While surfing around noticed that the D.O.E had posted the following: "The page you requested cannot be found on this server. Please check your URL for spelling errors. If you requested access to the maps of nuclear power reactor locations, these maps have been taken off-line temporarily pending the outcome of a policy review by the US Department of Energy and Argonne National Laboratory." Yet, if you checked the N.R.C. re.power reactor actions taken you get a complete rundown ... with location maps! I think they're doing a bit of running around in circles in D.C.
In the Spirit of Paranoia... Chagur, why are you looking for maps of nuclear power reactor locations? You don't happen to be sporting a funny beard and clutching a copy of the Koran over there, do you? Hmmmm.
Captain Canada ... Isn't everyone interested in the locations of nuclear power plants? Oh well, maybe not. Guess it comes with the territory if you are a "Seeker". Please Register or Log in to view the hidden image! Actually, it all came about when I was looking for some information on nuclear propulsion, rockets, and found out that I could no longer browse Argonne National Laboratory's archives ... and then got curious as to how many other government websites had been pulled, or access to blocked
Same in britan, all our nuclear plants have had a 5mile no fly zone enforced over them, i assume its the same for america. I dont think they were allowed to print the locations on o/s maps either, quite silly when you consider that on one of the propaganda programs on TV they give the location of one of america's biological arms dumps.
Damn good idea! Our government boys know that the turban heads will be lookin for a road map to our nuke plants! I think the feds ought to make sure that those road maps at the convenience stores don't have the directions to our nuclear plants either!
With any luck Lets just hope that the "turban heads" do not have an eighth grade education. That is about the level of sophistication one would have to possess to locate US Nuke plants.
Do you humans THINK so once in a while??? The nuclear powerplants have to be removed as quickly as possible, for it will be the final take down of Earth. And I am not the only one who got this message. So don't be so stupid and think, you fools. Only wanting to nuke others, oh what fun. What are all the countries doing with this terrible weaponary nowadays. Do not forget how much more powerful the nuclear bombs are now then before in WW2. Come on people, think, don't be so foolish and arrogant with making treats to who ever you want about a nuclear bomb. (if it will be one) One is enough to do the necessarry damage and then we all go back to the Cosmos. And yes, I know, maybe the Talibann have nukes. Perhaps, not certain. I doubt it. But I mean this to the whole world. I can't reach the whole world and do not know how to contact the Talibann without being shot because I am a woman. But I sure would tell them to stop with whatever they are doing, as the same to the rest of these pests with nuclear weaponary and bacterial weaponary or whatever. When is all this insanity over??? Get rid of these weaponary all over the world, for Earth goes down because of it...Please Register or Log in to view the hidden image!
Boy that was hard.... Addresses The following list provides plant addresses, plant owners, and operators in case you may wish to visit their visitor or training facilities. Plant Company Address Arkansas Nuclear One (ANO) 1 and 2 Entergy Nuclear 1448 SR 333; Russellville, AR 72801 Beaver Valley First Energy Corporation P.O. Box 4; Shippingport, PA 15077 Braidwood Exelon RR1, Box 84; Braceville, IL 60407 Browns Ferry Tennessee Valley Authority PO Box 2000; Decatur, AL 35602 Brunswick Progress Energy PO Box 10429; Southport, NC 28461 Byron Exelon 4450 North German Church Road; Byron, IL 61010 Callaway Ameren PO Box 620; Callaway, MO 65251 Calvert Cliffs Baltimore Gas & Electric 1650 Calvert Cliffs Parkway; Lusby, MD 20657 Catawba Duke Power Company 4800 Concord Road; York, SC 29745 Clinton Amergen PO Box 678; Clinton, IL 61727 Columbia Energy Northwest Richland, WA 99352-0968 Comanche Peak TU Electric PO Box 1002; Glen Rose, TX 76043 Cooper Nebraska Public Power District PO Box 98; Brownville, NE 68321 Crystal River Progress Energy 15760 West Power Line Street; Crystal River, FL 34428-6708 Davis Besse First Energy Corporation 5501 North State Route 2; Oak Harbor, OH 43449 DC Cook American Electric Power 1 Cook Place; Bridgman, MI 49106 Diablo Canyon Pacific Gas & Electric PO Box 56; Avila Beach, CA 93424 Dresden Exelon 6500 North Dresden Road; Morris, IL 60450 Duane Arnold Alliant Energy / NMC 3313 DAEC Road; Palo, IA 52324 Exelon Exelon Suite 400, 1400 Opus Place; Downers Grove, IL 60515 Farley Southern Nuclear PO Box 470; Ashford, AL 36312 Fermi 2 Detroit Edison 6400 North Dixie Highway; Newport, MI 48166 FitzPatrick Entergy Nuclear PO Box 41; Lycoming, NY 13093 Fort Calhoun Omaha Public Power District 444 South 16th Street Mall; Omaha, NE 68102-2247 Fort Calhoun Omaha Public Power District PO Box 399; Fort Calhoun, NE 68023-0399 General Electric General Electric Nuclear 171 Curtner Avenue; San Jose, CA 95125 Ginna Rochester Gas & Electric 1503 Lake Road; Ontario, NY 14519 Grand Gulf Entergy Nuclear PO Box 756; Port Gibson, MS 39150 Hatch Southern Nuclear Highway US1, Box 439; Baxley, GA 31513 Hope Creek Public Service Electric & Gas Company PO Box 236; Hancocks Bridge, NJ 08038 Indian Point 2, 3 Entergy Nuclear Broadway & Bleakley Ave.; Buchanan, NY 10511 Kewaunee Wisconsin Public Service Corporation / NMC N490 Highway 42; Kewaunee, WI 54216-9510 LaSalle Exelon 2601 North 21st Road; Marseilles, IL 61341 Limerick Exelon PO Box 2300; Saratoga, PA 19464-0920 Maine Yankee Maine Yankee Atomic Power Company 321 Old Ferry Road; Wiscasset, ME 04578 McGuire Duke Power Company 12700 Hagers Ferry Road; Huntersville, NC 28078-9340 Millstone 1,2,3 Dominion PO Box 128; Waterford, CT 06385 Monticello Xcel Energy / NMC 2807 West Highway 75; Monticello, MN 55362 NEI Nuclear Energy Institute 1776 Eye Street, Suite 300; Washington, DC Nine Mile Point 1,2 Niagara Mohawk Power Company PO Box 32; Lycoming, NY 13093 North Anna Dominion PO Box 402; Mineral, VA 23117-0402 Northeast Utilities Northeast Utilities PO Box 128; Waterford, CT 06384 NPPD Nebraska Public Power District PO Box 98; Brownville, NE 68321 Oconee Duke Power Company PO Box 1439; Seneca, SC 29679 Oyster Creek Amergen PO Box 388; Forked River, NJ 08731 Palisades Consumers Energy / NMC 27780 Blue Star Memorial Highway; Covert, MI 49043 Palo Verde Arizona Public Service Company PO Box 52034; Phoenix,AZ 85072-2034 Peach Bottom Exelon 1848 Lay Road; Delta, PA 17314 Perry First Energy Corporation PO Box 97; Perry, OH 44081 Pilgrim Entergy Nuclear Rocky Hill Road; Plymouth, MA 02360 Point Beach Wisconsin Electric Power Company / NMC 6610 Nuclear Road; Two Rivers, WI 54241 Prairie Island Xcel Energy / NMC 1717 Wakonade Drive East; Welch, MN 55089 Quad Cities Exelon 22710 206th Avenue North; Cordova, IL 61242 River Bend Entergy Nuclear PO Box 220; St. Francisville, LA 70775 Robinson Progress Energy 3581 West Entrance Road; Hartsville, SC 29550 Salem Public Service Electric & Gas Company PO Box 236; Hancocks Bridge, NJ 08038 Seabrook North Atlantic Energy Service Corp. PO Box 300; Seabrook, NH 03874-0300 Sequoyah Tennessee Valley Authority PO Box 2000; Soddy-Daisy, TN 37379 Shearon Harris Progress Energy PO Box 165; New Hill, NC 27562 San Onofre (SONGS) 2 and 3 Southern California Edison PO Box 128; San Clemente, CA 92674 South Texas Project STP Nuclear Operating Company PO Box 289; Wadsworth, TX 77483 St Lucie FPL PO Box 128; Ft. Pierce, FL 34954-0128 VC Summer South Carolina Electric & Gas Company PO Box 88; Jenkinsville, SC 29065 Surry Dominion 5570 Hog Island Road; Surry, VA 23883 Susquehanna Pennsylvania Power & Light Company PO Box 467; Berwick, PA 18603 Three Mile Island Amergen PO Box 480; Middletown, PA 17057 Turkey Point FPL PO Box 4332; Princeton, FL 33032 TVA Tennessee Valley Authority 1101 Market Street; Chattanooga, TN 37402 USNRC US Nuclear Regulatory Commission 11555 Rockville Pike; Rockville, MD 20852 Vermont Yankee Vermont Yankee Nuclear Power Corporation PO Box 157, Governor Hunt Road; Vernon, VT 05354 Vogtle Southern Nuclear PO Box 1600; Waynesboro, GA 30830 Waterford Entergy Nuclear PO Box B; Killona, LA 70066 Watts Bar Tennessee Valley Authority PO Box 2000; Spring City, TN 37381 Wolf Creek Wolf Creek Nuclear Operating Company PO Box 411; Burlington, KS 66839-0411
As I said, machaon ... The madness of it all ... Thanks Please Register or Log in to view the hidden image!
Most of those address will work if you're only looking to deliver jet-fuel heavy, airplane-loaded, anthrax-laden letters into those nuke plants' P.O. Boxes. Please Register or Log in to view the hidden image!
Mr G My whole point is that Nuclear power plant locations are not state secrets. In fact, I own Flight Simulator 2000 for the pc and can fly by just about every one of them in great detail. Here are some map pics and a neat link.Blast mapper
As Chagur said: 'The madness of it all...." I don't go into this no more. I really get sick of you humans talking crazy stuff like this. What about making the world a better place instead of nuking'em all.Please Register or Log in to view the hidden image! Don't need a list of powerplants, there is one not far away from me, that is more then enough... Just knowing that it's there gives me the creeps...
THE DOE The Dept. of Energy does a good job keeping classified info secret. If you do not believe me, check it out yourself.(LOL) DEPARTMENT OF ENERGY HEADQUARTERS MASTER AUTOMATED INFORMATION SYSTEMS SECURITY PLAN September 1, 1996 Revision #2 01/15/97 Classified Automated Information System Security Site Manager Approval: ______________________________________________ Classified Information System Security Operations Manager Approval: ______________________________________________ Assistant Secretary for Human Resources and Administration Office of the Chief Information Officer Operations Group (THIS PAGE INTENTIONALLY LEFT BLANK) This plan implements the requirements of DOE O 471.2, Information Security Program dated 9/26/95, and DOE M 5639.6A-1, Manual of Security Requirements for the Classified Automated Information System Security Program dated 7/15/94, augments HQ Facilities Master Security Plan dated January 1995 with changes 1, 2, and 3 for the protection of classified information processed, stored, or produced on automated information systems (AIS) of the Department of Energy (DOE) Headquarters (HQ). For the purpose of this security plan AIS and System are synonymous and include all of the following - as single-user systems (used by only one person at a time) being used in a stand-alone mode such as Personal Computers (PCs), Laptop Computers, or Notebook Computers hereafter referred to as Portable Personal Computers (PPCs), dedicated word processors, and as remote terminals connected via Secure Telephone Unit-III (STU-III) Secure Data Devices (SDDs) to the HQ IBM ES/9000 accredited host computer, as terminals connected to STU-III Secure Voice/Data Set (SV/DS) equipment for limited, nonscheduled transmittal of data. Memory typewriters are not used at the HQ to process classified data, and are, therefore, omitted from this Master AIS Security Plan. Should the need arise to process classified information on memory typewriters, the Classified AIS Security Site Manager must first be contacted for guidance. The Master AIS Security Plan has been approved for general use; however, it alone does not fully meet the requirements for an approved security plan and cannot be used as the sole basis to gain accreditation to process classified information. Individual AIS operated under the authority of this plan will each be identified in one of the Attachment 5, Individual Security Plan, which details specific system characteristics not covered in one of the subsections of this plan. All of the requirements in the plan must be met. Any additions to or deviations from the requirements in this Master AIS Security Plan will be documented in sections V and VI of Attachment 5. Each Individual Security Plan must be separately approved by the Classified Information System Security Officer (CSSO) and forwarded to the Classified Automated Information System Security Site Manager (CSSM) with certification that it meets the requirements of the Master AIS Security Plan. The CSSM will review the Individual Security Plan, verify the CSSO's certification, and accredit the system under the authority delegated by the Classified Information System Security Operations Manager (CSOM). All reorganizations which result in changes of users and/or CSSO responsibilities must immediately be brought to the attention of the CSSM so that resulting actions necessary to update the Individual Security Plans can be developed. The Master AIS Security Plan and Individual Security Plans specifically do not apply to mainframe host systems or local area network servers/controllers (It does, however apply to local area network nodes), or other multi-user AIS. The following items are available for viewing and/or downloading from the HR Home Page on the World Wide Web at: < .hr .htm> HQ DOE Master AIS Security Plan, with attachments. Individual Attachments. Software and Documentation for LASERSAN ADP Security Plan for Dial-up Off-Site Remote Terminals connected to the DOE Headquarters Classified Mainframe Computer. Connecting to the DOE Headquarters Classified Mainframe Instructions. REFERENCES DOE O 471.2, Information Security Program, dated 9/26/95. DOE M 471.2-1, Manual for Classified Matter Protection and Control, dated 9/26/95. DOE 1360.2B, Unclassified Computer Security Program, dated 5/18/92. DOE 5300.2D, Telecommunications: Emission Security (TEMPEST), dated 5/18/92. DOE 5300.3D, Telecommunications: Communications Security, dated 8/30/93. DOE 5632.1C, Protection and Control of Safeguards and Security Interests, dated 7/15/94 DOE M 5632.1C-1, Manual for Protection and Control of Safeguards and Security Interests, dated 7/15/94. DOE M 5639.6A-1, Manual of Security Requirements for the Classified Automated Information System Security Program, dated 7/15/94. DOE/MA-0427, Computer Security Guide for Users, dated September 1990. DOE Headquarters Classified Computer Security Program CSSO Guidelines, dated 3/31/92. Headquarters Security Officer's STU-III Procedural Guide. DOE HQ Facilities Master Security Plan, dated January 1995 with changes 1, 2, & 3. SA-123 (NN-512.3) Memorandum, dated May 3, 1993, Subject: Protection of Combinations or Passwords. NN-514 Memorandum, dated 10/11/95, Subject: Security Requirements for New and Emerging Office Technologies. NN-514.2 Memorandum, dated 2/26/96, Subject: Deviation from the Headquarters Master Automated ISS Systems Security Plan for Automated Office Support Systems. (THIS PAGE INTENTIONALLY LEFT BLANK) TABLE OF CONTENTS TITLE PAGE WITH APPROVAL SIGNATURES Intro-i INTRODUCTION Intro-iii REFERENCES Intro-v TABLE OF CONTENTS Intro-vii 1. IDENTIFICATION AND LOCATION OF THE SYSTEM 1.1 Facility/Organization Name and Address 1.2 System Location 1.3 Accreditation Information 2. NAME, ORGANIZATION, MAIL STOP, AND PHONE NUMBER OF THE RESPONSIBLE SECURITY PERSONNEL 2.1 Classified Information System Security Operations Manager (CSOM) 2.2 Classified Information System Security Site Manager (CSSM) 2.3 Classified Information System Security Officer (CSSO) 2.4 User/Security Officer (U/SO) 3. NARRATIVE DESCRIPTION OF THE SYSTEM AND ACCESS RESTRICTIONS 3.1 Purpose of the System 3.2 Rules for Permitting/Denying Access to the AIS 4. STATEMENT OF THREAT 5. AIS SECURITY ENVIRONMENT 5.1 Protection Rating 5.2 Methods Used 5.3 Individual System Description 5.4 Modification Controls 5.5 Periods Processing 5.5.1 Classified PC Connected to a Unclassified LAN 5.5.2 Classified PC Connected to both a Classified LAN and an Unclassified LAN 5.6 Maintenance Swap Controls 5.7 Approved Mechanical Switch Boxes 6. PERSONNEL SECURITY 6.1 Clearance Verification 6.2 U/SOs' Responsibilities 7. PHYSICAL SECURITY 7.1 Building Access 7.2 Additional AIS Security Procedures 7.3 Security Areas for PCs, and PPCs 7.3.1 Vaults 7.3.2 Limited Areas/Exclusion Areas 7.4 Transporting Classified PPCs Outside Headquarters 7.5 AIS Placement and Control 7.5.1 PCs 7.5.2 PPCs 7.6 Peripheral Sharing 8 TELECOMMUNICATIONS SECURITY 8.1 Commercial Non-encrypting Modems 8.2 STU-III Secure Voice/Data Set (SV/DS) 8.3 STU-III Secure Data Device (SDD) Model 1900/1910 8.4 Emission Security 8.5 Wireless Communications (Infrared) Ports 9. SOFTWARE SECURITY 9.1 Access Control 9.2 Prohibited Software 9.3 Software Vulnerabilities 9.4 Trusted Copy Program (TRCOPY) 10. ADMINISTRATIVE SECURITY 10.1 Configuration Management 10.1.1 AIS Configuration Identification 10.1.2 AIS Configuration Control 10.1.3 AIS Configuration Status Accounting 10.1.4 AIS Configuration Auditing 10.2 Access Controls 10.3 Installation Control Procedures 10.4 Media Security 10.4.1 Marking of Removable Magnetic Media 10.4.1.1 Marking During Classified Sessions 10.4.1.2 Marking During Unclassified Sessions 10.4.2 Marking of Fixed Magnetic Media 10.4.3 Storage Containers (Disk Holders) 10.4.4 Personal Computer Monitors 10.4.5 Printouts 10.4.6 Printer Ribbons 10.4.6.1 Dot Matrix Printer Ribbons 10.4.6.2 All Other (Non-Dot Matrix) Printer Ribbons 10.4.7 Toner Cartridges 10.4.8 Color Printer-Color Transfer Rolls 10.4.9 Media Storage 10.4.10 Classified Software Protection 10.4.11 Magnetic Media Sanitization Procedures 10.4.12 Magnetic Media Clearing Procedures 10.4.13 Destruction Procedures 10.4.14 Document (or Media) Accountability 10.5 System Sanitization 10.5.1 All AIS 10.5.2 PPCs 10.5.3 Laser Printer Toner Cartridges 10.5.4 Color