and Diversity applicants) The IV Application data collection component is accessible through the existing CEAC. The IV Application component also referred to as the DS-260 form: Immigrant Visa and Alien Registration Application, allows users to complete and electronically submit an Immigrant Visa and Alien Registration application through the Internet to the National Visa Center for processing. The DS- 260
Gender Present Country of Residence Prior Country of Residence U.S. Consul (City/Country) Passport Number Alien (Case) information Fingerprint Photos/Biometric ID Home/Mailing Address Phone numbers Email address Substantial financial information Bank routing number Bank account number Marital Status Employer Name/Information Driver’s License Information (if applicant has held a U.S. Driver’s License) Policy Certificate Marriage Certificate Financial Documents (i.e. tax filing) Birth Certificate Criminal Incarceration Substantive individual family information Substantive individual personnel information Substantive medical information The information provided by the visa applicant is considered a visa record subject to the confidentiality provisions of section 222(f) of the Immigration and Nationality Act (INA). Because visa applicants themselves are not U.S. persons (that is, U.S. citizens or lawful permanent residents (LPRs)), they are not covered by the provisions of the Privacy Act of 1974 and the E-Government Act of 2002. However, the visa portion of CEAC records may include PII about persons associated with the visa U.S. sponsor/petitioner; such as: U.S. employer Names Home addresses Social security numbers Telephone numbers Email addresses Other contact information The sources of the information are the individuals applying for consular services. (e) What are the specific legal authorities and/or agreements that allow the information to be collected? 22 U.S.C. § 3927 (Chief of Mission)
8 U.S.C. 1401- 1504 (Title III of the Immigration and Nationality Act of 1952, as amended) 18 U.S.C. 911, 1001, 1541-1546 (Crimes and Criminal Procedure) 22 U.S.C. 211a-218, (Passports) 22 U.S.C. 2651a (Organization of Department of State) 8 U.S.C. 1104 (Powers and Duties of the Secretary of State) 26 U.S.C. 6039E (Information Concerning Residence Status) 8 U.S.C. 1151-1363 (Title II of the Immigration and Nationality Act of 1952, as amended) 22 C.F.R. Parts 40-42, and 46 (Visas) (f) Is the information searchable by a personal identifier (e.g., name or Social Security number)? ☒Yes, provide:
☒Yes ☐No
Yes. Where applicable, when the collection involves potential PII collected on U.S. citizens, there is a Privacy Act Statement displayed on the form. Non-citizen data is subject to the requirements of the Immigrtion and Nationality Act (INA) 222(f) which are stated on the collection site. (i) Do individuals have the opportunity to decline to provide the information or to consent to particular uses of the information? ☒Yes ☐No
CA/CST’s Consular Consolidated Database (CCD) CA/CST’s Automated Cash Register System (ACRS) CA/CST’s Ten Print Live Scan (TPLS) CA/CST’s Non-Immigrant Visa (NIV) CA/CST’s Immigrant Visa Overseas (IVO) CA/CST’s Immigrant Visa Information system (IVIS) CA/CST’s Pre IVO Technology (PIVOT) CA/CST’s electronic Diversity Visa (eDP) CA/CST’s Diversity Visa Information (DVIS) EXTERNALLY CEAC information is shared with the Departments of Homeland Security, Commerce, Defense, Treasury, Energy, and the Federal Bureau of Investigation. (b) What information will be shared? PII detailed in section 3d, as well as the following PII, may be shared with the other CA sytems listed above: Reporting and Information, Collections and Receivables Appointment information Alias name Nationality refusal code date of U.S. arrival Income information for Joint Sponsors Petitioner Country of Birth Petitioner Date of Birth U.S. driver’s license number U.S. taxpayer ID Student exchange visitor information system identification (SEVIS ID) Barcode number associated with the CEAC application Applicants’ previous visa class information Visa class associated wth current applicant case EXTERNALLY Information is shared in the form of reports from CEAC Web with the above external organizations listed in paragraph 6(a). These organizations have access to applicant information contained within the DS- 1648 , DS- 160 , DS-261, and DS- 260 forms. (c) What is the purpose for sharing the information? INTERNALLY
