SECURITY AND PRIVACY ADVISORIES

1Core Solution is a registered trademark of 1 Core Solution Technology, Inc. All rights reserved. 1Core Solution is contracted with the U.S. Government to manage the Child Youth Program Business Modernization System (CYPBMS) referred to as “Portal”

Amazon and AWS trademarks on this site comply with the non-exhaustive list of Amazon Trademarks listed at https://www.amazon.com/gp/help/customer/display.html/?nodeId=200738910

Privacy and Security Policy

We know privacy and security of information matters to you. We respect your privacy and have taken measures to provide appropriate levels of security to protect your personal identifiable information (PII). We will never release your name, street address, telephone number, e-mail address or any other personal information to unauthorized users. We deploy computer security technology to protect any information you provide to us.

Privacy Act Warning

Information contained in this system is subject to the Privacy Act of 1974 (5 U.S.C. 552a, as amended). Only authorized persons in the conduct of official business may use personal information contained in this system. Any unauthorized disclosure or misuse of personal information may result in criminal and/or civil penalties. Any official or employee may be found guilty of a misdemeanor and fined not more than $5,000.00 if he or she willfully discloses personal information to anyone not entitled to receive such information. Any individual may file a civil action against a Department of Defense (DoD) component or its employees if the aggrieved individual feels that certain provisions of the Privacy Act have been violated. An aggrieved individual may obtain the payment of damage, court costs, and attorney fees in some cases.

CYPBMS is a web site of the Air Force Child and Youth Program. The Information System Owner provides it as a public and official service. Information presented on this site is considered private information and may not be distributed or copied unless otherwise indicated. Use of appropriate byline/photo/image credits is requested.

For site management, information is collected for statistical purposes. This DoD information system uses software programs to create summary metrics, which are used for such purposes as assessing what information is of most and least interest to users, determining technical design specifications, and identifying system performance or problem areas. For site security purposes and to ensure that this service remains available to all users, this DoD information system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration General Schedule 20. Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 (Pub. L. 99-474, Oct. 16, 1986, 100 Stat. 1213).

Department of Defense Security Notice and Consent Banner Explanation

CYPBMS is a Department of Defense (DoD) information system. This DoD information system, including all related equipment, networks, and network devices (specifically including Internet access) are provided only for authorized U.S. government use. DoD information systems may be monitored for all lawful purposes, including: ensuring that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability, and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of this system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. Authorized DoD personnel may monitor all information, including personal information, placed or sent over this system. Use of this DoD information system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or civil action.

Security of Information

At all times, security maintenance and administration is an essential element of web site operation and maintenance. CYPBMS Portal employs several levels of security to protect the personal identifiable information (PII) of registered users. In addition, these security levels are anticipated to be in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. 104-191, Aug 21, 1996,110 Stat. 1936).

Family Members and Privacy

Some states have restrictions on disclosure of health information to family members to protect the privacy of certain minors and dependent adult family members. These restrictions on disclosure of information may include accessing personal health and medical information through electronic or Internet based services. If you have questions regarding this matter, please contact your local Military Treatment Facility (MTF), Defense Enrollment Eligibility Reporting System (DEERS) Support Office, or Privacy Act Office for more information about disclosure of privacy and / or health information and applicable privacy laws within the state or jurisdiction that you and your family receive care.

Logging In

CYPBMS requires users to log in to access services including, but not limited to, obtaining services for you or your family members, viewing your records, communicating electronically with your CYPBMS managers or other representatives. When you use these services, CYPBMS will clearly disclose what information is required and what information is optional. The information you provide is subject to the security and privacy measures described in this policy.

Logging Out

You should remember to log out when you are finished accessing password protected or other authentication methodology for portal services. This prevents someone else from accessing your personal information if you leave, share, or use a public computer (e.g., library, kiosk, or Internet cafe) and your session hasn't automatically "timed out" or shut down.

The Use of Cookies

Cookies may be categorized as Session or Persistent, which describes the length of time that they stay on your system. The following are detailed descriptions of how we use these cookies:

Session Cookies

A session cookie is a small piece of textual information that a server temporarily places on your browser during the time your browser is open. The cookies are erased once you close all browsers. We use session cookies in the following manners:

Persistent Cookies

A persistent cookie is a small piece of text stored on your computer's hard drive for a defined period of time, after which the cookie is erased. CYPBMS Portal does not use persistent cookies.

Exit Site Notice

CYPBMS may have links to many other federal agencies' websites. In a few cases, we may link to private organizations with their permission. When one site links to another site, the original site is subject to the privacy and security policy of the new site. When the CYPBMS Portal links to an external Internet site(s), it does so by opening a new window (or browser) on your screen. Any information in these secondary windows (browsers) should be considered external to the CYPBMS Portal website. The CYPBMS Portal and the DoD are not responsible for its content.