Printer-Color Transfer Rolls 10.6 Host Computer Access Controls 10.6.1 User Identification Code and Password Controls 10.6.1.1 HQ IBM Host 10.6.1.2 Other Accredited Hosts 10.6.2 Password Maintenance 10.6.3 IBM ES/9000 Host Computer Access Control Mechanisms (Implemented in Software) 10.6.4 IBM ES/9000 Host Computer Access Control Mechanism (Implemented in Hardware Via STU-III Encryption Devices) 10.7 Property Removal Authorization 10.7.1 Removal of Accredited PPCs 10.7.2 Removal for Repair 10.8 Analog Or Digital Audio Recording Capabilities Of AIS 10.9 New and Emerging Office Technology 11. WASTE, FRAUD, AND ABUSE 11.1 Definition and Reporting 11.2 Review of System Files by the CSSO 11.3 Unannounced Reviews by the CSSM 11.4 Recognition of Copyright and Licensing Agreements 11.5 Software Scan Program (SW-SCAN) 12. RISK ASSESSMENT 12.1 Threat Identification 12.2 Asset Identification 12.3 Summary of Qualitative Risk Assessment 13. TRAINING 13.1 CSSOs 13.2 AIS U/SOs 13.3 Computer Security-Trained Escorts 14. INCIDENT REPORTING 14.1 Incident Recognition by U/SO 14.2 Notification Procedures 14.3 Documentation and Review 15. CONTINGENCY PLANNING 15.1 Critical Resources 15.2 Non-Critical Resources 16. ESCORT PROCEDURES 17. INTERIM OPERATING PROCEDURES 18. REMOTE DIAGNOSTIC SERVICES 19. SYSTEM SECURITY TESTING 20. ACQUISITION SPECIFICATIONS Attachement 1 -- ANNUAL AIS USER/SECURITY OFFICER ACKNOWLEDGEMENT OF COMPLIANCE RESPONSIBILITIES Attachment 2 -- STU-III USER LOG FOR CLASSIFIED DATA PROCESSING Attachment 3 -- WASTE, FRAUD, AND ABUSE REVIEW CHECKLIST FOR ACCREDITED DOS BASED PERSONAL COMPUTERS Attachment 3M -- WASTE, FRAUD, AND ABUSE REVIEW CHECKLIST FOR ACCREDITED MACINTOSH PERSONAL COMPUTERS Attachment 4 -- SECURITY REVIEW CHECKLIST FOR PERSONAL COMPUTER CERTIFICATION Attachment 5 -- INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN Attachment 6 -- LABELING DISKETTES, REMOVABLE HARD DISKS, AND COMPACT DISC (CDs) Attachment 7 -- ACCREDITED PORTABLE PERSONAL COMPUTER VALIDATION CARD Attachment 8 -- STATEMENT OF SECURITY RISK KEYWORD INDEX INDEX-1 (THIS PAGE INTENTIONALLY LEFT BLANK) 1. IDENTIFICATION AND LOCATION OF THE SYSTEM 1.1 Facility/Organization Name and Address Headquarters Germantown Forrestal United States Department of Energy and U.S. Department of Energy 19901 Germantown Road 1000 Independence Avenue, S.W. Germantown, Maryland 20874-1290 Washington, D.C. 20585 1.2 System Location The specific location (where the system is installed) of each system is identified in the applicable Individual Security Plan (Attachment 5). The location specified for Portable Personal Computers (PPCs) is the room number where the PPC is stored when not being used. 1.3 Accreditation Information AIS at the HQ are individually accredited to process classified information up to, and including, the highest classification level and most restrictive category identified in Paragraph VI-3 of the applicable Individual Security Plan (Attachment 5). Accreditation of the system referred to in the Individual Security Plan is effective upon completion of the signature of the CSSM in Paragraph VI-3. (THIS PAGE INTENTIONALLY LEFT BLANK) 2. NAME, ORGANIZATION, MAIL STOP, AND PHONE NUMBER OF THE RESPONSIBLE SECURITY PERSONNEL 2.1 Classified Information System Security Operations Manager (CSOM): Jack L. Cowden, NN-514.2, GTN, (301) 903-9992 2.2 Classified Automated Information System Security Site Manager (CSSM): John E. Staley, HR-441, GTN, (301) 903-4566 2.3 Classified Information System Security Officer (CSSO): The name, organization, mail stop, and phone number of the assigned CSSO is provided in the applicable Individual Security Plan. 2.4 User/Security Officer (U/SO) The U/SOs are the primary, responsible users of their assigned accredited system. As such, they are responsible for complying with all AIS security requirements that pertain to their assigned system. They are also responsible for remaining aware of and knowledgeable about their responsibilities in regard to classified AIS security. Further, they are accountable for their actions on accredited AIS, including their assigned system. The name, organization, mail stop, and phone number of the U/SO is provided in the applicable Individual Security Plan. (THIS PAGE INTENTIONALLY LEFT BLANK) 3. NARRATIVE DESCRIPTION OF THE AIS AND ACCESS RESTRICTIONS 3.1 Purpose of the System The DOE is composed of organizations that encompass many diverse programmatic missions. These include, but are not limited to: design, development, and production of nuclear weapons; energy research and development; nuclear research and development; uranium enrichment; management of radioactive wastes; and marketing of hydroelectric power. AIS equipment provides the facility for the required work to be processed in a timely, cost-effective manner. PCs and PPCs are used for word processing, data bases, spreadsheets, graphics, and communications in an office environment to enhance DOE program management activities. 3.2 Rules for Permitting/Denying Access to the AIS U/SOs are responsible for granting access privileges to their assigned AIS. All personnel that process classified information on AIS equipment will be cleared for the highest level and most restrictive category of classified information processed on the system. During each given period of operation, a stand-alone AIS may be operated by a single U/SO who has the required "need-to-know" for all information contained on the system and controls all system resources at that specific time. The specific administrative security controls implemented to deny access to uncleared personnel within the facility are listed in paragraph 10 Administrative Security. (THIS PAGE INTENTIONALLY LEFT BLANK) 4. STATEMENT OF THREAT No threats unique to this system exist that were not considered and are not mitigated by the requirements and countermeasures delineated in both DOE Order 471.2 and DOE Manual 5639.6A-1. (THIS PAGE INTENTIONALLY LEFT BLANK) 5. AIS SECURITY ENVIRONMENT 5.1 Protection Rating A Protection Index rating of 0 (zero) has been established for all systems (PCs and PPCs) operating in a single-user/stand-alone capacity with no connection to another computer. This is based on the fact that only one U/SO with the appropriate clearance level and required "need-to-know" is allowed access to an individual system at any given time in accordance with DOE O 471.2 and DOE M 5639.6A-1. When connected to another computer (Host, LAN or another PC) (connection with a host or LAN is identified in Section III of the Individual Security Plan), the protection index of the system changes from an index of 0 (zero) to an index of 1 (one). This is because the U/SO of one connected system may not have a "need-to-know" for all information contained on the host or other connected system. Any system (PC or PPC) with a protection index greater than 1 (one) must be accredited under a separate security plan. 5.2 Methods Used The methods used to meet the above requirements will be described in paragraphs 6 through 10 of this Plan. All security measures identified in this Plan must be implemented. (All deviations must be identified in Section VI of Attachment 5. Any security measures implemented in addition to those mentioned in this plan must be identified in Section V of Attachment 5). 5.3 Individual System Description Individual Security Plans describe each AIS and identify the level and amount of classified data to be processed. AIS equipment is included in each HQ organization's property accounting inventory. A risk review was conducted on the methods of assigning, distributing, installing, and supporting AIS software and hardware at the HQ. This risk review has shown that sufficient controls have been placed on each element of the procurement, storage, installation planning, installation, maintenance, and software support to minimize the risk of unauthorized targeting of specific hardware and software packages to classified areas. Since the risk of targeting specific systems to classified use has been determined to be low, an additional inventory of hardware and software in the AIS Security Plan is unnecessary. Each Individual Security Plan will, however, list the following information: a. System Identification Number, as assigned by the CSSM. b. Location (* see below) Building, Room Responsible organization, official c. Hardware Manufacturer of CPU Model number of CPU DOE Property Tag Number of CPU * For PPCs, location will be the storage location. The building and number of the room where the equipment is stored when not being used. d. Security Related Software and Communications Software Developer Product Name Version Number 5.4 Modification Controls The U/SO is responsible for bringing all planned system modifications to the attention of the CSSO at the earliest opportunity. All modifications planned for accredited AIS will be discussed with the CSSO prior to implementation. The CSSO will analyze the proposed modification to determine the expected impact on security caused by the changes and, if applicable, gain any approval required of the TEMPEST Coordinator, HR-433/GTN, or other security official. In addition, the Individual Security Plan must be updated to reflect the modification, and forwarded with appropriate attachments for certification and reaccreditation (See also, Paragraph 17 for applicability.) 5.5 Periods Processing The term "periods processing" denotes the method of operation used at DOE HQ to allow accredited AIS to operate securely within sequential processing sessions of distinctly differing levels of information sensitivity (From NON-SENSITIVE UNCLASSIFIED up to, and including the highest processing level (based on classification and category) of information the system is accredited to process). Periods processing provides the capability to either: a. sequentially, have more than one user on a single-user accredited AIS with different levels of information or need-to-know; and/or; b. sequentially, use an accredited AIS at more than one processing level; c. transmit or receive different levels of information or need-to-know. Only accredited PCs and PPCs with removable hard disks can perform periods processing. Accredited PCs with permanently fixed hard disk drives may not perform periods processing. PPCs will not be accredited to process classified information if they contain internal fixed hard disks. They must be equipped with removable hard disks. Accredited PCs and PPCs employed in periods processing shall have separate sets of media, one for each level of classified and unclassified processing, including operating systems, utilities, and applications software. Classified removable hard disks may be shared only between U/SOs with common security clearances and need-to-know. Accredited systems are sanitized in accordance with Paragraph 10.5 before making the transition from a processing session with higher classification/category to a processing session of lower classification/category. They are also sanitized between processing sessions when all U/SOs who have had access to the system since the last sanitization process have differing need-to-know restrictions than those U/SOs who are to be given subsequent access to the system. Accredited PCs and PPCs with removable hard disks may be used to process data in a strictly unclassified environment only after the system has been sanitized to the unclassified level in accordance with procedures stated in Paragraph 10.5 of this Plan. During periods of processing in an unclassified mode, all data processed will be handled in accordance with the policy stated in DOE 1360.2B, Unclassified Computer Security Program, with the exception that all input and output magnetic media must be individually marked "UNCLASSIFIED" in accordance with procedures detailed in Paragraph 10.4 of this Plan. All other security controls (Physical, Administrative, Hardware/Software, Telecommunications, and Personnel) must comply with this Plan. 5.5.1 Classified PC Connected to an Unclassified LAN Accredited PCs (approved to process classified information) may be connected to an unclassified LAN only when all of the conditions specified in this paragraph are met: The PC must not be configured with fixed hard disk drives. The PC must be configured to use removable hard disk drives. The user must have at a minimum two separate removable hard disk drives (one classified and one unclassified). The hard drives will be marked and stored as required in paragraph 10.4 of this plan. The PC must be configured to boot (load the operating system) from the removable hard drives. No LAN operating system software (i.e., lsl.com, ipx.odi, etc.) will be installed on the classified hard disk drive. Communication software (e.g., DOECOMM) may only be installed on the classified hard disk drive when the PC is approved to communicate with other classified computer systems via SDD. An approved mechanical switching device, e.g. A/B Switch Box will be used as an interface and positive disconnect between the PC and the unclassified LAN connection. See paragraph 5.7 for a list of approved mechanical switch boxes. The A/B selector switch will be marked with an "Approved for Classified" sticker on the top or side where it can be easily seen. Additionally the switch will be marked to indicate "A" as "Unclassified" and "B" as "Classified". The A/B switch box will be configured in a manner that connects the unclassified LAN cable to the "A" connector port. The "B" port will not be connected. Before processing CLASSIFIED information, the user must perform the following: If an unclassified LAN session was/is in progress, the user must log off of the LAN, the unclassified hard disk drive must be removed, and the entire system, including peripherals powered down. The A/B selector switch must be repositioned to the "B" position. The classified removable hard disk drive will be placed in the hard drive receptacle (in the computer) and the computer will be powered on. After completing classified processing, remove the classified hard disk drive, perform all required sanitization routines as specified in paragraph 10.5 of this plan, including turning off the power to the entire system and repositioning the selector switch to the "A" position. The user may now proceed to process unclassified information. 5.5.2 Classified PC Connected to both a Classified LAN and a Unclassified LAN Accredited PCs (approved to process classified information) may be connected to both an unclassified LAN and a classified LAN only when all of the conditions specified in this paragraph are met: The PC must not be configured with fixed hard disk drives. The PC must be configured to use removable hard disk drives. The user must have at a minimum two separate removable hard disk drives, one to access the classified LAN and to use for stand-alone classified processing, and one to access the unclassified LAN and to use for stand-alone unclassified processing. The hard drives will be marked and stored as required in paragraph 10.4 of this plan. The PC must be configured to boot (load the operating system) from the removable hard drives and the PC's operating system must not allow for "Hot Swapping" (the removal of one drive and inserting another drive without interrupting LAN connectivity). This will (initially) be accomplished by signature packet selection. The hard drive signature packets (established by the LAN configuration file during boot-up) will be set at a value of "3" for the classified hard drive and a value of "0" for the unclassified hard drive. An approved mechanical switching device will be used as an interface and positive disconnect between the PC and the LAN connections. See paragraph 5.7 for a list of approved mechanical switch boxes. The A/B selector switch will be marked with an "Approved for Classified" sticker on the top or side where it can be easily seen. Additionally the switch will be marked to indicate "A" as "Unclassified" and "B" as "Classified". The A/B switch box will be configured in a manner that connects the unclassified LAN cable to the "A" connector port, and the classified LAN cable to the "B" port. Before processing CLASSIFIED information, the user must perform the following: If an unclassified LAN session was/is in progress, the user must log off of the LAN, the unclassified hard disk drive must be removed, and the system powered down. The A/B selector switch must be repositioned to the "B" position. The classified removable hard disk drive will be placed in the hard drive receptacle (in the computer) and the computer will be powered on. The user will follow established login procedures to access the classified LAN. After completing classified processing, the user will remove the classified hard disk drive, perform all required sanitization routines as specified in paragraph 10.5 of this plan, including turning off the power to the entire system and repositioning the selector switch to the "A" position. The user may now proceed to process unclassified information. 5.6 Maintenance Swap Controls Hardware and software systems occasionally suffer failure due to old age, manufacturing defects, and other - normally unforeseen - reasons. When failures occur, maintenance personnel normally replace the affected hardware or software items with like (same manufacturer, model, and version numbers) items in good repair, and the affected items are turned in for repair or replacement and returned to the supply stock. If like items in good repair are not available as "loaners" or replacements, then compatible items are sometimes used. If the item being replaced is the CPU, and the replacement is identical, the system does not have to be reaccredited, however the individual security plan (attachment 5) must be updated to show the DOE property number of the replacement CPU and a copy of the updated attachment 5 submitted to the CSSM with a note that the CPU has been replaced. If the affected item cannot be replaced with a like item, the U/SO must notify the CSSO, who must then gain reaccreditation of the "new" or "changed" system (Paragraph 17 may also be applicable). 