NCSC-TG-027 a Guide to Understanding ISSO Responsibilites for Automated Information Systems

7/30/2019 NCSC-TG-027 a Guide to Understanding ISSO Responsibilites for Automated Information Systems

1/68

NCSC-TG-027VERSION-1N A T I O N A L S ECORITY f .CENTER NATIONAL COMPUTER SECURITYCENTER

A GUIDETO UNDERSTANDING INFORMAT ION SYSTEM SECURITY OFFICERRESPONSIBILITIESFOR

AUTOMATED INFORMAT ION SYSTEMS

1 9 9 8 0 3 0 9 2 5 6 MAY1992 HOSE TURK f l f c B M D T E C H N I C A L I N F O R M A T I O N ttNTfB A L L I S T I C M I S S I L E O E F E N S E O R G A N I Z A T I O

W A S H I N G T O N )Approvedfo rPublicRelease:DistributionUnlimited

U37^0


2/68

Access ionNumber :3720PublicationDate:May 01 ,1992 Title:Guideto Unders tandingInformationSystem SecurityOfficer Responsibilitiesfo rAutomated InformationSystemsCorporate Author OrPublisher:NationalSecurity Agency,9800Savage Road,FortMeade,MD 20755-6000 ReportNumber:NCSC-TG-027Repor t111-91 ReportNumberAssigned byContract Monitor:Library No.S-238,461 CommentsonDocument :FinalReportDescriptors,Keywords:ModeOperation PhysicalSecurity Administrative Configuration ManagementAccessControlRisk AuditPages:00071 Cataloged Date:Aug20 ,1992 Document Type:HC Numberof CopiesIn Library:000001 Record ID :24623


3/68

NCSC-TG-027LibraryNo.S-238,461

Version-1FOREWORD

Theationalomputerecurityentersssuing uideonderstandingInformationystemecurityfficeresponsibilitiesorutomatednformationSystemssartfheRainbowSeries"focumentsurTechnicalGuidelinesProgramproduces.ntheRainbowSeries,w ediscussnetailtheeaturesftheDepartment ofDefenseTrustedComputerSystemEvaluationCriteria(DOD5200.28-STD)androvideguidanceormeetingachequirement.heNationalComputerSecurityenter,hroughtsrustedroductvaluationrogram,valuateshesecurityeaturesfommercially-producedomputerystems.ogether,heseprogramsnsurehatrganizationsreapablefrotectingheirmportantata withtrustedcomputersystems.

AGuideoUnderstandingnformationystemSecurityOfficerResponsibilitiesforutomatednformationystemselpsnformationystemecurityfficers(ISSOs)understandtheirresponsibilitiesforimplementingandmaintainingsecurityinaystem.heystemm aye emoteiteinkedo etwork, tand-aloneautomatednformationystem,rorkstationsnterconnectedia ocalreanetwork.hisuidelinels oiscussesheolesndesponsibilitiesftherindividualswhoreesponsibleorecurityndheirelationshipoheSSO,sdefinedinvariouscomponentregulationsandstandards.

Inviteouruggestionsorevisinghisocument.ela noeviewhis documentastheneedarises.

PatrickR.Gadgher,Z S ay1992DirectorNationalComputerSecurityCenter


4/68

ACKNOWLEDGMENTS Theationalomputerecurityenterxtendspecialecognitionorheir

contributionsohisocumentonnabelleeesrincipaluthor,ollen.FlahavinndCarol.anesontributinguthorsndrojectmanagers,ndoMonicaL.Collinsasprojectmanager.

W ealsothankthemanyrepresentativesfromth eomputersecuritycommunitywhogaveoftheirt imeandexpertisetoeviewth eguidelinendrovideommentsandsuggestions.pecialthanksreextendedto irstieutenant amelaD.Miller,UnitedStatesAirForce,fo rherthoughtprovokingsuggestionsandcomments.

in


5/68

TABLEOFCONTENTS FOREWORDACKNOWLEDGMENTS iLISTOFTABLES ii

1.NTRODUCTION1.1ecurityRegulations,Policies,andStandards

1.1.1ederalRegulations1.1.2DepartmentofDefenseSecurityPolicy1.1.3ecurityStandards

1.2urpose 1.3Structureof theDocument

2.OPERATIONALENVIRONMENT2.1yp e of InformationProcessed

2.1.1nclassified2.1.2ensitiveUnclassified2.1.3Confidential2.1.4ecret2.1.5TopSecret2.2ecurityModeof Operation2.2.1edicatedSecurityMode2.2.2ystemHighSecurityMode2.2.3PartitionedSecurityMode 02.2.4CompartmentedSecurityMode 02.2.5MultilevelSecurityMode 0

3.SSOAREASOFRESPONSIBILITY 1 3.1SSOTechnicalQualifications 1 3.2OverviewofISSOResponsibilities 23.3SSOSecurityResponsibilities 33.4SecurityRegulationsandPolicies 33.5MissionNeeds 43.6hysicalSecurityRequirements 4


6/68

ISSORESPONSIBILITIESGUIDE

3.6.1ontingencyPlans 43.6.2DeclassificationandDowngradingofDataandEquipment.5

3.7AdministrativeSecurityProcedures 63.7.1ersonnelSecurity 63.7.2ecurityIncidentsReporting 63.7.3TerminationProcedures 8

3.8Security Training 83.9Security ConfigurationManagement 93.10ccessControl 1

3.10.1acility Access 23.10.2dentificationandAuthentication(l&A) 23.10.3DataAccess 3

3.11iskManagement 43.12Audits 53.12.1uditTrails 53.12.2AuditingResponsibilities 6

3.13CertificationandAccreditation 74.ECURITYPERSONNELROLES 9

4. 1esignatedApprovingAuthority(DAA) 24.2ComponentInformationSystemSecurityManager(CISSM) 24.3nformationSystem SecurityManager(ISSM) 34.4NetworkSecurityManager(NSM) 44.5nformationSystem Security Officer(ISSO) 64.6Network SecurityOfficer(NSO) 64.7TerminalAreaSecurity Officer(TASO) 84.8SecurityResponsibilities of OtherSitePersonnel 84.9Assignmentof SecurityResponsibilities 9

BIBLIOGRAPHY 1REFERENCES 7AC RON YMS 9GLOSSARY 3

VI


7/68

LISTOFTABLES TABLENUMBER AGE 1.erviceandAgencySecurityPersonnelTitles 30 2.UniformSecurityPersonnelTitles 13.FunctionMatrix 40

VII


8/68

1. INTRODUCTION Thisuidelinedentifiesystemecurityesponsibilitiesornformationystem

SecurityOfficersISSOs).tppliesoomputerecurityspectsfutomatedinformationystemsAISs)ithinheepartmentfefenseDOD)ndtscontractoracilitiesha trocesslassifiedndensitivenclassifiednformation.Computersecurity(COMPUSEC)includescontrolsthatprotectanAI SagainstdenialofervicendrotectsheIS sndataromnauthorizedinadvertentrintentional)isclosure,odification,ndestruction.OMPUSECncludeshe totalityofsecuritysafeguardseededtoprovideancceptablerotectioneveloranAISan dfordatahandledbyanAIS.[1 ]ODDirective(DODD)5200.28definesanAISas"a nassemblyofcomputerhardware,software,and/orfirmwareconfiguredtoollect,reate,ommunicate,ompute,isseminate,rocess,tore,nd/orcontroldataorinformation."2]hisuidelinesonsistentwithstablishedDO Dregulationsndtandards,siscussednheollowingections.lthoughhisguidelinemphasizesomputerecurity,tsmportantonsureha thetheraspectsfnformationystemsecurity,sescribedelow,renlacend operational:

Physicalsecurityincludescontrollingaccesstofacilitiesthatcontainclassifiedan densitivenclassifiednformation.hysicalecuritylsoddressestheprotectionofthestructuresthatcontainthecomputerequipment.

Personnelecurityncludesheroceduresonsurehatccessoclassifiedndensitivenclassifiednformationsrantednlyfterdeterminationasbeenmadeaboutaperson'strustworthinessan dnlyifavalidneed-to-knowexists.Need-to-knowisthenecessityforaccessto,nowledgeof,rpossessionofspecificnformationequiredoerformfficialasksrervices.hecustodian,otherospectiveecipient(s),fhelassifiedrensitiveunclassifiedinformationdeterminestheneed-to-know.

Administrativeecurityddressesheanagementonstraintsndsupplementalcontrolsneededtoprovideanacceptablelevelofprotectionfor


9/68


data.heseconstraintsndproceduresupplementth eecurityproceduresimplementedinthecomputerandnetworksystems.Communicationssecurity(COMSEC)definesmeasuresthataretakentodenyunauthorizedersonsnformationerivedro melecommunicationsfheU.S.Governmentoncerningationalecurityndonsureheuthenticityofsuchtelecommunications.1]

missionssecurityistheprotectionesultingfromal lmeasurestakentodenyunauthorizedersonsnformationfaluehichighteerivedrominterceptndnalysisfompromisingmanationsro mrypto-equipment,AISs,andtelecommunicationssystems.

Allheseecurityreasreitaloheperationf ecureystem.his guidelineocusesnomputerecurity,ithiscussionsfhetherecuritytopics,asapplicable.1.1 SECURITY REGULAT IONS ,POL IC IES ,AND STANDARDS

Thisectionrovidesnverviewfegulations,olicies,ndriteriahataddresssecurityrequirements.1.1.1 FEDERALREGULATIONS

Nationalandatesequireherotectionfensitivenformation,sistedbelow:Title8,U.S.Code905,m akestunlawfuloranyofficeremployeefth e

U.S.overnmentoisclosenformationfnfficialaturexceptsprovidedbylaw,ncludingdataprocessedbycomputersystems.

OfficefanagementndudgetO M B )ircularo.-130stablishesrequirementsfo rFederalagenciestoprotectsensitivedata.

ublicaw00-235,heComputerSecurityActof1987,createsam eansfo restablishinginimumcceptableecurityracticesorystemsrocessingsensitiveinformation.


10/68

IN T R O DUC T IO N

Executiverder2356rescribesniformystemorlassifying,declassifying,andsafeguardingnationalsecurityinformation.

1 . 1 . 2 DEPARTMENT OF DEFENSE SECURITY POLICYDODD200.28,ecurityequirementsorutomatednformationystems(AISs),sheverallomputerecurityolicyocumentorheOD.hedocumentdentifiesandatoryndinimumISecurityequirements.ach

agencym ayssuetswnupplementarynstructions.orODgencies,heseinstructionsallwithinhecopefheDO Duidelinesndddmorepecificity.Additionalequirementsayeecessaryorelectedystems,asedniskassessments.

Additionalsecuritydocumentsare:Departmentfefense220.22-M,ndustrialecurityanualor

SafeguardingClassifiedInformation. DefenseIntelligenceAgencyManual(DIAM)50-4,SecurityofCompartmentedComputerOperations(U).

DirectorfentralntelligenceirectiveDCID)/16,ecurityolicyorUniformrotectionfntelligencerocessednutomatednformationSystemsandNetworks(U).

heupplementoCID/16,ecurityanualorniformrotectionfIntelligenceProcessedinAutomatedInformationSystemsandNetworks(U).

NationalecurityAgency/Central ecurityerviceNSA/CSS)anual30-1,TheNSA/CSSOperationalComputerSecurityManual.

AirForceRegulation(AFR)205-16,ComputerSecurityPolicy.ArmyRegulation(AR)380-19,Security:InformationSystemsSecurity.ChiefofNavalOperationsnstructionOPNAVINST)239.1 A,AutomaticDataProcessingSecurityProgram.


