ÿWPCÑç 
      '±     Ô©e¦q‡Å1Ïu˜¨`c*	Á<€Åyž9Záú¿öóÌ`J{¡K‹àa/»þúM{·œâ°j¢27'{M>ï]©Ýn ÚžønÉ2î£p]›¡;:ÕE™kî{ÑÉÌ´2ïEpàfçt×Q:4Ù+î›9}rÅëö‰Žù/Äš:˜­—â`~à(ãOé»pê¯~K?BÖõ„óV\
>IUQp‹±ßkÆØïNœ«Ñ M‰$ÆoÖ6#E‘úEë&Ã¿Q®Ÿ¤tº–d¦˜3ÞF>#¶ã*9Þø_™ò‚t‰5Æt1'õÊò—ÍûRc
˜"áåòMuøá£¥f6ÉÙûT´1ì“rŒj=6¬{ÜJsáX‘æîqMQR²æÒ~‹«†Ö™´Š˜/wc½°C„OšülTóôNÓõ˜p]µT4-£ÓÓÀ§Ç•RÒ÷,&U\Ztl¿;g•ÓÎŸ²¡©5	†nÝ¥&÷;xfü*Ã©–E­«]}û3jDßã?_f<W\êFtÜpþ0`Â-Êæxicd¦Ž9žæ~4…Ü .+¬‹¯N?Å³Š¤ÀÌNÕ$·wrf¨¼xˆ¬³Ù|˜{ˆÌÜ¡5¥O ˆ          #     p      >   {  	%      ¹  0
   (   ¿   U   :   ç  @  6   !  w   @   W  4      —        «  	1   m   º  @  0   '     Š  W     ™  á     Þ  z   U   :   X   0#   D   ’         Ö      í   å          Ò!     z  â!   UA  J   \#  0   v   ¦#     ¥  $  	A     Á&   U   N   ^'   o   4  ¬'     Æ   ¾[     t   „\   U  J   ø\     Ú   B]   o   ’9  ^  0   D   ®—        ò—   U   N   ú—  02   =   H˜  0A   F   …˜  0Y   h   Ë˜  	B   a   3™   U   N   ”™   U   N   â™   b      0š     Æ   8š   b      þš   b      ›   E\      ›     ñ   ›  0   C   œ  0s   U   Dœ     ”   ™œ   U   :   -  0   C   g   U   :   ª  	      ä     b  õ  	BR      WŸ  	D   3   tŸ     Æ   §Ÿ  0   C   m   0   J   °   	A   M   ú        G¡     `  Ô¢            Ô¢     Æ   4¤  0   C   ú¤  0   C   =¥  	A	  [   €¥     D   Û¥     Z  ¦     Æ   y§       ?¨        ^©   U   N   s©       Á©   U   :   ^¬       ˜¬  0    D   £°   U   N   ç°   U   :   5±  0   J   o±   U   :   ¹±   U   :   ó±  	1   Å   -²   U   J   ò²   U   :   <³   U   N   v³     Þ   Ä³     Ë   ¢´     ç   mµ     Ô   T¶   b      (·   b      0·     ¢  8·   U   :   Ú¸     Þ   ¹   U   J   ò¹  0  `   <º  0  T   œº   U   :   ðº     /  *»   U   N   Y¼   U   N   §¼   U   N   õ¼     µ   C½  0   P   ø½   U   :   H¾   U   N   ‚¾   U   N   Ð¾     Å   ¿   U   N   ã¿   U   N   1À   U   N   À  	A      ÍÀ   U   N   LÁ   U   N   šÁ   U   N   èÁ   U   N   6Â   U   N   „Â   U   N   ÒÂ   U   N    Ã   U   N   nÃ   U   N   ¼Ã   U   N   
Ä   U   N   XÄ   U   N   ¦Ä   U   N   ôÄ   U   N   BÅ   U   N   Å   U   N   ÞÅ   U   N   ,Æ   U   N   zÆ   U   :   ÈÆ   U   N   Ç   U   N   PÇ     ã   žÇ     Ú   È   U   :   [É     Ç   •É   U   N   \Ê   U   :   ªÊ     ã   äÊ   U   :   ÇË     Ç   Ì   U   :   ÈÌ   U   :   Í     Ç   <Í   U   :   Î   U   N   =Î     ã   ‹Î   U   :   nÏ     Ç   ¨Ï   U   :   oÐ   U   N   ©Ð     ã   ÷Ð   U   :   ÚÑ   U   J   Ò   U   N   ^Ò     _  ¬Ò   U   :   Ô   b      EÔ     Ç   UÔ   U   :   Õ   U   N   VÕ     ã   ¤Õ   U   :   ‡Ö     Ç   ÁÖ   U   :   ˆ×   U   N   Â×     ã   Ø   U   :   óØ     Ç   -Ù   U   :   ôÙ     à   .Ú   b      Û   b      Û   U   J   (Û   U   :   rÛ     Þ   ¬Û   U   :   ŠÜ     Â   ÄÜ   U   :   †Ý   U   N   ÀÝ     ä  Þ   U   :   òß   U   N   ,à     `  zà     ¢  Úá   U   :   |ã   U   J   ¶ã  	A  M    ä     Ø   Mä   U   :   %å   U   J   _å   U   N   ©å     Å   ÷å   U   :   ¼æ   U   J   öæ     Ü   @ç   U   :   è   b      Vè   b      ^è   b      fè   b      nè   b      vè   U   J   ~è     É   Èè     å   ‘é   U   :   vê   U   J   °ê     t   úê     É   në     Þ   7ì   U   :   í   U   J   Oí     Ë   ™í   U   :   dî   U   J   žî     Š  èî     ”   rð     Z  ñ   U   :   `ò   U   J   šò   U   :   äò       ó   U   :   »õ   U   J   õõ   U   :   ?ö       yö   U   J   ˜÷     ™  â÷     b  {ù   U   :   Ýú       û   U   :   ¤ü     ç   Þü   U   :   Åý   U   J   ÿý     Ô   Iþ   U   :   ÿ   U   J   Wÿ     í   ¡ÿ   U   :   Ž   U   J   È     Ú     U   :   ì  U   J   &  b      p  b      x      €  U   J   ‹    D   Õ    ñ     U   :   
  U   J   D    Þ   Ž  U   :   l	  U   J   ¦	    µ   ð	  U   :   ¥
    Å   ß
  U   :   ¤  U   J   Þ    å   (  U   :     U   J   G    É   ‘  U   :   Z  U   J   ”    Ú   Þ  U   :   ¸  U   J   ò    Ç   <  U   :     U   J   =    ã   ‡  U   :   j  U   J   ¤    Ç   î  U   :   µ  U   J   ï    ã   9  U   :     b      V  U   J   j    Ç   ´  U   :   {  U   J   µ    ã   ÿ  U   :   â  U   J       Ç   f  U   :   -  U   J   g    ã   ±  U   :   ”  U   J   Î    Ç     U   :   ß  U   J         c    ã   ~  U   :   a  U   J   ›    Ç   å  U   :   ¬  	A   ©   æ  	D   +   !  U   J   º!    ã   "  U   :   ç"  U   J   !#    Ç   k#  U   :   2$  U   J   l$    Ø  ¶$           ¶$           ¶$ @   8   Ž'  o   ©·  Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'           Æ'    /  oß  U   :   žà           žà    _  Øà  U   :   7â           7â    ä  qâ  U   :   Uä           Uä    Ø   ä    Å   gå    Ü   ,æ    É   ç  ˜H P   L a s e r J e t   4   P l u s / 4 M   P l u s                       HPPCL5E      ,,,,0                                                                                                                                                               c : \ c a \ p o l m a n \ a i s f i n a l \ p o l k e y 2 .     %    (                    $ ¡   ¡   , @0Ð  A   Z  ‹" A r i a l   R e g u l a r            e : \ d i n g m a n \ n c s c - 0 2 9 . w m f   
   —% Ë ˜% Ë ™%  š%èÂ›%i
eœ%  % D ž% V Ÿ%   % E Ï†µ                 3| x     %                   # e   3 7 = C I Q Y a g ­   ­   1 .   a .   i .   ( 1 )   ( a )   ( i )   1 )   a )      f : \ p o w e r p n t \ o r g 2 . w m f    
   €  Ý
 ƒB   C" ÝÝ    ÝÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòCommissioner€of€Customs€fulfills€the€responsibilities€of€Head€of€Bureau€andÐ   	         Ðauthorizes€the€implementation€of€Customs€AIS€security€safeguards€based€onÏFederal€policy€and€guidelinesóó.€€Reference:€TD€P€71„10.€Head€of€Bureau. 
     Ý
 ƒB   C" ÝÝ    ÝòòThe€process€owners€are€designated€as€Accrediting€Authorities€for€the€CustomsÐ   	         Ðprocesses€for€which€they€have€responsibility.ÌóóÌThe€Assistant€Commissioner,€OIT,€performs€the€functions€of€Principal€AccreditingÏAuthority€(PAA)€and€shares€accrediting€responsibility€with€the€Process€Owners.ÌÌReference:€TD€P€71„10.€€Principal€Accrediting€Authority€(PAA)    U S   C u s t o m s   A I S   S e c u r i t y   P o l i c y   m a n u a l                                                                                                                                                                                                                                                                                                                                                                                                                                                       (     F i n a l   i n   W P   6 . 0        Ì,"   
 '      $     D a v i d   D i n g m a n   $ 0    D a v i d   D i n g m a n   , .    C o m p u t e r   S e c u r i t y   
       
