Notice

Privacy Act of 1974; System of Records

A Notice by the Housing and Urban Development Department on 04/06/2026

• This document has a comment period that ends in 32 days.
  (05/06/2026) View Comment Instructions

• PDF

• Document Details

• Document Dates

- Table of Contents

• Public Comments
• Regulations.gov Data

- Sharing

• Print
• Document Statistics
• Other Formats
• Public Inspection Published Document: 2026-06607 (91 FR 17292) Document Headings ###### Department of Housing and Urban Development

1. [Docket No. FR-7106-N-14]

AGENCY:

Office of Chief Information Officer (OCIO), and Infrastructure and Operations (IOO), HUD.

ACTION:

Notice of a new system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO) and Infrastructure and Operations (IOO) is issuing a public notice of its intent to establish a Privacy Act System of Records Notice (SORN) titled “ServiceNow (SerNow).”

ServiceNow (SerNow) includes core components and related modules that work together to support key HUD operations. It facilitates helpdesk operations, Information Technology (IT) management, software and asset tracking, facilities management operations, Human Resources activities, and limited financial planning functions. HUD utilizes multiple ServiceNow instances, with distinct environments tailored to specific purposes such as development, testing, and production, each of which maintains detailed information regarding users and network objects. This structure makes it easier for employees to efficiently locate and utilize required resources while ensuring system integrity across operations. ServiceNow collects and processes information from users either through submitted forms, internal workflows, or integrated systems via structured data repositories. The information maintained within ServiceNow is sourced from HUD systems such as Active Directory (AD)/LAN File Server (LFS), and Digital ( printed page 17293) Identity and Access Management System (DIAMS).

DATES:

Comments will be accepted on or before May 6, 2026. This proposed action will be effective on the date following the end of the comment period unless comments are received which result in a contrary determination.

ADDRESSES:

You may submit comments identified by docket number or by one of the following methods:

Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions provided on that site to submit comments electronically.

Fax: 202-619-8365.

Email: privacy@hud.gov.

Mail: Attention: Privacy Office; Shalanda Capehart, Acting Chief Privacy Officer; The Executive Secretariat; 451 7th Street SW, Room 10139; Washington, DC 20410-0001.

Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov including any personal information provided.

Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Shalanda Capehart; 451 7th Street SW, Room 10139; Washington, DC 20410-0001; telephone number (202) 402-5085 (this is not a toll-free number). HUD welcomes and is prepared to receive calls from individuals who are deaf or hard of hearing, as well as individuals with speech or communication disabilities. To learn more about how to make an accessible telephone call, please visit https://www.fcc.gov/​consumers/​guides/​telecommunications-relay-service-trs.

SUPPLEMENTARY INFORMATION:

The Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO), and Infrastructure and Operations (IOO), uses the ServiceNow Software as a Service (SaaS) Platform to streamline operations and centralize data management. ServiceNow helps HUD manage its data and services in one central system, and it's built around a tool called the Configuration Management Database (CMDB). This database stores important records about users, facilities, and shared resources like meeting rooms, servers, computers, printers, and accounts used to log in. The ServiceNow platform simplifies account management and integrates with HUD's existing technology to allow secure sign-ins using Personal Identity Verification (PIV) cards. It follows a clear management structure to help HUD keep track of network tools, protect user data, and keep systems working the same way across the agency. All ServiceNow programs use the CMDB within HUD's core platform. The system also includes specialized financial management tools, called Proven Optics, that help manage costs, optimize resources, and improve operational efficiency. These tools run in a secure government community cloud environment (GCC) and meet strict federal rules for safety and privacy. HUD's main goals in using ServiceNow are to reduce costs, eliminate manual processes, and improve productivity through automated workflows.

SYSTEM NAME AND NUMBER:

ServiceNow (SerNow), HUD/OCIO-04.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are maintained at the following locations: HUD Headquarters, 451 7th Street SW, Washington, DC 20410-0001, and Bowhead UIC Government Services, LLC, 6564 Loisdale Court, Suite 900 Springfield, VA 22150-1812.