5.7 Approved Mechanical Switch Boxes The following mechanical switch boxes are currently approved for use with classified PCs: SW045A, QVSCA284-2, and SW046A-FFMFF. 6. PERSONNEL SECURITY 6.1 Clearance Verification The security clearance level and "need-to-know" of any potential U/SO will be verified by the CSSO prior to granting the U/SO access to an accredited AIS. The CSSO will verify each U/SO's clearance level by checking his or her DOE Identification Badge. Temporary use of an accredited stand-alone AIS by a person other than the assigned U/SO may be granted, only after the temporary user's clearance and AIS security-related training is verified by the assigned U/SO or CSSO. The U/SO or CSSO granting temporary access must ensure the temporary user is aware of the contents of the documents listed at paragraph 13.1 and has signed the Annual User/Security Officer Acknowledgement of Compliance Responsibilities Form (Attachment 1) cited in paragraph 13.2. Temporary use of an accredited AIS that is connected to a STU-III device may also be permitted, but only within the additional limitations and procedures documented in Section 2.0 of the Headquarters Security Officer's STU-III Procedural Guide. Organizations must ensure that appropriately cleared and security-trained personnel are assigned to repair or support AIS in the classified environment, or that non-cleared maintenance personnel are escorted. The Office of Information Management, HR-4, provides only cleared personnel (cleared for the highest classification level and most restrictive category of information for which the AIS are accredited to process) to service and maintain accredited AIS without the need to be escorted. If an accredited AIS is maintained by an organization other than HR-4, the U/SO must include procedures in the Individual Security Plan for ensuring that maintenance and support personnel are appropriately trained and cleared - or describe the alternative methods employed to ensure the security of the system during maintenance or support activities. 6.2 U/SOs' Responsibilities U/SOs will verify with the Data Owner (if someone other than the U/SO) and the CSSO that any personnel requesting access to their accredited AIS or information possess the proper security clearance and "need-to-know" commensurate with the highest classification level and most restrictive category of information processed on the AIS prior to granting access. When a PPC is being used in a location within the Germantown or Forrestal buildings other than the primary or storage location, the U/SO will ensure that the security clearance and need-to-know of individuals in the immediate area where the processing is taking place is consistent with the classification level of the information being processed. Additionally, If the area where the PPC is being used is under the jurisdiction of another CSSO, approval to process must be obtained from that CSSO before processing can begin. The "Accredited Portable Computer Validation Card" Attachment 7, carried by the U/SO of PPCs will be used to provide evidence that the PPC is accredited for processing classified information. Paragraph 7.4 provides guidance for US/Os who need to transport and use an accredited PPC to process classified information at a location other than the Germantown or Forrestal buildings. The classified removable hard disk drive must be transported separately from the PPC in accordance with the requirements stated in the DOE Headquarters Facilities Master Security Plan, Chapter XI Classified Matter Protection and Control. 7. PHYSICAL SECURITY 7.1 Building Access See the DOE HQ Facilities Master Security Plan, Chapter IV, Physical Protection Program for details on building access controls 7.2 Additional AIS Security Procedures The following are additional security guidelines which are meant to supplement DOE Headquarters Facilities Master Security Plan, Chapter XI, Classified Matter Protection and Control (CMPC). This chapter contains exacting procedures to protect classified information. Individuals processing classified information must comply with Chapter XI: (Note: Chapter XI outlines requirements for: Classifying, reviewing and releasing classified documents; storage of classified matter; protection of classified matter while in use; accountability; top secret accounts; reproduction; transmission of material; and destruction.) Individuals accessing the classified media/system must be cleared to the level and category of information and have a verified need-to-know. The AIS shall be sanitized in accordance with Paragraph 10.5, HQ Master AIS Security Plan. Classified media must be stored in accordance with Para 3, Chapter XI, DOE Headquarters Facilities Master Security Plan. A placard (DOE F DP/0018/1 or its multi-color, unnumbered replacement) depicting the processing classification level will be posted. The video display and printed matter containing classified information will be oriented so that it cannot be seen from outside the security area, (i.e. door to the area will be closed, blinds closed if display screen can be seen from the windows). Limited or Exclusion areas sign will be posted on the outside of the door. All personnel without a clearance and need-to-know commensurate to the system accreditation will be excluded from the immediate area where classified processing is taking place. 7.3 Security Areas for PCs and PPCs. PCs and PPCs accredited to process classified information within the HQ complex (Germantown and Forrestal buildings) must be physically located within: A vault or vault-type room authorized for the open storage and the processing of classified information; or, Limited area A security area which is established for protection of classified matter where security officers or other internal controls can prevent access to classified matter by unauthorized persons; or Exclusion area A security area which is established for protection of classified matter where mere presence in the area would normally result in access to classified information. 7.3.1 Vaults Vaults or vault-type rooms are well defined in DOE 5632.1C and DOE M 5632.1C-1. Stand-alone PCs and PPCs located in these areas do not have to be attended when processing classified information. However, when PCs/terminals are connected to a classified network or other classified computers, they must be attended by personnel authorized to access the information on the network or the computer/terminal must be logged off the network. 7.3.2 Limited Areas/Exclusion Areas The following procedures will be used to secure accredited PCs and PPCs within limited areas/Exclusion Areas: When they are not attended by a person cleared to the level and category of system accreditation: The AIS shall be sanitized as described in paragraph 10.5 and have all classified information (media) removed and stored in an approved security container as defined by DOE 5632.1C and DOE M 5632.1C-1. The color transfer rolls shall be removed from color printers that use that technology and placed in an approved security container. Crypto ignition keys shall be removed from STU-III SV/DSs and SDDs and stored on the terminal user's person or in an approved security container. If multiple systems are located in a common area, and all the U/SOs assigned to these systems do not have a common need-to-know, then each U/SO is responsible for controlling physical and visual access to their system and sanitizing and securing his or her assigned system before leaving it unattended. For exclusion areas the last U/SO to leave the area must lock the door and, if at the end of the work day, annotate the Security Container Check Sheet. When the AIS located within those offices are being used to process classified information: They must be attended by a U/SO with a clearance commensurate to the level of system accreditation and with a need-to-know for all of the information contained on the system. A placard (DOE F DP/0018/1 or its multi-color, unnumbered replacement) depicting the classification level of the information being processed will be posted. The video display and printed matter containing classified information will be oriented so that it cannot be seen from outside the exclusion area or the door to the area will be closed. An "EXCLUSION AREA" or "SECURITY AREA" sign will be posted on the outside of the door. Blinds will be closed if display screens can be seen from a window. All personnel without a clearance and need-to-know commensurate to the system accreditation will be excluded from the immediate area where classified processing is taking place. 7.4 Transporting Classified PPCs Outside Headquarters When there is the need to transport and use an accredited PPC to process classified information at a location other than the Germantown or Forrestal buildings the US/O must have the PPC accredited by the cognizant CSOM, i.e. the Rocky Flats CSOM must accredit a HQ PPC when that PPC is to be used to process classified information at Rocky Flats. The cognizant HSO must be consulted for specific requirements and guidance. 7.5 AIS Placement and Control 7.5.1 PCs Once installed, accredited AIS equipment may not be moved from the room in which it was installed by anyone without the expressed permission of the CSSO. It must remain in the room where it was installed until its movement or reinstallation elsewhere is approved by the CSSO. The CSSM will provide the CSSO an "Approved For Classified" label that must be affixed to each peripheral and the main system cabinet of the accredited AIS prior to commencement of classified processing. 7.5.2 PPCs An accredited PPC may be assigned to an individual U/SO or may be assigned to a pool of portable computers for temporary assignment to users. Data files are to be encrypted using the DES or other approved encryption when they are stored to provide need-to-know protection. When PPCs are accredited an "Accredited Portable Computer Validation Card (Attachment 7)" is assigned to the individual unit. This card must be carried by the U/SO whenever the computer is in his/her possession. The "Approved for Classified" stickers are not used on PPCs. 7.6 Peripheral Sharing Peripheral sharing between accredited systems and non-accredited systems constitutes a risk of unauthorized disclosure. Due to this risk, U/SOs must exercise extreme caution at all times to ensure that output from a shared device receives the proper security considerations. Accredited systems may only share peripheral devices with non-accredited systems under the following circumstances: a. All elements of the systems must be located in the same room and within the view of the U/SO of the accredited system. b. Only printers, plotters, and scanners may be shared. c. Only mechanically switched connection devices (e.g., A/B or X switch boxes) or temporary direct connect/disconnect cable may be used. Electronically switched devices (e.g., Logical Connection) are prohibited. d. Before attaching an accredited system to a peripheral shared by a non-accredited system, the CSSO must ensure: (1) that the Individual Security Plan for the accredited system identifies the intention to share peripherals with a non-accredited system; (2) that Sections V and VI of the Individual Security Plan be updated to specify the conditions under which the two systems can share a peripheral without causing undue risk of disclosure; and, (3) that the CSSM has approved the updated Individual Security Plan. (THIS PAGE INTENTIONALLY LEFT BLANK) 8. TELECOMMUNICATIONS SECURITY Each communications link used to support an accredited AIS is protected commensurate with the level of classification and category of the information for which the system is accredited. The protection features of each link are implemented in accordance with DOE 5300.3D, Telecommunications: Communications Security, and DOE 5300.2D, Telecommunications: Emission Security (TEMPEST). The only dial-up, point-to-point communications authorized for use with classified information among accredited PCs, PPCs, and other automated information resources (e.g., host computers) are those provided by National Security Agency-approved encryption devices (e.g., KG-84s and the STU-III family of devices). 8.1 Commercial Non-encrypting Modems The use of any internal or external modem, FAX/modem, or dial-up capable datapath unit to process unclassified information with an accredited PC or PPC represents a very high risk and is therefore prohibited except under the following circumstances. If the U/SO of an accredited PC or PPC needs unclassified communications capability to perform their official duties and that service is either not available, is impractical, or otherwise cannot be accomplished through an unclassified LAN then a Statement of Security Risk (Attachment 8) must be executed. Additionally, section VI (Deviations from DOE HQ Master AIS Security Plan) of the Individual Personal Computer Security Plan (Attachment 5 must be completed and the system must be reaccredited. Once Accredited, PCs and PPCs operating under the provisions above must adhere to the following procedures: The modem and/or FAX/modem must only be used to process unclassified information; Data communications software may only be installed on the unclassified removable hard disk drive, unless the system has an authorized connection to a STU-III device or an accredited classified LAN; The modem or FAX/modem must be connected to the telephone line through an approved mechanical switching device (A/B switch) that provides a positive disconnect from the phone line when processing in the classified mode. The unclassified telephone line must be connected to the "A" side of the switch and nothing connected to the "B" side of the switch; When processing unclassified information, all classified media must be removed from the PC or PPC and stored in an approved security container. The entire PC or PPC configuration must be sanitized by turning off power including removal of PPC batteries prior to turning the A/B switch to the position for unclassified processing; The unclassified removable hard disk drive inserted into the PC or PPC and the system rebooted. The following protection considerations apply in all cases of accredited AIS classified communications at the DOE HQ. 8.2 STU-III Secure Voice/Data Set (SV/DS) These procedures outline the minimum requirements for use by an AIS of a STU-III SV/DS (the variety of models supporting both voice and data) as an encryption device for the limited, nonscheduled, point-to-point transmission of ad hoc data. Use of a STU-III SV/DS for the scheduled transmission of classified information is not covered by this plan. In such cases, the requirements of DOE M 5639.6A-1, relating to the accreditation of networks, must be met. Section IV of Attachment 5 will be appropriately annotated and the system accredited by the CSSM prior to use. An "Approved for Classified" label must be affixed to the STU-III SV/DS prior to any classified data transmission. To initiate secure data transmission, a valid Cryptographic Ignition Key must be locked into the STU-III SV/DS and confirmation of the secure mode must be received and indicated. Properly cleared personnel with the proper "need-to-know" must be present at both terminals, during the entire period of interconnection. This ensures by visual verification that the proper classification level and identification information of the STU-III SV/DS display matches the classification of the data being transmitted and the recipient's need-to-know. It is the responsibility of both sender and receiver to ensure that no data is transmitted that is of a higher classification level or more restrictive category than their highest common clearance/access level. Removable hard disks in the AIS must be the same level of classification and category as the data to be processed. To prevent a higher classification of data being sent than is authorized, visual inspection of the data before transmission by the sender is mandatory. A log (a blank example may be found at Attachment 2) will be used to show the use of the STU-III SV/DS with the AIS. The log will identify the distant end, time of use, level of classification, and the type of data transmitted and/or received. 8.3 STU-III Secure Data Device (SDD) Model 1900/1910 These procedures outline the minimum requirements for using SDDs as the primary means for protecting point-to-point communications between accredited AIS and the accredited HQ IBM ES/9000 host computer within the DOE HQ or in point to point operation with other devices external or internal to the HQ. Installation, operation, maintenance, and removal of each SDD terminal will be in accordance with procedures presented in the STU-III Procedural Guide. The Secure Access Control System (SACS) is implemented at each host-end SDD, providing a "good guy" list that ensures only authorized access from calling SDDs. To initiate secure data transmission, a valid Cryptographic-Ignition Key must be properly inserted into the SDD and confirmation of the secure mode must be received and indicated before communications can proceed. The U/SO may not leave the SDD unattended while it is in the secure mode of operation. When not in use, the crypto-ignition key must be removed from the SDD and either carried on the user or stored in a repository authorized for the classification level of the SDD. 8.4 Emission Security The CSSO ensures a pre-installation site survey is performed to ensure that the site is suitable for accredited system placement. Aperiodic checks are also performed by the CSSO and the CSSM to ensure continued compliance. Classified AIS (the entire system, including peripheral devices) must be at least 6 inches from any part of an unclassified AIS (entire system, including peripheral devices) and at least 2 inches from unclassified transmission media (e.g., telephone lines, data lines, alarm lines, etc.) In the situation where a classified PC shares a peripheral device (such as a printer) with a unclassified PC, both PCs must be separated from the shared device and each other by at least 6 inches. The separation requirements specified above do not apply to AIS located in the Forrestal building rooms GA-301, the Emergency Operations Center, and the Communications Center. Separation requirements for these facilities are specified in the applicable TEMPEST Plan, maintained by the Headquarters TEMPEST Coordinator, HR-433. Consultation with the TEMPEST Coordinator should be effected for those systems planned for these areas. 