       
       , @0Ð  A   Z  ‹" A r i a l   R e g u l a r             (                  3¯$ §   §   Ý
 ƒ   ! ÝÝ    Ý a b       
   ã   Ý
 ƒ  ¯' ÝÝ    Ýà€    . (# àÔ ‡U  %cæ %  % %   ÔMINIMUM€SECURITY€REQUIREMENTSÔ# †  %yµ  % %U %cæ-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d 9E°1 xA ßA I S   o r g    
   p  Ý
 ƒ  Vf$ ÝÓ          Ó€€€€€òòÚ    Ú1Ú
   
 ÚóóÝ    Ýà0     àOMB€Circular€A„130,€February€8,€1996€requires€that€security€awareness€training€must€beÐ   	 X      Ðperiodic.€€The€NIST€òòComputer€Security€Training€Guidelinesóó,€11/89€recommend€annualÐ   	 2Ú    Ðrefresher€training,€but€it€is€not€a€requirement.€[NIST€500„172]F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r             (   -   !           2Vf$ ¤   ¤   Ý
 ƒ   ! ÝÝ    ÝÓ          Ó€€€€€òòÚ    Ú0Ú
   
 Úóó 
   ›  Ý
 ƒ  Vf$ ÝÓ          Ó€€€€€òòÚ    Ú2Ú
   
 ÚóóÝ    ÝÓ9  %  ÿÿ  ä < ” ì D œ ô L ¤ ü!°   œX9 ÓThis€Circular's€use€of€the€term€"material€weakness"€should€not€be€confused€with€use€of€the€sameÐ   	 X      Ðterm€by€government€auditors€to€identify€management€control€weaknesses€which,€in€their€opinion,€poseÏa€risk€or€a€threat€to€the€internal€control€systems€of€an€audited€entity,€such€as€a€program€or€operation.€ÏAuditors€are€required€to€identify€and€report€those€types€of€weaknesses€at€any€level€of€operation€orÏorganization,€even€if€the€management€of€the€audited€entity€would€not€report€the€weaknesses€outside€theÏagency. * : P 3      I & m a g e          <=  8                                   ÿÿ  ÿÿ  ÿÿ  ÿÿ  ÿÿ Cÿÿ     HK K K K          ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ÿWPC                 'èè xì <öÿÿ‡ÿÿÃ	 xì <öÿÿ‡ÿÿÃ	  9   !   xì <öÿÿ‡ÿÿÃ	  À      ÿ €˜3  ×ÍÆš  Àô`ú@ @    U 	  »   1        &  ÿÿÿÿ     Àô`ú@ 
   & 
 ÿÿÿÿ        & $ ÿÿÿÿ    TNPP Microsoft PowerPoint   &  TNPP     f 
   & 
 ÿÿÿÿ        &  TNPP             `úÀô   @€1   ÷       ÿÿÿ     €    €  €€    € € €  €€ ÀÀÀ ÀÜÀ ¦Êð ÿûð   ¤ €€€ ÿ    ÿ  ÿÿ    ÿ ÿ ÿ  ÿÿ ÿÿÿ    4     5    ü  ÿÿÿ     -    ú     ÿÿÿ    -    ¡A`úÀô   &  ÿÿÿÿ     Mõtú³
Œ   &  ÿÿÿÿ     áÐÿ   &  ÿÿÿÿ     áÐÿ   &  ÿÿÿÿ     áÐÿØÿ   -    ü          -    ð        x Ù0ÿá   ú          -    Ðÿ­    ÐÿI   -    -    ð    'ÿÿ   ü          - 
   $ Ðÿž¬ÿžóÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ál t    -    -    ð        ÙÌÿá   ú          -    l ­    l I   -    -    ð    'ÿÿ   ü          - 
   $ l žH ž 
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     á   -    -    ð        ¼Ùt á   ú          -    ­    I   -    -    ð    'ÿÿ   ü          - 
   $ žð ž7
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     áÈÐ   -    -    ð        pÙ(á   ú          -    È­    ÈI   -    -    ð    'ÿÿ   ü          - 
   $ Èž¤žë
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ádl   -    -    ð        ÙÄá   ú          -    d­    dI   -    -    ð    'ÿÿ   ü          - 
   $ dž@ž‡
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     á   -    -    ð        ´Ùlá   ú          -    ­    I   -    -    ð    'ÿÿ   ü          - 
   $ žèž/
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     á   -    -    ð        ¸Ùpá   ú          -    ­    I   -    -    ð    'ÿÿ   ü          - 
   $ žìž3
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     áºÂ   -    -    ð        bÙá   ú          -    º­    ºI   -    -    ð    'ÿÿ   ü          - 
   $ ºž–žÝ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     áV^   -    -    ð        þÙ¶á   ú          -    V­    VI   -    -    ð    'ÿÿ   ü          - 
   $ Vž2žy
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Ðÿ   -    -    ð        ½Ðÿu   ú          -    ú   P
   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÜöTýÝ\ý   -    -        üýÝ´üÜö   ú          -    Týãä   TýÎ   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Mõtúyøþû   ü  ÿÿÿ     -    ú          -    þûyøtúMõ   TýÎ   ú          -    ð    -    ÞûYø”úmõ   ûÿ             Times New Roman \    -    .    
       	          2
û¥õ	   EXECUTIVE D Q E J Q E % Q D        ûÿ             Times New Roman Á    -    ð    .    
       	          2
šûö   ORDERSQ K P E K >     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ßöüçö\ý   -    -    ð    ð    û      ¼    "System    -    ð        \ý‡÷ü?ö   ú          -    ´úßö   ¤þßö   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     iùtú£þþû   ü  ÿÿÿ     -    ú          -    þû£þtúiù   ¤þßö   ú          -    ð    -    Þûƒþ”ú‰ù   ûÿ             Times New Roman X    -    .    
       	       !   2
ûÁù   NATIONAL SECURITY Q Q D % Q Q Q E  > D K Q K % D Q        ûÿ             Times New Roman  ·   -    ð    .    
       	          2
šû»ú
   DIRECTIVESQ % K D K D & Q D >     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     üü
ü\ý   -    -    ð    ð    -    ð        \ýªüübû   ú          -    ´úü   ¤þü   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     fÿ·ú»û   ü  ÿÿÿ     -    ú          -    »û·úfÿ   ¤þü   ú          -    ð    -    ›ûæ×ú†ÿ   ûÿ             Times New Roman X    -    .    
       	          2
Wû¾ÿ   PUBLIC LAWS > Q K D & J  E Q i ?     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     2¤û:\ý   -    -    ð    ð    -    ð        \ýÚ¤û’    ú          -    ôù2   ÿ2   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ítúþû   ü  ÿÿÿ     -    ú          -    þûtúí   ÿ2   ú          -    ð    -    Þûú”ú   ûÿ             Times New Roman X    -    .    
       	          2
û    OMB Q c K        ûÿ             Times New Roman  ·   -    ð    .    
       	          2
šûE	   CIRCULARS K % K J Q E Q J ?     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü‡\ý   -    -    ð    ð    -    ð        \ý'üß   ú          -    ´ú   ¤þ   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÕÔûÝ\ý   -    -        \ý}	Ôû5   ú          -    TúÕ   ÔþÕ   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ñxúÁ	ü   ü  ÿÿÿ     -    ú          -    üÁ	xúñ   ÔþÕ   ú          -    ð    -    âû¡	˜ú   ûÿ             Times New Roman X    -    .    
       	          2
ûe   FIPS> & > >        ûÿ             Times New Roman  ·   -    ð    .    
