Electronic Passport Application Form Internet Website (2DB) 09/2020
12
data it contains require that users agree to the rules and that they must protect PII through
appropriate safeguards to ensure security, privacy and integrity.
(e) Are any security controls, such as encryption, strong authentication procedures, or other
controls, in place to make the information unusable to unauthorized users? ☒Yes ☐No
If yes, please explain.
To combat the misuse of information by personnel, numerous management, operational and
technical controls are in place in accordance with NIST 800-53 and Department of State Security
Configuration Guides to reduce and mitigate the risks associated with internal sharing and
disclosure. Data in transit is encrypted, physical and environmental protection is implemented,
media handling configuration management is utilized and sanitization purge, destroy, shred,
incinerate disposal methods are used. Boundary and information integrity protection including,
but not limited to, firewalls, intrusion detection systems, antivirus software, and access control
lists are in use. System and information integrity auditing are implemented to monitor and record
possible attempts at unauthorized access while the data is being entered and/or scanned. All
access to Department of State systems require dual factor authentication utilizing PIV/CAC and
PIN.
(f) How were the security measures above influenced by the type of information collected?
If data becomes exposed to unauthorized users while it’s being entered or scanned, it may result
in inconvenience, distress, or damage to standing or a reputation, financial loss, harm to State
Department programs or public interest, unauthorized release of sensitive information, threats to
personal safety, and/or civil or criminal violation. The security measures listed above were
implemented to secure the data in the system in accordance with federal laws and policies,
including Department policies.
9. Data Access
(a) Who has access to data in the system?
2DB Public users, DoS OpenNet-based Users, Web Administrators, Database Administrators
(b) How is access to data in the system determined?
The 2DB accounts are as follows:
2DB Public Users
2DB Internet users are U.S. citizens who are applying for a U.S. passport or need to report a lost or
stolen U.S. passport. The Internet-based users do not require individual user accounts, as the 2DB
application is configured for anonymous access. The application form is not saved anywhere