Skip to content
LexBuild

12 CFR § 792.67 - Security of systems of records. 

---
identifier: "/us/cfr/t12/s792.67"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "12 CFR § 792.67 - Security of systems of records."
title_number: 12
title_name: "Banks and Banking"
section_number: "792.67"
section_name: "Security of systems of records."
chapter_name: "NATIONAL CREDIT UNION ADMINISTRATION"
subchapter_number: "B"
subchapter_name: "REGULATIONS AFFECTING THE OPERATIONS OF THE NATIONAL CREDIT UNION ADMINISTRATION"
part_number: "792"
part_name: "REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED INFORMATION"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "5 U.S.C. 301, 552, 552a, 552b; 12 U.S.C. 1752a(d), 1766, 1789, 1795f; E.O. 12600, 52 FR 23781, 3 CFR, 1987 Comp., p.235; E.O. 13526, 75 FR 707, 2009 Comp. p.298."
regulatory_source: "54 FR 18476, May 1, 1989, unless otherwise noted."
cfr_part: "792"
---

# 792.67 Security of systems of records.

(a) Each system manager, with the approval of the head of that Office, shall establish administrative and physical controls to insure the protection of a system of records from unauthorized access or disclosure and from physical damage or destruction. The controls instituted shall be proportional to the degree of sensitivity of the records, but at a minimum must insure: that records are enclosed in a manner to protect them from public view; that the area in which the records are stored is supervised during all business hours to prevent unauthorized personnel from entering the area or obtaining access to the records; and that the records are inaccessible during nonbusiness hours.

(b) Each system manager, with the approval of the head of that Office, shall adopt access restriction to insure that only those individuals within the agency who have a need to have access to the records for the performance of duty have access. Procedures shall also be adopted to prevent accidental access to or dissemination of records.