11/68


1.1.3 SECURITYSTANDARDSTheNationalComputerSecurityCenterNCSC)sesponsibleorstablishing

andaintainingechnicaltandardsndriteriaorhevaluationfrustedcomputerystems.sartfhisesponsibility,heCSCasevelopedheTrustedComputerSystemEvaluationCriteriaTCSEC), lsonownsheOrangeBook"fterheolorftsover,hichefinesechnicalecurityriteriaorevaluatinggeneralpurposeAISs.3]n985,heCSECbecame DO Dtandard(DOD5200.28-STD)andismandatoryforusebyallDODcomponents.heCSECratesomputerystemsasednnvaluationfheirecurityeaturesndassurances.herustedNetworknterpretationTNI)nterpretsheCSECornetworksandprovidesguidancefo rselectingndpecifyingthersecurityservices(e.g.,communicationsintegrity,denialofservice,andtransmissionsecurity).4]1.2 PURPOSE

TheprimarypurposeofthisguidelinestoprovideguidancetoSSOs,whore responsibleforimplementingandmaintainingsecurityinasystem.hesystemm aybe emoteiteinkedo etwork,tand-aloneIS ,rorkstationsinterconnectedia ocalre aetwork.hroughoutthisuideline,hetermsite"willesedoefertohe ISonfigurationhatsheesponsibilityfheSSO.TheISSOm aybeoneormorendividualswhohaveth eresponsibilitytoensureth esecurityofn ISxcluding,orxample,uards,hysicalecurityersonnel,awenforcementofficials,nddisasterecoveryofficials.hisguidelinels odiscussestheolesndesponsibilitiesftherndividualswhoreesponsibleorecurityandtheirrelationshiptoth eISSO,asdefinednvariousDODcomponentregulationsandstandards.

Thisuidelinerovideseneralnformationndoesotncludeequirementsforspecificagencies,ranches,rcommands.herefore,henformationncludedinhisocumenthouldeonsidereds aselinewithmoreetailedecurityguidelinesprovidedbyeachagency,ranch,orcommand.

Finally,tsssumedhatndividualshoillesinghisocumentavesomebackgroundinsecurity.hisguidelinepresentssometermsanddefinitionstoprovide ommonrameworkorthenformationtresents;owever,tdoesotprovideacompletetutorialonsecurity.


12/68

INTRODUCTION

1.3 STRUCTUREOFTHEDOCUMENTSection fhisocumentdentifiesheperationalnvironment.ection

presentstherolean dresponsibilitiesoftheISSOan dtheenvironmentinwhichtheISSOerformsheseasks.ection iscussesheolendesponsibilitiesfsecurityersonnelithinnrganizationndheositionfheSSO.bibliographynd eferenceistfecurityegulations,tandards,nduidelinesthatprovideadditionalinformationonsystemsecurityareincludedfollowingection4.ncronymistan d glossaryofomputerecuritytermsrencludedttheen dofthisdocument.


13/68

2. OPERATIONAL ENVIRONMENT TheSS Oerformsecurityasksor itehatm ayupporteveralifferent

userommunities.herefore,heSSOustnderstandheperationalcharacteristicsfheite.ocumentationnheiteonfigurationhouldeavailableandshould,ataminimum,containth efollowing:

Overallmissionofth esite.Overallfloorlayout.Hardwareonfigurationtheite,dentifyingllheevicesndhe

connectionsetweenevicesndocation,umber,ndonnectionsfremoteterminalsandperipherals.

Softwaretheite,ncludingperatingystems,atabaseanagementsystems,andmajorsubsystemsandapplications.

Typefnformationrocessedtheitee.g.,lassified,ensitiveunclassified,andintelligence).

Userorganizationandsecurityclearances.Operatingodefheitee.g.,ystemigh,edicated,ndultilevelsecure).nterconnectionsotherystems/networksfsers,.g.,heutomatic

DigitalNetwork(AUTODIN).Securitypersonnelandassociatedresponsibilities.Thisdocumentationm aybepreparedjointlybyth eoperationsmanagementand

th eSSO.heollowingubsectionsrovidedditionalnformationnheypefinformationprocessedandtheoperatingmodeofthesite.


14/68


2.1 TYPEOFINFORMATIONPROCESSEDThenformationhatstored,rocessed,ristributedtheiteille

includedinneofthefollowingclassificationevelsthatdesignatesthesensitivityofthedata.2.1 .1NCLASSIFIEDUnclassifiedinformationisanyinformationthatneednotbesafeguardedagainstdisclosure,utmusteafeguardedgainsttampering,estruction,rossueorecordvalue,tility,eplacementcostorsusceptibilitytofraud,waste,rbuse.2] Life-criticalandothertypesofcriticalprocesscontrolatathatareunclassifiedls omustbeprotected.2.1 .2ENSITIVEUNCLASSIFIEDTheoss,misuse,runauthorizedaccessto ,rmodificationfthisnformationmightadverselyaffectU.S.ationalnterest,heonductfDODrograms,rtheprivacyofDODpersonnel.2]xamplesncludefinancial,roprietary,ndmission-sensit ivedata.2.1 .3ONFIDENTIAL

Thenauthorizeddisclosureofthisnformationrmaterialouldeasonablyeexpectedtocausedamagetoth enationalsecurity.[5 ]2.1 .4ECRET

Thenauthorizeddisclosurefthisnformationormaterialouldeasonablyeexpectedtocauseseriousdamagetothenationalsecurity.5] 2.1 .5OP SECRET

Thenauthorizeddisclosurefthisnformationormaterialouldeasonablyeexpectedtocauseexceptionallygravedamagetothenationalsecurity.[5 ]

8


15/68

OPERATIONALENVIRONMENT

2.2 SECURITYMODEOFOPERATION TheesignatedpprovinguthorityDAA)ccreditsnISoperaten

specificsecuritym ode.hesecuritymodeselectedreflectswhetherornotallusershaveheecessarylearance,ormalccesspproval,ndeed-to-knoworllinformationcontainedinth eAIS.

Formalccessapprovalsth edocumentedpprovaly atawnerollow accesso articularategoryfnformation.2]hemodesreefinedelowwithheistinctionsotedntalicsormphasis.heefinitionsreasednDODD5200.28,xceptfo rompartmentedecuritymode,whichsasednDCID 1/16.otehatom eermshatppearnomputerecurityequirements-GuidanceorpplyingheepartmentfefenserustedomputerystemEvaluationCriteriainSpecificEnvironments,CSC-STD-003-85,renolongerdefinedinDODD200.28.Limitedaccessmodendompartmentedmodeal lnderth eheadingfartitionedode.ontrolledodeomesnderheeadingfmultilevelecuritym ode.nODD200.28,artitionedmodessednlacefcompartmentedmode.)nddition,thermodesofoperationm aybetipulatedyth eorganizationoragencythatincludesth esite.2.2.1EDICATEDSECURITYMODE

AnISperatesnedicatedecuritymodehenachserithirectrindirectndividualccessohe IS ,tseripherals,emoteerminals,remotehostsashelearanceruthorization,ocumentedormalccesspproval,frequired,ndeed-to-knoworllnformationandledyheIS .2]nIS operatingndedicatedmodedoesotequirenyadditionalechnicalapabilitytocontrolaccesstonformation.hennth ededicatedecuritym ode,heystemsspecificallyndxclusivelyedicatedondontrolledorherocessingfneparticularyperlassificationfnformation,itherorull-timeperationrorspecifiedperiodoft ime.6]2.2 .2YSTEMHIGHSECURITYMODE Systemighecuritymodes odefperationhereinllsersavingaccessoheISossess ecuritylearanceruthorizationsellsdocumentedormalccesspproval,utnotnecessarily eed-to-know,orlldataandledyth e IS .2] An ISperatingnystemighecuritymodemust


16/68


haveheechnicalapabilityoontrolccessonformationasedn ser'sneed-to-know.eed-to-knowm aybepecifiedsingaccesscontrolistsACLs)rnon-hierarchicalSchemasforcategorizinginformation.2 .2 .3ARTITIONEDSECURITYMODE

Inartitionedecuritym ode,llsersavehelearanceutotecessarilyformalccesspprovalndeed-to-knoworllnformationontainednhesystem.hiseanshatomesersmayotaveeed-to-knowndormalaccessapprovalfo ralldataprocessedbytheAIS.[2 ]

AnISperatingnartitionedodeustaveheechnicalapabilityocontrolaccesstoinformationasedonneed-to-knowandtheensitivitylevelfthedatainth esystem.2.2 .4OMPARTMENTEDSECURITYMODE DCID/1 6definescompartmentedsecuritymodewhereineachuserhasavalidclearanceorhemostestrictedntelligencenformationrocessednheIS .Eachserls oasormalccesspproval, alideed-to-know,nd ignednondisclosuregreementorhatntelligencenformationowhichhesersohaveaccess.[7 ]

2.2 .5ULTILEVELSECURITYMODE MultilevelecurityMLS)modes modefperationhereinotallusers

have learancerormalccessapprovalorllataandledyhe IS .his modeofoperationanaccommodatetheoncurrentprocessingndtoragefa) twoormorelevelsofclassifieddata,or(b )oneormorelevelsofclassifieddatawithunclassifieddatadependinguponth econstraintsplacednth esystemytheDAA.[2 ]nAISoperatinginmultilevelmodem u sthaveth etechnicalcapabilitytocontrolaccessonformationasedneed-to-know,ormalccesspproval,ndsensitivitylevelfth eatanth eystem.Note:ControlledmodesotseparatelydefinedinDODD5200.28. Itisincludedinmultilevelmode.)

10


17/68

3. ISSOAREASOFRESPONSIBILITY Withinnrganization,heSS Om aybeneormorendividualswhoavethe

responsibilitytoensureth esecurityofanAIS.ISSO"doesnotnecessarilyrefertothepecificfunctionsfasinglendividual.lso,dditionalesponsibilitiesm ayedefinedytheSSO'specificrganization.hedministrationfystemecuritycanecentralizedrdecentralizeddependingponheeedsfth erganization.Wheremultipleataenterocationsrenvolved,hedecentralizedpproachm aybemoreppropriate.owever,neocalointhouldoordinatellnformationsecurityolicy.lso,heesponsibilityornformationecurityestsithllmembersofth eorganizationandnotjustthesecuritypersonnel.

TheSSOupportsw oifferentrganizations:heserrganizationndhetechnicalrganization.heserrganizationsrimarilyoncernedwithrovidingoperationsndheechnicalrganizationocusesnrotectingata.tsrecommendedthattheISSOnotreporttooperationalelementsofth eAISthatm u stabideytheecurityequirementsfhepplicableirectives,olicies,tc .heobjectivesorovide egreefndependenceorheSSO.heSS Ohallreporttoahighlevelauthoritywhoisnottheoperationalmanager.lso,therankorgradeoftheISSOshallbecommensuratewiththeassignedresponsibilities.3.1 ISSO TECHN ICAL QUAL IF ICAT IONS

TheAA,r esignee,nsuresnSSOsam edorachIS .his individualndheSSO'sanagementhouldnsurehatheSSOeceivesapplicablerainingoarryutheuties.heSS Oositionequires olidtechnicalackground,oodanagementkills,ndhebilityoealellithpeopletllevelsro mopmanagementondividualsers.t minimum,heISSOshouldhavethefollowingqualifications:

Twoyearsofexperienceinacomputerrelatedfield.O neearfxperiencenomputerecurity,rmandatoryttendancet

computersecuritytrainingcourse.amiliarizationwithth eoperatingsystemoftheAIS.

1 1


18/68


Atechnicalegreesdesirablenomputercience,mathematics,lectricalengineering,orarelatedfield.