SYSTEM MANAGER(S):

George Hurley, Infrastructure and Operations (IOO), HUD HQ, 451 7th Street SW, Washington, DC 20410-0001; telephone (202) 475-8662.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The Information Technology Management Reform Act of 1996 (Pub. L. 104-106, 40 U.S.C. 11101 et seq.); E-Government Act (Pub. L. 107-347, sec. 203, 44 U.S.C. 3501 note); Federal Information Security Management Act, as amended (Pub. L. 107-347, 44 U.S.C. 3554); Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. 3501 et seq.); Government Paperwork Elimination Act (Pub. L. 105-277, Title XVII, 44 U.S.C. 3504); Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004; OMB Circular No. A-130, Managing Information as a Strategic Resource (7/28/2016); OMB Memo M-05-24, and Executive Order 13636 —Improving Critical Infrastructure Cyber Security (February 12, 2013); Department of Housing and Urban Development Act of 1965, Section 7(d) (Pub. L. 89-174, 42 U.S.C. 3535(d) —“Administrative provisions”); and 5 U.S.C. 3301 —“Civil service; generally”.

PURPOSES OF THE SYSTEM:

The purpose of ServiceNow is to help HUD employees efficiently track and manage all service requests for help from start to finish. The system serves as the central repository for HUD policies, procedures, and frequently asked questions (FAQs), empowering employees to quickly find answers independently. It also provides a digital foundation that supports HUD's internal systems across the agency, streamlining operations through automated workflows and replacing manual processes. ServiceNow's functions as a centralized platform for managing HUD assets, giving administrators and employees easy access to critical tools and information, reducing mistakes, and enhancing productivity.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current HUD employees and contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:

Full Name, Phone Number, Email address, User Verification PIN, Device Identifier, internet Protocol (IP)/Media Access Control (MAC) Address of assigned Device Identifier (if applicable), Work Address, Home Address, Employee Identification Number and Employment Status/History.

RECORD SOURCE CATEGORIES:

Individuals, Digital Identity and Access Management System (DIAMS), and Active Directory (AD)/LAN File Server (LFS).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

(1) To a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.

(2) To contractors, grantees, experts, consultants, and their agents, or others performing or working under a contract, service, grant, cooperative agreement, or other agreement with HUD or under contract to another agency when necessary to accomplish an agency function related to a system of records. Disclosure requirements are limited to only those data elements considered relevant to accomplishing an agency function.

(3) To appropriate agencies, entities, and persons when: (1) HUD suspects or has confirmed that there has been a ( printed page 17294) breach of the system of records; (2) HUD has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HUD (including its information systems, programs, and operations), the Federal Government, or national security; and (3) The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HUD's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(4) To another Federal agency or Federal entity, when HUD determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(5) To appropriate Federal, State, local, tribal, or governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license where HUD determines that the information would assist in the enforcement of civil or criminal laws and when such records, either alone or in conjunction with other information, indicate a violation or potential violation of law.

(6) To a court, magistrate, administrative tribunal, or arbitrator while presenting evidence, including disclosures to opposing counsel or witnesses during civil discovery, litigation, mediation, or settlement negotiations; or in connection with criminal law proceedings; when HUD determines that use of such records is relevant and necessary to the litigation and when any of the following is a party to the litigation or have an interest in such litigation: (1) HUD, or any component thereof; or (2) any HUD employee in his or her official capacity; or (3) any HUD employee in his or her individual capacity where HUD has agreed to represent the employee; or (4) the United States, or any agency thereof, where HUD determines that litigation is likely to affect HUD or any of its components.

(7) To any component of the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when HUD determines that the use of such records is relevant and necessary to the litigation and when any of the following is a party to the litigation or have an interest in such litigation: (1) HUD, or any component thereof; or (2) any HUD employee in his or her official capacity; or (3) any HUD employee in his or her individual capacity where the Department of Justice or agency conducting the litigation has agreed to represent the employee; or (4) the United States, or any agency thereof, where HUD determines that litigation is likely to affect HUD or any of its components.

(8) To officials of labor organizations recognized under the Civil Service Reform Act when relevant and necessary to their duties of exclusive representation concerning personnel policies, practices, and matters affecting work conditions.