       	          2
žûI   PUBS> Q K >     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     üHÿŒ   &  ÿÿÿÿ     üHÿŒ   ü  ÿÿÿ     -    ð    -    ú          -    ð    ŒHÿü   ÔþÕ   ú          -    ð    -    lëhÿ$ü   ûÿ             Times New Roman X    -    ð    .    
       	       "   2
èÿ\ü   TECHNICAL SECURITYD E K P Q & J Q E  > D K Q K % D Q        ûÿ             Times New Roman  ·   -    ð    .    
       	       !   2
 \ü   COMPUTER SECURITY K Q c > Q E D K  > E J Q K % E P        ûÿ             Times New Roman X    -    ð    .    
       	       %   2
8\ü   INFORMATION SECURITY% Q > Q K d Q D % Q Q  > E J Q K % E Q        ûÿ             Times New Roman  ·   -    ð    .    
       	       *   2
à\ü   COMMUNICATIONS SECURITY K Q c d Q Q % K P E % Q Q >  > E K P K % E Q        ûÿ             Times New Roman X    -    ð    .    
       	          2
ˆ\ü	   TEMPEST * D E c ? D > E  8        ûÿ             Times New Roman  ·   -    ð    .    
       	       "   2
0\ü   PERSONNEL SECURITY> E J ? Q P Q E D  > E K P K % E Q        ûÿ             Times New Roman X    -    ð    .    
       	       $   2
Ø\ü   OPERATIONS SECURITY Q > E J Q E % Q Q >  > E J Q K % E Q        ûÿ             Times New Roman  ·   -    ð    .    
       	       !   2
€\ü   PHYSICAL SECURITY > Q Q > & J Q E  > D K Q K % D Q        ûÿ             Times New Roman X    -    ð    .    
       	       $   2
(\ü   INDUSTRIAL SECURITY % Q Q Q > E J & Q D  > E J Q K % E Q     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü      -    -    ð    ð    -    ð        `Øþü   ú          -     õ    ë	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü´ ¼    -    -        ütÿü   ú          -    ´ õ   ´ ë	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ühýp   -    -        °ý( ü   ú          -    hõ   hå	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü   -    -        XÐ ü   ú          -    õ   ë	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü¬´   -    -        ôlü   ú          -    ¬õ   ¬ë	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     üT\   -    -        œü   ú          -    Tõ   Të	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü   -    -        PÈü   ú          -    õ   ë	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ü¤¬   -    -        ìdü   ú          -    ¤õ   ¤ë	   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÕùTýÝù$   -    -        $}úTý5ù   ú          -    ŒõÕù   äÕù   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÕùÐÿü   &  ÿÿÿÿ     ÕùÐÿüØÿ   -    -        x Íû0ÿÕù   ú          -    Ðÿ¡÷   Ðÿ=þ   -    -    ð    'ÿÿ   ü          - 
   $ 	üÐÿ’û¬ÿ’ûóÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Õùl üt    -    -    ð        ÍûÌÿÕù   ú          -    l ¡÷   l =þ   -    -    ð    'ÿÿ   ü          - 
   $ 	ül ’ûH ’û 
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Õùü   -    -    ð        ¼Íût Õù   ú          -    ¡÷   =þ   -    -    ð    'ÿÿ   ü          - 
   $ 	ü’ûð ’û7
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÕùÈüÐ   -    -    ð        pÍû(Õù   ú          -    È¡÷   È=þ   -    -    ð    'ÿÿ   ü          - 
   $ 	üÈ’û¤’ûë
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Õùdül   -    -    ð        ÍûÄÕù   ú          -    d¡÷   d=þ   -    -    ð    'ÿÿ   ü          - 
   $ 	üd’û@’û‡
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Õùü   -    -    ð        ´ÍûlÕù   ú          -    ¡÷   =þ   -    -    ð    'ÿÿ   ü          - 
   $ 	ü’ûè’û/
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Õùü   -    -    ð        ¸ÍûpÕù   ú          -    ¡÷   =þ   -    -    ð    'ÿÿ   ü          - 
   $ 	ü’ûì’û3
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÕùºüÂ   -    -    ð        bÍûÕù   ú          -    º¡÷   º=þ   -    -    ð    'ÿÿ   ü          - 
   $ 	üº’û–’ûÝ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÕùVü^   -    -    ð        þÍû¶Õù   ú          -    V¡÷   V=þ   -    -    ð    'ÿÿ   ü          - 
   $ 	üV’û2’ûy
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     !Hÿ³
L    ü  ÿÿÿ     -    ð    ú          -    L ³
Hÿ!   V=þ   ú          -    ð    -    , “
hÿA   ûÿ             Times New Roman X    -    .    
       	          2
èÿy   NCSC GUIDELINES Q K > K  P Q & Q D D & Q D >     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ,@¨
P   ü  ÿÿÿ     -    ð    -    ú          -    ð    P¨
@,   V=þ   ú          -    ð    -    0ˆ
`L   ûÿ             Times New Roman  ·   -    ð    .    
       	          2
à„   AGENCY/SERVICEQ Q D Q K Q  > D K Q % K D        ûÿ             Times New Roman X    -    ð    .    
       	          2
f
   (TREASURY)% E J E Q > Q K P &        ûÿ             Times New Roman  ·   -    ð    .    
       	          2
ìÞ   REGULATIONS K D Q Q D Q E % Q Q >     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     †N
Œ   ü  ÿÿÿ     -    ð    -    ú          -    ð    ŒN
†   V=þ   ú          -    ð    -    l.
"¦   ûÿ             Times New Roman X    -    ð    .    
       	          2
¢]   CUSTOMS K Q > D Q d >        ûÿ             Times New Roman  ·   -    ð    .    
       	          2
(Þ   REGULATIONS K D Q Q D Q E % Q Q >     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Ðÿ%Øÿ   -    -    ð    ð    -    ð        x á0ÿ   ú          -    Ðÿ	   Ðÿ'   -    -    ð    'ÿÿ   ü          - 
   $ Ðÿ¦¬ÿ¦óÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     D=L   -    -    ð        ìù¤   ú          -    Dõ   DU   -    -    ð    'ÿÿ   ü          - 
   $ 5D¾ ¾g
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     EBM   -    -    ð        ØíB¥   ú          -    pE   æE   -    -    ð    'ÿÿ   ü          - 
   $ Eh"
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  TNPP            
   & 
 ÿÿÿÿ        -    -    ð      ¥õÿÿûÿÿø  ‚                                        L e v e l   1                   L e v e l   2                   L e v e l   3                   L e v e l   4                   L e v e l   5                
   j   Ý
 ƒ:   C# ÝÝ    ÝÝ
 ƒP  ÿÿ ÝòòFigure€Ú    Ú2Ú
   