3.2 OVERVIEW OFISSORESPONSIBILITIES TheSS Octsorheomponentnformationystemecurityanager(CISSM)toensureompliancewith ISecurityproceduresttheassignediter

installation. DODD5200.28summarizesth edutiesoftheISSOasfollows:nsurehatheISsperated,sed,aintained,ndisposedfn

accordancewithinternalsecuritypoliciesandpractices.nsureth eAISisaccreditedifitprocessesclassifiedinformation. nforceecurityoliciesndafeguardsnllersonnelavingccessoth eAISforwhichth eISSOha sresponsibility. nsurehatsersndystemupportersonnelaveheequiredecurity

clearances,uthorizationandneed-to-know;avebeenindoctrinated;ndare familiarwithinternalsecuritypracticesbeforeaccesstotheAISisgranted.

nsurethataudittrailsarereviewedperiodically,e.g.,weeklyordaily).lso,thatauditrecordsarearchivedforfuturereference,frequired.

nitiateprotectiveorcorrectivemeasuresifasecurityproblemisdiscovered.ReportecurityncidentsnccordancewithDOD200.1-RndoheD AA

whenanAISiscompromised.Reportth esecuritystatusofth eAIS,asrequiredbyth eDAA. valuatenownulnerabilitiesoscertainfdditionalafeguardsre

needed.Maintainaplanorsiteecuritymprovementsndprogresstowardsmeetingth eaccreditation.

12


19/68

ISSOAREASOF RESPONSIBILITY

3.3SSO SECURITYRESPONSIBILITIES Command-specificutiesfheSSOaveeenell-definednany

regulations,irectives,ndocuments,.g.,F R05-16,R80-19,ndOPNAVINST239.1 A.hisuidelinerovides moreeneraliscussionfSSO responsibilities,whichm aybetailoredtoaparticularenvironment.heremainderofsection3detailsISSOresponsibilities.om eoftheseresponsibilitiesarenecessarytosupportth esecuritydutiessummarizedbove.hematerialsotpresentedinaspecificorder.3.4ECURITYREGULATIONSANDPOLICIES

TheSS Ohallewarefthedirectives,egulations,olicies,nduidelinesthataddressth eprotectionofclassifiedinformation,swellssensitiveunclassifiedinformation.heoverallsecuritydocumentsarediscussednection.lso,achcommandandagencym ayhaveadditionalequirementsthatprovidemoredetailedguidancenrotectingensitivenformation.tm ayeecessaryorth eSS Otoprepare,orhaveprepared, listofth eapplicabledirectives,egulations,tc.,foneisnotavailable.

Securityocumentation.heSS Oarticipatesnheevelopmentrrevisionfsite-specificsecuritysafeguardsndocalperatingroceduresthatre basednheboveegulations.hebjectivesoncludeheSS Ouringhedevelopmentandwritingatherthannlyatth emplementationhase.heverallsiteecurityocumentsheecuritylan.tontainsheecurityrocedures,instructions,operatingplans,andguidanceforeachAI Satth esite.

TheISSOalsoprovidesinputtoothersecuritydocuments,forexample,ecurityincidenteports,quipment/softwarenventories,peratingnstructions,echnicalvulnerabilitiesreports,andcontingencyplans.

Tw odocumentsthatth eSS Oshouldefamiliarwith,equiredforproductswithsecurityfeaturesatth eC1evelorabove,arediscussedbelow:

TheTrustedFacilityManualTFM )etailsecurityfunctionsandrivileges.tisesignedoupportISdministratorse.g.,heSSO,heatabaseadministrator,ndomputerperationsersonnel).tddressesheconfiguration,administration,ndperationfth eAIS. Itprovidesguidelines

13


20/68


fortheonsistentndffectivesefth erotectioneaturesftheystem.(Additionalinformationisprovidedinth eCSEC.)

heSecurityeaturesUser'sGuideSFU G )ssistshesersfth e IS .tdescribesowoseherotectioneaturesfhe ISorrectlyorotectthenformationtorednheystem.heFU Giscussesheeaturesnthe ISthatarevailabletosers,swellsheesponsibilitiesorystemsecuritythatapplytousers.

3.5ISSIONNEEDS TheSS Ohallnderstandherganization'smissioneeds,hats,heoals

andbjectivesfth erganizationndheesourcesequiredoccomplishhesegoals.equirementsrepecifiedynalyzingherganization'surrentcapabilities,vailableesources,acilities,unds,ndechnologyase,ndydetermininghetherheyreufficientoulfillheission.fot,heissionneedshouldevaluatedndrioritizednd la nevelopedoddressheseneeds.ecausesecurityrequirementsshouldbeincludedinthemissionneedsandcurrentassetsssessment,tsmportantorheSS Ooecomenvolvednhemissiondefinitionprocess.3.6HYS ICAL SECURITY REQU IREMENTS

Ingeneral,hysicalecurityaddressesfacilityaccessndtheprotectionfthestructuresndomponentshatontainhe ISndetworkquipment.hysicalsecurityalsoaddressesontingencylansndth emaintenancenddestructionfstoragemediaandequipment.hesehysicalafeguardsmustmeettheminimumrequirementsstablishedorheighestlassificationfatatoredtheite.TheISSOincoordinationwithsitesecuritypersonnelisresponsiblefo rensuringthatphysicalafeguardsrenlace.acilityccessndaintenancereurtherdiscussedinsection3.10.ontingencyplanninganddeclassificationarediscussedinsections3.6.1nd3.6.2.3.6.1 CONTINGENCYPLANS

ThenformationystemecurityanagerISSM)sesponsibleorheformulation,esting,ndevisionfiteontingencylansecausefhemanager'sccountabilityornsuringontinuityfperations. Theontingency

14


21/68


plansocumentmergencyesponse,ackupperations,ndost-disasterrecoveryrocedures.hileheSSMasverallesponsibilityorhelans,heISSOprovidestechnicalcontributionsconcerningth eoverallsecurityplanstoensureth evailabilityfriticalesourcesndoacilitateystemvailabilitynnemergencyituation.tsls omportantthatllesponsibilitiesnderthela nre adequatelydocumented,communicated,andtested.3.6.2 DECLASSIFICATIONAND DOWNGRADINGOFDATA A NDEQUIPMENT

Declassifications rocedurendndministrativectionoemovehesecuritylassificationfheubjectmedia.owngradings rocedurendnadministrativectionoowerheecuritylassificationfheubjectmedia.heproceduralaspectofdeclassificationstheactualurgingfth emediaandemovalofnyabelsenotinglassification,ossiblyeplacinghemwithabelsenotingthatthestoragemediaisunclassified.heproceduralaspectofdowngradingisth eactualurgingfheediandem ovalfnyabelsenotinghereviousclassification,eplacinghemithabelsenotingheewlassification.headministrativeaspectisealizedthroughth eubmissiontotheappropriateuthorityofadecisionmemorandumtodeclassifyordowngradethestoragemedia.

TheISSOm u stensurethat:urging,eclassification,ndowngradingroceduresreevelopedndimplemented.Procedures areollowed for purging, declassifying, downgrading, and

destroyingstoragemedia.Procedures are followed for marking, handling, and disposing of the

computer,itsperipherals,andremovableandnonremovablestoragemedia.Anypecialoftwareeededoverwriteheite-uniquetorageedias

developedoracquired.Anyspecialhardware,suchasdegaussers,isavailable.

15


22/68


3.7 ADMINISTRATIVE SECURITY PROCEDURES Administrativesecurityincludesth epreparation,distribution,ndmaintenanceof

plans,nstructions,uidelines,ndoperatingproceduresegardingecurityofAISs.ItsheesponsibilityfheSS Oossistnheevelopmentfdministrativeprocedures,frequired,andtoconductperiodicreviewstoensurecompliance.3.7.1ERSONNELSECURITY

O necomponentofadministrativesecurityispersonnelsecurity.ngeneral,tisth eresponsibilityofth eISSOto :

Ensurehatllersonnelnd,henequired,pecifiedaintenancepersonnelwhonstall,perate,maintain,rseheystem,oldheropersecurityclearancesandaccessauthorizations.

nsurethatal lystemsers,ncludingmaintenanceersonnel,reeducatedbyheirespectiveecurityfficernpplicableecurityequirementsndresponsibilities.

Maintainarecordfvalidecurityclearances,hysicalaccessauthorizations, andAISaccessauthorizationsfo rpersonnelusingthecomputerfacility.

nsurethatmaintenancecontractorswhoworkonth eystemreupervisedbyanauthorizedknowledgeableperson.3.7.2ECURITYINCIDENTSREPORT ING

Asecurityincidentoccurswheneverinformationsompromised,whentheresariskofcompromiseofinformation,whenrecurringorsuccessfulattemptstoobtainunauthorizedccesso ystemreetected,rwheremisusefheystemssuspected.

TheSS Oreates eportingechanism,sartfheecurityncidentreportingprocedure,fo ruserstokeepth eSS Oinformedofsecurity-relevantactivitythattheyobserveonthesystem.hisreportingmechanismshallnotuseth eAISto reportsecurity-relevantactivityabouttheAIS.

16


23/68

ISSOA R E A SOFRESPONSIBILITY

Themechanism,ataminimum,ncludesthefollowing:Descriptionofincident. dentificationofth eindividualreportingth esecurityincident.dentificationoftheloss,otentialloss,accessattempt,ormisuse.dentificationoftheperpetrator(ifpossible).Notificationfppropriateecurityndanagementersonnelndivil

authorities,ifrequired.Reestablishmentofprotection,ifneeded.Restartfperations,fheystemadeenakenownoacilitateheinvestigation.

TheISSOperformsthefollowinginsupportofthistask:Preparesroceduresormonitoringndeactingoystemecuritywarning

messagesandreports.Develops,eviews,evises,ndubmitsorpprovaloheAAnd

technicalupervisor,roceduresoreporting,nvestigating,ndesolvingsecurityincidentsatthesite.

mmediatelyeportsecurityncidentshroughheppropriateecurityndmanagementhannelse.g.,SS Mndrogramanager).heSSO submitsnnalysisfheecurityncidentoheppropriateuthorityorcorrectiveanddisciplinaryactions.

Performsnnitialvaluationfecurityroblems,nd,fecessary,temporarilyeniesccessoffectedystems.heSS OnsureshatTerminalreaecurityfficersTASOs)valuate,eport,ndocumentsecurityproblemsandvulnerabilitiesattheirrespectiveremoteterminalareas.

artiallyrompletelyuspendsperationsfnyncidentsetectedhataffectsecurityofoperations.hiswouldncludenyystemailure.Note:thism ayenrealisticfheystemerforms riticalperationalmission.

17


24/68


Alternativeroceduresayeequirednhisituation.heAAustweighheis kf ecurityncidentagainstheotentialamagenhuttingdownth esystem.)

nsureshatllasesfctualruspectedompromiseflassifiedpasswordsareinvestigated.

nsureshatoccurrenceswithinheystemhatm ayaffectthentegrityndsecurityfheataeingrocessedrenvestigated.fheystemmalfunctions,itisimportanttoaccountforth edata.

Assistshenvestigatingfficialsnnalyzingctualruspectedcompromisesofclassifiedinformation.

3.7.3 TERMINATIONPROCEDURESTheSS Oisesponsiblefo rperformingthefollowingtaskswheneveranyuser's

accessserminated.romptctionsequired,articularlyfheerminationrknowledgeofth ependingterminationmightprovokeausertoretaliate.

Removesth euserfromallaccesslists,othmanualandautomated.Removeshendividual'sccountro mllystems,ncludingheser's

password.nsuresthatth endividualasurnednlleys,okens,rcardsthatllow

accesstoth eAIS. nsuresthatcombinationsfanycombinationocks,ssociatedwithhe IS

anditsphysicalspace,thatth eindividualaccessedarechanged. nsuresthatallremainingpersonnelusingsystemsprocessingclassifieddata

changetheirpasswordstopreventunauthorizedaccess.3.8 SECURITYTRAINING

Becau sepersonnelareanintegralartofth esecurityprotectionsurroundingan AIS,heym u stnderstandheulnerabilities,hreats,ndisksnherentwithIS usage.herefore,omputerecurityhallencludednriefingsivenollew personnel. Toeinforcethisnitialrainingndontroduceewconcepts,eriodic

18


25/68

ISSOA R E A SOF RESPONSIBILITY

trainingndecuritywarenessrogramshouldeonducted.heSSOhallcontinuetrainingtokeepurrentnecurityproductsndprocedures.heSSOsresponsibleforensuringthat:

llersonnelincludinganagement)aveomputerecuritywarenesstrainingndaveeadpplicableectionsfheISecuritylan.his includestraininginsecurityproceduresandtheuseofsecurityproducts.

llsersreducatedegardingasswordanagemente.g.,eneratinguniqueasswords,eepingasswordsdequatelyrotected,otharingpasswords,hangingasswordsn egularasis,ndeneratingifferentpasswordsforeachsystemaccessed).

