(2) These retired administrative law judges who are so reemployed will be known as senior administrative law judges.

(b) Retired administrative law judges who meet the requirements of paragraph (a) of this section and who are available for temporary reemployment must notify OPM in writing of their availability, giving their full names, addresses, telephone numbers, names of the agencies where they served as administrative law judges, and jurisdictions in which they are currently licensed to practice law. OPM will maintain a master list of such retired administrative law judges for use in responding to agency requests for such administrative law judges.

(c) An agency that wishes to temporarily reemploy administrative law judges must submit a written request to OPM. The request will—

(1) Identify the statutory authority under which the administrative law judge is expected to conduct proceedings;

(2) Demonstrate that the agency is occasionally or temporarily understaffed;

(3) Specify the tour of duty, location, period of time, or particular case(s), for the requested reemployment; and

(4) Describe any special qualifications desired in the retired administrative law judge that it wishes to reemploy, such as experience in a particular field, agency, or substantive area of law.

(d) OPM will approve agency requests for temporary reemployment of retired administrative law judges for a specified period or periods provided—

(1) The requesting agency fully justifies the need for an administrative law judge for formal proceedings and demonstrates that it is occasionally or temporarily understaffed; and

(2) No other administrative law judge with the appropriate qualifications is available through OPM under §930.213 of this subpart to perform the occasional or temporary work for which reemployment is requested.

(e) Upon approval of an agency request to reemploy a retired administrative law judge, OPM will select from its master list of retired administrative law judges, in rotation to the ex

tent practicable, those retired judges who it determines meet agency requirements. OPM will then provide a list of such individuals to the requesting agency and the agency must then select from that list a retired administrative law judge for reemployment.

(f) Reemployment of retired administrative law judges is subject to investigation of suitability in accordance with §§ 731.201 through 731.303 of this chapter. It is also subject to conflict of interest and security investigation requirements by the appointing agency.

(g) Reemployment as senior administrative law judges will be for either a specified period not to exceed 1 year; or such periods as may be necessary for the reemployed administrative law judge to conduct and complete the hearing of one or more specified cases and issue decisions therein. Upon agency request, OPM may either reduce or extend such period of reemployment, as necessary, to coincide with changing staffing requirements, but not to exceed 1 year.

(h) An agency may assign its senior administrative law judges to either (1) hear one or more specific cases; or (2) hear, in normal rotation to the extent practicable, a number of cases on its docket and issue decisions therein.

(1) Hours of duty, administrative support services, and travel reimbursement for senior administrative law judges will be determined by the employing agency in accordance with the same rules and procedures that are generally applicable to employees.

(j) A senior administrative law judge serves subject to the same limitations on performance appraisal and reduction in pay or removal as any other administrative law judge employed under this subpart and 5 U.S.C. 3105. An agency will not rate the performance of a senior administrative law judge. Reduction-in-pay or removal actions may not be taken against senior administrative law judges during the period of reemployment, except for good cause established and determined by the Merit Systems Protection Board after opportunity for a hearing on the record before the Board as provided in 5 U.S.C. 7521 and §§ 1201.131 through 1201.136 of this title.

(k) A senior administrative law judge will be paid by the employing agency the current rate of pay for the level at which the duties to be performed have been placed and at the lowest rate of the level that is nearest (when rounded up) to the highest previous grade and step, or level and rate, attained as an administrative law judge before retirement. An amount equal to the annuity allocable to the period of actual employment will be deducted from his or her pay and deposited in the Treasury of the United States to the credit of the Civil Service Retirement and Disability Fund.

[52 FR 32403, Sept. 10, 1987, as amended at 56 FR 6210, Feb. 14, 1991]

(a) The amount and type of training different groups of employees will receive will be distinguished by the following knowledge levels identified in the Computer Security Training Guidelines developed by the National Institute of Standards and Technology:

(1) Awareness level training creates the sensitivity to the threats and vulnerabilities and the recognition of the need to protect data, information, and the means of processing them;

(2) Policy level training provides the ability to understand computer security principles so that executives can make informed policy decisions about their computer and information security programs;

(3) Implementation level training provides the ability to recognize and assess the threats and vulnerabilities to automated information resources that the responsible managers can set security requirements which implement agency security policies; and

(4) Performance level training provides the employees with the skill to design, execute, or evaluate agency computer security procedures and practices. The

objective of this training is that employees will be able to apply security concepts while performing the tasks that relate to their particular positions. It may require education in basic principles and training in state-of-theart applications.