 ÚóóÝ     Ý€Policy€HierarchyF ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ð   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡  %cæ %  % %   ÔMINIMUM€SECURITY€REQUIREMENTSÔ# †  %yµ  % % %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ßÿWPC                 'èè rí fïÿÿÿÿ™ rí fïÿÿÿÿ™  9   !   rí fïÿÿÿÿ™  À      ÿ €9  ×ÍÆš  Põpö°
	@    QU 	  }   <        &  ÿÿÿÿ     Põpö°
	
   & 
 ÿÿÿÿ        & $ ÿÿÿÿ    TNPP Microsoft PowerPoint   &  TNPP     f 
   & 
 ÿÿÿÿ        &  TNPP             pöPõ    `3   ÷       €€€ ÿÿÿ     €    €  €€    € € €  €€ ÀÀÀ ÀÜÀ ¦Êð ÿûð   ¤ €€€ ÿ    ÿ  ÿÿ    ÿ ÿ ÿ  ÿÿ ÿÿÿ    4     5    ü  ÿÿÿ     -    ú     ÿÿÿ    -    ‘	±
pöPõ   &  ÿÿÿÿ     àøàûèøý   -    ü          -    ð        ý(úàû ÷   ú          -    Àúàø    þàø   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     àøàûxèû   -    -        (ýx úàø   ú          -    àûPé   àû    -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÿŒ¬ÿ”   -    -        Ô¬ÿLÿ   ú          -    Œrþ   Œ=    -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÿö÷¥ÿ¾   -    -        ¾å ö÷]þ   ú          -    vÿ   6èÿ   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     œÿàúî˜ü   &  ÿÿÿÿ     œÿ¯û¸·û   -    -        ÷ü¸oúœÿ   ú          -    ¯ûˆý   ¯ûÄ   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     © àúî˜ü   ü  ÿÿÿ     -    ú          -    ˜üîàú©    ¯ûÄ   ú          -    ð    -    ˆüÞðú¹    ûyÿ      ¼       Times New Roman     -    .    
       	       0   2
û   Security Steering Committee L < < L < & - D " L - = < < & L D " b D q r % . - < =        ûyÿ      ¼       Times New Roman      -    ð    .    
       	          2
2üû   (Oversight) - j D < = 5 & D K - .     
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     *û öRXø   ü  ÿÿÿ     -    ð    -    ú          -    ð    XøR ö*û   ¯ûÄ   ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	          2
O÷þ   Commissioner, b D r q & 5 4 & D L < = "        ûyÿ      ¼       Times New Roman      -    ð    .    
       	       %   2
ò÷Ný   U.S. Customs Serviceb " L " " b L 5 - D q 5 " L < < D & = <     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     *ûøøR°ú   ü  ÿÿÿ     -    ð    -    ú          -    ð    °úRøø*û   ¯ûÄ   ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	       %   2
§ù!ý   Deputy Commissioner,b = K L - D " b D r q & 5 5 % D L < = "        ûyÿ      ¼       Times New Roman      -    ð    .    
       	       %   2
JúNý   U.S. Customs Serviceb " L " " b L 5 - D q 5 " L < < D & = <     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     qü×üÿ2ÿ   ü  ÿÿÿ     -    ð    -    ú          -    ð    2ÿÿ×üqü   ¯ûÄ   ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	       $   2
†ýaý   Asst. Commissioner, b 5 5 - " " c D q q & 5 5 & D K = < "        ûyÿ      ¼       Times New Roman      -    ð    .    
       	       '   2
)þEý   Office of Information j - - & = < " D - " 5 L - D < r D - & D K        ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	          2
Ìþåý   and TechnologyD L K " [ < = K L D & D D D     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     wü÷¯   ü  ÿÿÿ     -    ð    -    ú          -    ð    ¯÷wü   ¯ûÄ   ûyÿ      ¼       Times New Roman      -    ð    .    
       ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	       *   2
Iùü   Security Administration L < < L < & - D " c K r % L & 5 - < D . % D L     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     wüžÿV   ü  ÿÿÿ     -    ð    -    ú          -    ð    Vžÿwü   ¯ûÄ   ûyÿ      ¼       Times New Roman      -    ð    .    
       	          2
M ³þ	   Director, b & < = < - D = "        ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	       '   2
ð Gý   AIS Security Division b 5 L " K = < L < & - D " b & D & 5 & D K     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     5öaœþ¼   -    -    ð    ð    û      ¼    "System    -    ð     )   & G TNPP€=    ýÿ    5öaœþ¼5öa”þ´ýÿ    0 d 4 0     ó¢WÚÚÚ5öaœþ¼    ¼œþa5ö
   & 
 TNPP        -    -        ü  õõõ     -    $ 5öaœþaœþl5öl5öa   $ 5ö±œþ±œþ¼5ö¼5ö±   ü  ôôô     -    ð    $ 5ölœþlœþv5öv5öl   $ 5ö§œþ§œþ±5ö±5ö§   ü  óóó     -    ð    $ 5övœþvœþ5ö5öv   $ 5öœœþœœþ§5ö§5öœ   ü  òòò     -    ð    $ 5öœþœþŒ5öŒ5ö   $ 5ö‘œþ‘œþœ5öœ5ö‘   ü  ñññ     -    ð    $ 5öŒœþŒœþ—5ö—5öŒ   $ 5ö†œþ†œþ‘5ö‘5ö†   ü  ððð     -    ð    $ 5ö—œþ—œþ¡5ö¡5ö—   $ 5ö|œþ|œþ†5ö†5ö|   ü  ïïï     -    ð    $ 5ö¡œþ¡œþ¬5ö¬5ö¡   $ 5öqœþqœþ|5ö|5öq   ü  îîî     -    ð    $ 5ö¬œþ¬œþ·5ö·5ö¬   $ 5öfœþfœþq5öq5öf   ü  ííí     -    ð    $ 5ö·œþ·œþÁ5öÁ5ö·   $ 5ö\œþ\œþf5öf5ö\   ü  ììì     -    ð    $ 5öÁœþÁœþÌ5öÌ5öÁ   $ 5öQœþQœþ\5ö\5öQ   ü  ëëë     -    ð    $ 5öÌœþÌœþ×5ö×5öÌ   $ 5öFœþFœþQ5öQ5öF   ü  êêê     -    ð    $ 5ö×œþ×œþá5öá5ö×   $ 5ö<œþ<œþF5öF5ö<   ü  ééé     -    ð    $ 5öáœþáœþì5öì5öá   $ 5ö1œþ1œþ<5ö<5ö1   ü  èèè     -    ð    $ 5öìœþìœþ÷5ö÷5öì   $ 5ö&œþ&œþ15ö15ö&   ü  ççç     -    ð    $ 5ö÷œþ÷œþ5ö5ö÷   $ 5öœþœþ&5ö&5ö   ü  æææ     -    ð    $ 5öœþœþ5ö5ö   $ 5öœþœþ5ö5ö   ü  ååå     -    ð    $ 5öœþœþ5ö5ö   $ 5öœþœþ5ö5ö   ü  äää     -    ð    $ 5öœþœþ"5ö"5ö   $ 5öûœþûœþ5ö5öû   ü  ããã     -    ð    $ 5ö"œþ"œþ,5ö,5ö"   $ 5öñœþñœþû5öû5öñ   ü  âââ     -    ð    $ 5ö,œþ,œþ75ö75ö,   $ 5öæœþæœþñ5öñ5öæ   ü  ááá     -    ð    $ 5ö7œþ7œþB5öB5ö7   $ 5öÛœþÛœþæ5öæ5öÛ   ü  ààà     -    ð    $ 5öBœþBœþL5öL5öB   $ 5öÑœþÑœþÛ5öÛ5öÑ   ü  ßßß     -    ð    $ 5öLœþLœþW5öW5öL   $ 5öÆœþÆœþÑ5öÑ5öÆ   ü  ÞÞÞ     -    ð    $ 5öWœþWœþb5öb5öW   $ 5ö»œþ»œþÆ5öÆ5ö»   ü  ÝÝÝ     -    ð    $ 5öbœþbœþm5öm5öb   $ 5ö°œþ°œþ»5ö»5ö°   ü  ÜÜÜ     -    ð    $ 5ömœþmœþw5öw5öm   $ 5ö¦œþ¦œþ°5ö°5ö¦   ü  ÛÛÛ     -    ð    $ 5öwœþwœþ‚5ö‚5öw   $ 5ö›œþ›œþ¦5ö¦5ö›   $ 5ö‚œþ‚œþ›5ö›5ö‚   -    -    ð    'ÿÿ
   & 
 TNPP     
   & 
 TNPP€       -    -    'ÿÿ   ú          -    ¼œþa5ö   ûyÿ      ¼       Times New Roman     -    .    
       ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	       3   2