Usersnderstandhemportancefonitoringheiruccessfulndunsuccessfulogins,fossible.fheseootorrespondoheser'sactualsage,heserhouldnowtheroperroceduresoreportinghediscrepancy.

TheSS Oaneepsersnformedboutecuritynanyifferentays.Someapproachesfollow:

PeriodicallyisplayessagesnheIShenheserogsnohesystem.

Developanddistributesecurityawarenessposterstofosterinterest.Disseminateewecuritynformationboutheystemndssueeminder

noticesaboutprotectionprocedures.ssuememostonotifyusersofchanges. rovidehands-on"demonstrationsofAI Ssecurityfeaturesandprocedures.

3.9 SECURITY CONF IGURAT IONMANAGEMENT Configurationanagementontrolshangesoystemoftware,irmware,

hardware,ndocumentationhroughoutheifefheIS .hisncludeshedesign,evelopment,esting,istribution,ndperationfodificationsndenhancementsohexistingystem. TheSS Ortheresignatedndividual

19


26/68


awarefheecurityssueshallencludednheonfigurationanagementprocessonsurehatmplementedhangesootompromiseecurity.tsparticularlymportantortheSS OoeviewndmonitorroposedhangesohetrustedomputingaseTCB)sefinednheecurityarchitecture.ppropriatetestshouldeonductedohowhatheCBunctionsroperlyfterhangesarem adeot.onfigurationmanagementaskshatreheesponsibilityfheISSOareasfollows:

Maintainnnventoryfecurity-relevantardwarendecurity-relevantsoftwareandtheirlocations.

Maintainocumentationetailinghe ISardware,i rmware,ndoftwareconfigurationandallsecurityfeaturesthatprotectit.

Evaluateheffectnecurityfroposedentrallyevelopednddistributedandsite-uniquemodificationstosoftwareandapplications.ubmitcommentstoappropriatepersonnel.

dentifyandanalyzesystemmalfunction. Preparesecurityincidentreports.Assistnheevelopmentfystemevelopmentotificationsndystem

changeproposals.MonitorDAA-approvediteproceduresorontrollinghangesoheurrentsystem. nsurehatnyystemonnectivitysnesponseo alidperational

requirement. nsurethatontinuingestsfheiteecurityeaturesreerformed,nd

maintaindocumentationofth eresults.CoordinateAISecuritychangeswithheSSM.eviewal liteonfiguration

changesandystemomponentchangesrmodificationstoensurethatsitesecurityisnotcompromised.Reviewphysicalinventoryreportsofsecurity-relevantAISequipment.

20


27/68


HardwareandSoftwarenstallationndaintenance.heSS Onsuresthatheesignndevelopmentfewystemsrheaintenancerreplacementfxistingystemsncludesecurityeatureshatillupportcertificationndccreditationreaccreditation.nupportfhisffort,nformalreviewswithheiteertifiersanelpdentifyotentialroblems,husnablingpotentialecurityisksoedentifiedarly.eforenstallingnyewystem release,th esiteshallcompletesufficienttestingtoverifythattheystemmeetsth edocumentedndpprovedecuritypecificationsndoesotiolatexisting securitypolicy.heSS Oshall,taminimum,observeth etestingfnewreleases.SpecificISSOtasksare:

nsurehatllecurity-relevantevelopmentndlanningctivitiesre reviewedandapproved.

articipatenhecquisitionlanningrocessorroposedcquisitionsoensurethatthesitesecuritypolicyhasbeenconsidered.hisappliestobothth eacquisitionofnewsystemsortheupgradeofexistingsystems.

nsurethatecurityfeaturesrenlacebytesting)opreventapplicationsprogramsfrombypassingecurityfeaturesrfromaccessingensitivereasofth esystem.

Developprocedurestoreventth enstallationfoftwareromnauthorizedorquestionablesources.

nsurehatystemupportersonnelnowowonstallndaintainsecurityfeatures.

3.10 ACCESS CONTROL Accessisconsideredfromdifferentperspectives:hysicalaccesstoth eacility

andystemfacilityccess),ogicalccessoheystemidentificationndauthentication),ndogicalccessoheystem'silesndtherbjectsdataaccess). Eachoftheseisdiscussedseparatelybelow.

21


28/68


3.10.1 FACILITYACCESSProcedureshalledevelopedorontrollingaccessoheitendheite's

resources.nccordancewithpplicableecurityolicy,ystemccesshalledeniedonyser,ustomer,risitorhoasoteenrantedpecificauthorization. Generalguidancefo rtheISSOfollows:

stablishprocedurestoensurethatonlypersonnelwhohaveaneed-to-knowhaveaccesstoclassifiedorsensitivebutunclassifiedinformation.

stablishroceduresonsurehatnlyersonnelhoaveheroperclearancesndormalccesspprovalrellowedhysicalccessonysystemontaininglassifiednformation.llndividualshoaveoutineaccesstoth esystemshouldbeproperlyclearedandaveavalidoperationalrequirementforaccess.

Denyccessonyser,ustomer,risitorhosnauthorizedrsuspectedofviolatingsecurityprocedures.

nsureallvisitorsaresigned-inndescorted,fnecessary.isitorshalleundervisualobservationbyanauthorizedperson.

eeprecordsofmaintenanceperformedatth esite. stablishndmplementroceduresoontrolISquipmentomingnto andoingutfheite,ncluding,orxample,estevices,able,nd

systemdisks.Developandmaintainafacilitysecurityplanthatcontainsatleastarchitectural

drawingsandbuildingplans,floorplans,andinventories.nsurethatmaintenancecontractorsw howorkonthesystemreupervised

byanauthorizedknowledgeableperson.3.10.2 IDENTIFICATIONANDAUTHENTICATION( l&A)

Thedentificationomponentofan&Asystemonsistsfaetofniqueseridentifiers. Authenticationnvolveserifyinghedentityf ser. If ser's

22


29/68


identifierdoesotremainnique, subsequentuserm aygaintheaccessightsfaprevioususeronthesystem.eneralguidancetotheISSOfollows:

nsurethatth edatabasesrequiredtosupportthe&AfunctionareaccessibleonlybytheISSO.

Obtainalistofalldentifications(IDs)presetatthefactory.hangeordeleteal lserDsndasswordshatomeithendoroftwareoreventunauthorizedaccess.efaultasswordshalleheckedndhanged,snecessary,tystemnstallationndodification,henheSSOirstassumesesponsibilityfheystem,ndfternyaintenanceohesystem.

Developnddminister asswordmanagementystemhatncludeshegenerationfystemasswordsndevelopmentfroceduresoraddressingpasswordlossorcompromise.

nsurehatnlyuthorizedersonsxecuteystemtilityrogramsndroutinesthatbypasssecuritychecksorcontrols.

Maintain iteseris thatontainsheame,serD,ccessevel,ndwhetherth euseristohaveoperatororadministrativeprivileges.

3.10.3 DATA ACCESS Thefocusfdataaccessproceduresstoreventdisclosurefnformationo

unauthorizedindividuals.eneralguidancefortheISSOfollows: nsurehatheite-specificiscretionaryccessontrolDAC)olicys

definedndmplemented.heolicyhouldefinehetandardsndregulationshatheSS Omustmplementonsurehatatasisclosedonlytoauthorizedindividuals.

Controlaccesstollunctionshatanffectheecurityrntegrityfhesystem.ccessofthistypeshallbekepttoth eabsoluteminimumnumberofpersonnel.

23


30/68


nsurehatnyequiredccessontroloftwareubsystemsrthersecuritysubsystemsarenstalledndoperatedn mannerthatsupportsth esecuritypolicyofth eAIS.

3.11 RISK MANAGEMENT Riskmanagementdentifies,easures,ndinimizesheffectfncertain

eventsnystemesources.is kmanagementdetermineshealuefheata,whatrotectionlreadyxists,ndowm u chmorerotectionheystemeeds.Therocessncludesis knalysis,ostenefitnalysis,afeguardelectionndimplementation,ppropriateecuritytests,ndystemseview.iskmanagementisnongoingrocessthatwilleaffirmhealidityfreviousnalysis.heSSO supportstheriskmanagementprocessbyperformingth efollowingtasks:

Assistinth edevelopmentofth eriskmanagementplan. erform is kassessmentndnalysisynalyzinghreatsoheitend

vulnerabilitiesftheitenelationshiptoth eensitivityofth enformationnth esystem.ocumenttheresultsandprepareappropriatecountermeasures.(Thisisexpandedbelow.)

nsure ontingencyla nsnlaceorontinuityfperationsnnemergencysituationandthatthedevelopedplansareexercised.

nsurethatapprovedcountermeasuresareimplemented.Periodicallyeviewheis kssessmentorewhreatsueo hanged

configurationrhangesnheperationalnvironmentndeviewcontingencyplanstoensurethattheyarestillapplicable.

Ensurehatecurityests,isknalysis,EMPESTests,ndtherinspectionsreonductedsequired.aintain ileforkingapersconcerningecurityests,is knalysis,ndtheracetsfheiskmanagementprogram.

Maintainafileofal lsitesecurity-relatedwaivers.

24


31/68


TheSS Oocumentsndeportsomputerecurityechnicalulnerabilitiesdetectedn ISs,nccordancewithDODnstruction215.2.heeportncludesinformationegardingechnicalolutionsradministrativeroceduresmplementedtoeduceheisk.achSS Odministersheechnicalulnerabilityeportingprogramand:

Reportsdentifiedechnicalulnerabilities.s urtherayfharinginformationboutvulnerabilities,maintainsontactwiththerystemecurityofficersandwithotherusersofthesametypeofsystem.

Assumesesponsibilityorecommendingnynecessaryndeasiblectiontoreduceriskspresentedbyth evulnerabilities.

Developsocalroceduresoreportingndocumentingechnicalvulnerabilities,ndnsureshatllsersndperatorseceiverainingorcarrying-outth eprocedures.

nsuresthatvulnerabilityinformationisproperlyclassifiedandprotected.3.12 AUD ITS

TheSSOasherimaryesponsibilityoonductecurityuditsoroperationalystemssellsorystemsnderevelopment.onitoringfvariancesnecurityroceduressls omportantndsestontrolledyheISSO.spartofvariancemonitoring,th eSS Oreviewsnyrelevantaudittrailata fromth esystem.inally,th eSS Oprovidesseniormanagementwitheportsontheeffectivenessfecurityolicy,ithdentificationfeaknessesndrecommendationsforimprovements.3.12.1 AUDITTRAILS

Theuditrailrovides ecordfystemecurity-relatedctivityndl lowsth eSS Oomonitoractivitiesnheystem.oenffectiveecurityool,heauditrailhouldebleoonitor,orxample,uccessfulndnsuccessfulaccessttempts,ileccesses,ypefransaction,ndasswordhanges.fmanualuditsreecessary,heSS Ohallocumentandomhecksadeoverifythatsersreecordingystemsage.udittraililesm u sterotectedopreventunauthorizedchangesordestruction.

25


32/68


3.12.2 AUDITINGRESPONSIBILITIESAppropriateaudittrailatashalleeviewedyth eSSO.esidesth eystem

audittrail,etworkuditeportsanrovideetailednformationnetworktrafficandrovidesummaryaccountingnformationnachserD,ccount,rprocess.TheresponsibilitiesoftheISSOfollow:

Reviewspecificationsfornclusionfaudittraileductionoolsthatwillassistinaudittrailanalysis.