8.5 Wireless Communications (Infrared Ports) The use of wireless communications (infrared) ports found on most PPCs to interface with printers and other peripheral devices is strictly forbidden when processing classified information. These ports must be disabled on all accredited PPCs and peripherals by covering the window with a numbered security seal or physically removing the infrared transmitter. 9. SOFTWARE SECURITY 9.1 Access Control AIS that do not have DOE-approved hardware and/or software security programs (i.e., the Watchdog or similar programs) installed rely exclusively on the administrative and physical security access controls contained in this plan. 9.2 Prohibited Software Unauthorized software is prohibited on DOE AIS that are accredited to process classified information. Unauthorized software consists of: any personal, commercial, shareware, or public domain software application, operating system, or utility software package that has not been introduced into the DOE HQ environment through procurement and distribution channels approved by HR-4, and that has not been approved for use on a specific accredited AIS by the assigned CSSO after testing. any software that was not developed within a secure environment and that was not properly tested and approved for use on a specific accredited AIS by the assigned CSSO after testing. The Windows terminal function must be disabled by deleting the program "TERMINAL.EXE" (in the accessory group) on all accredited personal computers (the classified removable hard disk). E - Mail software (including the mail feature in WordPerfect) is prohibited (and must be removed if installed) on the classified removable hard disk for all accredited personal computers, except those connected to a classified LAN. 9.3 Software Vulnerabilities Commercial off the shelf software (COTS) packages often contain features that are designed to save the user time and make their job easier. Occasionally, features designed to make a job easier may actually create vulnerabilities especially when classified or sensitive unclassified information is involved.The following are software features that present potential vulnerabilities and the safeguards that will mitigate those vulnerabilities. The WordPerfect for Windows version 6.1 "Undo/Redo History" function is a potential security vulnerability. This function allows users to recall and undo changes or deletions made to a document during its creation. The number of sequential changes retained that can be undone is selectable by the document's author - the default being 10, but the author/editor may set it to as high as 300 retentions. WordPerfect makes this capability possible by storing the changes within the document. This is not readily apparent to the user. Therefore, a change that has been previously performed can then be recovered any time in the future by the author or any subsequent person who has been given the document. While this may be a very desirable feature during document creation and editing, there is the potential for unauthorized release of classified or sensitive unclassified information. The Undo/Redo History function can be turned on and off. When turned off, deleted and changed text is not saved with the document. It is recommended that this option be disabled or set at the minimum level to minimize the threat of information compromise. The option must be disabled and the document saved prior to executing TRCOPY to migrate unclassified data from classified media. It should be kept in mind that this capability also exists in other versions of WorkPerfect and other user friendly software. 9.4 Trusted Copy Program (TRCOPY) The Trusted Copy Program (TRCOPY) is designed for use in classified areas when the need exists to migrate an unclassified file from the classified environment of an accredited system to an unclassified environment. TRCOPY provides safeguards to ensure that only the designated information is actually copied and that the target diskette contains only the intended information. The diskette containing TRCOPY is not classified and will not become classified by using it to move unclassified files. If it is used to move classified files, the diskette will become classified and must be protected at the appropriate level. TRCOPY operates under DOS, version 3.2 or later, on the IBM PC or compatible microcomputer. It is the responsibility of the U/SO to ensure that the files being copied to the TRCOPY diskette do not contain any classified information. If this should occur, then the diskette must be marked, processed, protected, and destroyed according to the highest level and most restrictive category of the information it contains. Copies of the Trusted Copy program and documentation may be acquired from the CSSM computer security support team 903-2106 or 903-0611 in Germantown or 586-5346 at the Forrestal building. (THIS PAGE INTENTIONALLY LEFT BLANK) 10. ADMINISTRATIVE SECURITY The following procedures have been established to ensure that all AIS within HQ facilities have adequate administrative controls to restrict access to the appropriate U/SOs and to ensure the protection of classified AIS assets. 10.1 Configuration Management Configuration management procedures are used to ensure that development and changes to an AIS take place in an identifiable and controlled manner. The following four specific aspects of configuration management are used to provide assurance that modifications in the environment of the AIS do not adversely affect the security of that system. 10.1.1 AIS Configuration Identification Configuration identification employs the identification of system components and documentation that supports security control procedures. In the Master AIS Security Plan, requirements stipulate the necessary controls that will be used. Attachment 5, Individual Security Plan, provides the necessary support documentation. The following criteria is either in the Master AIS Security Plan or will be identified in the attachment 5, thereby establishing a system baseline to be used as a reference. Security control procedures, e.g., Personnel, Physical, Telecommunications, Software, Administrative. Modification control procedures. System-specific design documentation. Major Equipment Component Identification, Attachment 5. Equipment Configuration, Attachment 5. CSSO Certification date, Attachment 5. CSSM Accreditation date, Attachment 5. 10.1.2 AIS Configuration Control The task of configuration control is performed by subjecting system components and documentation to a review and approval process within the computer security organization. Configuration control is implemented by the Modification Controls, paragraph 5.4. Modification controls identify the procedures used to evaluate, coordinate, and submit for approval requests for AIS modifications. 10.1.3 AIS Configuration Status Accounting Status accounting is possible through both manual and online systems. The U/SO and CSSO account for the requirements defined in paragraph 10.1.1 by means of the documentation required by this plan. The CSSM monitors the accreditation process and maintains accreditation files. 10.1.4 AIS Configuration Auditing Configuration auditing is accomplished via the review processes embodied in the Classified AIS Security Program life cycle. Initially, the CSSO conducts an assurance review before recommending the system for certification. The CSSO also has the authority to exercise security oversight, at any time, AIS within his/her responsibility to ensure that all control procedures identified in the Master AIS Security Plan are used. The CSSM provides oversight on security control procedures by providing the initial certification review and through periodic program compliance reviews. This continual auditing program assures that criteria stated in AIS configuration identification are met. 10.2 Access Controls Physical access control procedures are identified in paragraph 7, Physical Security. Most, if not all 386/486 based personal computers have the ability to set "Power On" and "Keyboard" passwords. These features are easily defeated by knowledgeable operators. These specific types of "password" should only be relied upon to provide a minimal added layer of security for the AIS and should only be used in conjunction with other approved physical security safeguards when the AIS is not attended. PPCs may be used in any limited area, however they cannot be left unattended. When unattended, PPCs must have the removable classified hard disks removed and stored in an approved security container, and the PPC must be sanitized by not only turning off the power switch, but the battery must also be removed. Because PPCs are not permanently installed, special care must be exercised when processing classified information. The following precautions must be taken: Orient the computer where the screen and any printed material cannot be viewed by uncleared individuals. Maintain proper separation from other electronic devices, telephones, and electrical equipment. Post a "Classified Processing Do Not Enter" sign on the door to the room and close it. 10.3 Installation Control Procedures Control is applied at various checkpoints prior to the installation of an AIS earmarked for classified processing. AIS equipment received at DOE from the manufacturers is immediately controlled and securely stored. Those items of equipment to be used for classified processing are selected at random from the store of existing stocks immediately prior to installation. This practice precludes the equipment from being targeted specifically for a classified installation until the last possible moment before the installation process. 10.4 Media Security Access to AIS storage media (i.e., magnetic disks or tapes, compact disks (CD ROM), paper, or printer ribbons) containing classified data will be restricted to individuals possessing the appropriate DOE clearance and approved need-to-know. 10.4.1 Marking of Removable Magnetic Media 10.4.1.1 Marking During Classified Sessions The following marking and handling requirements do not apply to unclassified compact discs used in systems with read only CD drives. Unclassified CDs used in read only CD drives remain unclassified even after being used during a classified processing session. Prior to beginning a classified processing session on an accredited AIS, all removable magnetic media to be used during the session will be appropriately labeled for protection. Standard Form SF 709 ("CLASSIFIED" label) is no longer allowed per DOE M 5639.6A-1. Any storage medium currently labeled with SF 709 must be immediately reviewed and marked with the appropriate classification level and category. The appropriate classification label (examples are shown at Attachment 6, Labeling Diskettes) will be placed in the top right corner of 5 1/4-inch diskettes. If known, the highest classification and most restrictive category of data stored on the magnetic media may be identified on the first line of Standard Form (SF) 711, Data Descriptor Label (optional), or if SF-711 is not used, the category must be entered on the classification label. Standard Form (SF) 711, Data Descriptor Label, may either be placed in the top-left corner, or on the left side under the manufacturer's label. All classified 3 1/2-inch diskettes may have SF 711 or equivalent placed in the center of the diskette label area with the appropriate classification label directly below (the excess is folded around the edge). The marking and handling requirements for removable magnetic media do apply to systems with recordable CD drives. Removable hard disks will be labeled in the same manner as 3 1/2-inch diskettes. Diskette folders and removable hard disk containers will be marked at the top and bottom, front and back, with the appropriate classification of data stored on the enclosed magnetic media. Most restrictive category markings will be placed in the lower left corner of the folder. Only properly labeled removable hard disks and diskettes are used to store or process classified data files. If a label is placed on the disk or folder to identify the individual documents contained on the disk, the appropriate portion marking designator will be placed parenthetically after the title of the document it governs. All Classified Compact Disc (CD) must be physically marked on both sides with the appropriate classification and category. These markings are placed on the hub of the CD, which is a narrow blank space adjacent to the center hole. See illustration in attachment 6. One technique is to use a silk screening method that permanently marks the disk, another option is to use a classification stamp with permanent indelible ink that won't rub off. Warning: do NOT put any markings on the recording surface portion of the disc. Also, certain types of ink may cause damage to the surface of a CD. Users may want to test mark a blank CD before using an untried marking device on a CD containing information. 10.4.1.2 Marking During Unclassified Sessions Prior to being inserted into a sanitized, accredited AIS during unclassified processing sessions, unclassified magnetic media will be labeled with SF 710 ("UNCLASSIFIED" label). In addition, unclassified magnetic media known to contain sensitive information will be appropriately marked. 10.4.2 Marking of Fixed Magnetic Media PCs with fixed internal hard disk drives (must be permanently located in a vault approved for the open storage of classified information.) will have marked on the front of each system the highest classification level and most restrictive category of data for which the system is accredited to process. PPCs with fixed internal hard disk drives may NOT be used to process classified information. 10.4.3 Storage Containers (Disk Holders) Disk file folders or boxes, including those for compact disc will be marked in accordance with paragraph 10.4.1, above, similar to files or folders containing classified information. 10.4.4 Personal Computer Monitors During classified processing sessions, colored classification marking signs or DOE/DP-0018/1, Department of Energy Computer/Terminal Sensitive Data Warning Signs (sometimes referred to as a security flip-chart or tent sign) identifying the highest classification level and most restrictive category of information the AIS is accredited to process will be prominently displayed. 10.4.5 Printouts Specific guidance for reviewing, handling, storing and marking can be found in Chapter XI, paragraphs 2 through 6 of the DOE HQ Facilities Master Security Plan. 10.4.6 Printer Ribbons 10.4.6.1 Dot Matrix Printer Ribbons All dot matrix printer ribbons must, however, be destroyed as classified scrap in the manner described in paragraph 10.4.13, below. Multiple-strike printer ribbons used in dot matrix printers during classified processing are exempted from security labeling. Multiple-strike dot matrix printer ribbons may remain in the printer (do not have to be stored in a safe) at all times, as long as the printer remains in a limited area within the Germantown or Forrestal buildings of the HQ. Single-strike ribbons used in dot matrix printers during classified processing are not exempted from security labeling--they must be labeled with the highest classification and most restrictive category of the data they are used to process. Single-strike (e.g., carbon film) ribbons must be removed from the printer and stored in a safe when not in use or when the system is unattended or being used in an unclassified mode. 10.4.6.2 All Other (Non-Dot Matrix) Printer Ribbons Non-dot matrix printer ribbons used in classified processing sessions will be marked with the highest classification level and most restrictive category of information for which the AIS is accredited to process. Non-dot matrix printer ribbons used during unclassified processing sessions (on sanitized AIS that have been accredited for classified processing) will be marked with "UNCLASSIFIED" or "SENSITIVE UNCLASSIFIED," as the case may be. 10.4.7 Toner Cartridges (Sanitized) toner cartridges may be left in laser printers until they are depleted without being marked with a classification label. Depleted toner cartridges that have been sanitized in accordance with the procedures stated in Paragraph 10.5.3 need not be marked as long as they have been sanitized and will be returned to non-cleared sources for reloading. 10.4.8 Color Printer - Color Transfer Rolls Some color printers use a color transfer roll in place of a ribbon or toner cartridge. Once used the information that has been printed can be read on the roll. For this reason separate rolls must be used during classified and unclassified operations. The roll used for classified information must be marked and protected as specified for single strike (carbon film) ribbons (see paragraph 10.4.6.1, above). When the classified roll is depleted and replaced it must be destroyed appropriately (see paragraph 10.4.13, below). 