Pia 057

Privacy Impact Assessment
for the

National Appointment Scheduling System
(NASS)
DHS Reference No. DHS/USCIS/PIA-057(b)
June 17, 2022

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 1

Abstract
The U.S. Citizenship and Immigration Services (USCIS) uses the National Appointment
Scheduling System (NASS), a cloud-operated system, to schedule appointments for biometric
collections at USCIS’ Application Support Centers (ASC). The United Kingdom Visa and
Immigration (UKVI) service website’s interface with NASS was created to allow individuals
seeking an immigration benefit with the UK and residing in the United States to schedule a
biometrics collection appointment at an Application Support Center. This Privacy Impact
Assessment (PIA) is being updated to account for the collection, use, maintenance, and
dissemination of personally identifiable information (PII) from individuals who are seeking a UK
immigration benefit and who schedule a biometric collection appointment through the NASSUKVI website interface, the Appointment Scheduler.

Overview
USCIS offers a fee-based service to international partners to collect biometric and limited
biographic information from individuals who are filing immigration-related benefit applications
with partner countries and who are physically present in the United States. Section 573 of the
Foreign Assistance Act of 1961 (FAA) authorizes U.S. agencies to furnish services to foreign
countries, at the President’s discretion, in furtherance of their anti-terrorism efforts. USCIS
provides this service to certain partner countries for a fee agreed upon by each country and set
forth in a Memorandum of Understanding (MOU).1 In 2007, the Secretary of State for Foreign and
Commonwealth Affairs of the United Kingdom of Great Britain and Northern Ireland and the
Director of USCIS signed a Memorandum of Understanding allowing USCIS to capture biometric
and limited biographic data on behalf of the UK Government to assist the UK with determinations
whether applicants for entry to the UK are eligible to obtain visas or other travel documents
according to applicable UK laws.
In furtherance of this agreement, the two immigration agencies developed an interface
between the USCIS NASS, a USCIS appointment scheduling system for biometrics capture and
immigration adjudication interviews, and the UK Visa Division’s website. This integrated
interface will allow individuals living in the United States who have applied for a UK immigration
benefit to schedule a biometric collection appointment at a USCIS Application Support Center.

Reason for the PIA Update
USCIS is updating this Privacy Impact Assessment to document the development of an
interface between NASS and the UKVI website, a project that will allow individuals living within

1

Memorandum of Understanding between DHS and Secretary of State for Foreign and Commonwealth Affairs of
the United Kingdom of Great Britain and Northern Ireland signed November 16, 2007.

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 2

the United States who applied for a UK immigration benefit, to schedule a biometric collection
appointment with USCIS. The project is currently in development between the two agencies and
is planned to launch in 2022.
The interface between the USCIS NASS and UKVI website will allow the UKVI applicants
access through NASS to schedule appointments at USCIS Application Support Centers and Field
Offices. The U.S. Department of Homeland Security (DHS), USCIS Immigration Records and
Identity Services Directorate (IRIS) and the UK Foreign Ministry executed a Memorandum of
Understanding wherein USCIS Application Support Centers will collect the biometrics data for
UKVI applicants within the United States. Application Support Centers collect the appropriate
biometrics, including face images on the UK’s behalf, then transfer that data to the UKVI via a
separate process using the Enterprise Gateway and Integration Services (EGIS).2 Currently, there
is a manual process for scheduling UK visa applicants to come to USCIS Application Support
Centers. The UK Foreign Ministry requested the capability to automate this process, where
applicants can obtain an appointment via its third-party vendor, the Visa Facilitation Services
Global Group’s (VFS) website. The UK Foreign Ministry contracted with VFS Global3 to process
applicants in other countries on its behalf. NASS will provide scheduling services to VFS Global,
which can only be done by providing VFS Global a NASS scheduling application programming
interface (API).4 NASS will provide a customer experience which allows eligible UK visa
applicants to navigate the entire process through the VFS Global website. This will preserve
efficiency by mitigating the need for applicants to exit the VFS Global workflow to use myUSCIS5
or any other portal for scheduling their appointments at USCIS Application Support Centers.
2