Selectecurityventsoeudited.nsurehatheuditrailseviewedandavethecapabilitytouditeveryaccesstoontrolledystemesources(e.g.,verysensitivefiles).rchiveauditdata.

Developndmplementuditndeviewroceduresonsurehatll IS functionsremplementednccordanceithpplicableoliciesndprograms.xistingoliciesndrogramssuallystablishheinimumamountofmaterialthatshallbeaudited.

Conductauditsandmaintaindocumentationonth eresults.Superviseeviewfecurityuditarameters.evelop,eview,evise,

submitforapproval,andmplementproceduresfo rmonitoringndeactingtosecuritywarningmessagesandreports.

Conductandomhecksoerifyomplianceithheecurityroceduresandrequirementsofth esite.

Gathernformationromuditrailsoreaterofilesfystemsers.Observeseratternsuchsheerminalsuallysed,ilesccessed,normaloursfccess,ndermissionssuallyequested,oeterminewhichactionsareunusualandshallbeinvestigated.

Reviewseraccesseportseneratedyheuditrail,nompliancewithpoliciesandpractices.

26


33/68


Reviewaudittrailreportsfo ranomalies:-ookorultiplensuccessfulogonttempts.hisoulden

indicationfnnexperiencedser, serwhoasecentlyhangedpasswordsandforgottenth enewone,oranattemptedintrusion.

-ookforanattemptbyauser,whosalreadyoggednt terminal,olo gngainotheameystemro m econderminal.hisouldecausedynnadvertentailureoogut,nntentionalogonooth terminals,oranattemptedintrusion.

-elerttondividualsoggingnfterormalours.hism aymeanheuserhasadeadlinetomeetandsworkingovertimeorthatanntruderisattemptingaccess.

-ookorighumbersfnsuccessfulileccesses.hisouldepromptedyheser'sailureoememberileamesrynattemptedintrusion.

-ookforunexplainedchangesinsystemactivity.-ookfo rcovertchannelactivity.

3.13 CERTIF ICATION ANDACCRED ITAT IONCertificationsheechnicalvaluationfnAIS'securityeatures,ncluding

non-AISecurityfeaturese.g.,dministrativeproceduresndhysicalafeguards),againstaspecifiedetofecurityequirements.heobjectivestodetermineowwellheISesignndmplementationeethisre-definedetfecurityrequirements.ertificationserformedsartfheccreditationrocess.Accreditationisth eformalmanagementdecisionm adebyth eD AAtomplementan AISretworkn pecificperationalnvironmenttncceptableevelfisk.Thecertificationpackagespecifiesth efollowinginsupportofaccreditation:

Securitym ode.Setofadministrative,environmental,andtechnicalsecuritysafeguards.Operationalenvironment.

27


34/68

ISSORESPONSIBILITIES GUIDE

nterconnectionstootherAISornetworks.Vulnerabilitiesaswellasproceduralandphysicalsafeguards.TheSS Osrequentlyesponsibleorth eollowingis tftasksnreparation

fo raccreditationofaparticularAIS:Assistinpreparingtheaccreditationmaterialrequiredbyth eDAA.Assistintheevaluationoftheaccreditationpackage.Assistinthesitesurveys. repare tatementoheAAboutheertificationeport.heeport

shouldnclude descriptionfheystemndtsmission;heesultsro m th etesting,documentreviews,ndhardwareandsoftwarereviews;emainingsystemulnerabilities;ndnydditionalontrolsrnvironmentalrequirementsthatm aybenecessary.

nsurethatthesitemaintainsth esystemsecuritybaselinethroughaudits.Notifyth eD AArtheDAA'sepresentativefllonfigurationhangeshat

m aychangeth esite'ssecuritybaseline.

28


35/68

4. SECURITYPERSONNELROLESAlthoughthisuidelineocusesnheolendesponsibilityfth eSSO,ts

importanttonderstandowth eSSOositionelatesotherositionshatave somesecurityresponsibilitywithinanorganization.hissectionoutlinestheseotherpositionswithsecurityresponsibilities.

DO Degulationsefineecurityolesndesponsibilitiesorersonnelresponsibleor ISecurity.verallolesndesponsibilitiesreimilarcrossDOD,utareassigneddifferenttitlesnachervice/agency.able ummarizesth etitlesandpositionsacrossth eDODcomponents.

O neoftherolesnotaddressednTable r2sthatofthe rogramManager(PM).hilethisisnotspecificallyasecurityfunction,theMm u stbeawareoftheAISecurityequirements.heMhouldstablish omputerecurityworkinggroup(CSWG )consistingfindividualsfromtheprogramoffice,sers,rocurementspecialists,onsultants,ocalomputerecurityrganizations,ndheevelopers.Duringtheacquisitionprocess,hisgrouphalleviewandvaluateecurity-relateddocumentsndssuesuchspecifications,ecurityestlansndrocedures,andiskanagementlansndrocedures.heollowingectionsistresponsibilitiesorachfhedentifiedecurityoles.ependingnheize,geographicalistribution,ndomplexityfheite,heolefheSSM (Informationystemecurityanager)/NSMNetworkecurityanager)ayefilledbythesameindividual(s)astheISSO/NSO(NetworkSecurityOfficer).

29


36/68


TableServiceandAgencySecurityPersonnelTitles

Level AirForce1 Army1 Navy 1 DIA SystemWide MAJCOM

2'3

MCSSM M A C O M2

ISSPM COM NAVCOM TE L.COM2 MDICorSI O2

AISSite BCSSM CFM4CSSO TASO

ISSMISSO TASO

ADPSOADPSSO/ISSO MSO TASO ISSO

NetworkSite1 M^tono,

NM NSM NSO NSO NSO NSO

2.3. 4. OperationalPlan-ExtremelySensitiveInformation)DAATheremanybemultipleMAJCOMsatabase,eachwithon eormoreAIS sitesThereisonlyoneB CS S OperbasetowhichallCFMsprovideinformation

ADPSOADPSSOB CS S M B CS S OC FM COMNAVCOMTELCOMCSSM CSSO D AA ISSM ISSO ISSPM M A C O M MAJCOMM CS S M M D I C M SO NM NSM NSO SIO SSM TASO

AD PSecurityOfficerAD PSystemSecurityOfficerBaseCommunications-ComputerSystemsSecurityManagerBaseCommunications-ComputerSystemsSecurityOfficerComputerFacilityManagerCommander,NavalComputerandTelecommunicationsCommandCommunications-ComputerSystemSecurityManagerComputerSystemSecurityOfficerDesignatedApprovingAuthority/DesignatedAccreditationAuthorityInformationSystemSecurityManagerInformationSystemSecurityOfficerInformationSystemSecurityProgramManagerMajorArmyCommandMajorCommand(AirForce)MAJCOMCSSM MilitaryDepartmentIntelligenceOfficerMediaSanitationOfficerNetworkManagerNetworkSecurityManagerNetworkSecurityOfficerSeniorIntelligenceOfficerSystemSecurityManagerTerminalAreaSecurityOfficer

30


37/68

SECURITY PERSONNELROLES

Table resents niformetfecurityolesnditlesha twillese dthroughoutthisguideline.

Table2Uniform SecurityPersonnelTitlesLEVEL STAFFPOSITIONSystemWide (NotSCI,SIOP-ESI) D AACISSM AISSite ISSM ISSO TASO NetworkSite NSM NSO

CISSMomponentInformationSystem SecurityManagerDAAesignatedApprovingAuthority ISSMnformationSystemSecurityManagerISSOnformationSystemSecurityOfficerNSMetworkSecurityManagerNSOetworkSecurityOfficerSC IensitiveCompartmentedInformation SIOP-ESIingleIntegratedOperationalPlan-ExtremelySensitiveInformation TASOerminalAreaSecurityOfficer

31


38/68


4.1ESIGNATED APPROVINGAUTHORITY (DAA)TheAArantsinalpprovaloperatenISretworkn pecified

securitym ode.2]eforeccrediting ite,heAAeviewsheccreditationdocumentationndonfirmshatheesidualis kswithincceptableimits.heDAAlsoerifieshatachISomplieswithheISecurityequirements,sreportedbytheISSOs.pecificsecurityresponsibilitiesareasfollows:

stablish,dminister,ndoordinateecurityorystemshatgency,service,rommandersonnelrontractorsperate.ssistheMndefiningsystemsecurityrequirementsfo racquisitions.

Appointtheindividualswhowilldirectlyreporttoth eDAA.Approvehelassificationevelhatsequiredorpplicationshatre implementedn etworknvironment.lso,pprovedditionalecurityserviceshatreecessarye.g.,ncryptionndon-repudiation)o

interconnecttoexternalsystems.Reviewheccreditationla nndignheccreditationtatementorhe

networkandach ISndefineheriticalityndensitivityevelsfachAIS.

ReviewheocumentationonsurehatachISupportsheecurityrequirementsasdefinedintheAISandnetworksecurityprograms.4.2OMPONENTNFORMATIONSYSTEMSECURITYMANAGER(CISSM)

TheISSMsheocalointorolicynduidancenISndetworksecuritymattersandreportstoandsupportsth eDAA.heCISSMadministersoth theAISandetworksecurityprogramswithinheomponentdefinedsheOfficeofth eSecretaryofDefense,th emilitarydepartmentsandth emilitaryserviceswithinthosedepartments,theJointChiefsofStaff,th eJointStaff,heUnifiedndSpecifiedCommands,theDefenseagencies,heDODieldctivities,ndotheruchffices,agencies,activities,andcommandsasm aybeestablishedbylaw,ythePresident,oryheSecretaryfDefensehatrocessatanISs).2]dditionally,heCISSM is responsibleorubcomponentsuch ashe M A J C O M , M A C O M , or

32


39/68

SECURITY PE R S O N N E LROLES

C O M N A V C O M T E L C O M ,whichredentifiednTable. TheISSM,herefore,m ayberesponsiblefo rmultipleAISs. Securityresponsibilitiesshouldinclude:

Developnddminister jSndetworkecurityrogramshatmplementpolicyndegulationsndreonsistentwithheccreditationlan.henetworkprogramshalldefineintrasystemandintersystemconnectivity.

stablish is kanagementrogramorhentireISifeycle.his includesddressingetwork-wideecurityndroblemsssociatedithinterconnectingtoexternalsystems.

dentifyth eDAAforeachunclassifiedsystemandeachclassifiedsystem.dentifyachystemnheertificationndccreditationla nrnhe

systemsecurityplan.Adviseth eDAAaboutth euseofspecificsecuritymechanisms. rovideperiodicbriefingstoth ecomponentmanagementandtotheDAA.Reportecurityvulnerabilities,maintain ecordfecurity-relatedncidents,

andreportseriousandunresolvedviolationstotheDAA.Administerasecurityandtrainingawarenessprogram.Overseemaintenanceofaccreditationdocumentation. rovidefo roverallkeydistributionandencryptionmanagement.nforce,hrougholicy,omplianceithomponentomputerecurity

program.4.3 I NFORMAT IONSYSTEM SECURITY MANAGER( ISSM)

TheSSMeportsoheCISSMndmplementsheverallecurityrogramapprovedyth eDAA.heSS Mocusesn ISecurity.herem ayemultipleISSMs.heISSMshouldnotparticipateinth eday-to-dayoperationoftheAIS.

33


40/68


Specificsecurityresponsibilitiesare:nsurethatth eAISsecurityprogramrequirementsaremet,ncludingefining

th eecuritym ode,pecificecurityequirements,rotocols,ndtandards.DevelopapplicableAISsecurityprocedures.

mplementtheis kmanagementrogramefinedyheCISSM.erifyhattheiskssessmentserformedndhathreatsndulnerabilitiesre reviewedtoevaluaterisksproperly.

Verifyhatppropriateecurityestsreonductedndhatheesultsre documented.

Reviewheccreditationla nndheeaccreditationctivities,evelopscheduleorheeaccreditationasks,ndnitiateecertificationndreaccreditationtasksunderthedirectionoftheDAA.

