The Code of Federal Regulations (CFR) annual edition is the codification of the general and permanent rules published in the Federal Register by the departments and agencies of the Federal Government produced by the Office of the Federal Register (OFR) and the Government Publishing Office.
Download the Code of Federal Regulations in XML.
Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF
Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.
Purchase individual CFR titles from the U.S. Government Online Bookstore.
Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.
Electronic Code of Federal Regulations
§6.6 Safeguarding systems of records.
(a) Systems managers shall ensure that appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
(b) Personnel information contained in both manual and automated systems of records shall be protected by implementing the following safeguards:
(1) Official personnel folders, authorized personnel operating or work folders and other records of personnel actions effected during an employee's Federal service or affecting the employee's status and service, including information on experience, education, training, special qualification, and skills, performance appraisals, and conduct, shall be stored in a lockable metal filing cabinet when not in use by an authorized person. A system manager may employ an alternative storage system providing that it furnished an equivalent degree of physical security as storage in a lockable metal filing cabinet.
(2) System managers, at their discretion, may designate additional records of unusual sensitivity which require safeguards similar to those described in paragraph (a) of this section.
(3) A system manager shall permit access to and use of automated or manual personnel records only to persons whose official duties require such access, or to a subject individual or his or her representative as provided by this part.