USCIS is migrating its information technology systems to the cloud environment to align with the Cloud Smart
initiative. To support this modernization effort, USCIS plans to incrementally migrate Enterprise Service Bus 2
(ESB-2) hosted services to Enterprise Gateway and Integration Services (EGIS). See U.S. DEPARTMENT OF
HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT
ASSESSMENT FOR THE ENTERPRISE SERVICE BUS 2 (ESB 2), DHS/USCIS/PIA-008, and U.S.
DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES,
PRIVACY IMPACT ASSESSMENT FOR THE ENTERPRISE GATEWAY AND INTEGRATION SERVICE
(EGIS), DHS/USCIS/PIA-080, available at https://www.dhs.gov/uscis-pias-and-sorns.
3
VFS Global, also known as “Visa Facilitation Services Global,” is an outsourcing and technology services
company for governments and diplomatic missions worldwide. The company manages visa and passport issuancerelated administrative and non-discretionary tasks for its client governments, see
https://www.vfsglobal.com/en/individuals/about.html.
4
An application programming interface (API) is a connection between computers or between computer programs. It
is a type of software interface, offering a service to other pieces of software.
5
myUSCIS is a public-facing web application that allows individuals to obtain accurate information about the
general U.S. immigration process. myUSCIS is a service that helps online customers navigate through the
immigration process. On myUSCIS, customers can find up-to-date information about the application process for
immigration benefits, tools to help prepare for naturalization, and resources to find citizenship preparation classes
and doctors in their local community. See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S.
CITIZENSHIP AND IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR myUSCIS,
DHS/USCIS/PIA-064, and U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND
IMMIGRATION SERVICES, PRIVACY IMPACT ASSESSMENT FOR myUSCIS ACCOUNT EXPERIENCE,

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 3

With the new interface, applicants can schedule an appointment by going to the UKVI
website where they will be provided an Applicant Case Number.6 On the UKVI website, applicants
will also be given directions to the USCIS NASS interfacing webpage where they will be asked to
enter their Applicant Case Number. No other personally identifiable information will be collected.
The applicant can also enter the state or zip code of a convenient location so that USCIS can then
direct the individual to the closest Application Support Center. The applicant receives a
confirmation notice from NASS that the applicant prints out. It includes the date, time, and location
of the appointment and their Applicant Case Number. The Applicant Case Number collected at
this point will not be tied to the personally identifiable information collected at the Application
Support Centers. The purpose for collecting the Applicant Case Number online will be for
scheduling the biometrics collection appointment. These numbers also will be used for reporting
purposes so that USCIS can confirm to the UKVI the quantity of appointments that have been
scheduled. The Applicant Case Number is not tied to the biometrics collected at the Application
Support Center. If the individual needs to reschedule or cancel the appointment, they can go back
to the same UKVI website, enter their Applicant Case Number, and reschedule or cancel their
appointment. The Applicant Case Number will be stored for 120 days for reporting purposes after
which it will be deleted from NASS.

Privacy Impact Analysis
Authorities and Other Requirements
Section 573 of the Foreign Assistance Act of 1961 provides the U.S. Government with the
authority to conduct this fee-based service on behalf of partner countries in furtherance of their
anti-terrorism efforts. This authority was delegated to USCIS by the U.S. Department of State.
To perform this service, USCIS will only collect the Applicant Case Number, an
anonymized unique identifier assigned by the UKVI, through NASS Appointment Scheduler to
schedule and reserve an appointment and will not link the Applicant Case Number to an
individual’s record in any UK or USCIS system. Since no personal data for these applicants is
maintained by USCIS, USCIS cannot retrieve any personally identifiable information. Therefore,
no System of Records Notice (SORN) is required to cover this collection because the data is not
linked or linkable to an individual and is not retrievable by a unique identifier.
NASS was issued an authority to operate on April 10, 2014 and is part of the Ongoing
Authorization (OA) program, for which the security posture is continuously monitored and tested.
The NASS Security Plan was last updated February 11, 2021 and is in the process of being updated
to include this Appointment Scheduler.

DHS/USCIS/PIA-071, available at https://www.dhs.gov/uscis-pias-and-sorns.
6
See https://www.gov.uk/government/publications/usa-apply-for-a-uk-visa/apply-for-a-uk-visa-in-the-usa.