Assistniteonfigurationanagementyeviewingroposedystemchangesndeviewingmplementedystemodificationsordversesecurityimpact.

nsurethatAISsecurityisincludedinallth econtingencyplans. rovideth eDAAwithheertificationackagetohowthatth e ISatisfiestheecuritypecificationsorheatatrocesses,tores,rransmits.Documentandmaintaintheevidencecontainedinthecertificationpackage.MonitorISersonnelecurityroceduresonsurehatheyreeing

followed;oordinatendmonitornitialndollow-upecurityrainingor IS personnel.

MaintainacurrentAISsecurityplan.4.4 NETWORK SECURITY MANAGER (NSM)

TheNSMsesponsiblefo rth everallecurityoperationfth eetworkndsth eocalointfo rolicy,uidance,ndssistancenetworkecuritymatters.naddition,heSMnsureshatheetworkompliesithheequirementsorinterconnectingoxternalystems. TheNSMeportsoheCISSMndhallot

34


41/68


participatenheay-to-dayperationfheetwork.heasksfheNS Mre comparableohosefheSSM.heecurityesponsibilitiesreistednhesamerdershoseorheSSM,orasefomparison,ithifferencesindicatedbyitalics:

nsurethatanNSOisappointedfo reachnetwork. nsurethatth eAISsecurityprogramequirementsaremet,ncludingefining

theecuritym ode,pecificecurityequirements,rotocols,ndtandards.Developapplicablenetworksecurityprocedures.

mplementtheis kmanagementprogramefinedyth eCISSM.erifythatth eis kssessmentserformedndhathreatsndulnerabilitiesre reviewedtoevaluaterisksproperly.

Verifythatppropriateecurityestsreonductedndhatheesultsre documented.

Reviewheccreditationla nndheeaccreditationctivities,evelopscheduleorheeaccreditationasks,ndnitiateecertificationndreaccreditationtasksunderthedirectionoftheDAA.

Assistniteonfigurationanagementyeviewingroposedystemchangesandreviewingimplementedsystemmodificationsforadversesystemimpact.

nsurethatnetworksecurityisincludedinallth econtingencyplans. rovideheAAithheertificationackageohowhatheetwork

satisfiesheecuritypecificationsorheatatrocesses,tores,rtransmits.ocumentandmaintainheevidenceontainedntheertificationpackage.

rovideheAAithrittenertificationhatheatisfiesheecurityspecificationsforth eataitprocesses,tores,rtransmits.nsurethatthedocumentationtosupportthecertificationisdevelopedandmaintained.

35


42/68


Monitormplementationf ISersonnelecurityroceduresonsurehattheyreeingollowed;oordinatendmonitornitialndollow-upecuritytrainingfo rAISpersonnel.

MaintainacurrentAISsecurityplan.Manageoutingontrolorecurityithinheetworkspecifyinksrsubnetworksthatareconsideredtobetrustedbasedonspecificcriteria).

4.5NFORMATIONSYSTEMSECURITYOFFICERISSO)TheSSOctsorheISSMonsureomplianceithISecurity

procedurestheperationaliternstallation.ependingnheiz endcomplexityfhe IS ,heSSOls oayunctionsheSS MndSO .hedutiesofth eISSOaredetailedinsection3. 4.6ETWORKSECURITYOFFICERNSO)TheSOmplementsheetworkecurityrogramndctssheointfcontactfo ral letworkecuritymatters.heesponsibilitiesfth eNSOreimilartothoseoftheSSO,withtheNSOconcentratingnetworksecurityandth eSS OconcentratingonAISsecurity. Thesecurityresponsibilitiesofth eNSOare:

Obtainrittenpprovalro mheAAorocesslassifiedrensitiveunclassifiedinformationonth enetwork.

Maintainthesecurityprocessingspecificationsfo rth enetwork. nsurehattandardecurityroceduresndeasureshatupporthe

securityfhentireetworkreevelopedndmplemented.onductperiodicreviewstoensurecompliancewithnetworksecurityprocedures.

nsurethatnetworkecuritysncludednllheontingencylansndhatth econtingencyplansaretested.

Maintainthesite-specificportionoftheaccreditationdocumentation.nsurehathysicaleasuresorotectheacilityrenffectndhat

measurestoprotectmission-essential,ensitivedataprocessingactivitiesare implemented. Maintainiaisonithrganizationshatreesponsibleor

36


43/68


physicalecurity,.g.,militaryolice,ireontrolfficials,aseowerlantofficials,andemergencyservices.

Reviewetworkonfigurationhangesndetworkomputerhangesrmodificationsonsurehatetworkecuritysotegradedincludinginterfacesoeparatelyccredited ISs).nsurehatetworkomponents(i.e.,ardware,oftware,ndirmware)rencludednheonfigurationmanagementprogram.

Selectecurityeventsthatreoeauditedremotelyollected;stablishproceduresfo rcollectingtheauditinformation;andreviewauditreports.

Verifyecuritylearancesndccesspprovalorersonnelsinghenetwork.

Coordinatendonitornitialnderiodicecurityrainingoretworkpersonnel.erifythatallusersreceivenetworksecuritytrainingbeforeeinggrantedaccesstothenetwork.

rovidesersithlans,nstructions,uidance,ndtandardperatingproceduresegardingetworkperations.onducteriodiceviewsoensurecompliance.

Verifyhatersonnelecurityrocedurespplicableoheperationfhecomputerfacilityarefollowed.Reporthysical,ersonnel,nd ISecurityiolationsoheNSM.eport

systemfailuresthatcouldleadtounauthorizeddisclosure.Reviewreportedsecurityproblemsandnformth eNS Mfsecuritydifficulties.

EnsurehatASOsvaluate,ocument,ndeportecurityroblemsndvulnerabilitiesattheirrespectivesites.

Recommendartialrompleteuspensionfperationsfnyncidentsdetectedthatm ayaffectsecurityofth eoperation.Monitorheystemecoveryrocessesossurehatecurityeaturesre

correctlyrestored.

37


44/68


Maintainuidelineshatnsurehathehysical,dministrative,ndpersonnelsecurityproceduresarefollowed.

4.7ERMINALAREA SECURITY OFFICER(TASO)TheTASOreportstotheSS Ondsesponsibleforsecurityproceduresinnassignedemoteterminalrea.ystemccessro mheTASO'sssignedemote

terminalswillnotbeallowedwithoutauthorizationfromthecognizantsecurityofficer.TheTASOhasth efollowingsecurityresponsibilities:

nsurethattherearewrittennstructionsspecifyingecurityrequirementsandoperationalproceduresforeachterminalarea.

nsureccesso erminalsnlyosersithheeed-to-know,clearance,ndccesspprovaloratahatayeccessedro mhatterminal.

erformnnitialvaluationfecurityroblemsnhessignederminalarea(s)ndotifyheSS Ofllecurityiolationsndnyracticeshatm aycompromisesystemsecurity.

Verifyhathehysicalecurityontrolsrenlacendperational,orexample,physicallyprotectingth enetworkinterfaces(hardwareconnections).

Collectndeviewelectedemoteacilityuditecords,ocumentnyreportedproblems,andforwardthemtoth eISSO. articipateinsecuritytrainingandawareness.Ensurehathequipmentustodianasllheomponenterialumbers

writtendownandstoredinasecureplace.4.8ECURITYRESPONSIBILITIES OFOTHERSITEPERSONNEL

Becau setheverallecurityof itesubjecttoth eooperationfeveryoneinvolvednheystem,heiscussionfolesndesponsibilitieswouldotecompleteithoutentioningheystemdministrator,heomputeracilitypersonnel,heatadministrator,heaintenanceersonnel,ndhesers.Everyonesesponsibleornowingheecurityproceduresndmechanismshat

38


45/68


arenffector articularystem,orollowingllrocedurespplicableosecurity,ndoreportingotentialecurityncidents.nddition,pecificresponsibilitiesfo rotherindividualsarelistedbelow.

Thedataadministratorandclassifiershall:CoordinatewithheSSOnnformationecurityequirementsndwithhe

NSO fornetworksecurityrequirements. stablishronfirmheverallecuritylassificationfhepplicable

resourcesndstablishestrictionsrpecialonditionsorhesefhedata.

Periodicallyreviewth eatatoverifythattheecurityclassificationsorrect.Recommenddowngradingdata,fapplicable.

Authorizeindividualorgroupaccesstospecificresources.Participateinth edevelopmentofaformalneed-to-knowpolicy.Theusersshall:U sethesystemnlyfo rauthorizedpurposesandnaccordancewithecurity

proceduresan dguidelines.Maintainindividualaccountability(e.g.,donotsharepasswords). rotectclassifiedandothersensitivematerial.

4.9 ASSIGNMENTOFSECURITY RESPONS IB IL IT IES Table3resents amplehartfo rdentifyingheolesndesponsibilitiesf

th eariousndividualswhoaveecuritytasks.herimaryoalsodentifyllth etasksandensurethatatleastoneindividualisassignedtoperformeachtask.

39


46/68


Table3FunctionMatrixFunction DAA CISSM ISSM NSM ISSO NSO TASOOverallSecurity PR IM IM IM IM IM IMAccreditationProcess PR IM IM IM IN IN RecertificationandReaccreditation PR IM IM IM IN IN AIS SecurityProgram PR IM IM IM IMNetworkSecurityProgram PR IM IM IMNetworkAccess PR PR VE D O ,VESecurityThreats/Vulnerabilities

PR DO D O D O IN ,D O DO,IN DOSecurityRegulationsandolicies IM IM IM IM IM IM IMSecurityDocumentation VE DO D O D O IN IN IN RiskManagementProgram PR IM IM IM,IN IM,IN SecurityTrainingandAwarenessProgram PR VE VE IM,VE IM,VE IMSecurity Violations DO D O D O D O D O D O SecurityConfigurationManagement VE IM IM IM IMAIS SecurityProcedures PR IM,VE IM,VE IM,VE ContingencyPlans PR ,VE PR,VE IM,IN IM,IN IMNetworkSecurityProcedures PR IM,VEAudit PR PR PR ,D O AccessControl IM IM VEPhysicalSecurity VE VE VEDeclassificationandDowngrading VE

PR :asprimaryresponsibilityIM :mplements/enforcestaskorprogram DO :reparesdocumentationan dsubmitstoappropriateauthority,fapplicableVE :erifiescomplianceorperformanceofactivitiesIN:ssistsinth epreparationofreports,lans,rocedures,tc .

40


47/68

BIBL IOGRAPHY Thisbibliographyincludesdocumentsthatm aybeusefultoth eSSO.ncluded

areirectives,egulations,anuals,irculars,tc .itedeferencesrelsoincluded.hisis tisotintendedtoeomprehensive;hats,dditionaleadingsm aypplyto articularorganizationndystem,ndheSS Ohoulddentifyllth erelevantsecuritydocuments.ComputerSecurityActof987,ublicaw00-235,01T AT.724, anuary

1988.Defensentelligencegency,hysicalecuritytandardsoronstructionf

Sensitiveompartmentednformationacilities,efensentelligencegency(DIA)Manual50-3,ebruary1990.

DefensentelligenceAgency,SecurityofCompartmentedComputerOperationsU),DIAManual50-4,CONFIDENTIAL ,980.

DefensentelligenceAgency,SecurityRequirementsforAutomaticDataProcessing(ADP)Systems,DIA Regulation50-23,4March979.

Defensentelligencegency,ensitiveompartmentednformationontractorAdministrativeSecurity,DIAManual0-5,OROFFICIALUSEONLYFOU O),Vol.,0M ay1983.

Departmentfheirorce,omputerecurityolicy,Fegulation05-16,FOUO,28April989.

Departmentfth e rmy,ecurity:nformationSystemsSecurity,ArmyRegulationNo.380-19,4September1990.

DepartmentfDefense,AutomatedDataProcessingSecurityManual-Techniquesandroceduresormplementing,eactivating,esting,ndvaluating, DepartmentofDefenseDOD)200.28-M, anuary973withhangeagesinJune1979(nowunderrevision).