³ÿö   Field Security Administrators S & < & L " K = < L < & - D " b L q & L % 5 . < D - D = 5     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Ùõv>ÿ.   -    -    ð    -    ð     )   & G TNPP€=    ýÿ    Ùõv>ÿ.Ùõv6ÿ&ýÿ    0 d 4 0     ó¢WÚÚÚÙõv>ÿ.    .>ÿvÙõ
   & 
 TNPP        -    -        ü  õõõ     -    $ Ùõv>ÿv>ÿ~Ùõ~Ùõv   $ Ùõ&>ÿ&>ÿ.Ùõ.Ùõ&   ü  ôôô     -    ð    $ Ùõ~>ÿ~>ÿ†Ùõ†Ùõ~   $ Ùõ>ÿ>ÿ&Ùõ&Ùõ   ü  óóó     -    ð    $ Ùõ†>ÿ†>ÿÙõÙõ†   $ Ùõ>ÿ>ÿÙõÙõ   ü  òòò     -    ð    $ Ùõ>ÿ>ÿ•Ùõ•Ùõ   $ Ùõ>ÿ>ÿÙõÙõ   ü  ñññ     -    ð    $ Ùõ•>ÿ•>ÿÙõÙõ•   $ Ùõ>ÿ>ÿÙõÙõ   ü  ððð     -    ð    $ Ùõ>ÿ>ÿ¥Ùõ¥Ùõ   $ Ùõÿ>ÿÿ>ÿÙõÙõÿ   ü  ïïï     -    ð    $ Ùõ¥>ÿ¥>ÿ­Ùõ­Ùõ¥   $ Ùõ÷>ÿ÷>ÿÿÙõÿÙõ÷   ü  îîî     -    ð    $ Ùõ­>ÿ­>ÿµÙõµÙõ­   $ Ùõï>ÿï>ÿ÷Ùõ÷Ùõï   ü  ííí     -    ð    $ Ùõµ>ÿµ>ÿ¼Ùõ¼Ùõµ   $ Ùõè>ÿè>ÿïÙõïÙõè   ü  ììì     -    ð    $ Ùõ¼>ÿ¼>ÿÄÙõÄÙõ¼   $ Ùõà>ÿà>ÿèÙõèÙõà   ü  ëëë     -    ð    $ ÙõÄ>ÿÄ>ÿÌÙõÌÙõÄ   $ ÙõØ>ÿØ>ÿàÙõàÙõØ   ü  êêê     -    ð    $ ÙõÌ>ÿÌ>ÿÔÙõÔÙõÌ   $ ÙõÐ>ÿÐ>ÿØÙõØÙõÐ   ü  ééé     -    ð    $ ÙõÔ>ÿÔ>ÿÜÙõÜÙõÔ   $ ÙõÈ>ÿÈ>ÿÐÙõÐÙõÈ   ü  èèè     -    ð    $ ÙõÜ>ÿÜ>ÿãÙõãÙõÜ   $ ÙõÁ>ÿÁ>ÿÈÙõÈÙõÁ   ü  ççç     -    ð    $ Ùõã>ÿã>ÿëÙõëÙõã   $ Ùõ¹>ÿ¹>ÿÁÙõÁÙõ¹   ü  æææ     -    ð    $ Ùõë>ÿë>ÿóÙõóÙõë   $ Ùõ±>ÿ±>ÿ¹Ùõ¹Ùõ±   ü  ååå     -    ð    $ Ùõó>ÿó>ÿûÙõûÙõó   $ Ùõ©>ÿ©>ÿ±Ùõ±Ùõ©   ü  äää     -    ð    $ Ùõû>ÿû>ÿÙõÙõû   $ Ùõ¡>ÿ¡>ÿ©Ùõ©Ùõ¡   ü  ããã     -    ð    $ Ùõ>ÿ>ÿ
Ùõ
Ùõ   $ Ùõš>ÿš>ÿ¡Ùõ¡Ùõš   ü  âââ     -    ð    $ Ùõ
>ÿ
>ÿÙõÙõ
   $ Ùõ’>ÿ’>ÿšÙõšÙõ’   ü  ááá     -    ð    $ Ùõ>ÿ>ÿÙõÙõ   $ ÙõŠ>ÿŠ>ÿ’Ùõ’ÙõŠ   ü  ààà     -    ð    $ Ùõ>ÿ>ÿ"Ùõ"Ùõ   $ Ùõ‚>ÿ‚>ÿŠÙõŠÙõ‚   ü  ßßß     -    ð    $ Ùõ">ÿ">ÿ*Ùõ*Ùõ"   $ Ùõz>ÿz>ÿ‚Ùõ‚Ùõz   ü  ÞÞÞ     -    ð    $ Ùõ*>ÿ*>ÿ2Ùõ2Ùõ*   $ Ùõr>ÿr>ÿzÙõzÙõr   ü  ÝÝÝ     -    ð    $ Ùõ2>ÿ2>ÿ9Ùõ9Ùõ2   $ Ùõk>ÿk>ÿrÙõrÙõk   ü  ÜÜÜ     -    ð    $ Ùõ9>ÿ9>ÿAÙõAÙõ9   $ Ùõc>ÿc>ÿkÙõkÙõc   ü  ÛÛÛ     -    ð    $ ÙõA>ÿA>ÿIÙõIÙõA   $ Ùõ[>ÿ[>ÿcÙõcÙõ[   $ ÙõI>ÿI>ÿ[Ùõ[ÙõI   -    -    ð    'ÿÿ
   & 
 TNPP     
   & 
 TNPP€       -    -    'ÿÿ   ú          -    .>ÿvÙõ   ûyÿ      ¼       Times New Roman     -    .    
       	       1   2
%ûö   Security Compliance & ReviewL < < L < & - D " c D q L % & D L < = " q " b < D & = b        ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	          2
Èâø   Group (DSOs)j < D L K " . b L i 5 .     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Êÿ¡°
¦   &  ÿÿÿÿ     Êÿ¡–•   &  ÿÿÿÿ     Êÿ¡N•   ú          -    ð    $ Êÿ—ˆ ˆ PFPFßˆ ßˆ ¡
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ¡–   ü  ÿÿÿ     -    -    —¡
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ      Æ°
¦   ûÿ      ¼       Times New Roman     -    ð    .    
       	       '   2
NÇ    - Systems Engineering %  ? 8 + % 2 ] ,  K > 8  > 2 2 2  > 8        	       '   2
N   - Computer Operations %  Q 8 ] ? > % 2 2  W > 2 2 8 %  8 > ,        ûÿ      ¼       Times New Roman Â   -    ð    .    
       	       -   2
ÔÇ    - Database Administration %  Q 8 % 8 ? 8 + 2  Q > ^  >  , % 2 8 %  8 >        	       '   2
Ô   - Applications (each) %  Q > ?   2 8 %  8 > ,  % 2 8 2 > %        ûÿ      ¼       Times New Roman     -    ð    .    
       	          2
ZÇ    - Communications%  Q 8 ] ^ > >  2 8 %   8 > +        	          2
Z   - Field Support %  E  2  >  > ? > > 8 2 %     
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ×ü…
2ÿ   ü  ÿÿÿ     -    ð    ú          -    ð    2ÿ…
×ü   ¯ûÄ   ûyÿ      ¼       Times New Roman      -    ð    .    
       	       $   2
†ý³   Asst. Commissioner, b 5 5 - " " c D q q & 5 5 & D K = < "        ûyÿ      ¼       Times New Roman     -    ð    .    
       	          2
)þw   CFO b S j        ûyÿ      ¼       Times New Roman      -    ð    .    
       	       -   2
Ìþ   (Financial Process Owner) - S & L D K = & D % " S = D < = 4 5 " j b L < = -     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ­õ×ü…û2ÿ   ü  ÿÿÿ     -    ð    -    ú          -    ð    2ÿ…û×ü­õ   ¯ûÄ   ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	       $   2
†ýBö   Asst. Commissioner, b 5 5 - " " c D q q & 5 5 & D K = < "        ûyÿ      ¼       Times New Roman      -    ð    .    
       	          2
)þäö   (Other Process- j - L < = " S < D = < 5 5        ûyÿ      ¼       Times New Roman Â   -    ð    .    
       	          2
Ìþ›÷   Owners) j b L < < 5 .     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Ô Án	   &  ÿÿÿÿ     Ô ¾n	   &  ÿÿÿÿ     Ô qn	   ú          -    ð    -    $ Ô ¼Ÿf	Ÿüiüi}Ÿ}Ÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ?¾d	   ü  ÿÿÿ     -    ð    -    e	¿?
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     Å“Áí   ûÿ             Times New Roman      -    ð    .    
       	       <   2
ÿ#   Distributed Systems Access Controls Q  ,  %  8 8  2 8  > 8 ,  2 W +  Q 2 2 1 , ,  J 8 8  & 8  +        ûÿ             Times New Roman Â   -    ð    .    
       	       -   2
›ÿ   Mainframe Access Controls d 1  8 & % 2 W 2  P 2 2 2 + ,  J 8 8   % 8  ,        ûÿ             Times New Roman      -    ð    .    
       	       6   2
!ÿ   Policy, Procedures, & Standards > 8    1 8   ? % 8 2 1 8 8 & 1 ,   W  >  2 8 8 2 % 8 ,        ûÿ             Times New Roman Â   -    ð    .    
       	       !   2
§ÿ   Technical Support D 2 2 8 8  2 1   ? 8 8 8 8 %      
   & 
 ÿÿÿÿ     
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     }þ¶¥ÿ¾   -    -    ð    ð    -    ð        þ?þ?ÀÀ   }þ}þ   µ}þ   ú          -    µœþ   µ½þ   µÜþ   µýþ   µÿ   µ=ÿ   µ\ÿ   µ}ÿ   µœÿ   µÿ   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     ÿ¶õ ¾   -    -        ^õ ÿ   ú          -    ¶Mþ   ¶=   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  ÿÿÿÿ     pàûxØü   -    -        Øü¸	àû0   ú          -    ðúp   Àýp   -    -    ð    'ÿÿ
   & 
 ÿÿÿÿ        &  TNPP            
   & 
 ÿÿÿÿ        -    -                  (                  3¯$ ª   ª   Ý
 ƒ   ! ÝÝ    Ý     ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r             (                  ÿÿ$ ˜   ˜   Ìà0
    