(b) Training audiences are groups of employees with similar training needs. Consistent with the Computer Security Training Guidelines, they are defined as follows:

(1) Executives are those senior managers who are responsible for setting agency computer security policy, assigning responsibility for implementing the policy, determining acceptable levels of risk, and providing the resources and support for the computer security program.

(2) Program and Functional Managers are those managers and supervisors who have a program or functional responsibility (not in the area of computer security) within the agency. They have primary responsibility for the security of their data. This means that they designate the sensitivity and criticality of data and processes, assess the risks to those data, and identify security requirements to the supporting data processing organization, physical facilities personnel, and users of their data. Functional managers are responsible for assuring the adequacy of all contingency plans relating to the safety and continuing availability of their data.

(3) Information Resources Managers (IRM), Security, and Audit Personnel are all involved with the daily management of the agency's information resources, including the accuracy, availability, and safety of these resources. Each agency assigns responsibility somewhat differently, but as a group these persons issue procedures, guidelines, and standards to implement the agency's policy for information security, and to monitor its effectiveness and efficiency. They provide technical assistance to users, functional managers, and to the data processing organization in such areas as risk assessment and available security products and technologies. They review and evaluate the functional and program groups' performance in information security.

(4) Automated Data Processing (ADP) Management, Operations, and Programming Staff are all involved with the daily management and operations of the automated data processing services. They provide for the protection of the data in their custody and identify to the data owners what those security measures are. This group includes such diverse positions as computer operators, schedulers, tape librarians, data base administrators, and systems and applications programmers. They provide the technical expertise for implementing security-related controls within the automated environment. They have primary responsibility for all aspects of contingency planning.

(5) End Users are any employees who have access to an agency computer system that processes sensitive information. This is the largest and most heterogenous group of employees. It consists of everyone from the executive who has a personal computer with sensitive information to data entry clerks.

(c) The training guidelines developed by the National Institute of Standards and Technology identify five subject areas. They are:

(1) Computer security basics is the introduction to the basic concepts behind computer security practices and the importance of the need to protect the information from vulnerabilities to known threats;

(2) Security planning and management is concerned with risk analysis, the determination of security requirements, security training, and internal agency organization to carry out the computer security function;

(3) Computer security policies and procedures looks at Governmentwide and agency-specific security practices in the areas of physical, personnel software, communications, data, and administrative security;

(4) Contingency planning covers the concepts of all aspects of contingency planning, including emergency response plans, backup plans and recovery plans. It identifies the roles and responsibilities of all the players involved; and

(5) Systems life cycle management discusses how security is addressed during each phase of a system's life cycle (e.g. system design, development, test and

evaluation, implementation, and maintenance). It addresses procurement, certification, and accreditation.

(d) The statute defines the term sensitive information as any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under section 552a of title 5, United States Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy.

§ 930.302 Training requirement.

The head of each agency shall identify employees responsible for the management or use of computer systems that process sensitive information and provide the following training (consult "Computer Security Training Guidelines," NIST Special Publication 5001721, for more detailed information) to each of these groups:

(a) Executives shall receive awareness training in computer security basics, computer security policy and procedures, contingency planning, and systems life cycle management; and policy level training in security planning and management.

(b) Program and functional managers shall receive awareness training in computer security basics; implementation level training in security planning and management, and computer security policy and procedures; and performance level training in contingency planning and systems life cycle management.

(c) IRM, security, and audit personnel shall receive awareness training in computer security basics; and performance level training in security planning and management, computer security policies and procedures, contingency planning, and systems life cycle management.

(d) ADP management and operations personnel shall receive awareness training in computer security basics;

1 Copies may be ordered from the Superintendent of Documents, U.S. Government Printing Office, Washington, DC 20402-9325.

and performance level training in security planning and management, computer security policies and procedures, contingency planning, and systems life cycle management.

(e) End users shall receive awareness training in computer security basics, security planning and management, and systems life cycle management; and performance level training in computer security policies and procedures, and contingency planning.

§ 930.303 Initial training.