10.4.9 Media Storage All classified removable media, when not being used by the system (i.e., diskette/removable hard disk, CDs, ribbon(s), hard copy reports, etc.), will be stored in a security container that is approved for the highest classification level and most restrictive category of data stored on the media. 10.4.10 Classified Software Protection Media containing the operating and software systems used for classified processing sessions will be labeled and protected as appropriate for the highest level of classification and most restrictive category of information for which the AIS is accredited to process. When the accredited AIS is used for periods processing (for alternating classified and unclassified sessions), separate software systems must be maintained on separate media (removable hard drive, diskette, etc.); a classified version for use during classified sessions and an unclassified version for use during unclassified sessions. 10.4.11 Magnetic Media Sanitization Procedures Sanitization refers to the elimination of classified information from (declassification of) magnetic media to permit the reuse of the media at a lower classification level or to permit the release to uncleared personnel or personnel who do not possess the proper information access authorizations. There is currently no acceptable method for sanitizing magnetic media. Magnetic media that is unusable or no longer needed must be destroyed using the destruction procedures cited in paragraph 10.4.13. Magnetic media should be "cleared" before being released to the destruction process. Clearing procedures follow in the next paragraph. 10.4.12 Magnetic Media Clearing Procedures "Clearing" magnetic media refers to a procedure by which classified information recorded on the media is removed, but the totality of declassification is lacking. Clearing is a procedure used when the magnetic media will continue to be safe-guarded within the controlled environment. Magnetic media will be cleared by overwriting the media a minimum of one time with any one character. Verification of the overwrite process may be accomplished by random reread of the overwritten information to determine that only the overwrite character can be recovered. Cleared magnetic media may be reused or released for destruction; however, it will be marked and controlled at the level of the highest classification of data ever recorded. The programs "CLRDSK.EXE," "CLRDSKC.EXE," and "CLRDISK.COM," previously used to clear magnetic media are no longer approved for use at DOE Headquarters. The approved method to accomplish magnetic media clearing now uses Norton utilities for DOS (version 5.0 or higher) "WIPEINFO". This utility program offers much more flexibility than the CLRDSK programs. Options are available that allow either the entire disk to be cleared, specific files on the disk, the unused portions of disks, or the slack area of a disk. Another option is "Wipe Methods". There are two choices. FAST WIPE and GOVERNMENT WIPE. FAST WIPE satisfies the minimum DOE HQ requirements. Government wipe provides additional assurance by writing 0s (zeros) followed by 1s (ones) 3 times, then writing the character with the decimal value 246 one time. For more information on the WIPEINFO utility consult your technical support personnel, or the computer security support team 903-2106 or 903-0611 in Germantown or 586-5346 at the Forrestal building. 10.4.13 Destruction Procedures Specific destruction procedures can be found in chapter XI of the DOE Headquarters Facilities Master Security Plan. 10.4.14 Document (or Media) Accountability The definition for "documents" includes "AIS input and contents of equipment and/or media, including memory, punch cards, tapes, diskettes, removable hard disk drives, CD ROM, and visual displays." Magnetic media which is used in a sanitized, accredited computer when it is operating in the unclassified mode (the removable hard disk drive marked Unclassified is in the system) does not have to be placed in an accountability system. Removable magnetic media will be appropriately labeled as described in Paragraph 10.4.1, above. The space marked "Control:" on the optional SF 711, Data Descriptor Label, will contain the accountability control number for the diskette, if applicable. If SF 711 is not used, the control number will be written on the Standard Form classification label. Once magnetic media is appropriately marked with Secret labels, it will be entered into the accountable document inventory file, if applicable, maintained by the CSSO or classified document custodian. Accountable documents/media that are to be destroyed in accordance with procedures stated in Paragraph 10.4.13, will be annotated on DOE F 5635.9, "Record of Destruction." 10.5 System Sanitization The accredited AIS including all peripheral devices must be sanitized: before being left unattended, see paragraph 12.3 during periods processing: when ramping down from a session of higher level classification/category to a session of lower level classification/category. before being used by another U/SO who doesn't possess the same need-to-know. Before being repaired or sent off-site for repair by uncleared hardware technicians. 10.5.1 All AIS To sanitize the system, all media will be removed and stored in accordance with classified media storing specifications. System memory (to include the printer buffer and the buffers of any other peripheral devices) will be sanitized or purged of classified information (This is accomplished by turning off the power for the entire system including all connected peripheral devices and battery backup (if present on anything but clock-function chips or other printed circuit boards) for at least one minute). The system must then be rebooted with a separate copy of the software system that has been reserved for use during unclassified processing sessions only. 10.5.2 PPCs In addition to turning off external power (see 10.5.1 above), PPCs also must have the battery or power pack removed in order to sanitize memory. 10.5.3 Laser Printer Toner Cartridges For AIS connected to a Laser printer at least five pages of unclassified information will be printed to sanitize and clear classified residual information associated with the toner cartridge. The program LASERSAN.EXE, written and distributed by the CSSM to U/SOs through their CSSO, should be run to sanitize classified laser printers connected to MS-DOS-based computer systems. LASERSAN.EXE, when executed, generates five pages of printed, unclassified information to sanitize any residual data in the laser printer toner cartridge and provides on-screen instructions to the U/SO for completing the sanitization of the printer and computer system by turning off power for at least one minute. Because LASERSAN generates a set series of characters (starting with a random character and excluding spaces and solid black), a distinct pattern of unclassified characters is printed on each of the five pages. These pages are then visually reviewed by the U/SO to verify the absence of classified residual data on each of the five printed pages. If they contain classified information, they will be destroyed in accordance with the highest classification level and most restrictive category of data for which the AIS is accredited to process and the process will be repeated. In the event LASERSAN.EXE is not appropriate, the "TEST/FONT" function key on the main control panel of the laser printer can be used to produce these five pages (To print a "test" page, first press the "ON LINE" button once to switch the printer off line, then press the TEST/FONT button five times, once for each page of output. Finally, turn the printer off for at least one minute to clear any residual memory). These five pages will be reviewed to verify that they do not contain classified information before being destroyed as unclassified trash. If they contain classified information, they will be destroyed in accordance with the highest classification level and most restrictive category of data for which the AIS is accredited to process and the process will be repeated. Once sanitized, the laser printer toner cartridge may be released to unclassified channels for replenishment. Copies of the LASERSAN program may be acquired from the computer security support team 903-2106 or 903-0611 in Germantown or 586-5346 at the Forrestal building. The LASERSAN program and documentation may also be downloaded from the HR Home Page, whose URL is <http://www.hr.doe.gov/compsec/compsec.htm>. 10.5.4 Color Printer - Color Transfer Rolls To sanitize color printers that use the color transfer rolls, in addition to turning off the power to the printer, the transfer roll must be removed, marked with the proper security classification level, and stored in an approved security container. 10.6 Host Computer Access Controls U/SOs of AIS must use a valid user identification code (Userid) and password to authenticate their privilege to access an accredited host. U/SOs that require access to the HQ mainframe applications must first apply for issuance of userid and passwords by submitting DOE-F-1450.5, Request for Timesharing Services and LOGON ID and DOE-F-1450.5A, Certification of Timesharing LOGON ID Owner Responsibilities, through their office management, and through the application system owner (Data Owner), to the Team Leader, Germantown Integrated Services Team, HR-441. U/SOs that require access to LANs or other hosts must follow the application procedures for those computer resources. 10.6.1 User Identification Code and Password Controls. 10.6.1.1 HQ IBM Host AIS connected to the IBM ES/9000 host computer must be identified and authenticated through the use of userids' and passwords. Security on the host mainframe is highly dependent on the proper protection of the passwords used to access them. Password management is the responsibility of the mainframe CSSO. Password protection is the responsibility of the U/SO. Procedures for protecting passwords are described below. Initial passwords are machine-generated and issued to the new U/SO with the approval of the organizational CSSO, the mainframe CSSO, and the CSSM. The first time the U/SO logs on to the host system with the issued password, the U/SO is forced by the system to generate a new machine-generated password. This new password is known to no one other than the receiving U/SO. Under no circumstances may U/SOs create their own password. Passwords recorded by the U/SO shall be protected and marked in accordance with the procedures stated in the SA-123 (NN-512.3) Memorandum of May 3, 1993, regarding Protection of Combinations or Passwords. Under no circumstances may a password be shared with or disclosed to any other individual. No U/SO should be knowledgeable of another U/SO's password. If a password is compromised, or a compromise is suspected, notify the CSSO or the CSSM immediately. The System Administrator, HR-441, monitors password usage on a daily basis to reconcile access violation attempts and suspended or canceled userid and passwords. If reinstatement is required (e.g., forgotten password), notify the System Administrator, HR-441. 10.6.1.2 Other Accredited Hosts For reinstatement on other accredited hosts, follow procedures approved for that particular system. 10.6.2 Password Maintenance U/SOs are to notify the application owner and the System Administrator, HR-441, when the U/SO no longer requires the need for access to the HQ IBM host (i.e., when changing jobs, organizations, etc.) so that userid and password will be suspended. For other accredited hosts, follow their notification procedures. Use of passwords will conform to the guidance in DOE M 5639.6A-1, Attachment IX-2, Password Management. U/SOs will change their passwords in accordance with the host procedures. 10.6.3 IBM ES/9000 Host Computer Access Control Mechanisms (Implemented in Software) The add-on software security package, Access Control Facility 2 (ACF2), controls access to the accredited IBM ES/9000 host computer applications through the use of user identification codes and passwords. Before a U/SO can access this mainframe, the application system owner (Data Owner) must attest to the appropriateness of this U/SO's access and need to know in a request to the ACF2 system administrator. Through ACF2, the system administrator defines access levels down to the mini-disk level. ACF2 provides object protection and all passwords are stored in a one-way encrypted password file. Through ACF2, the system administrator controls access by terminal and/or port identification. Terminals and ports are logically disconnected based on terminal/port ID number, date, and time. 10.6.4 IBM ES/9000 Host Computer Access Control Mechanism (Implemented in Hardware Via STU-III Encryption Devices) Hardware-oriented access control devices have been installed at the HQ in the form of National Security Agency-approved encryption devices (STU-III SDD Model 1900/1910) at each end of the communications lines that connect accredited AIS to the accredited host computer. Each SDD is placed into a secure mode by the insertion and turning of a pre-approved and programmed crypto-ignition key device into the SDD terminal. In reverse, sanitization is performed by turning the crypto-ignition key in the opposite direction and removing it from the SDD terminal. The crypto-ignition key must be physically removed from the SDD before the accredited AIS can be sanitized/declassified and may not be inserted into the SDD during an unclassified session. The responsible user of the crypto-ignition key, who is also the U/SO of the AIS, is required to be cognizant of the location and status of the crypto-ignition key at all times. This may be accomplished by the user carrying the crypto-ignition key on his or her person when the crypto-ignition key is not physically inserted in the terminal during a classified session or placing it in an approved security container. All host-end SDDs used at DOE will utilize the Secure Access Control System (SACS), otherwise known as a "Good Guy" list. This system ensures that only the holders of authorized crypto-ignition keys and SDD terminals can access the SDDs physically connected to the accredited mainframe host computer. It further assures (since only host-end SDDs have the AUTO-ANSWER feature turned on) that terminal-end SDDs prevent access of the terminal AIS by other remote devices. 10.7 Property Removal Authorization A properly completed and approved DOE Property Pass must be presented to the security guard before exiting a HQ complex building with any Government/DOE piece of AIS equipment, diskettes, magnetic cartridges, or removable hard drive cartridges, unless specifically exempted from the requirement by written authority. Classified magnetic media can only be removed from the HQ complex by a person who has specific authority to hand-carry classified matter in accordance with Chapter XI, Paragraph 10 of the DOE HQ Facilities Master Security Plan. 10.7.1 Removal of Accredited PPCs Before an accredited PPC can be removed from the Headquarters complex for use to process classified information, the cognizant HSO must be consulted for requirements in addition to the ones specified in paragraph 10.7 above. Also see paragraph 7.1.5. 10.7.2 Removal for Repair Before removing an accredited PC, PPC, or peripheral device from the room where it is installed for off-site repair all "Approved for Classified" stickers or other markings that indicate use to process classified information must be removed. 10.8 Analog or Digital Audio/Video Recording Capabilities of AIS Microphones/Video Cameras in computers used in areas designated for classified or sensitive unclassified discussion must be disabled. Any exceptions to this policy that are needed to support extenuating conditions, (e.g., physically challenged) and then only with the employment of additional safeguards (e.g., soundproofing, etc.), will only be granted after the user first obtains a deviation in accordance with Paragraph 4.f. DOE 470.1, Safeguards and Security Program, paragraph dated 9/28/95 and then approval by the Classified AIS Security Site Manager prior to enabling. 10.9 New and Emerging Office Technology Some recently developed peripheral devices used with personal computers such as multi-function printers (i.e printers that can operate as FAX, optical scanners, as well as printers, internal and external modems that have voice capability) present a significant vulnerability in equipment to be used to process classified information. Many of these devices are equipped with internal secondary memory that is used to store information for diagnostic purposes to allow service technicians to quickly resolve problems. Another technology in wide use with PPCs is the wireless or infrared communications port used to interface with printers and other peripheral devices equipped with that technology. Wireless technology cannot be used when processing classified information. Before any equipment with these types of features can be used with an accredited AIS a deviation must be acquired in accordance with Paragraph 4.f DOE 470.1. See attachment 8. 11. WASTE, FRAUD, AND ABUSE 11.1 Definition and Reporting Incidents of waste, fraud, and abuse are to be reported in accordance with paragraph 14. The definitions are as follows: Waste - Misuse of computer time (i.e., games, private use, use of unauthorized software), or resources, whether intentional or not. Fraud - Illegal activities, including misrepresentation, personal gain, copyright violations. Abuse - Intentional alteration or destruction of software, hardware, or information. 