 àà 
    
 à    (                  ÿÿ$ ™   ™   à0
    
 àà0
    
 àà 
    
 à    (       @           ›‚$ š   š   à0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 à  ]    G r a y   M a t E  ¨         d    <   ÀÀÀd          d    <   d          d  ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         2 -  ù                                          L e v e l   1                   L e v e l   2                   L e v e l   3                   L e v e l   4                   L e v e l   5               1 -  ù  5 -  ù     
   ç   Ý
 ƒ  ¯' ÝÝ    Ýà€    @@* (# àÔ ‡4  %cæ %  % %   ÔSECURITY€INCIDENTS€AND€VIOLATIONSÔ# †  %yµ  % %4 %cæ-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß    (                  ÿÿ$       òòÚ    ÚÚ
   
 Úóó    >                   þa$ "  S m a l l   C i r c l e   ð"ðà0      . .    à 
   Š   Ý
 ƒ:   C# ÝÝ    ÝÝ
 ƒP  ÿÿ ÝòòFigure€Ú    Ú3Ú
   
 ÚóóÝ     Ý.€€Customs€AIS€Security€OrganizationÔ €    Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r             (                  2 C$ ©   ©   Ý
 ƒ   ! ÝÝ    Ý, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          # $ %        
   X  Ý
 ƒB   C" ÝÝ    ÝòòOwners€of€sensitive€data€must€ensure€that€appropriate€safeguards€are€employedÐ   	         Ðto€protect€the€data€from€unauthorized€access€during€the€life€of€the€data€whileÏthey€are€the€responsible€owner.€€This€includes€the€transfer€of€the€data€by€anyÏmeans,€to€another€person,€application,€AIS,€or€processóó.                   d   7 7 7 7 '    ÿÿ            È È È È    d x    d„                                        L e v e l   1                   L e v e l   2                   L e v e l   3                   L e v e l   4                   L e v e l   5                   (                  2 C$ £   £   Ý
 ƒ   ! ÝÝ    Ý    (       "           ÿÿ$ •   •   òòFigure€Ú    ÚÚ
   
 Úóó 9 : ; 8 A    ýÿ        <<   
   cÿÿ                  
   ƒ  Ý
 ƒB   C" ÝÝ    ÝÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòThe€AIS€Security€Administrator€is€assigned€the€functional€responsibilities€of€theÐ   	         ÐInformation€Systems€Security€Officer€(ISSO)€and€Network€Security€OfficerÏ(NSO).óó€€Reference:€TD€P€71„10.€Information€Systems€Security€Officer. 
   V  Ý
 ƒ3   C) ÝÝ    ÝßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐÔ ‡Q  %cä %  % %   ÔÔ ‡Q  &ãå & % %cä ÔJune€1996à€    NN (# àU.S.€Customs€Service€AIS€Security€Policy€ManualÔ# †T  &ù­ & & &ãåq   # ÔÔ# †T  %y¬  % & &ù­   # ÔˆÐ   	 g    ÐÌƒ                                        L e v e l   1                   L e v e l   2                   L e v e l   3                   L e v e l   4                   L e v e l   5                   (                  ÿÿ$ ”   ”   òòÚ    ÚÚ
   
 Úóó    (                  2 C$ ¢   ¢   Ý
 ƒ   ! ÝÝ    Ý	 @ B : A 8 7 7 7 7 E    þÿ        <<  
   cÿÿ     €            
   :   Ý
 ƒ:   C# ÝÝ    ÝòòFigure€3óó.€€Warning€Banner 
   P  Ý
 ƒB   C" ÝÝ    ÝÔ ‡  &ù´ &  % %   ÔÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòThe€ADP€Steering€Committee,€Security€Subcommittee€provides€authority€forÐ   	         Ðthe€Customs€AIS€Security€Program.óóÔ# †  %yµ  % & &ù´   # Ô…                                        L e v e l   1                   L e v e l   2                   L e v e l   3                   L e v e l   4                   L e v e l   5                
     Ý
 ƒB   C" ÝÝ    ÝÔ ‡  &ù´ &  % %   ÔÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòThe€Director,€AIS€Security€Division,€OIT,€is€the€designated€AIS€SecurityÐ   	         ÐOfficer.€óó 
      Ñ    Ñ                     6 T i m e s   N e w   R o m a n   R e g u l a r          
   “  Ý
 ƒB   C" ÝÝ    ÝòòThe€Assistant€Commissioner€(AC),€OIT,Ô ‡  &ù´ &  % %   Ô€performs€the€functions€of€the€SeniorÐ   	         ÐInformation€Resources€Management€Official€(SIRMO)€and€Ô# †  %yµ  % & &ù´C   # ÔPrincipalÐ   	 Ú Ú    ÐAccrediting€Authority€(PAA)óó.Ð   	 ´´   ÐÌThe€AC€is€designated€as€an€Accrediting€Authority€(AA)€for€Customs€AISsÏprocessing,€storing,€or€transmitting€sensitive€information.€€The€Process€Owners€areÏalso€designated€as€AAs€for€their€Customs€processes.ÌÌReference:€TD€P€71„10.€€Principal€Accrediting€Authority€(PAA)€and€SeniorÏInformation€Resources€Management€Official€(SIRMO)., @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
     Ý
 ƒB   C" ÝÝ    ÝÓ     ÓòòÔ ‡  &ù´ &  % %   ÔTHIS€IS€A€U.S.€CUSTOMS€SERVICE€COMPUTER€NETWORKÐ   	         ÐSYSTEM.€€U.S.€CUSTOMS€SERVICE€COMPUTER€NETWORKÏSYSTEMS€ARE€PROVIDED€FOR€THE€PROCESSING€OF€OFFICIALÏU.S.€GOVERNMENT€INFORMATION€ONLY.€€ALL€DATAÏCONTAINED€ON€U.S.€CUSTOMS€SERVICE€COMPUTER€NETWORKÏSYSTEMS€ARE€OWNED€OR€CONTROLLED€BY€THE€U.S.€CUSTOMSÏSERVICE,€AND€MAY,€FOR€THE€PURPOSE€OF€PROTECTING€THEÏRIGHTS€AND€PROPERTY€OF€THE€U.S.€CUSTOMS€SERVICE,€BEÏMONITORED,€INTERCEPTED,€RECORDED,€READ,€COPIED,€ORÏCAPTURED€IN€ANY€MANNER€BY€AUTHORIZED€SYSTEMSÏPERSONNEL.€€THERE€IS€NO€RIGHT€OF€PRIVACY€IN€THIS€SYSTEM.€ÏSYSTEMS€PERSONNEL€MAY€GIVE€TO€LAW€ENFORCEMENTÏOFFICIALS€ANY€POTENTIAL€EVIDENCE€OF€CRIME€FOUND€ONÏU.S.€CUSTOMS€SERVICE€COMPUTER€NETWORK€SYSTEMS.€€òòUSEÐ   	    ÐOF€THIS€SYSTEM€BY€ANY€USER,€AUTHORIZED€ORÏUNAUTHORIZED,€CONSTITUTES€CONSENT€TO€THISÏMONITORING,€INTERCEPTION,€RECORDING,€READING,ÏCOPYING,€OR€CAPTURING€AND€DISCLOSUREóó.óóÔ# †  %yµ  % & &ù´*   # Ô    (                  3¯$ ¨   ¨   Ý
 ƒ   ! ÝÝ    Ý                    ¬ 6 T i m e s   N e w   R o m a n   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r             (       "           ÿÿ$ ’   ’   òòFigure€Ú    ÚÚ
   