The head of each agency shall provide the training outlined in §930.302 of this subpart to all such new employees within 60 days of their appointment.

§ 930.304 Continuing training.

The head of each agency shall provide training whenever there is a significant change in the agency information security environment or procedures or when an employee enters a new position which deals with sensitive information.

Subpart G-DoD Overseas Campaign

950.701 DoD overseas campaign.

Subpart H-CFC Timbetable

950.801 Campaign schedule.

Subpart I-Payroll Withholding 950.901 Payroll allotment.

AUTHORITY: E.O. 12353 (March 23, 1982), 47 FR 12785 (March 25, 1982). 3 CFR, 1982 Comp., p. 139. E.O. 12404 (February 10, 1983), 48 FR 6685 (February 15, 1983), Pub. L. 100-202, and Pub. L. 102-393 (5 U.S.C. 1101 Note).

SOURCE: 60 FR 57890, Nov. 24, 1995, unless otherwise noted.

Subpart A-General Provisions

§ 950.101 Definitions.

Administrative Expenses, PCFO Expenses, Campaign Expenses, or CFC Expenses means all documented expenses identified in the PCFO application relating to the conduct of a local CFC and approved by the LFCC in accordance with these regulations.

Campaign Year means the calendar year in which Federal employees are solicited for contributions to the Combined Federal Campaign.

Combined Federal Campaign or Campaign or CFC means the charitable fundraising program established and administered by the Director of the Office of Personnel Management (OPM) pursuant to Executive Order No. 12353, as amended by Executive Order No. 12404, and all subsidiary units of such program.

Designated Funds means those contributions which the contributor has designated to a specific charitable organization(s), federation(s), or general option(s).

Director means the Director of the Office of Personnel Management or his/ her designee.

Domestic Area means the several United States, the District of Columbia, the Commonwealth of Puerto Rico, and the United States Virgin Islands. Employee means any person employed by the Government of the United States or any branch, unit, or instrumentality thereof, including persons in the civil service, uniformed service, foreign service, and the postal service.

Federation or Federated Group means a group of voluntary charitable human health and welfare organizations created to supply common fundraising, administrative, and management services to its constituent members.

International General Designation Option means that the donor wishes that his or her gift be distributed to all of the international organizations listed in the International Section of the campaign brochure in the same proportion as all of the international organizations received designations in the local CFC. This option will have the code IIII.

International Organization means a charitable organization that provides services either exclusively or in a substantial preponderance to persons in non-domestic areas.

Local Federal Coordinating Committee or LFCC means the group of Federal officials designated by the Director to conduct the CFC in a particular community.

Organization or Charitable Organization means a private, non-profit, philanthropic, human health and welfare organization.

Overseas Area means the Department of Defense (DoD) Overseas Campaign

which includes all areas other than those included in the domestic area.

Principal Combined Fund Organization or PCFO means the federated group or combination of groups, or a charitable organization selected by the LFCC to administer the local campaign under the direction and control of the LFCC and the Director.

Solicitation means any action requesting money, either by cash, check or payroll deduction, on behalf of charitable organizations.

Undesignated Funds means those contributions which the contributor has not designated to a specific charitable organization(s), federation(s), or the International General Designation Op

tion.

§ 950.102 Scope of the Combined Federal Campaign.

(a) The CFC is the only authorized solicitation of employees in the Federal workplace on behalf of charitable organizations. A campaign may be conducted during a 6 week period, as determined by the LFCC, from September 1 through December 15 at every Federal agency in the campaign community in accordance with these regulations. Except as provided in this section, no other solicitation on behalf of charitable organizations may be conducted in the Federal workplace. Upon written request, the Director may grant permission for solicitations of Federal employees, outside the CFC, in support of victims in cases of emergencies and disasters. Emergencies and disasters are defined as any hurricane, tornado storm, flood, high water, wind-driven water, tidal wave, tsunami, earthquake, volcanic eruption, landslide, mudslide, snowstorm, drought, fire, explosion, or other catastrophe in any part of the world. No such permission will be granted for such solicitations during the period September 1 through December 15.

(b) These regulations do not apply to the collection of gifts-in-kind, such as food, clothing and toys, or to the solicitation of Federal employees outside of the Federal workplace as defined by the applicable Agency Head consistent with General Services Administration regulations and any other applicable laws or regulations.