11.2 Review of System Files by the CSSO A random sampling of files (100 percent of the files found on 10 percent of the systems assigned the CSSO is required) is to be reviewed and documented at least semiannually by the CSSO. Attachment 3A, Waste Fraud and Abuse Review Checklist for Accredited DOS Based Systems (applies only to Microsoft/IBM Disk Operating System-based systems, Attachment 3B applies to Macintosh systems), are provided for the CSSO's use in this purpose. This documentation is required to list the files reviewed, identify any corrective and follow-up action found to be necessary, and certify that the AIS contain only legitimate government information, programs, and proprietary software (authorized and licensed to the specific AIS). This documentation is to be retained by the CSSO for one year. Given the condition of a single system with the CSSO as the user, no Waste, Fraud, and Abuse or Compliance Reviews are required of the CSSO--random reviews conducted by the CSSM will suffice. 11.3 Unannounced Reviews by the CSSM During program compliance reviews, the CSSM reviews all evidence of the waste, fraud, and abuse checks that have been performed by the CSSO during the period prior to the review. Random, aperiodic reviews of program and data files on selected systems are also performed and documented by the CSSM. These reviews are unannounced. 11.4 Recognition of Copyrights and Licensing Agreements Each HQ Element shall ensure compliance with licensing agreements for software packages used on accredited AIS within their respective organization. Documentation of this compliance shall be maintained within the HQ Element and will be reviewed by the CSSM during (re)accreditation and other Classified Computer Security Program reviews. U/SOs must recognize and respect the copyright protection and licensing agreements applicable to commercially available software packages, and use the software accordingly. Copyright and licensing infringements are violations of Federal law. 11.5 Software Scan Program (SW-SCAN) SW-SCAN is a software program developed by Battelle Memorial Institute who operate the Pacific Northwest Laboratory for the DOE. The program was developed for the purpose of monitoring compliance with commercial software licensing agreement requirements. SW-SCAN is itself copyrighted by Battelle. DOE Headquarters has been granted use of the program to monitor software licensing compliance. Copies of SW-SCAN may be obtained from the CSSM computer security support team 903-2106 or 903-0611 in Germantown or 586-5346 at the Forrestal building. 12. RISK ASSESSMENT A qualitative risk assessment has been performed for AIS at the Germantown and Forrestal facilities. This assessment is general in nature because it encompasses all AIS within these facilities. The level of protection provided each AIS is based on the U/SOs knowledge of the security procedures detailed in this plan. 12.1 Threat Identification The following table (continued on next page) identifies some specific threats to accredited AIS, their probability of occurrence rating (i.e., Low, Moderate, High), the impact of an occurrence, and implemented countermeasures. THREAT PROB IMPACT COUNTERMEASURE Fire Low High Fire extinguishers, some areas protected by fire suppression systems. Power Disturbances Low Low Systems protected by surge protection devices Power Outages High Low U/SOs are required to backup data on a regular basis. Water Damage Low Low Construction of building and placement of AIS negates water damage. Malicious Authorized U/SOs Low Low All U/SOs processing classified have security clearances and have been trained in the protection of classified information and the systems that process classified information. Covert Action Low Low Building guards, visitor controls, and use of approved safes for document, removable magnetic media, and ribbon storage. Limited Security Areas with electronic and combination locks control access. Hardware and software procurement, installation, and support cannot be targeted to accredited AIS. Casual Visitors Low Low Posted signs for classified processing, room divider around accredited systems in some rooms, visitor controls, magnetic media removed during non-use periods, 3-way combination locks and limited security areas control access. Emanation Low Low Use of TEMPEST-protected or other DOE-approved low-emanation equipment. Natural Hazards Low Low Inherently secure/safe building. System Abuse Low Low Monitoring by supervisor and the CSSO. Personnel security briefings. Regular Waste, Fraud, and Abuse surveys. Physical Damage to Portable PCs High Low Portability of laptop computers make them vulnerable to damage from being dropped. Padded carrying cases and removable hard disks reduce the risks substantially. Theft of Portable PCs Moderate High Portable PCs are vulnerable to theft. This threat is reduced by encrypting the files on the removable hard disks and diskettes, storing PPCs and removable magnetic media in approved security containers, and user vigilance. 12.2 Asset Identification All items of AIS equipment and operating systems software are considered low value assets. Each equipment and operating system asset will be identified in the Individual Security Plan. The information files (to include such files as data, query routines, or application software) processed on these systems may be of higher value; therefore, U/SOs have been cautioned to protect their information investment by performing regular backups and storing them at a prudently safe distance from their primary working copy. 12.3 Summary of Qualitative Risk Assessment The qualitative threat identification chart, paragraph 12.1, depicts the risk management technique used to identify and counter all known and potential threats. Based on the analyses of these threats and the fact that all classified processing is performed within DOE Security Areas, the protection mechanisms implemented for these areas are deemed sufficient for the low value assets covered by this plan. Except for AIS located in vaults approved for open storage of classified information, see Chapter II of DOE M 471.2-1 Manual for Classified Matter Protection and Control for specific guidance on the control of all classified media. All classified media must be controlled (if necessary) by document-accountability procedures. The protection mechanisms implemented within the Security Areas for the protection of documents have been evaluated by the CSSM and deemed sufficient for the protection of the information processed. A risk assessment conducted of the AIS procurement, installation, support functions, processes, and procedures indicated a low risk associated with the threat of targeting specific hardware or software for covert action. 13. TRAINING 13.1 CSSOs All CSSOs are required to attend the CSSO Training Class provided by the CSSM. As a minimum, the CSSOs will provide the following instructional material to each U/SO. Master AIS Security Plan. The CSSO and U/SO must retain a copy of the currently approved Master AIS Security Plan for AIS at their respective systems. These copies may be maintained in an electronic format (as a data file), in lieu of maintaining a printed copy. Electronic copies of the Plan and its attachments (blank forms) may be obtained by calling the CSSM. DOE/MA-0427, "Computer Security Guide For Users." Personal Computer Security Quick Reference Guide. 13.2 U/SOs All classified AIS U/SOs are responsible for reading the documents cited above. Personnel who receive a userid for the mainframe will receive training through the automated security briefing resident on the system. A PC-DOS based version of the automated security briefing is installed on the individual AIS as a part of the initial software loading by the Microsystems Support personnel. This PC version steps the U/SO through standard security procedures for the protection of their systems. Each responsible U/SO will read the Master AIS Security Plan for AIS annually. The responsible U/SO will, also annually, sign Attachment 1, Annual AIS User/Security Officer Acknowledgment of Compliance Responsibilities, accepting responsibility for the security of their assigned AIS. Every DOE and DOE Contractor Employee at the HQ has been issued a copy of DOE/MA-0427, Computer Security Guide for Users. This guide discusses personnel, software, physical, telecommunications, and administrative security for HQ AIS. 13.3 Computer Security-Trained Escorts. To qualify as a computer security-trained escort, the candidate must have received all the training listed in the previous paragraph for U/SOs and must have attended a viewing of the DOE-produced video "The Outsider." (THIS PAGE INTENTIONALLY LEFT BLANK) 14. INCIDENT REPORTING In order to thwart deliberate and/or malicious acts (i.e., equipment tampering, Trojan horses, virus programs) directed at AIS, all personnel utilizing DOE AIS resources will observe the following procedures for reporting any perceived attacks. Also, any occurrence of a security infraction or of waste, fraud, and abuse, as defined in paragraph 11 above, will be reported using the procedures below. These procedures will permit each U/SO to properly report potentially damaging incidents. By initiating the following actions in a timely manner, U/SOs may assist in controlling and limiting the damage that may be caused by an incident. 14.1 Incident Recognition by U/SO Upon noticing or suspecting unusual or uncharacteristic performance from your system, suspend processing on the affected system. Attempts to determine the cause through use of the system may distort or destroy any evidence investigators might need to identify and/or correct the situation. 14.2 Notification Procedures U/SOs are to immediately notify, through secure means (e.g., face-to-face, encrypted voice), the responsible CSSO (and/or Alternate CSSO) of the affected system concerning the possibility of a successful threat occurrence. This will allow the CSSO to immediately begin a preliminary inquiry and notify other potential targets, thereby limiting further potential damage. If the CSSO or Alternate is not readily available, call the CSSM. During non-business hours, if the incident involves the HQ mainframe the U/SO should call the CSSO on duty at the Computer Center in Germantown (3-4437). Minor incidents associated with the use of AIS (generally those whose adverse impact can be contained within the authority and responsibility of the CSSO) need not be reported to the CSSM, but are to be documented, investigated, and resolved by the CSSO. Incidents whose scope and adverse impact extend beyond the authority and responsibility of the CSSO (e.g., LAN or mainframe connectivity is involved) are to be communicated to the CSSM as soon as practical. The intent is to coordinate efforts to limit the potential damage which could be incurred. 14.3 Documentation and Review After incident notification, the U/SO will annotate the following information, if known, for use by security personnel. a. Time of Occurrence b. Source of Problem (e.g., imported software, diskette/hard disk drive, etc.) c. Nature of the Incident - explain what happened prior to and during the occurrence. d. The U/SO should review Chapter VI, Headquarters Incident Reporting Procedures, in the CSSO Guidelines for more guidance. 15. CONTINGENCY PLANNING In general, AIS equipment assets are low cost, easily replaceable items. However, contingency planning is addressed for all systems that process classified information, as follows. 15.1 Critical Resources It is the responsibility of the U/SO to identify any hardware configuration or software system that is considered critical for the successful completion of the DOE mission. If a system is designated as critical, backup procedures and matching system configurations must be identified in writing to ensure continuity of operations. Additional procedures, specific to the critical system, will be identified in the Individual Security Plan for the critical system. These procedures must be tested annually. All AIS identified as critical will be backed up by the U/SO once a week, at a minimum, and the backup media will be stored at an alternate location that is reasonably distant from the primary processing and information storage site. 15.2 Non-Critical Resources All non-critical systems will be backed up by the U/SO on a regular basis to assure a continuity of the operations that support the conduct of the DOE mission. (THIS PAGE INTENTIONALLY LEFT BLANK) 16. ESCORT PROCEDURES Visitors (cleared, but without a need-to-know, or uncleared) to office areas where accredited AIS are present must be escorted in accordance with DOE Headquarters Facilities Master Security Plan and may not be permitted physical access to accredited AIS or to view classified information. In addition, escorts for visitors who are going to have access to the inside of an accredited computer (uncleared repair technician) must be computer security-trained in accordance with paragraph 13.3 of this plan. (THIS PAGE INTENTIONALLY LEFT BLANK) 17. INTERIM OPERATING PROCEDURES The following procedures govern the operations of accredited AIS in the interim periods during updates or changes to their environment. The environment of an accredited AIS encompasses those items of hardware and software listed in Attachment 5; the location of the AIS; the assigned U/SO; and, the approved security controls in place at the time of the current accreditation. Interim reaccreditation is granted for a period of 15 work days only for those systems previously accredited and only under the following conditions: U/SO Changes, Hardware replacement with similar equipment, Software changes, or System relocations. Interim accreditation begins when the change is effected (e.g., hardware has been reinstalled at the new location). If not reaccredited in these 15 work days, the system will be considered unaccredited and will only be authorized to process unclassified information. (THIS PAGE INTENTIONALLY LEFT BLANK) 18. REMOTE DIAGNOSTIC SERVICES Remote diagnostic services are not permitted on accredited systems. (THIS PAGE INTENTIONALLY LEFT BLANK) 19. SYSTEM SECURITY TESTING Each AIS installation is separately accredited and, as a part of the accreditation process, is reviewed for compliance with this Master AIS Security Plan and its associated Individual Security Plan. Attachment 4 presents a brief security compliance checklist that is used as an aid in the compliance review process. The accrediting official has determined that compliance reviews adequately test the security implemented for each. (THIS PAGE INTENTIONALLY LEFT BLANK) 20. ACQUISITION SPECIFICATION DOE and DOE Contractor organizations shall ensure that appropriate technical, administrative, physical, and personnel security requirements are included in specifications for the acquisition of hardware, software, or related services to be utilized in a classified environment. The CSSM will be included in the planning process for any new hardware or software procurement or developments that apply to classified in the DOE HQ environment. (THIS PAGE INTENTIONALLY LEFT BLANK) Attachment 1 ANNUAL AIS USER/SECURITY OFFICER ACKNOWLEDGEMENT OF COMPLIANCE RESPONSIBILITIES U/SO's Initials 1. _____ I have read the Master AIS Security Plan and am familiar with its contents. I have also read DOE/MA-0427, Computer Security Guide for Users, and the Personal Computer Security Quick Reference Guide. 2. _____ I am aware of my responsibility for knowing what constitutes a security infraction and the procedures for responding to an infraction. 3. _____ I am aware of my responsibility for reporting any incidents of data intrusion or other security-related events to the Classified Computer System Security Officer (CSSO) in accordance with current DOE and local policy. 4. _____ I am aware that, when the system is to be left unattended, accredited systems must be sanitized, and that classified computer media, such as removable hard drives, diskettes, compact disc (CD ROM), cassettes, single-strike printer ribbons, and printed output must be locked in a DOE approved security container. 5. _____ I am aware that individual userids and passwords must be unique, are intended only for the assigned user, and may not be shared with anyone else. I am responsible for protecting passwords and records of passwords used with classified AIS at the highest level and most restrictive category approved for the AIS. 6. _____ I am aware that users of classified systems are to prevent (to the extent possible) unauthorized persons from entering the work area during classified processing and that the AIS must be positioned so that it cannot be viewed from outside the processing area (i.e., in view from open doors or uncovered windows). I am further aware that users must logoff of classified AIS and remove and properly store all media prior to leaving the system unattended. 7. _____ I am aware that all data should be backed up periodically to preclude the need for extensive reconstruction of files following a system failure or emergency. I am also aware that, ideally, these files should be stored in a separate remote location. 8. _____ I am aware that classified media and printed output and their covers or containers must bear appropriate classification markings that indicate the highest level of data contained therein. I am further aware of my responsibility to follow Document (or Media) Accountability Procedures located in Paragraph 10.4.14 of the Master AIS Security Plan . 9. _____ I am aware that removable hard drives, diskettes, CD ROM, cassettes, tapes, toner cartridges, printed output, and printer ribbons used for classified processing must be sanitized, declassified, and/or destroyed according to the policies, practices, and procedures listed in Paragraph 10.4 of the Master AIS Security Plan. 10. _____ I am aware of and will comply with the procedures specified in the Master AIS Security Plan sections 5.5.1 & 5.5.2 regarding system sanitization and proper transition between LAN connections and stand-alone processing. 