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 4

USCIS plans to retain the Applicant Case Number and associated scheduling data within
NASS for 120 days for billing and reporting purposes. USCIS also retains audit logs of the
transactions within NASS. NASS maintains these logs online for 180 days and then offsite for
seven years. This is the standard retention period specified by DHS Security Authorization policy
for system audit data; the National Archives and Records Administration General Records
Schedule 30 [DAA-GRS2013-0006-0003] covers the retention of audit data.
USCIS also collects scheduling data on behalf of the UK. The limited information collected
through Appointment Scheduler is not subject to the Paperwork Reduction Act.
Characterization of the Information
The NASS Appointment Scheduler collects the UK-issued Applicant Case Number, zip
code, and appointment date and time directly from the individual to schedule an appointment at an
Application Support Center. Appointment scheduling information is then transferred to and stored
in NASS. At the scheduled appointment, USCIS collects biometric and limited biographic data
from the individual and transmits the data to the UKVI as described in USCIS International
Biometric Processing Services Privacy Impact Assessment.7
Privacy Risk: There is a risk of data inaccuracy.
Mitigation: This risk is partially mitigated. USCIS mitigates the risk of maintaining
inaccurate data by collecting information directly from the individual and by verifying information
at the time of the appointment. USCIS relies directly on the individual to provide accurate
information. There are no mechanisms in place at the time of the appointment scheduling process
to verify that the Applicant Case Number was issued to the individual by the UKVI. USCIS
configured the Appointment Scheduler to accept a 12-digit alphanumeric number value as the
Applicant Case Number.8 However, when an individual makes an Application Support Center
appointment, the applicant is asked to bring their appointment confirmation receipt, UKVI-issued
Biometrics Instruction Letter,9 and a government-issued travel document to verify the legitimacy
of the biometric collection appointment. At the Application Support Center, the appointment in
NASS is matched to the Applicant Case Number shown in the UKVI-issued Biometrics Instruction
Letter.

7

See U.S. DEPARTMENT OF HOMELAND SECURITY, U.S. CITIZENSHIP AND IMMIGRATION SERVICES,
PRIVACY IMPACT ASSESSMENT FOR CUSTOMER SCHEDULING AND SERVICES, DHS/USCIS/PIA-046
(2014 and subsequent updates), available at https://www.dhs.gov/uscis-pias-and-sorns.
8
The Applicant Case Number will always have a prefix of GWF + 9 digits.
9
Individuals who have applied online or by mail for a UK immigration benefit and who are required to enroll
biometrics receive a Biometrics Instruction Letter.

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 5

Uses of the Information
USCIS uses the Applicant Case Number and associated scheduling information to schedule
and reserve a biometrics appointment at an Application Support Center, where biometrics are
collected in support of an individual’s UK immigration benefit request. The Applicant Case
Number is used to identify the individual when he or she arrives for the appointment, as well as
for reporting and billing purposes. The zip code or state is used to locate the Application Support
Center closest to the individual scheduling the appointment.
Privacy Risk: There is a risk that the information collected may be used for purposes other
than scheduling an appointment or for reporting purposes.
Mitigation: This risk is mitigated. USCIS does not use the information collected beyond
reserving a biometric appointment timeslot and for reporting and billing purposes. USCIS collects
the Applicant Case Number from the individual to schedule and reserve an appointment. This
number is generated by the UK government and is not tied to any information in USCIS systems.
Because USCIS does not retain this information for an extended period, it limits the risk that
USCIS could use the data for any reason other than the stated purposes. This risk is also mitigated
by the terms of the agreements with the UK, which limits USCIS’ use of information to only
appropriate purposes, as outlined in this Privacy Impact Assessment update.
Notice
USCIS is providing general notice about the NASS-UKVI appointment scheduling system
enhancement through this Privacy Impact Assessment update. The UKVI provides notice to appear
at an Application Support Center for biometrics collection and instruction about how to schedule
an appointment in the UKVI’s Biometrics Appointment Letter. USCIS provides a Privacy Notice
to inform individuals of USCIS’s authority to collect information on behalf of the UK as well as
the purposes of the collection, routine uses of the information, and consequences of declining to
provide the information to USCIS on behalf of the UK. There are no privacy risks associated with
notice since both USCIS and the UKVI provide notice to individuals applying.
Data Retention by the Project
USCIS plans to retain the Applicant Case Number and associated scheduling data within
NASS for 120 days for billing and reporting purposes. USCIS also retains audit logs of the
transactions within NASS. NASS maintains these logs online for 180 days and then offsite for
seven years. National Archives and Records Administration General Records Schedule 30 [DAAGRS2013-0006-0003] covers the retention of audit data.
Information Sharing
USCIS provides a fee-based scheduling and biometric collection service to the UK. The
UK is required to pay for the scheduling and biometric collection services. USCIS shares monthly