(9) To the Office of Personnel Management (OPM), the Merit Systems Protection Board (and its office of the Special Counsel), the Federal Labor Relations Authority (and its General Counsel), or the Equal Employment Opportunity Commission when requested in performance of their authorized duties of exclusive representation concerning personnel policies, practices, and matters affecting work conditions.

(10) To the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with the Freedom of Information Act (FOIA), and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Full Name, Email Address, and Employee Identification Number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Under General Records Schedule 3.2, System Access Records, items 030 and 031. Item 030 applies to systems not requiring special accountability for access. Item 030 records can be destroyed when the business use ceases. Item 031 applies to systems requiring special accountability for access. Item 031 requires records to be destroyed/deleted 6 years after the user account is terminated or password is altered, or when no longer required for business us, whichever is later. Backup and Recovery digital media will be destroyed or otherwise rendered irrecoverable per NIST SP 800-88, Rev. 1 “Guidelines for Media Sanitization” (December 2014). The records used within the budgeting application are “temporary” and their destroy clauses are listed in the following disposition instructions: General Record Schedule (GRS) 1.3: Budgeting Records. The records used for facilities management are “temporary” and their destroy clauses are listed in the following disposition instructions: General Record Schedule (GRS) 5.4 Facility, Equipment, Vehicle, Property, and Supply Records. The records for the IT Service Desk and IT Asset Management modules are “temporary” and their destroy clauses are listed in the following disposition instructions: General Record Schedule (GRS) 3.1 General Technology Management Records and General Record Schedule (GRS) 5.8 Administrative Help Desk Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

For Electronic Records: Comprehensive electronic records are maintained and stored in an electronic encryption database system. These records can only be accessed based on the user's rights and privileges to the system. Electronic records are stored in the “ServiceNow Enterprise” environment on the department's network (HUD). This environment complies with the security and privacy controls and procedures as described in the Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST) Special Publications, and Federal Information Processing Standards (FIPS). A valid HSPD-12 ID Credential, access to HUD's LAN, a valid User ID and Password, and a Personalized Identification Number (PIN) are required to access the HR Service Delivery, ServiceNow system. These records are restricted to only those stakeholders needing to access the system to perform their official duties.

For Electronic Records (cloud-based): Comprehensive electronic records are secured and maintained on a cloud-based software server and operating system that resides in the Federal Risk and Authorization Management Program (FedRAMP) and Federal Information Security Management Act (FISMA) Moderate dedicated hosting environment. All data in the cloud-based server is firewalled and encrypted at rest and in transit. PII is secured in cipher locks, combination locks, key cards, security guards, closed circuit TV ( printed page 17295) and safes. Identification badges are required to ensure the records are not accessed and strict access controls are governed for electronic records using a user ID and password that require multi-factor authentication before access is granted to ServiceNow. The security mechanisms for handing data at rest and in transit are in accordance with HUD encryption standards.

RECORD ACCESS PROCEDURES:

Individuals requesting records of themselves should address written inquiries to the Department of Housing Urban and Development 451 7th Street SW, Washington, DC 20410-0001. For verification, individuals should provide their full name, current address, and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made under 24 CFR 16.4.

CONTESTING RECORD PROCEDURES:

The HUD rule for contesting the content of any record pertaining to the individual by the individual concerned is published in 24 CFR 16.8 or may be obtained from the system manager.

NOTIFICATION PROCEDURES:

Individuals requesting notification of records of themselves should address written inquiries to the Department of Housing Urban Development, 451 7th Street SW, Washington, DC 20410-0001. For verification purposes, individuals should provide their full name, office or organization where assigned, if applicable, and current address and telephone number. In addition, the requester must provide either a notarized statement, or an unsworn declaration made under 24 CFR 16.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.

Shalanda Capehart,

Acting Chief Privacy Officer, Office of Administration.

[FR Doc. 2026-06607 Filed 4-3-26; 8:45 am]

BILLING CODE 4210-67-P

Published Document: 2026-06607 (91 FR 17292)