41


48/68


Departmentfefense,ommunicationsecurityCOMSEC)U),epartmentfDefenseDirective(DODD)C-5200.5,CONFIDENTIAL ,21pril990.

Departmentfefenseomputerecurityenter,omputerecurityRequirementsGuidanceorpplyingheepartmentfefenserustedComputerystemvaluationriterianpecificnvironments,CSC-STD-003-85,25June985.

Departmentfefenseomputerecurityenter,asswordManagementGuideline,CSC-STD-002-85,2April985.

Departmentfefenseomputerecurityenter,echnicalationaleehindCSC-STD-003-85:omputerSecurityRequirementsGuidanceorApplyingth eepartmentofDefenserustedComputerSystemvaluationriterianSpecificEnvironments,CSC-STD-004-85,25June985.

Departmentfefense,omputerecurityechnicalulnerabilityeportingProgram(CSTVRP),DODInstruction5215.2,2September986.

DepartmentofDefense,ControlofCompromisingEmanations(U),DODDS-5200.19,SECRET,23February1990.

Departmentfefense,ODnformationecurityrogram,O D D200.1,7June1982.

Departmentfefense,ODersonnelecurityrogram,ODD200.2,20December1979.

Departmentfefense,ndustrialecurityanualorafeguardinglassifiedInformation,DOD5220.22-M,3January1991.

Departmentfefense,ndustrialecurityrogram,ODD220.22,1November1986.

DepartmentfDefense,ndustrialSecurityRegulation,DO DRegulation220.22-R,December1985.

DepartmentfDefense,nformationSecurityProgramRegulation,ODRegulation5200.1-R,June986.

42


49/68

B IB L IO G R A PHY

Departmentfefense,nformationecurityrogramegulation,OD5200.1-R/AFR205-1,April987.

DepartmentofDefense,SecurityRequirementsforAutomatednformationystems(AISs),DODD5200.28,21arch988.

Departmentfefense,rustedomputerystemvaluationriteria,O D 5200.28-STD,December1985.

Departmentfheavy,epartmentfheav yutomaticatarocessingSecurityProgram,ChiefofNavalOperationsInstruction(OPNAVINST)5239.1 Awithchange,3August1982.

DepartmentfheNavy,epartmentofth eNavyAutomatednformationystems(AIS)SecurityProgram,SECNAVINST5239.2,5November1989.

DepartmentfheavyensitiveompartmentednformationSCI)/lntelligence,AutomatednformationystemAIS)ecurityrogram,AVINTCOMINST5239.3,23July1990.

Directorfentralntelligence,ecurityanualorheniformrotectionfIntelligenceProcessedinAutomatednformationSystemsandNetworksU),SupplementoirectorfentralntelligenceirectiveDCID)/1 6U),SE CRE T,9July1988.

DirectorofCentralntelligence,SecurityPolicyforUniformProtectionofIntelligenceProcessednAutomatednformationystemsndNetworksU),irectorfCentralIntelligenceDirective(DCID)/16,SE CRE T,9July1988.

ExecutiveOrder,NationalSecurityInformation,ExecutiveOrder12356,2April982.Ferdman,aurondarriet.oldmanndohn.unter,Proposed

Managementla norComputerSecurityCertificationfAirorceSystems,"MTR-10774,TheM ITRECorporation, edford,MA,November989.

Headquartersepartmentfheirorce,nformationystems:nformationSystemsSecurity,AFR700-10,5March985.

43


50/68


JointChiefsofStaff,Safeguardingth eSingleIntegratedOperationalPlan(SIOP)(U),MemorandumM JCS75-87,SECRET,20M ay987.

Jointhiefsftaff,ecurityolicyorheWMCCSntercomputeretwork,JCSPub.6-03.7,April988.

NationalomputerecurityenterNCSC),omputeriruses:revention,Detection,andTreatment,C1-TechnicalReport-001,2March990.

NationalComputerSecurityCenterNCSC),GlossaryofComputerSecurityerms,NCSC-TG-004,21October1988.

NationalComputerSecurityCenter, GuideoUnderstandingDataRemanencenAutomatedInformationSystems,NCSC-TG-025,September1991.

Nationalomputerecurityenter, uideonderstandingrustedacilityManagement,NCSC-TG-015,8October989.

Nationalomputerecurityenter,rustedetworknterpretationnvironmentsGuideline,NCSC-TG-011, ugust990.

NationalComputerSecurityCenter,rustedNetworknterpretationfherusted ComputerSystemEvaluationCriteria,NCSC-TG-005,July987.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,omputeratauthentication,ederalnformationrocessingSystemPublication(FIPSPU B)13,30M ay985.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,lossaryoromputerystemsecurity,IPSU B9,February1976.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,uidelineorutomaticatarocessingisknalysis,FIPSPUB 65,August979.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,uidelineoromputerecurityertificationndAccreditation,FIPSPUB02,27September983.

44


51/68

B IB L IO G R A PHY

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,uidelinesorDPAutomaticatarocessing)ontingencyPlanning, IP SPUB87,27March981.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,uidelinesorSecurityofComputerApplications,IP SUB3,30 June980.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,verviewfomputerecurityertificationndccreditation,SpecialPublication(SPECPUB)500-109,April984.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,ecurityofPersonalComputerSystems: ManagementGuide,SPECPUB500-120,January1985.

Nationalnstituteftandardsndechnology,nitedtatesepartmentfCommerce,echnologyssessment:MethodsorMeasuringheevelfComputerSecurity,SPECPUB500-133,October1985.

Nationalecuritygency/CentralecurityerviceNSA/CSS),heSA/CSSOperationalomputerecurityanual,SA/CSSanual30-1,O U O ,17 October1990.

Nationalecuritygency/Centralecurityervice,ecurityorutomatedInformationSystemsandNetworks,NSA/CSSDirective0-27,4January1990.Nationalecuritygency,nformationystemecurityroductsndervices

Catalogue,quarterlyupdates. Thecataloguecontainsth efollowing:CryptographicProductsListEndorsedDataEncryptionStandard(DES)ProductsListProtectedServicesListEvaluatedProductsListU.S.GovernmentPreferredProductsListDegausserProductsList

45


52/68


Nationalelecommunicationsndnformationystemsecurityommittee,AdvisoryMemorandumnfficeutomationecurityuideline,ationalTelecommunicationsndnformationSystemsSecurityAdvisoryMemorandum(NTISSAM)COMPUSEC/1-87,6January1987.

Nationalelecommunicationsndnformationystemsecurityommittee,TEMPESTountermeasuresoracilitiesU),ationalelecommunicationsandnformationystemsecuritynstructionNTISSI)000,ECRET,17October1988.

OfficefManagementndudgetOM B),nternalControlSystems,OM BCircularNo.A-123,983.

OfficefManagementandudget,ManagementofFederalInformationResources,OM BCircularNo .A-130,December1985.

Officefheresident,ationalolicyorheecurityfationalecurityTelecommunicationndnformationystemsU),ationalecurityirective (NSD)42,CONFIDENTIAL , July1990.

Officefheresident,ationalolicynelecommunicationsndutomatedInformationystemsecurity,ationalecurityecisionirectiveNSDD)145,7September1984.

Officefheecretaryfefense,utomatednformationystemecurity,MemorandumorheMembersfheilitaryDepartments,hairmanfheJointChiefsofStaff,UnderSecretariesofDefense,GeneralCounsel,nspectorGeneral,Assistantstoth eSecretaryfDefense,ndDirectorsfth eDefenseAgencies,985.

46


53/68

REFERENCES1.ationalomputerecurityenterNCSC),lossaryfomputerecurity

Terms,NCSC-TG-004,Version-1,21October1988.2.epartmentfefenseDOD),ecurityequirementsorutomatedInformationSystems(AISs),DO DDirective5200.28,21March988.3.epartmentfefense,epartmentfDefenserustedomputerystem

EvaluationCriteria,DOD5200.28-STD,5August1983.4.ationalomputerecurityenter,rustedetworknterpretationfhe

TrustedComputerSystemEvaluationCriteria,NCSC-TG-005,July1987.5.epartmentfefense,nformationecurityrogramegulation,DOD5200.1-R,June986.6.epartmentfefenseomputerecurityenter,omputerecurity

Requirements-GuidanceorpplyingheepartmentfefenserustedComputerystemvaluationriterianpecificnvironments,CSC-STD-003-85,25June985.

7.irectorfentralntelligence,ecurityolicyorniformrotectionfIntelligencerocessednutomatednformationystemsndNetworksU),DCID1/16,SE CRE T,- 9 July988.

47


54/68

ACRONYMSADP ADPSO ADPSSO AFR A IS AR

AutomaticDataProcessingADPSecurityOfficerAD PSystemSecurityOfficerAirForceRegulationAutomatedInformationSystem ArmyRegulation

BCSSM BCSSO

BaseCommunications-ComputerSystemsSecurityManagerBaseCommunications-ComputerSystemsSecurityOfficer

CFM CISSM COMNAVCOMTELCOM COMPUSEC COMSEC COTS CSSM CSSO CSTVRP CSWG

ComputerFacilityManagerComponentInformationSystemSecurityManag erCommander,NavalComputerandTelecommunicationsCommandComputerSecurityCommunicationsSecurityCommercial-Off-The-ShelfCommunications-ComputerSystemSecurityManagerComputerSystemSecurityOfficerComputerSecurityTechnicalVulnerabilityReporting Program ComputerSecurityWorkingGroup

DAA DAC DCID

DesignatedApprovingAuthority/DesignatedAccreditationAuthorityDiscretionaryAccessControlDirectorofCentralIntelligenceDirective

49


55/68


DES DataEncryptionStandard DIA DefenseIntelligenceAgencyDIAM DefenseIntelligenceAgencyManualDO D DepartmentofDefenseDODD DepartmentofDefenseDirective

EO ExecutiveOrderEPL EvaluatedProductsList

FIPSPUB FederalInformationProcessingSystemPublicationFOIA FreedomofInformationAct

l& A IdentificationandAuthenticationISSM InformationSystemSecurityManag erISSO InformationSystemSecurityOfficerISSPM InformationSystemSecurityProgramManager

M AC MandatoryAccessControlM ACOM MajorArmyCommandM AJCOM MajorCommand(AirForce)MCSSM MAJCOMCSSM MDIC MilitaryDepartmentIntelligenceOfficerMLS MultilevelSecurityMSO MediaSanitationOfficer

NNACSINCSCNM

NotClassifiedbutSensitiveNationalCommunicationsSecurityInstructionNationalComputerSecurityCenterNetworkManag er

50


56/68

ACRONYMS

NSA NSD NSDD NSM NSO NST ISSAM NSTISSD NSTISSINSTISSP NTCB NT ISSAM NTISSD NTISSINTISSP

NationalSecurityAgencyNationalSecurityDirectiveNationalSecurityDecisionDirective NetworkSecurityManagerNetworkSecurityOfficerNationalSecurityTelecommunicationsandnformationSystemsSecurityAdvisoryMemorandumNationalSecurityTelecommunicationsandInformationSystemsSecurityDirective NationalSecurityTelecommunicationsandInformationSystemsSecurityInstructionNationalSecurityTelecommunicationsandInformationSystemsSecurityPolicyNetworkTrustedComputingBaseNationalTelecommunicationsandInformationSystemsSecurityAdvisoryMemorandumNationalTelecommunicationsandInformationSystemsSecurityDirectiveNationalTelecommunicationsandInformationSystemsSecurityInstructionNationalTelecommunicationsandInformationSystemsSecurityPolicy

OMB OPNAVINST

OfficeofManagementandBudgetChiefofNavalOperationsInstruction

PM ProgramManager

Rl RiskIndex

51


57/68


SAPI SpecialAccessProgramfo rIntelligenceSC I SensitiveCompartmentedInformationSFUG SecurityFeaturesUser'sGuideSIO SeniorIntelligenceOfficerSIOP-ESI SingleIntegratedOperationalPlan-ExtremelySensitive InformationSPECPUB SpecialPublicationSP M SecurityProgramManag erSS M SystemSecurityManager