The information is shared internally in order to process immigrant and nonimmigrant visa applications. Specifically: CCD connects to CEAC for the purpose of production data replication to the NVC, consular posts and reporting via CEAC Web. The CEAC PPS component connects to ACRS to send payment information to Pay.gov to verify payment information is received. The CEAC RDC component interfaces with TPLS to capture the applicant's biometric information in order to verify it. The NIV and IVO applications allow Consular officers to use the information to determine eligibility for a visa. NVC Staff reviews CEAC information displays on CEAC Web and updates the IVIS application for visa processing. CEAC IV App data updates the PIVOT application, which is used by the NVC to process immigrant visa cases before transmission to post. The eDP application allows NVC staff and post users to review documents submitted in CEAC Docs for visa processing. KCC staff reviews CEAC Web and updates the DVIS application for DV case processing. EXTERNALLY CEAC information is shared with the Departments of Homeland Security, Commerce, Defense, Treasury, Energy, and the Federal Bureau of Investigation. Information is shared in order to facilitate the execution of each agency's mission pertaining to immigration and border protection. (d) The information to be shared is transmitted or disclosed by what methods? INTERNALLY Information is shared by Department approved secure transmission methods for the handling and transmission of sensitive but unclassified (SBU) information. Electronic files are PIV/PIN or password protected and access is controlled by system managers. Audit trails track and monitor usage and access. Finally, regularly administered security/privacy training informs authorized users of proper handling procedures. EXTERNALLY All communications are encrypted and secured using transport and message level security.
(a) What procedures allow individuals to gain access to their information? Applicants can view information submitted online by either entering their application ID and answering security questions, or by providing a Case ID and Invoice ID or Principal Applicant’s DOB and log-in information at the CEAC site. Information on themselves as well as any petitioner (U.S. persons) information submitted can be reviewed for accuracy by the applicant during this process. (b) Are procedures in place to allow an individual to correct inaccurate or erroneous information? ☒Yes ☐No If yes, explain the procedures. Visa applicants may change their information at any time prior to submission of the application to the consulate or embassy. Once the application has been submitted, applicants may make changes only by filing a new application with the Department, request the Department to unlock or reopen the application for correction and resubmission, or correcting the information during the course of a visa interview. If no, explain why not. NA (c) By what means are individuals notified of the procedures to correct their information? The Department informs applicants on how to correct the information during the course of their visa process. Certain exemptions to Privacy Act provisions for notification and redress may exist for visa records on grounds pertaining to law enforcement and in the interest of national defense and foreign policy if the records have been properly classified, or to carry out protective responsibilities under Title 18 U.S.C. 3056. These exemptions are published as agency rules at 22 CFR 171.32. SORN State-39 (Visa records) provides guidance to individuals on how to access visa records pertaining to them and how to correct information.
(a) How is the information in the system secured? The system is secured within the Department of State intranet where risk factors are mitigated through the use of defense in depth - layers of security including management, operational and technical security controls, auditing, firewalls, physical security, and continuous monitoring. Internal access is limited to authorized Department of State users, including cleared contractors who have a justified need for the information in order to perform official duties.