 Úóó, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r                          $ÿÿ        3 5 9 A M ] q ‰ ¥ 1     1   1 . 1   1 . 1 . 1   1 . 1 . 1 . 1   1 . 1 . 1 . 1 . 1   1 . 1 . 1 . 1 . 1 . 1   1 . 1 . 1 . 1 . 1 . 1 . 1   1 . 1 . 1 . 1 . 1 . 1 . 1 . 1   F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ô   Ý
 ƒ  ¯' ÝÝ    Ýà€    ææ= (# àÔ ‡O  %cæ %  % %   ÔGENERAL€POLICYÔ# †  %yµ  % %O %cæ-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   Á   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡á  %cæ %  % %   ÔGENERAL€POLICYÔ# †  %yµ  % %á %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   Ý   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡R  %cæ %  % %   Ôà€    àà4 (# àAIS€SECURITY€LIFE€CYCLEÔ# †  %yµ  % %R %cæ   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   Ê   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ã  %cæ %  % %   ÔAIS€SECURITY€LIFE€CYCLEÔ# †  %yµ  % %ã %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß3 -  ù  4 -  ù   
   ˜  Ý
 ƒ   ¯* ÝÝ    ÝÔ ‡^  %cä %  % %   ÔÔ ‡^  &ãå & % %cä ÔßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐU.S.€Customs€Service€AIS€Security€Policy€Manual€à€    ÎÎB (# àJune€1996Ô# †^  %cä % & &ãå:   # ÔÔ ‡^  &ãå & % %cä ÔÔ# †`  &ù­ & & &ãå   # ÔˆÐ   	 g    ÐÔ# †`  %y¬  % & &ù­  # Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Ô   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡c  %cæ %  % %   ÔSECURITY€INCIDENTS€AND€VIOLATIONSÔ# †  %yµ  % %c %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ßF ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r             (       8           c$       à0     àà0    `	(#(# àà      àà     ° à    (       ,           !ù$ ž   ž   à0     àà0    `	(#(# àà      à, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   %  Ý
 ƒ  ¯' ÝÝ    Ýà€    ääC (# àÔ ‡„  %cä %  % %   ÔÔ ‡„  &ãå & %|%cä ÔFOREWORDˆÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ßÐ   	 2Ú    ÐÔ# †œ  &ù­ & &|&ãå-   # ÔÔ# †œ  %y¬  % & &ù­L   # Ô' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   «   Ý
 ƒ  ¯' ÝÝ    ÝÔ €j  %cæ %  % %   Ôà€    66C (# àGLOSSARYˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß    (   (               3/Q$ ¬   ¬   Ý
 ƒ   ! ÝÝ    ÝÔ   d Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   »   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡è  %cæ %  % %   ÔGLOSSARYÔ# †  %yµ  % %è %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         dúÿE°1 xA ß' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          : y   úÿ          <<=  
8                         À         ÿÿ  ÿÿ  ÿÿ  ÿÿ  ÿÿ Cÿÿ                 ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡‘  %cæ %  % %   ÔÓ    ÓAPPENDIX€CÔ# †  %yµ  % %‘ %cæ   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß 
   Ð   Ý
 ƒ  ¯' ÝÝ    Ýà€    ÜÜA (# àÔ ‡‰  %cæ %  % %   ÔAPPENDIX€AÔ# †  %yµ  % %‰ %cæ-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡Œ  %cæ %  % %   ÔAPPENDIX€AÔ# †  %yµ  % %Œ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡Ž  %cæ %  % %   ÔÓ    ÓAPPENDIX€BÔ# †  %yµ  % %Ž %cæ   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡  %cæ %  % %   ÔAPPENDIX€BÔ# †  %yµ  % % %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡“  %cæ %  % %   ÔAPPENDIX€CÔ# †  %yµ  % %“ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡–  %cæ %  % %   ÔÓ    ÓAPPENDIX€DÔ# †  %yµ  % %– %cæ   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         dusE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡˜  %cæ %  % %   ÔAPPENDIX€DÔ# †  %yµ  % %˜ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡›  %cæ %  % %   ÔÓ    ÓAPPENDIX€EÔ# †  %yµ  % %› %cæ   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   U  Ý
 ƒ3   C) ÝÝ    ÝßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐÔ ‡Ÿ  %cä %  % %   ÔÔ ‡Ÿ  &ãå & %%cä ÔJune€1996à€    NN (# àU.S.€Customs€Service€AIS€Security€Policy€ManualÔ# †°  &ù­ & &&ãåq   # ÔÔ# †°  %y¬  % & &ù­   # ÔˆÐ   	 g    Ð, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         I n d e x -  ù   
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡¢  %cæ %  % %   ÔAPPENDIX€EÔ# †  %yµ  % %¢ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÓ    ÓÔ ‡¥  %cæ %  % %   ÔAPPENDIX€FÔ# †  %yµ  % %¥ %cæ'   # ÔÐ   	 X      ÐÓ       ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡§  %cæ %  % %   ÔAPPENDIX€FÔ# †  %yµ  % %§ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡ª  %cæ %  % %   ÔÓ    ÓAPPENDIX€GÔ# †  %yµ  % %ª %cæ   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡¬  %cæ %  % %   ÔAPPENDIX€GÔ# †  %yµ  % %¬ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Ö   Ý
 ƒ  ¯' ÝÝ    ÝÓ    ÓÔ ‡¸  %cæ %  % %   ÔCOMMENTÔ# †  %yµ  % %¸ %cæ'   # ÔÐ   	 X      ÐÓ       ÓßA €7 - )                 °° x         d^ E°1 xA ßB i b -  ù  G l o s -  ù  F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Ô   Ý
 ƒ  ¯' ÝÝ    ÝÓ    ÓÔ ‡³  %cæ %  % %   ÔINDEXÔ# †  %yµ  % %³ %cæ'   # ÔÐ   	 X      ÐÓ       ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ¸   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡µ  %cæ %  % %   ÔINDEXÔ# †  %yµ  % %µ %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   Ú  Ý
 ƒ   ¯* ÝÝ    ÝßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐÔ ‡¼  %cä %  % %   ÔÔ ‡¼  &ãå & %‚%cä ÔU.S.€Customs€Service€AIS€Security€Policy€Manual€à€    ÎÎB (# àJune€1996Ô# †¼  %cä % &‚&ãå   # ÔÔ ‡¼  &ãå & %‚%cä ÔÔ# †½  &ù­ & &‚&ãåq   # ÔÔ ‡¼  &ãå & & &ù­ ÔˆÐ   	 g    ÐÔ# †½  &ù­ & &‚&ãå_  # ÔÔ# †½  %y¬  % & &ù­  # Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   V  Ý
 ƒ3   C) ÝÝ    ÝßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐÔ ‡  %cæ %  % %   ÔÔ ‡  &ãç & % %cæ ÔJune€1996à€    NN (# àU.S.€Customs€Service€AIS€Security€Policy€ManualÔ# †  &ù´ & & &ãçq   # ÔÔ# †  %yµ  % & &ù´   # ÔˆÐ   	 g    ÐÌ 
   ˜  Ý
 ƒ   ¯* ÝÝ    ÝÔ ‡  %cæ %  % %   ÔÔ ‡  &ãç & % %cæ ÔßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐU.S.€Customs€Service€AIS€Security€Policy€Manual€à€    ÎÎB (# àJune€1996Ô# †  %cæ % & &ãç:   # ÔÔ ‡  &ãç & % %cæ ÔÔ# †  &ù´ & & &ãç   # ÔˆÐ   	 g    ÐÔ# †  %yµ  % & &ù´  # Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          * : P 8 A             <<   
   Cÿÿ                  
   Î   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡À  %cä %  % %   Ôà€    88C (# àCONTENTSÔ# †Á  %y¬  % %2 %cä   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d^ E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         ' ÌC  	   Z  ‹6 T i m e s   N e w   R o m a n   R e g u l a r          
   »   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡Ä  %cä %  % %   ÔCONTENTSÔ# †Å  %y¬  % %Ý %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ò   Ý
 ƒ  ¯' ÝÝ    Ýà€    ¨¨? (# àÔ ‡Ç  %cä %  % %   ÔINTRODUCTIONÔ# †Í  %y¬  % %K %cä-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         C -  ù  D -  ù  E -  ù  F -  ù  G -  ù  F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ¿   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡Ð  %cä %  % %   ÔINTRODUCTIONÔ# †Ñ  %y¬  % %ß %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   Û   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡±  %cæ %  % %   ÔÓ    ÓBIBLIOGRAPHYÔ# †  %yµ  % %± %cæ   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   j   Ý
 ƒ:   C# ÝÝ    ÝÝ
 ƒP  ÿÿ ÝòòFigure€Ú    Ú2Ú
   
 ÚóóÝ     Ý€Policy€Hierarchy 
   ¿   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ê  %cæ %  % %   ÔBIBLIOGRAPHYÔ# †  %yµ  % %ê %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   Ô   Ý
 ƒ  ¯' ÝÝ    Ýà€    ææ= (# àÔ ‡Õ  %cä %  % %   ÔGENERAL€POLICYÔ# †Ö  %y¬  % %O %cä-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Á   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡Ø  %cä %  % %   ÔGENERAL€POLICYÔ# †Ù  %y¬  % %á %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   €  Ý
 ƒB   C" ÝÝ    ÝÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòCommissioner€of€Customs€fulfills€the€responsibilities€of€Head€of€Bureau€andÐ   	         Ðauthorizes€the€implementation€of€Customs€AIS€security€safeguards€based€onÏFederal€policy€and€guidelinesóó.€€Reference:€TD€P€71„10.€Head€of€Bureau. 
   Š   Ý
 ƒ:   C# ÝÝ    ÝÝ
 ƒP  ÿÿ ÝòòFigure€Ú    Ú3Ú
   