11. _____ I am aware of my responsibility to continually improve security. Through my daily interaction with a system, I am able to detect weaknesses and vulnerabilities within the system. I will make a conscientious effort to express ideas on enhancing security to the designated Classified AIS Security Officer. 12. _____ I am aware that, as a U/SO of Department of Energy systems, I must ensure that the equipment is used only for job related processing and that all other uses are prohibited. I am aware that I am subject to periodic review for compliance and audit for waste, fraud, and abuse by the CSSO, CSSM, and other internal and external auditing agencies (i.e., IG, GAO, etc.). 13. _____ I am aware that electronic equipment, antennas, etc., may not be placed in the immediate proximity of the classified AIS without being listed and approved by the CSSM in the Individual AIS Security Plan. I am also aware that any modifications to the AIS, either in addition to or deletion of hardware or software, may not be performed without the prior approval of the CSSO. 14. _____ I am aware that only DOE-authorized software may be used on an accredited AIS. I will abide by any licensing agreements applicable and am aware that any software copyright and licensing infringements are violations of Federal law. * In addition to the statements above, users of portable personal computers must attest to statements 15 through 22. 15. _____ I am aware that before I can use a PPC to process classified information in an area at the Germantown or Forrestal buildings, but outside the jurisdiction of my CSSO, I must have the approval of the CSSO who has jurisdiction over the area. 16. _____ I am aware that before I can use a PPC at a facility other than the Germantown or Forrestal buildings, the PPC must be accredited by the Designated Accrediting Authority (DAA) for the facility I am visiting. 17. _____ I am aware that classified removable hard disk must be transported separately from the portable computer in accordance with the requirements stated in the DOE Headquarters Facilities Master Security Plan, Chapter XI Classified Matter Protection and Control. 18. _____ I am aware that portable computers may not be used to process classified information except in (1)an approved vault or vault-type room, (2) a limited area, or (3) an exclusion area. 19. _____ I am aware that classified documents must be encrypted when stored on magnetic media to provide need-to-know protection. 20. _____ I am aware that I must carry the Computer Validation Card for the PPC assigned to me when ever the PPC is in my possession. 21. _____ I am aware that I must turn off all electrical power sources including physical removal of the battery in order to sanitize the PPC. 22. _____ I am aware that PPCs are highly vulnerable to theft and must be given appropriate protection when in my possession, especially in public places. I have read the above statements and understand my responsibilities for protecting classified systems and information as indicated by my initials. I am aware that I am required to review, initial, and resign this form annually no later than the anniversary date as indicated next to my signature below. U/SO: ____________________________________________ __________________________________________ ____/____/____ Printed Name Signature Date Instructions The purpose of this form is to provide a documented means of insuring that each U/SO is aware of his/her responsibilities for processing classified information on an AIS. This form contains a series of statements, for which the U/SO will initial each to indicate that he/she understands and acknowledges his/her responsibilities. This will be done annually (not later than 1 year from the date signed on the previous form) by each U/SO to provide a refresher to the U/SO of his/her responsibilities. After the U/SO has completed this form (all the statements are initialed) and the CSSO is confident that the U/SO understands his/her responsibilities, then the CSSO may allow the U/SO to perform classified processing on an accredited AIS. This form is not required to be submitted with the accreditation/reaccreditation package to the CSSM, but will be reviewed by the CSSM representative when a site or compliance review is held. The CSSO will retain the original of this form until replaced by the next annual form completion and provide a copy of same to the U/SO for reference purposes. Attachment 2 STU-III SV/DS User Log for Classified Data Processing Location: __________ Room No.: __________ STU-III Serial No.: __________ (GTN, FORS) DATE TIME OF USE DISTANT END NAME AND LOCATION CLASSIFICATION LEVEL CATEGORY TRANSMITTED/ RECEIVED USER SIGNATURE STU-III SV/DS User Log for Classified Data Processing - Instructions This attachment demonstrates the form used to log users utilizing a STU-III SV/DS to transmit classified data processing. This form records the room and building location of the STU-III as well as the serial number of the STU-III. Each user must record the date and time of use, the name and location of the distant end, the level of classification, category, whether it was transmitted or received, and the user signature. Attachment 3 WASTE, FRAUD, AND ABUSE REVIEW CHECKLIST FOR ACCREDITED DOS BASED PERSONAL COMPUTERS SYSTEM ID: HQ-_______(Assigned by CSSM) DOE NO._______________ DATE:______/______/______ ORGANIZATION:____________________________ EQUIP:_______________________ LOCATION: BUILDING______________________ ROOM NO. ____________________ U/SO: NAME:________________________________________ SIGNATURE:______________________________________ CSSO: NAME:_______________________________________ SIGNATURE:______________________________________ Reviewed BY: _____________________________________ SIGNATURE:______________________________________ ORG:_______________________________ DATE:_____/_______/______ PROCEDURES: Perform the following on both CLASSIFIED and UNCLASSIFIED removable hard disk or fixed hard disk assigned to systems that are accredited to process CLASSIFIED information: 1. Prior to reviewing each hard drive, perform the Disk Operating System change drive function at the Disk Operating System prompt ["C:" press Enter]; ["D:" press Enter]; ["E:" press Enter]; ["F:" press ENTER]; etc. until "invalid drive specification" is displayed. This will determine the logical drives assigned to each physical drive. Annotate the assigned logical drives by circling the appropriate selections below. Prior to performing the following functions, change to the specified drive that you wish to review by entering ["C:"; "D:"; etc. then press Enter key]. Drive Type: Removable / Fixed / Other:_______________________________ Security System: None / Package Name:__________________________________________ UNCLASSIFIED Drives assigned: C: D: E: F: None Other_________ CLASSIFIED Drives assigned: C: D: E: F: None Other_________ 2. On each logical drive run the Disk Operating System Utility program CHKDSK, or SCANDSK. [ "CHKDSK or SCANDISK /V |MORE" press ENTER ]* *note ('|' pipe; uppercase backslash, not ':' colon) (should the program not execute press Ctrl/C to invoke). The CHKDSK or SCANDISK utility will list all file names (including hidden files) by screen page. Press "Enter" after reviewing each page. Validate that there are no unauthorized software packages, games, or personal files on the system, and that the system appears used for performing only DOE related functions. If a "suspicious" file name is discovered, review the file by either executing (if an executable file with .EXE, .COM, .SYS extension [Key the entire filename and press Enter]) or by performing the Disk Operating System Utility TYPE command on text files. ["TYPE filename" press Enter]. Document the findings in the FINDINGS Section of this form. 3. (Optional or as required at reviewers discretion) Using the DOS UNDELETE command or a current copy of NORTON UTILITIES program software, run the utility "UNERASE" (["UNERASE" press ENTER] and follow the menu-driven instructions) to validate any previously erased software. Document the findings in the FINDINGS Section of this form. (If this function is performed in classified mode, the diskette must be appropriately labeled and treated accordingly. It may not then be used in UNCLASSIFIED mode. If the NORTON diskette copy is left with the CSSO because it is classified for destruction purposes then the programs on the diskette must first be erased for protection against licensing infringement).FINDINGS: UNCLASSIFIED ASSIGNED DRIVE C: D: E: F: Other:______ Total Files: ___________ ___________ ____________ ___________ ____________ Total Hidden Files: ___________ ___________ ____________ ___________ ____________ Evidence of waste, fraud, or abuse (Y/N) (Y requires remarks): ___________ ___________ ___________ ___________ ____________ CLASSIFIED ASSIGNED DRIVE C: D: E: F: Other:________ Total Files: ___________ ___________ ___________ ___________ ____________ Total Hidden Files: ___________ ___________ ___________ ___________ ____________ Evidence of waste, fraud, or abuse (Y/N) (Y requires remarks): ___________ ___________ ___________ ___________ ___________ Further action required: (Y/N) ____________ REMARKS: Attachment 3M WASTE, FRAUD, AND ABUSE REVIEW CHECKLISTFOR ACCREDITED MACINTOSH COMPUTERS SYSTEM ID: ___________ (Assigned by CSSM) DOE NO.________________ DATE:_____/_____/_____ ORGANIZATION:_________________________________ EQUIP:___________________________________ LOCATION: BUILDING___________________________ ROOM NO.________________________________ U/SO: NAME:________________________________ SIGNATURE:__________________________________________ CSSO: NAME:_______________________________ _______ SIGNATURE:__________________________________________ Reviewed BY: NAME:_________________________ SIGNATURE:__________________________________________ ORG:________________________ DATE:______/______/______ GENERAL INSTRUCTIONS: 1. To open a drive, folder, or file, double click on it at the desktop. 2. To close files, quit the program, (quit from the file menu). 3. To close windows to folders and drives, either click once in the close box on the left corner of it's title bar, or select the window and then select close ( W) from the file menu. 4. Anything that is not a drive or a folder is either a file or a program. We want to check all files by looking through all of the folders (sub- folders, etc.) open each file and review it. Then close it without save changes if prompted. DRIVE TYPE: REMOVABLE / FIXED DRIVE / OTHER:________________ SECURITY SYSTEM: _________________________ NONE FINDINGS: UNCLASSIFIED: Total Files:________ CLASSIFIED: Total Files:________ Is there any evidence of waste, fraud, or abuse? Enter Y or N in the appropriate box(s) below. (Y requires remarks): UNCLASSIFIED: [ ] CLASSIFIED: [ ] FURTHER ACTION REQUIRED: [ ] REMARKS: (THIS PAGE INTENTIONALLY LEFT BLANK) Attachment 4 SECURITY REVIEW CHECKLIST FOR PERSONAL COMPUTER CERTIFICATION SYSTEM ID: HQ-________(CSSM WILL ASSIGN) DATE:_____/_____/_____ ORGANIZATION:______________________ LOCATION: BUILDING:__________________________ ROOM NUMBER:__________________ PRINTED NAME SIGNATURE DATE U/SO CSSO REVIEWED BY CSSM STAFF REACCREDITED BY CSSM John E. Staley NUMBER OF "APPROVED FOR CLASSIFIED" STICKERS REQUIRED:_________ QUESTIONNAIRE YES NO 1. IS THE CERTIFICATION DOCUMENTATION COMPLETE AND ACCURATE? 2. IS THE SYSTEM LOCATED (OR STORED AND USED IF PORTABLE) IN A LIMITED AREA (WITHIN SECURITY ISLANDS OR IN OFFICES LOCKED WITH DOE-APPROVED LOCK? 3. ARE LIMITED AREA WARNING SIGNS AVAILABLE FOR THE DOORS LEADING TO THE ROOMS WHERE CLASSIFIED SYSTEMS ARE LOCATED? 4. ARE DOE/DP-00181/1, DOE COMPUTER/TERMINAL SENSITIVE DATA WARNING SIGNS (CLASSIFICATION LEVEL FLIP CHART SIGNS) AVAILABLE FOR THE SYSTEM? 5. IS THE U/SO AWARE OF THE CLASSIFIED DOCUMENT/MEDIA MARKING LABELLING PROCEDURES AND IS THERE EVIDENCE OF ADEQUATE SUPPLIES OF LABELLING STOCK? IF THIS IS A REACCREDITATION REVIEW, IS THERE EVIDENCE OF PREVIOUS COMPLIANCE WITH MARKING/LABELLING PROCEDURES? 6. IS THE U/SO AWARE OF THE PROPER PROCEDURES FOR COMPLYING WITH CLASSIFIED DOCUMENT/MEDIA ACCOUNTABILITY REQUIREMENTS? IF THIS IS A REACCREDITATION REVIEW, IS THERE EVIDENCE OF PREVIOUS COMPLIANCE WITH ACCOUNTABILITY REQUIREMENTS? 7. HAS THE U/SO READ DOE/MA-0427, COMPUTER SECURITY GUIDE FOR USERS? 8. IS RED/BLACK SEPARATION IN COMPLIANCE, OR IF SYSTEM IS A PORTABLE IS THE U/SO AWARE OF AND COMPLY WITH RED/BLACK SEPARATION REQUIREMENTS WHEN USING SYSTEM? 9. IS THE U/SO KNOWLEDGEABLE OF BACK-UP PROCEDURES, AND, IF THIS IS A REACCREDITATION REVIEW AND APPLICABLE, ARE SYSTEMS DATA AND PROGRAMS ADEQUATELY BACKED-UP? 10. IS THE SYSTEM MAINTAINED AND SUPPORTED BY HR-4 (OR, IF SYSTEM IS NOT MAINTAINED AND SUPPORTED BY HR-4, HAVE MAINTENANCE PROCEDURES BEEN APPROVED BY THE CSSM AND INCLUDED IN THE INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN?)? 11. ARE WRITTEN PROCEDURES IN PLACE TO MONITOR AND DOCUMENT COMPLIANCE WITH LICENSING AGREEMENTS FOR EACH SOFTWARE PACKAGE USED ON THE SYSTEM? IF THIS IS A REACCREDITATION REVIEW IS THERE EVIDENCE THAT PROCEDURES ARE BEING FOLLOWED? 12. IF THE SYSTEM CONTAINS AN INTERNAL OR EXTERNAL NON-ENCRYPTING MODEM OR FAX/MODEM TO PROCESS UNCLASSIFIED INFORMATION DOES THE U/SO HAVE A SIGNED STATEMENT OF SECURITY RISK? QUESTIONNAIRE (CONTINUED) YES NO 13. IF THE SYSTEM IS EQUIPPED WITH AN INFRARED PORT HAS IT BEEN DISABLED? 14. IF THE SYSTEM IS NOT LOCATED IN A VAULT THAT IS APPROVED FOR OPEN STORAGE OF CLASSIFIED MATTER, HAS THE INTERNAL FIXED HARD DISK BEEN REMOVED? 15 IF THE SYSTEM IS EQUIPPED WITH A MICROPHONE, HAS IT BEEN REMOVED OR OTHERWISE DISABLED? 16. IS THE SYSTEM CONNECTED TO A CLASSIFIED AND/OR UNCLASSIFIED LAN, AND IF SO IS THE CONNECTION THROUGH AN APPROVED MECHANICAL SWITCH? 17. IF THE SYSTEM IS NOT CONNECTED TO A CLASSIFIED LAN AND/OR AUTHORIZED FOR TRANSMITTING CLASSIFIED INFORMATION USING A STU-III TYPE DEVICE, HAS ALL COMMUNICATION SOFTWARE, INCLUDING ALL MAIL COMMUNICATION SOFTWARE BEEN ELIMINATED FROM THE CLASSIFIED REMOVABLE HARD DRIVE? NOTE: THE FOLLOWING QUESTIONS MAY NOT BE APPLICABLE TO THE SYSTEM BEING REVIEWED. IF NON-APPLICABLE, ENTER N/A IN THE "YES" COLUMN. 18. IS THE U/SO AWARE OF THE APPROVED METHOD AND FREQUENCY FOR SANITIZING LASER PRINTER TONER CARTRIDGES 19. IF APPLICABLE, IS THE U/SO AWARE THAT THE COLOR TRANSFER ROLLS USED IN SOME COLOR PRINTERS MUST BE REMOVED, MARKED AS CLASSIFIED AND STORED IN AN APPROVED SECURITY CONTAINER WHEN THOSE PRINTERS ARE UNATTENDED? 20. IF APPLICABLE, AND IF THIS IS AN INITIAL CERTIFICATION REVIEW, IS THE U/SO AWARE OF PROCEDURES FOR USING A STU-III SV/DS OR SDD FOR DATA COMMUNICATIONS? IF APPLICABLE, AND THIS IS A REACCREDITATION REVIEW, IS THERE EVIDENCE OF COMPLIANCE WITH THE PROCEDURES? 21. IF THE AIS USES FIXED MAGNETIC STORAGE MEDIA (DESKTOP Pcs ONLY), OR IF THE AIS IS LOCATED, STORED AND/OR USED IN AN APPROVED VAULT, IS THERE EVIDENCE OF CERTIFICATION FROM THE HEADQUARTERS OPERATIONS DIVISION (NN-514) DOCUMENTING THEIR APPROVAL FOR OPEN STORAGE OF CLASSIFIED INFORMATION? 22. IF THE COMPACT DISC DRIVE HAS THE CAPABILITY TO RECORD, IS THE U/SO AWARE OF THE MARKING POLICIES FOR CD'S? 23. IF THIS IS A REACCREDITATION REVIEW, AND IF THEY ARE USED ON THIS SYSTEM, ARE NON-DOT MATRIX PRINTER RIBBONS MARKED WITH THE HIGHEST CLASSIFICATION LEVEL AND MOST RESTRICTIVE CATEGORY OF INFORMATION THAT IS PRINTED? 