Surveys and Questionnaires

To improve the quality of our service, the CYPBMS Portal may use surveys and questionnaires to facilitate feedback from our end users. When you respond to surveys and questionnaires, we may ask you for demographic information such as your age or gender. This information is collected only as anonymous, aggregated information and is used for statistical purposes. Otherwise, we do not collect or store your personal responses. CYPBMS will only use a web-based tool to collect user provided feedback on services provided by the Air Force Child and Youth Program and the Portal, and then it will be authorized by the Air Force Survey Office through official channels. If you receive a survey and the survey number does not begin with SCN, RCS, or OMB and you wish to clarify its validity, please contact your manager or supervisor or check with the Air Force Survey Office at af.surveys@us.af.mil

Non-endorsement Policy

Neither the Air Force nor 1Core Solution endorses products or organizations/companies connected by hyperlinks outside of AFSV-CYPBMS website. The Air Force does not exercise any responsibility or oversight of the content at those destinations as outlined in AFI 35-107

Changes to This Policy

This privacy and security policy may be revised periodically. When we make a significant change that affects our collection and use of your personal information or our security and privacy policy, we will post a notice on the Portal home page for thirty (30) days. The most recent changes to the security and or privacy policy will be highlighted in a different color within the policy. We recommend that you read the policy whenever you visit the Portal in case you missed our notice or have not previously registered for an service or feature.

Portal partners with select third parties to provide you with quality information and a personalized record. We recommend that you read privacy and security policies of these third party partners before using their tools and services.

Accessibility / Section 508

The U.S. Department of Defense is committed to making its electronic and information technologies accessible to individuals with disabilities in accordance with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended in 1999. If you have concerns related to the accessibility of this website, please contact us at https://dodcio.defense.gov/Contact.aspx For more information about Section 508, please visit the DoD Section 508 Website. (https://dodcio.defense.gov/DoDSection508.aspx)

Privacy Act (PA) versus Protected Health Information Disclaimer

NOTICE: The use of this application constitutes acceptance of the following terms and conditions.

The use of the CYPBMS Portal application on personally owned or publicly accessible, non-government furnished equipment, is at the discretion of the individual user. The DoD assumes no liability in the event of loss or compromise of personally identifiable data, resulting from the use of this application on non-government furnished equipment.

Any Health Record data contains protected health information (PHI) from your electronic health record (EHR), and because CYPBMS is not a covered entity under HIPAA, the PHI data is considered Privacy Act data as determined by the HIPAA Compliance Officer. Your PHI and PA data is not distributed or shared with other users. All Medical Disclaimer and Policy conditions listed above apply. If you need to review these terms and conditions, you may do so through the available links at the bottom of this page.

The CYPBMS Portal application incorporates security safeguards to ensure the privacy of your PA/PHI. It is your responsibility to keep your PA/PHI safe. Only you have access to your PA/PHI and as such, you must consider carefully, and take full responsibility for, disclosure of your account information or contents to other individuals.

Changes to this agreement will be distributed to CYPBMS Portal users as the information is updated. When you first access the Portal record, you will be asked to acknowledge that you understand the terms and conditions of use for the Portal application.

All disclaimers listed on the CYPBMS Portal website apply. If you need to review these Disclaimers, you may do so through the available links at the bottom of this page.

Changes to this agreement will be distributed to CYPBMS Portal as the agreement is updated.

DoD Privacy Law

If you have questions about this site and the DoD Privacy Act Law, please see https://open.defense.gov/Transparency/Privacy-Act-and-Records/

Freedom of Information Act Laws

If you have question on this site and the Freedom of Information Act, please see https://open.defense.gov/Transparency/FOIA/

Phishing Alert: CYPBMS does not initiate contact with end users via email or telephone to request private personal (Name, SSN, DOB) or sensitive account information (username, password, challenge questions). If you think you provided personal or account information in response to a fraudulent email, website or phone call, be sure to change your password and challenge questions immediately. Ensure you contact your supervisor or manager and your unit cyber security analyst immediately.

No FEAR Act: Retaliation against an employee or applicant for making a protected disclosure is prohibited by 5 U.S.C. 2302(b)(8) also known as the Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002, which is now known as the No FEAR Act. One purpose of the Act is to require that Federal agencies be accountable for violations of antidiscrimination and whistleblower protection laws in accordance with Pub. L. 107-174. In support of this purpose, Congress found that agencies cannot be run effectively if those agencies practice or tolerate discrimination as outlined in Pub. L. 107-74, Title I, General Provisions, Section 101(1). If you believe that you have been the victim of whistleblower retaliation, you may file a written complaint (Form OSC-11) with the U.S. Office of Special Counsel at 1730 M Street NW., Suite 218, Washington, DC 20036-4505 or online through the OSC website at https://osc.gov/