Access to applications/databases is further protected with additional access controls set at the application/database level. All system accounts/access must be approved by the user’s supervisor and the Information System Security Officer. The audit vault system is used to monitor all privileged access to the system and violations are reported to senior management daily, if applicable. Data shared with other government agencies is carefully regulated according to a Memorandum of Understanding/Agreement (MOU/MOA) and an Information Security Agreement (ISA), formally signed by Authorizing Officers of each agency. Applications are configured according the State Department Security Configuration Guides to optimize security while still providing functionality. Applicable NIST 800-53 and privacy overlays of management, operational, and technical controls are in place and are tested as part of the continuous monitoring program. Vulnerabilities noted during testing are reported appropriately. (b) Describe the procedures established to limit access to only those individuals who have an “official” need to access the information in their work capacity. To access the system, persons must be authorized users of the Department of State’s unclassified network which requires a background investigation and an application approved by the supervisor and Information System Security Officer. Each authorized user must sign the user access agreement/rules of behavior before being given a user account. Authorized users have been issued a PIV/CAC and PIN which meets the dual authentication requirement for federal system access and is required for logon. Access to the system is role based, and restricted according to approved job responsibilities and requires managerial concurrence. Access control lists permit categories of information and reports that are to be restricted. Security Officers determine the access level needed by a user (including managers) to ensure it correlates to the user’s particular job function and level of clearance. (c) What monitoring, recording, and auditing safeguards are in place to prevent the misuse of the information? The CA System Manager and CA ISSO, in conjunction with CA Security team, periodically scan and monitor information systems for compliance with DS configuration guides, conduct annual control assessments (ACA) to ensure that all systems/applications comply and remain compliant with Department of State and Federal policies. Additionally, an array of configuration auditing and vulnerability scanning tools and techniques are used to continuously monitor the OpenNet-connected systems that host CA's major and minor applications for changes to the Department of State mandated security controls.
In accordance with Department of State computer security policies, mandatory security/privacy training is required for all authorized users including security training and regular refreshment training. Each user must complete the annual Cyber Security Awareness Training and pass the PA-459 course, entitled Protecting Personally Identifiable Information. The Department’s standard “Rules of Behavior” regarding the use of any computer system and the data it contains require that users acknowledge electronically and agree to the rules and must protect PII through appropriate safeguards to ensure security, privacy and integrity. (e) Are any security controls, such as encryption, strong authentication procedures, or other controls, in place to make the information unusable to unauthorized users? ☒Yes ☐No If yes, please explain. To combat the misuse of information by personnel, numerous management, operational and technical controls are in place in accordance with NIST 800-53 and Department of State Configuration Guides to reduce and mitigate the risks associated with internal sharing and disclosure. Data in transit is encrypted, physical and environmental protection is implemented, media handling configuration management is utilized and sanitization purge, destroy, shred, incinerate disposal methods are used. Boundary and information integrity protection including, but not limited to, firewalls, intrusion detection systems, antivirus software, and access control lists are in use. System and information integrity auditing are implemented to monitor and record possible attempts at unauthorized access. All access to Department of State systems require dual factor authentication utilizing PIV/CAC and PIN. (f) How were the security measures above influenced by the type of information collected? Security measures were implemented to ensure the best protection of PII is provided and security is in place to defend from both external and internal threats. NIST 800-53 security controls are the standard for government agencies and include a family of 26 controls for PII. These controls are implemented in this system. The security measures taken meet or exceed the requirements for PII.
(a) Who has access to data in the system? System Administrators and authorized Department of State Employees with supervisor approval based on duties assigned that user have access to the data in the system. Internet based users of CEAC only have access to the extent necessary to complete the online forms as required to apply for a visa.
(b) How is access to data in the system determined? By supervisor signature on an application for access which defines what the user requires to perform their assigned duties. (c) Are procedures, controls or responsibilities regarding access to data in the system documented? ☒Yes ☐No (d) Will all users have access to all data in the system, or will user access be restricted? Please explain. Not all users will have access to all of the data in the system. Defense in depth and separation of duties are used to restrict users to the minimum data necessary to perform their assigned duties, which matches the supervisor approval for which data can be accessed. Sensitive documents, such as documents with applicant’s financial data, are not viewable once uploaded into CEAC. (e) What controls are in place to prevent the misuse (e.g. unauthorized browsing) of data by users having access to the data? Defense in depth and separation of duties are employed. Users are restricted to the minimum data necessary to perform their assigned duties as approved by their supervisor.