24. IF THIS IS A REACCREDITATION REVIEW, IS DOCUMENTATION OF WASTE, FRAUD, AND ABUSE CHECKS ON FILE WITH THE CSSO? SECURITY REVIEW CHECKLIST FOR PERSONAL COMPUTER CERTIFICATION INSTRUCTIONS THIS FORM IS PROVIDED TO AID THE U/SO IN DOCUMENTING HIS OR HER ASSURANCE THAT THE AIS BEING REVIEWED IS CERTIFIABLE AS MEETING ALL THE APPLICABLE AIS SECURITY REQUIREMENTS NECESSARY TO PROCESS CLASSIFIED INFORMATION IN A SECURE ENVIRONMENT. THE CHECKLIST CONTAINS A SERIES OF QUESTIONS, FOR WHICH YES OR NO ANSWERS WILL SUFFICE. ALL OF THE QUESTIONS APPLY, AND EACH MUST BE ANSWERED IN THE AFFIRMATIVE BEFORE THE SECURITY OF THE AIS CAN BE CERTIFIED BY THE CSSO TO THE CSSM. WHEN ALL OF THE QUESTIONS HAVE BEEN ANSWERED IN THE AFFIRMATIVE, AND THE U/SO AND THE CSSO ARE SATISFIED THAT ADEQUATE PROTECTION HAS BEEN PROVIDED FOR THE SECURITY OF THE SYSTEM, THE SIGNED AND DATED FORM MUST BE FORWARDED IN A PACKAGE, ALONG WITH THE INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN AND OTHER APPLICABLE DOCUMENTATION TO THE CSSM, HR-441/GTN. REGARDING QUESTION 1, APPLICABLE DOCUMENTATION INCLUDES THE CURRENT, APPROVED DOE HQ MASTER AIS SECURITY PLAN AND COPIES, SIGNED WHERE NECESSARY, OF THE FOLLOWING ATTACHMENTS: ATTACHMENT 1 - ANNUAL AIS U/SO ACKNOWLEDGEMENT OF COMPLIANCE RESPONSIBILITIES. ATTACHMENT 4 - THIS SECURITY REVIEW CHECKLIST FOR PERSONAL COMPUTER CERTIFICATION. ATTACHMENT 5 - INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN. ATTACHMENTS 2, AND 3 ARE NOT REQUIRED TO DOCUMENT THE INITIAL CERTIFICATION OF THE AIS, APART FROM THE FACT THEY ARE PRESENT AS ATTACHMENTS IN THE MASTER AIS SECURITY PLAN. INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN SYSTEM ID: HQ-________ (ASSIGNED BY CSSM) DATE OF PLAN:_____/_____/_____ "I"NITIAL ACCREDITATION:______ "R"EACCREDITATION:______ "D"ECOMMISSIONED______ Effective Date:____/____/____ CSSO's Signature_____________________________________ Please note: All section must be completed. Use bond paper for continuation, as required. SECTION I. PERSONAL INFORMATION NAME ORGANIZATIO N MAIL STOP TELEPHONE NUMBER I-1. CSSO I-2. ALTERNATE CSSO I-3.USER/SECURITY OFFICER I-4. LOCATION, BUILDING: ROOM NUMBER: SECTION II. SYSTEM IDENTIFICATION II-1. TYPE OF PERSONAL COMPUTER: DESKTOP (PC):______ PORTABLE (PPC):______ II.2. CLASSIFICATION LEVELS AND AMOUNTS UNCLASSIFIED % S/RD % S/FRD % S/NSI % C/RD % C/FRD % C/NSI % II-3. EQUIPMENT CONFIGURATION IDENTIFICATION: DOE PROPERTY TAG NUMBER (CPU ONLY):_______________ MANUFACTURER COMPLETE MODEL NUMBER MANUFACTURER COMPLETE MODEL NUMBER CPU: PRINTER: PLOTTER: SCANNER: OTHER: OTHER: II-4. EQUIPMENT CONFIGURATION (YES, IF PRESENT. NO, IF NOT) FIXED HARD DRIVES: REMOVABLE HARD DRIVES: READ ONLY COMPACT DISC DRIVE: PCMCIA CARDS (ATTACH LIST): MULTIMEDIA: RECORDABLE COMPACT DISC DRIVE: THE FOLLOWING ARE TO BE USED FOR UNCLASSIFIED PROCESSING ONLY INTERNAL FAX/MODEM: EXTERNAL MODEM: A/B SWITCH: (SHOW MODEL NUMBER) II-5. SOFTWARE IDENTIFICATION: TYPE OF SOFTWARE TITLE VERSION OPERATING SYSTEM SECURITY SYSTEM COMMUNICATIONS SECTION III. INTERCONNECTION INFORMATION III-1. IS THE AIS CONNECTED TO ANY OF THE FOLLOWING? YES NO (A) HQ IBM ES/9000 CLASSIFIED HOST VIA SDD? (B) LIMITED NONSCHEDULED CLASSIFIED DATA TRANSMISSIONS VIA STU-III SV/DS? (IF YES, STU-III MANUFACTURER IS:____________________________________________________________ HIGHEST CLASSIFICATION LEVEL AUTHORIZED IS: (C) CLASSIFIED LAN? IF YES, WHICH ONE(S)? (D) OTHER CLASSIFIED SYSTEM? IF YES, IDENTIFY SYSTEM AND IT'S SECURITY PLAN (E) UNCLASSIFIED LAN? IF YES, WHICH ONE(S)? (F) OTHER UNCLASSIFIED CONNECTIVITY? IF YES, IDENTIFY NOTE: IF EITHER (E) OR (F) ABOVE IS "YES", SYSTEM CONFIGURATION MUST INCLUDE AN A/B SWITCH FOR A POSITIVE DISCONNECT WHEN PROCESSING CLASSIFIED INFORMATION. SECTION IV. ADDITIONS TO THE DOE HQ MASTER AIS SECURITY PLAN IV-1. STATEMENT OF THREAT IV-2. RISK ASSESSMENT IV-3. CONTINGENCY PLAN IV-4. COMMENTS SECTION V. DEVIATIONS FROM THE DOE HQ MASTER AIS SECURITY PLAN V-1. MASTER PLAN REFERENCE(S) V-2. ALTERNATE PROCEDURE(S) SECTION VI. CERTIFICATION/ACCREDITATION SIGNATURES BY SIGNING BELOW, THE FOLLOWING OFFICIALS ASSURE A FULL UNDERSTANDING OF THEIR RESPONSIBILITIES AS PRESCRIBED IN THE MASTER AIS SECURITY PLAN, AND THAT THE ABOVE INFORMATION IS CORRECT. PRINTED NAME SIGNATURE DATE VI-1. U/SO ASSURANCE VI-2. CSSO CERTIFICATION THE SYSTEM REPRESENTED BY THIS PLAN IS ACCREDITED TO PROCESS CLASSIFIED INFORMATION UP TO AND INCLUDING THE LEVEL OF: VI-3. CSSM ACCREDITATION John E. Staley Attachment 5 INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN INSTRUCTIONS THE INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN DETAILS SPECIFIC SYSTEM CHARACTERISTICS, WHICH INCLUDES THE UNIQUE SYSTEM ID THAT IS ASSIGNED BY THE CSSM. THIS FORM ASSURES THAT THE ASSIGNED AIS COMPLIES WITH THE STANDARD CLASSIFIED GUIDELINES AND RECORDS PERSONNEL, SYSTEM, AND INTERCONNECTION INFOEMATION; AS WELL AS ANY INTERCONNECTION BETWEEN THE AIS AND A STU-III SV/DS. FINALLY, THIS FORM RECORDS ADDITIONS TO, AND DEVIATIONS FROM, THE DOE HQ MASTER AIS SECURITY PLAN, ALONG WITH SIGNATURES CERTIFICATION AND ACCREDITATION. IT SHOULD BE NOTED THAT THE INDIVIDUAL PERSONAL COMPUTER SECURITY PLAN IS USED WITH THE MASTER AIS SECURITY PLAN AND IT IS NOT USED TO GAIN ACCREDITATION TO PROCESS CLASSIFIED INFORMATION IN AND OF ITSELF. THIS FORM IS DIVIDED INTO SIX SECTIONS. SECTION I - PERSONAL INFORMATION: THIS FIRST SECTION, PERSONAL INFORMATION, IS SELF-EXPLANATORY AND INCLUDES THE NAME, ORGANIZATION, MAIL STOP, AND TELEPHONE NUMBER OF THE U/SO, CSSO, AND THE ALTERNATE CSSO. SECTION II - SYSTEM IDENTIFICATION: THE SECOND SECTION, SYSTEM IDENTIFICATION, INCLUDES THE CLASSIFICATION LEVELS AND AMOUNTS, A DESCRIPTION OF THE CPU CONFIGURATION, AND A LIST OF OPERATING SYSTEMS, SECURITY SEND COMMUNICATIONS SOFTWARE PACKAGES. SECTION III - INTERCONNECTION INFORMATION: THIS BRIEF SECTION REQUESTS INFORMATION ON THE SYSTEM INTERCONNECTION AND STU-III CONNECTION AND TRANSMISSION CAPABILITIES. SECTION IV - ADDITIONS TO THE MASTER PLAN: THIS SECTION IS DEVOTED TO THE COMPLIANCE OF THE SYSTEM TO THE DOE HQ MASTER AIS SECURITY PLAN. THIS SECTION SHOULD DESCRIBE ANT ADDITIONAL SAFEGUARDS IMPLEMENTED IN THE AIS THAT DO NOT APPEAR IN THE MASTER AIS SECURITY PLAN. SECTION V - DEVIATIONS FROM THE MASTER PLAN: THIS SECTION IS DEVOTED TO ANY WAYS IN WHICH THE SAFEGUARDS IMPLEMENTED IN THE INDIVIDUAL AIS DEVIATE FROM THOSE DESCRIBED IN THE MASTER AIS SECURITY PLAN. ANT DEVIATIONS MUST BE LISTED AND ALTERNATIVE METHODS OF PROTECTION DESCRIBED. SECTION VI - CERTIFICATION/ACCREDITATION SIGNATURES: THIS SECTION PROVIDES A PLACE FOR EACH SECURITY OFFICIAL TO CERTIFIY COMPLIANCE WITH THE DOE CLASSIFIED COMPUTER SECURITY PROGRAM AND THAT SAFEGUARDS ARE IMPLEMENTED TO PROTECT CLASSIFIED PROCESSING ON THE AIS. (THIS PAGE INTENTIONALLY LEFT BLANK) Attachment 6 Labeling Diskettes and Removable Hard Disks This attachment demonstrates the types of classification labels used for labeling diskettes and their location on those 3.5-inch and 5.25-inch diskettes, and Mercury and Passport removable hard disk cartridges/drives. These labels identify the highest classification and most restrictive category of data for which the AIS has been accredited to process. (THIS PAGE INTENTIONALLY LEFT BLANK) The illustration below shows the proper location for the classification markings on classified compact Disc (CD). The markings must appear on both sides of the disk. Additionally, the plastic storage container must also be marked using the appropriate classification label (SF-707, SF-708, SF-710). Use of SF-711 (Data Discriptor Label) is optional. If SF-711 is not used then the most restrictive category of information must be hand-written on the classification label. MARKING REQUIREMENTS FOR CLASSIFIED RECORDABLE COMPACT DISC (CD) AND CD STORAGE CONTAINER (THIS PAGE INTENTIONALLY LEFT BLANK) Attachment 7 Accredited Portable Personal Computer U. S. DEPARTMENT OF ENERGY HEADQUARTERS ACCREDITED PORTABLE PERSONAL COMPUTER VALIDATION CARD The Portable Personal Computer identified below by make/model and DOE Property Tag Number is accredited to process classified information up to and including:_______________________________________ in accordance with the DOE Headquarters Master AIS Security Plan. SYSTEM DOE PROPERTY MAKE/MODEL:________________________ TAG NUMBER:__________________________ CSSO:_______________________________ __________________________ ____/____/____ Printed Name Signature Date CSSM:_______________________________ __________________________ ____/____/____ Printed Name Signature Date DOE SYSTEM No. HQ-______ ACCREDITATION EXPIRATION DATE: ____/____/____ (REVERSE SIDE) This System is accredited to process classified information within the limits of authorized security areas of the Department of Energy Headquarters Only. Permission must be obtained from other cognizant area CSSOs prior to processing classified information of temporarily connecting to any peripheral device within the boundaries of their areas of responsibility. (THIS PAGE INTENTIONALLY LEFT BLANK) Attachment 8 Statement of Security Risk The following user has a requirement involving a computer which has or will be accredited to process classified information that cannot be met without a deviation from the DOE HQ Master AIS Security Plan. (Attach a completed copy of Attachment 5, Individual Personal Computer Security Plan.) U/SO:_____________________________________________________ Printed Name Mission Requirement: The user has a need to ...[insert description of requirement and its justification]. Deviation: [Describe the engineered procedure/technique which addresses the mission requirement. Explain how the procedure/technique is the most effective way of providing the necessary functionality.] Security Risk: I understand that the security risks are inherently greater when the above is effected. Appropriate security countermeasures have been developed to negate this potential risk of compromise. However, I understand a residual risk of compromise still remains. SIGNATURES User's Acknowledgement: I understand my responsibilities as prescribed in [supplemental security procedures, and] the Master AIS Security Plan. I will take the necessary countermeasures to safeguard classified information. Further, I understand that failure to adhere to these policies may result in a security infraction. U/SO Assurance:___________________________________________________________/___/___ Printed Name Signature Date Office Director's or Program Manager's Risk Acceptance: I certify that the above requirements cannot be provided utilizing the prior approved methods/techniques associated with a currently accredited system and that the deviation from present policy as cited above is necessary. I understand the potential risk involved with the above procedure/technique. I assume management responsibility for the security risks involved. Further, I understand that revocation of classified accreditation may occur if the user does not comply with established procedures. Manager's Assurance:________________________________________________________/___/___ Printed Name Signature Date (THIS PAGE INTENTIONALLY LEFT BLANK) KEYWORD INDEX "clearing" magnetic media (10-7) "D"ecommissioned (ATTACHMENT 5-1) access (intro-vii-intro-ix, 5-3, 5-5, 7-1-7-3, 8-2, 8-3, 10-2, 10-3, 10-7, 10-10-10-12, 16-1) accountability (intro-ix, 7-1, 10-8, 12-2, ATTACHMENT 4-1) accredit (intro-iv, 7-3) accreditation (intro-iii, intro-vii, 7-2, 7-3, 8-2, 10-1-ATTACHMENT 1-2, ATTACHMENT 5-1, ATTACHMENT 5-3, ATTACHMENT 5-4) accredited portable computer validation card (6-2, 7-4) acquisition specifications (intro-x) administrative security (intro-viii, 13-1) ais (intro-iii, intro-iv, intro-vii-intro-x, 5-1-5-3, 7-1-7-4, 8-1-8-4, 10-1-10-6, 10-8-10-10, 10-12-10-14, 11-1, 11-2, 12-1, 12-2, ATTACHMENT 1-1-ATTACHMENT 5-4, ATTACHMENT 8-1) ais placement and control (intro-viii, 7-4) building access (intro-viii, 7-1) cd rom (10-3, 10-8, ATTACHMENT 1-1) certification (intro-iii, intro-iv, intro-x, 5-2, 10-1, 10-2, 10-10, ATTACHMENT 4-1-ATTACHMENT 5-4) certify (11-1, ATTACHMENT 8-1) clearance verification (intro-vii, 6-1) color transfer rolls (intro-ix, 7-2, 10-6, 10-10, ATTACHMENT 4-2) compliance review (19-1, ATTACHMENT 1-2) computer security-trained escorts (intro-x, 13-1) configuration auditing (intro-viii, 10-2) configuration control (intro-viii, 10-1, 10-2) configuration identification (intro-viii, 10-1, 10-2, ATTACHMENT 5-1) configuration management (intro-viii, 10-1) configuration status accounting (intro-viii, 10-2) contingency (intro-x, 15-1, ATTACHMENT 5-3) copyrights (11-1) cryptographic ignition key (8-2) crypto-ignition key (8-3, 10-12) csom (intro-iv, intro-vii, 2-1, 7-3) cssm (intro-iii, intro-iv, intro-vii, intro-ix, 5-1, 7-4, 7-5, 8-2-9-3, 10-1, 10-2, 10-9, 10-11, 11-1-12-2, ATTACHMENT 1-1, ATTACHMENT 1-2, ATTACHMENT 4-1, ATTACHMENT 4-2, ATTACHMENT 5-1, ATTACHMENT 5-3, ATTACHMENT 5-4, ATTACHMENT 7-1) csso (intro-iii-intro-v, intro-vii, intro-ix, 2-1, 5-2, 5-6, 6-1, 6-2, 7-4, 7-5, 8-3, 10-2, 10-8, 10-9, 10-11, 11-1, 12-2, 14-1, 14-2, ATTACHMENT 1-1, ATTACHMENT 1-2, ATTACHMENT 3-1-ATTACHMENT 4-2, ATTACHMENT 5-1, ATTACHMENT 5-3, ATTACHMENT 5-4, ATTACHMENT 7-1) datapath unit (8-1) destruction (intro-ix, 7-1, 10-7, 10-8, 11-1, ATTACHMENT 3-2) disk holders (intro-viii, 10-5) diskettes (intro-xi, 10-3, 10-4, 10-8, 10-13, 12-2, ATTACHMENT 6-1) documentation and review (intro-x, 14-1) dot matrix (intro-viii, intro-ix, 10-5, 10-6, ATTACHMENT 4-2) emission security (intro-v, intro-viii, 8-1, 8-3) escort (intro-x) escorts (intro-x) exclusion area (7-2, 7-3, ATTACHMENT 1-2) fax/modem (8-1-ATTACHMENT 5-1) fixed magnetic media (intro-viii, 10-4) flip chart (ATTACHMENT 4-1) individual ais security plan (ATTACHMENT 1-2) individual personal computer security plan (8-1, ATTACHMENT 4-1, ATTACHMENT 4-2, ATTACHMENT 5-1, ATTACHMENT 5-4, ATTACHMENT 8-1) individual system description (intro-vii, 5-1) installation (intro-viii, 5-1, 10-3, 12-1, 12-2, 19-1) installation control procedures (intro-viii, 10-3) interim accreditation (17-1) interim operating procedures (intro-x, 17-1) labeling (intro-xi, 10-3, 10-5, ATTACHMENT 6-1) lan (intro-vii, 5-1, 5-4, 5-5, ATTACHMENT 4-2, ATTACHMENT 5-3) licensing (intro-ix, 11-1-ATTACHMENT 3-2, ATTACHMENT 4-1) limited area (7-2, 10-2, 10-5, ATTACHMENT 1-2, ATTACHMENT 4-1) magnetic media (intro-viii, intro-ix, 10-3, 10-4, 10-7, 10-8, 10-13, 12-1-ATTACHMENT 1-2) maintenance swap controls (intro-vii, 5-5) marking during classified sessions (intro-viii, 10-3) marking during unclassified sessions (intro-viii, 10-4) marking of fixed magnetic media (intro-viii, 10-4) marking of removable magnetic media (intro-viii, 10-3) mechanical switching device (5-4, 5-5, 8-1) media security (intro-viii, 10-3) media storage (intro-ix, 10-6) modem (8-1-ATTACHMENT 5-1) modification controls (intro-vii, 10-2) monitors (intro-viii, 10-2, 10-5, 10-11) multi-function printers (10-13) need-to-know (5-1, 5-3, 7-1, 7-3, 7-4, 8-2, 10-8, 16-1, ATTACHMENT 1-2) optical scanners (10-13) organization (intro-vii, 2-1, 5-2, 6-1-11-2, ATTACHMENT 5-4) password controls (intro-ix, 10-10) password maintenance (intro-ix, 10-11) pc (intro-vii, 5-1, 5-4, 5-5, 8-1-8-3, 9-2, 10-13) periods processing (intro-vii, 5-2, 5-3, 10-6, 10-8) peripheral sharing (intro-viii, 7-4) personnel security (intro-vii, 6-1, 12-2, 20-1) physical security (intro-viii, 10-2) plotter (ATTACHMENT 5-1) portable (intro-iii, intro-xi, 1-1, 6-2, 7-4, ATTACHMENT 1-2, ATTACHMENT 7-1) ppc (1-1-7-4, 8-1-10-2, 10-13, ATTACHMENT 1-2, ATTACHMENT 5-1) printer (intro-viii, intro-ix, 10-5, 10-6, 10-9, 10-10, ATTACHMENT 1-1, ATTACHMENT 4-2, ATTACHMENT 5-1) printer ribbons (intro-viii, intro-ix, 10-3, 10-5, 10-6, ATTACHMENT 1-1, ATTACHMENT 4-2) printouts (intro-viii, 10-5) prohibited software (intro-viii, 9-1) property removal authorization (intro-ix, 10-12) protection index (5-1) protection rating (intro-vii, 5-1) qualitative risk assessment (intro-ix, 12-1, 12-2) reaccreditation (5-2, 5-6, 17-1, ATTACHMENT 1-2, ATTACHMENT 4-1, ATTACHMENT 4-2) remote diagnostic (intro-x, 18-1) removable hard disks (intro-xi, 5-3, 8-2, 10-4, 12-2, ATTACHMENT 6-1) risk assessment (intro-ix, 12-1-ATTACHMENT 5-3) rules for permitting/denying access (intro-vii, 3-1) sanitization (intro-ix, 5-3-5-5, 10-7-10-9, 10-12, ATTACHMENT 1-1) sanitize (10-9, 10-10, ATTACHMENT 1-2) sdd (intro-viii, 5-4, 8-3, 10-12, ATTACHMENT 4-2, ATTACHMENT 5-3) security areas (intro-viii, 7-2, 12-1, 12-2, ATTACHMENT 7-1) security environment (intro-vii, 5-1) security review checklist (intro-x, ATTACHMENT 4-1, ATTACHMENT 4-2) security testing (intro-x, 19-1) software protection (intro-ix, 10-6) software security (intro-viii, 9-1, 10-12) stand-alone (3-1, 5-1, 5-5, 6-1, 7-2) statement of threat (intro-vii, 4-1, ATTACHMENT 5-3) Storage containers (intro-viii, 10-5) stu-iii secure data device (intro-viii, 8-3) stu-iii secure voice/data set (intro-iii, intro-viii) stu-iii user log (intro-x) telecommunications security (intro-viii, 8-1) tent sign (10-5) testing (intro-x) threat identification (intro-ix, 12-1, 12-2) toner cartridges (intro-ix, 10-6, 10-9, ATTACHMENT 1-1, ATTACHMENT 4-2) training (intro-x, 13-1) trcopy (intro-viii, 9-2) trusted copy program (intro-viii, 9-2, 9-3) u/so (intro-vii, intro-x, 5-1, 5-2, 5-6, 6-1-7-4, 8-1, 8-3, 10-8, 10-9, 10-11, 10-12, 14- 1-ATTACHMENT 1-2, ATTACHMENT 4-1-ATTACHMENT 5-4, ATTACHMENT 8-1) undo/redo history (9-2) user identification code (intro-ix, 10-10) vault-type room (7-2, ATTACHMENT 1-2) Waste, fraud, and abuse (intro-ix, intro-x, 11-1-ATTACHMENT 4-2) (THIS PAGE INTENTIONALLY LEFT BLANK) [End]
The Madness of the United States Security Systems. It will not happen like this in the Netherlands. Another Madnes of the United States Security Systems, they want to have control over it all, even the inhabitants behaviour here in the United States (United????): www.yfiles.com/HAARP.htm Check this out please....Ridiculous....
Machaon, ion me...please, you are invited to do so. Freak them all away...Please Register or Log in to view the hidden image!
Well ... Since this thread has roamed pretty far afield I guess interjecting another bit of madness won't be too inappropriate: <a href=http://www.russiajournal.com/weekly/article.shtml?ad=5536><font color=red>Chechen/bin Laden Connection</font></a> Don't remember hearing anything about this on the US news. Take care.
Chagur, I don't know what to say about this article. I can remember that there was news at the television in the Netherlands about Russia fighting and the terrible conditions of the humans over there. It really is 'The madness Of It All...' The tears burn in my eyes for the whole human race and Earth, because it's becoming a bigger mess every day and I don't see the end of it... Not in the near future, guess this is the complete Madness and it drives us all to our doom... It makes me feel so sorry...so sad...
Dear Messrs. Banshee One little fact you overlooked.Pprior to WW2 the death rate due war was climbling fast.It had reached almost incomprehensible numbers in WW1, around 20 million counting civilians.Now along comes the atom bomb and the death rate after it's use drops to 1.5 million give or take a few.This is an average per year since the end of WW2, counting all wars, even small tribal ones we never hear of. The plain fact is no wants to get nuked, and we keep our heads on no one will.There always be some despot out there who wishes to be the baddest of the bad.Intead of getting rid of all nukes, plants and all.Lets change the fact that too many ass-holes have been in positions of power and get rid of them.We started with Saddam H. why stop now?I don't believe all of those N.Koreans like goose stepping for that Putz in charge and would be glad to focus their energy to a better end. Machiaventa speaks Please Register or Log in to view the hidden image!
Many of the US nuclear weapons these days are untested, rusting hulks that are 30+ years old. They only pose a danger to those people who have to be near them all the time.