TASO TerminalAreaSecurityOfficerTCB TrustedComputingBaseTCSEC TrustedComputerSystemEvaluationCriteriaTEMPEST (Notanacronym)TFM TrustedFacilityManualTN I TrustedNetworkInterpretationTNIEG TrustedNetworkInterpretationEnvironments

Guideline

W W M C C S WorldwideMilitaryCommandandControlSystem

52


58/68

GLOSSARY Aftereachdefinition,thesourceislisted.Access .specifictypefnteractionetween ubjecti.e.,erson,rocess,rinputdevice)andanobject(i.e.,nAISresourcesuchasarecord,ile,rogram,routputdevice)thatresultsintheflowofinformationfromonetotheother.lso,theabilityndpportunityobtainnowledgeflassified,ensitivenclassified,runclassifiedinformation.(DODD5200.28)Accountabi l i ty .heropertyhatnablesctivitiesnnISoeracedoindividualswhom ayheneeldesponsibleorheirctions.D O D D200.28;AFR205-16)Accreditation.formaldeclarationbyth eD AAthatth eAISisapprovedtooperateinaparticularsecuritymodesing prescribedetofsafeguards.ccreditationsthefficialmanagementuthorizationorperationfn ISndsasednhecertificationprocessaswellasothermanagementconsiderations. (DODD5200.28) AdministrativeSecur i ty .hemanagementonstraintsndupplementalontrolsestablishedtoprovidenacceptableevelfprotectionfordata.ynonymouswithproceduralsecurity. (NCSC-TG-004-88)AuditTrail.hronologicalecordfystemctivitieshatsufficientonablethereconstruction,eviewing,andexaminationofthesequenceofenvironmentsandactivitiesurroundingreadingonperation, rocedure,rnventntransactionfromitsinceptiontofinalresults. (DODD5200.28;IP SPUB39)Authenticate.ostablishhealidityf laimeddentity.DO D200.28-STD;JCSPUB6-03.7)Authorization.rantingheightfccesso ser, rogram,r rocess.(FIPSPUB39)

53


59/68


AutomatednformationystemAIS) .nssemblyfomputerardware,f irmware,ndoftwareonfiguredoollect,reate,ommunicate,ompute,disseminate,rocess,tore,nd/orontrolatarnformation.D O D D200.28;DCID/16)Certi fication.heechnicalvaluation,adesartfndnupportfheaccreditationrocess,hatstablisheshextentohich articularomputersystemretworkdesignndmplementationmeet re-specifiedetfecurityrequirements. (A R380-19;DODD5200.28)Classifiednformation.nformationrmaterialhatsa)wnedy,roducedorory,rnderheontrolfhe.S .overnment;ndb)eterminednderExecutiveOrder2356,rriorrder,DOD200.1 -R ,oequirerotectiongainstunauthorizeddisclosure;and(c )sodesignated. (DODD5200.28)Closedecuritynvi ronment .nnvironmenthatncludeshoseystemsnwhichbothofth efollowingconditionsholdtrue:

a.pplicationdevelopers(includingmaintainers)havesufficientclearancesandauthorizationsorovidencceptableresumptionhatheyaveotintroducedmaliciousogic.ufficientlearancesefinedsollows:hereth em axi m u mlassificationfataoerocessedsonfidentialrelow,developersreclearednduthorizedotheameevelshemostensitivedata;wherehem axi m u mlassificationfataoerocessedsSecretrabove,developershaveatleastaSecretclearance.b.onfigurationontrolrovidesufficientssurancehatpplicationsre protectedgainsthentroductionfaliciousogicrioronduringoperationofsystemapplications. (CSC-STD-003-85;CSC-STD-004-85)

CommunicationsSecurity(COMSEC).heprotectionthatnsurestheauthenticityoftelecommunicationsndwhichesultsro mheapplicationfmeasuresakenodenynauthorizedersonsnformationfaluewhichighteerivedro mheacquisitionoftelecommunications. (FIPSPUB39)

54


60/68

GLOSSARY

CompartmentedMode .n ISsperatingnompartmentedmodewhenachuserwithirectrndirectaccessohe IS ,tseripherals,emoteerminals,rremotehosts,asallofth efollowing:

a.validpersonnelclearanceforth emostestrictednformationprocessednth eAIS.b.ormalaccesspprovalor,ndasignedondisclosuregreementsorthatinformationtowhichhe/sheistohaveaccess.c.valideed-to-knowfo rthatinformationtowhiche/shestoaveaccess.(NCSC-TG-004-88)

Compromis ingmanations.nintentionalataelatedrntelligence-bearingsignalshich,fnterceptedndnalyzed,isclosehelassifiednformationtransmissioneceived,andledrtherwiserocessedynynformationprocessingequipment. (A R380-19;NCSC-TG-004-88;AFR205-16)ControlledMode .hem odeofoperationthatisatypeofmultilevelecuritymodeinwhich moreimitedm ou ntftrustslacednheardware/softwareasefth eystem,ithesultantestrictionsnhelassificationevelsndlearancelevelsthatm aybesupported. (CSC-STD-003-85)Countermeasure.nyction,evice,rocedure,echniquerothermeasurehatreducesthevulnerabilityoforthreattoasystem. (NCSC-TG-004-88)Coverthannel .ommunicationshannelhatl lows rocessoransferinformationnannerhatiolatesheystem'securityolicy.(DOD5200.28-STD;AFR205-16)Data.epresentationfacts,oncepts,nformation,rnstructionsuitableorcommunication,nterpretationrrocessingyumansrynIS.(DODD5200.28)Datawner.heuthority,ndividual,rrganizationhoasriginalresponsibilityfo rth edatabystatute,executiveorder,ordirective. (DODD5200.28)

55


61/68


Declassification.nadministrativedecisionrproceduretoemovereduceth esecurityclassificationofthesubjectmedia. (NCSC-TG-004-88)Dedicatedecurityode.odefperationhereinllsersaveheclearanceorauthorization,documentedformalaccessapproval,frequired,ndtheneed-to-knowforal lataandledyth e IS .fth eAISprocessespecialaccessinformation,llsersequireormalccesspproval.nheedicatedm ode,nAISayandle inglelassificationevelnd/orategoryfnformationrrangeofclassificationlevelsand/orcategories.DODD5200.28)Degauss.opply ariable,lternatingurrentAC)ieldorheurposefdemagnetizingagneticecordingedia,suallyapes.herocessnvolves increasingheCieldraduallyro merooomemaximumaluendackozero,hicheaves eryowesiduefagneticnductionnheedia.(FIPSPUB39)Denia lofService.ctionrctionshatesultnhenabilityfn ISrnyessentialartoerformtsesignatedission,itheryossregradationfoperationalcapability. (DODD5200.28)DesignatedpprovinguthorityDAA) .hefficialhoasheuthorityodecidencceptingheecurityafeguardsrescribedornISrhefficialwhoayeesponsibleorssuingnccreditationtatementhatecordshedecisionoaccepthoseafeguards.heDAAm u stetnrganizationalevelsuchthatheorsheha sauthoritytoevaluatetheoverallmissionrequirementsofth eAISndorovideefinitivedirectionso ISdevelopersrownerselativeoheriskinth esecuritypostureoftheAIS. (DODD5200.28)Emissionecur i ty .herotectionesultingro mlleasuresakenoenyunauthorizedersonsnformationfvaluethatmighteerivedro mnterceptndfromananalysisofcompromisingemanationsfromsystems. (NCSC-TG-004)EvaluatedProductsList(EPL) .documentedinventoryofequipments,ardware,software,nd/orirmwarehataveeenvaluatedgainsthevaluationriteriafoundinDOD5200.28-STD. (DODD5200.28)

56


62/68

GLOSSARY

Forma!AccessApproval .ocumentedpprovalyadataownertollowaccesstoaparticularcategoryofinformation. (DODD5200.28)Identi fication.heprocessthatenables,enerallyythesefniquemachine-readableames,ecognitionfsersresourcessdenticalohosereviouslydescribedtoanAIS. (DOD5200.28-M)Information System SecurityOfficer( ISSO).personresponsibletotheDAAforensuringhatecuritysrovidedorndmplementedhroughouttheifeyclefan ISro mheeginningfheonceptevelopmenthasehroughtsesign,development,operation,maintenance,andsecuredisposal. (DODD5200.28)InformationystemsecurityINFOSEC).ompositefeansorotecttelecommunicationsystemsndutomatednformationystems,ndheinformationtheyprocess. (A R380-19)Isolation.heontainmentfsersndesourcesnn ISnuch wayhatusersandprocessesreeparatero mneanotheraswellsro mherotectioncontrolsoftheoperatingsystem. (FIPSPUB39)LeastPrivi lege.hisrincipleequireshatachubjectn ystemerantedtheostestrictiveetfrivilegesorowestlearance)eededorheperformanceofauthorizedtasks.heapplicationfthisprincipleimitsthedamagethatcanresultfromaccident,error,orunauthorizeduse. (DOD5200.28-STD)Multi levelecure.lassfystemontainingnformationithifferentsensitivitieshatimultaneouslyermitsccessysersithifferentecurityclearancesndeed-to-know,utreventssersrombtainingccessoinformationfo rwhichtheylackauthorization. (DOD5200.28-STD)Multilevelecureode.odefperationhatllowswororeclassificationevelsfnformationoerocessedimultaneouslywithinheam esystemhenotllsersave learance,uthorization,rormalccessapprovalforal linformationhandledbyth eAIS. (DODD5200.28)Need-To-Know.heecessityorccesso,nowledgef,rossessionfspecificinformationrequiredtocarryoutofficialduties. (NCSC-TG-004-88)

57


63/68


Network.etworksomposedf ommunicationsediumndllcomponentsttachedohatediumhoseesponsibilitysheransferencefinformation.uchomponentsayncludeISs,acketwitches,telecommunicationsontrollers,eyistributionenters,ndechnicalontroldevices. (DODD5200.28)NetworkTrustedComput ingBase(NTCB) .hetotalityofprotectionmechanismswithinetworkystem includingardware,irmware,ndoftwarethecombinationofwhichisresponsiblefo renforcingasecuritypolicy.heNTCBisth enetworkgeneralizationofth etrustedcomputingbase(TCB). (NCSC-TG-011)OpenSecurityEnvi ronment .nenvironmentthatincludesthosesystemsinwhichoneofth efollowingconditionsholdstrue:

a.pplicationevelopersincludingaintainers)ootaveufficientclearanceorauthorizationtorovideanacceptablepresumptionthattheyavenotntroducedaliciousogic.Seelosedecuritynvironmentornexplanationofsufficientclearance.)b.onfigurationontroldoesotrovideufficientassurancethatapplicationsareprotectedgainstth entroductionfmaliciousogicriortonduringheoperationofsystemapplications. (NCSC-TG-004-88)

Orangeook.ommonam eorepartmentfefenserustedomputerSystemEvaluationCriteria,DOD5200.28-STD. Parti t ionedMode .modefperationnwhichllersonsavehelearance,butotecessarilyheeed-to-knowndormalccesspproval,orllata handledyth eAIS.hismodeencompassesompartmentedmodesefinedyDCID/16. (DODD5200.28)Password.rivateharactertringhatssedouthenticatendentity.(DOD5200.28-STD)

58


64/68

GLOSSARY

Per iodsProcessing.ecuritymodefperationnd/orm axi m u mlassificationofdatahandledsestablishedforanntervalft ime,thenhangedorth efollowing intervalfime.heeriodxtendsro mheim ewhenheystemsecurelyinitializedtoth etimewhenthesystemspurgedfallensitivedatahandleduringth eprocessi

Documents

NCSC-TG-027 a Guide to Understanding ISSO Responsibilites for Automated Information Systems