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 6

reports from NASS detailing scheduled appointments for biometrics collection services with the
UKVI. The monthly reports contain no personally identifiable information and merely provide the
Applicant Case Numbers, date, time, and Application Support Center location.
Privacy Risk: There is a risk of unauthorized disclosure.
Mitigation: This risk is mitigated. USCIS and the UK operate under a signed
Memorandum of Understanding between the Secretary of State for Foreign and Commonwealth
Affairs of the UK of Great Britain and Northern Ireland and the Director of USCIS. The
Memorandum of Understanding outlines the limitations on dissemination and the steps needed for
parties to appropriately disseminate information outside of USCIS, if applicable. In addition, all
users that handle the data associated with this project must conform to appropriate security and
privacy policies, follow established rules of behavior, and receive training regarding the security
of DHS systems.
Redress
USCIS does not offer redress or data correction for individuals scheduling biometric
appointments as part of the NASS appointment scheduling system enhancement. The UKVI is
solely responsible for granting or denying applications and responding to any redress requests. The
UKVI determines whether to change any of the information that was initially provided by the
USCIS Application Support Center through its own redress processes, and whether the information
provided in the redress request would have any impact on the UKVI’s adjudication process. The
appeals process for handling inaccurate or erroneous information is solely the responsibility of the
UK and is available on the UKVI website.10 There are no privacy risks since the UKVI is
responsible for providing redress to these individuals.
Auditing and Accountability
USCIS ensures that practices stated in this Privacy Impact Assessment comply with
federal, DHS, and USCIS standards, policies, and procedures, including standard operating
procedures, rules of behavior, and auditing and accountability procedures. NASS is maintained in
the Amazon Web Services, which is a public cloud designed to meet a wide range of security and
privacy requirements (e.g., administrative, operational, and technical controls) that USCIS uses to
protect data in accordance with federal security guidelines. Amazon Web Services is Federal Risk
and Authorization Management Program-approved and authorized to host personally identifiable
information. The Federal Risk and Authorization Management Program is a U.S. Governmentwide program that delivers a standardized approach to the security assessment, authorization, and
continuous monitoring for cloud services.

10

See https://www.gov.uk/government/publications/usa-apply-for-a-uk-visa/apply-for-a-uk-visa-in-the-usa.

Privacy Impact Assessment Update
DHS/USCIS/PIA-057(b) NASS
Page 7

USCIS employs technical and security controls to preserve the confidentiality, integrity,
and availability of the data, which are validated during the security authorization process. These
technical and security controls limit access to USCIS users and mitigate privacy risks associated
with unauthorized access and disclosure to non-USCIS users. Further, DHS security specifications
also require auditing capabilities that log the activity of each user to reduce the possibility of
misuse and inappropriate dissemination of information. All user actions are tracked via audit logs
to identify information by user identification, network terminal identification, date, time, and data
accessed. All USCIS systems employ auditing measures and technical safeguards to prevent the
misuse of data.
Privacy Risk: There is a risk that the data maintained by AWS for the purposes of cloud
hosting may be vulnerable to breach because security controls may not meet system security levels
required by DHS.
Mitigation: This risk is mitigated. USCIS is responsible for all personally identifiable
information associated with NASS, whether on USCIS infrastructure or on a vendor’s
infrastructure, and USCIS therefore imposes strict requirements on vendors for safeguarding
personally identifiable information. These requirements include adherence to the DHS 4300A
Sensitive Systems Handbook,11 which provides implementation criteria for the rigorous
requirements mandated by the DHS Information Security Program.

Responsible Official
Angela Washington, Privacy Officer
U.S. Citizenship and Immigration Services
U.S. Department of Homeland Security
(240) 721-3701

Approval Signature
Original, signed copy on file with the DHS Privacy Office.
________________________________
Lynn Dupree Parker
Chief Privacy Officer
U.S. Department of Homeland Security
(202) 343-1717

11

See U.S. DEPARTMENT OF HOMELAND SECURITY, DHS 4300A SENSITIVE SYSTEMS HANDBOOK,
available at https://www.dhs.gov/publication/dhs-4300a-sensitive-systems-handbook. DHS 4300A is a series of
information security policies, which are the official documents that create and publish Departmental security
standards in accordance with DHS Management Directive 140-01, Information Technology System Security.