 ÚóóÝ     Ý.€€Customs€AIS€Security€OrganizationÔ €    Ô 
   P  Ý
 ƒB   C" ÝÝ    ÝÔ ‡Þ  &ù­ &  % %   ÔÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòThe€ADP€Steering€Committee,€Security€Subcommittee€provides€authority€forÐ   	         Ðthe€Customs€AIS€Security€Program.óóÔ# †Þ  %y¬  % & &ù­   # Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   “  Ý
 ƒB   C" ÝÝ    ÝòòThe€Assistant€Commissioner€(AC),€OIT,Ô ‡â  &ù­ &  % %   Ô€performs€the€functions€of€the€SeniorÐ   	         ÐInformation€Resources€Management€Official€(SIRMO)€and€Ô# †â  %y¬  % & &ù­C   # ÔPrincipalÐ   	 Ú Ú    ÐAccrediting€Authority€(PAA)óó.Ð   	 ´´   ÐÌThe€AC€is€designated€as€an€Accrediting€Authority€(AA)€for€Customs€AISsÏprocessing,€storing,€or€transmitting€sensitive€information.€€The€Process€Owners€areÏalso€designated€as€AAs€for€their€Customs€processes.ÌÌReference:€TD€P€71„10.€€Principal€Accrediting€Authority€(PAA)€and€SeniorÏInformation€Resources€Management€Official€(SIRMO)., @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         , @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
     Ý
 ƒB   C" ÝÝ    ÝÔ ‡å  &ù­ &  % %   ÔÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòThe€Director,€AIS€Security€Division,€OIT,€is€the€designated€AIS€SecurityÐ   	         ÐOfficer.€óóF ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
     Ý
 ƒB   C" ÝÝ    ÝòòThe€process€owners€are€designated€as€Accrediting€Authorities€for€the€CustomsÐ   	         Ðprocesses€for€which€they€have€responsibility.ÌóóÌThe€Assistant€Commissioner,€OIT,€performs€the€functions€of€Principal€AccreditingÏAuthority€(PAA)€and€shares€accrediting€responsibility€with€the€Process€Owners.ÌÌReference:€TD€P€71„10.€€Principal€Accrediting€Authority€(PAA) 
   X  Ý
 ƒB   C" ÝÝ    ÝòòOwners€of€sensitive€data€must€ensure€that€appropriate€safeguards€are€employedÐ   	         Ðto€protect€the€data€from€unauthorized€access€during€the€life€of€the€data€whileÏthey€are€the€responsible€owner.€€This€includes€the€transfer€of€the€data€by€anyÏmeans,€to€another€person,€application,€AIS,€or€processóó., @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   ƒ  Ý
 ƒB   C" ÝÝ    ÝÓo  [ °    X °  `	 ¸  h À  p È   x Ð  (# €% Ø' 0* ˆ, à. 81 3 è5 @8 ˜: ð< H?  A°   œXo ÓòòThe€AIS€Security€Administrator€is€assigned€the€functional€responsibilities€of€theÐ   	         ÐInformation€Systems€Security€Officer€(ISSO)€and€Network€Security€OfficerÏ(NSO).óó€€Reference:€TD€P€71„10.€Information€Systems€Security€Officer., @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Ý   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡ì  %cä %  % %   Ôà€    àà4 (# àAIS€SECURITY€LIFE€CYCLEÔ# †í  %y¬  % %R %cä   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ê   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ï  %cä %  % %   ÔAIS€SECURITY€LIFE€CYCLEÔ# †ð  %y¬  % %ã %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ã   Ý
 ƒ  ¯' ÝÝ    Ýà€    . (# àÔ ‡ò  %cä %  % %   ÔMINIMUM€SECURITY€REQUIREMENTSÔ# †ó  %y¬  % %U %cä-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d 9E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ð   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡õ  %cä %  % %   ÔMINIMUM€SECURITY€REQUIREMENTSÔ# †ö  %y¬  % % %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r         A -  ù  B -  ù   
     Ý
 ƒB   C" ÝÝ    ÝÓ     ÓòòÔ ‡ú  &ù­ &  % %   ÔTHIS€IS€A€U.S.€CUSTOMS€SERVICE€COMPUTER€NETWORKÐ   	         ÐSYSTEM.€€U.S.€CUSTOMS€SERVICE€COMPUTER€NETWORKÏSYSTEMS€ARE€PROVIDED€FOR€THE€PROCESSING€OF€OFFICIALÏU.S.€GOVERNMENT€INFORMATION€ONLY.€€ALL€DATAÏCONTAINED€ON€U.S.€CUSTOMS€SERVICE€COMPUTER€NETWORKÏSYSTEMS€ARE€OWNED€OR€CONTROLLED€BY€THE€U.S.€CUSTOMSÏSERVICE,€AND€MAY,€FOR€THE€PURPOSE€OF€PROTECTING€THEÏRIGHTS€AND€PROPERTY€OF€THE€U.S.€CUSTOMS€SERVICE,€BEÏMONITORED,€INTERCEPTED,€RECORDED,€READ,€COPIED,€ORÏCAPTURED€IN€ANY€MANNER€BY€AUTHORIZED€SYSTEMSÏPERSONNEL.€€THERE€IS€NO€RIGHT€OF€PRIVACY€IN€THIS€SYSTEM.€ÏSYSTEMS€PERSONNEL€MAY€GIVE€TO€LAW€ENFORCEMENTÏOFFICIALS€ANY€POTENTIAL€EVIDENCE€OF€CRIME€FOUND€ONÏU.S.€CUSTOMS€SERVICE€COMPUTER€NETWORK€SYSTEMS.€€òòUSEÐ   	    ÐOF€THIS€SYSTEM€BY€ANY€USER,€AUTHORIZED€ORÏUNAUTHORIZED,€CONSTITUTES€CONSENT€TO€THISÏMONITORING,€INTERCEPTION,€RECORDING,€READING,ÏCOPYING,€OR€CAPTURING€AND€DISCLOSUREóó.óóÔ# †ú  %y¬  % & &ù­*   # ÔF ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   :   Ý
 ƒ:   C# ÝÝ    ÝòòFigure€3óó.€€Warning€Banner 
   ç   Ý
 ƒ  ¯' ÝÝ    Ýà€    @@* (# àÔ ‡ý  %cä %  % %   ÔSECURITY€INCIDENTS€AND€VIOLATIONSÔ# †þ  %y¬  % %4 %cä-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ô   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡  %cä %  % %   ÔSECURITY€INCIDENTS€AND€VIOLATIONSÔ# † %y¬  % %c %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   «   Ý
 ƒ  ¯' ÝÝ    ÝÔ € %cä %  % %   Ôà€    66C (# àGLOSSARYˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   »   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ %cä %  % %   ÔGLOSSARYÔ# † %y¬  % %è %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         dúÿE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Û   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡ %cä %  % %   ÔÓ    ÓBIBLIOGRAPHYÔ# †	 %y¬  % %± %cä   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ¿   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ %cä %  % %   ÔBIBLIOGRAPHYÔ# † %y¬  % %ê %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ð   Ý
 ƒ  ¯' ÝÝ    Ýà€    ÜÜA (# àÔ ‡ %cä %  % %   ÔAPPENDIX€AÔ# † %y¬  % %‰ %cä-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ %cä %  % %   ÔAPPENDIX€AÔ# † %y¬  % %Œ %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡ %cä %  % %   ÔÓ    ÓAPPENDIX€BÔ# † %y¬  % %Ž %cä   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ %cä %  % %   ÔAPPENDIX€BÔ# † %y¬  % % %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡ %cä %  % %   ÔÓ    ÓAPPENDIX€CÔ# † %y¬  % %‘ %cä   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         C o m m e n t -  ù  F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ %cä %  % %   ÔAPPENDIX€CÔ# † %y¬  % %“ %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡! %cä %  % %   ÔÓ    ÓAPPENDIX€DÔ# †" %y¬  % %– %cä   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         dusE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡$ %cä %  % %   ÔAPPENDIX€DÔ# †% %y¬  % %˜ %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡' %cä %  % %   ÔÓ    ÓAPPENDIX€EÔ# †( %y¬  % %› %cä   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡* %cä %  % %   ÔAPPENDIX€EÔ# †+ %y¬  % %¢ %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
     Ý
 ƒ  Vf$ ÝÓ          Ó€€€€€òòÚ    Ú1Ú
   
 ÚóóÝ    Ýà0     àOMB€Circular€A„130Ô     A „ 1 3 0      Ô,€February€8,€1996€requires€that€security€awarenessÔ#     a w a r e n e s s     # Ô€trainingÔ!     t r a i n i n g     Ö! Ô€must€beÐ   	 X      Ðperiodic.€€The€NIST€òòComputer€Security€TrainingÔ!     T r a i n i n g      ! Ô€Guidelinesóó,€11/89€recommend€annualÐ   	 2Ú    Ðrefresher€trainingÔ!     t r a i n i n g     ! Ô,€but€it€is€not€a€requirement.€[NIST€500„172] 
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÓ    ÓÔ ‡. %cä %  % %   ÔAPPENDIX€FÔ# †/ %y¬  % %¥ %cä'   # ÔÐ   	 X      ÐÓ       ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡1 %cä %  % %   ÔAPPENDIX€FÔ# †4 %y¬  % %§ %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          * : P 3  ›    & O L E   2 . 0   B o x          <=  8                                   ÿÿ  ÿÿ  ÿÿ  ÿÿ  ÿÿ Cÿÿ     HK K K K             '                   È È È È    d x    dF ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Ù   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡6 %cä %  % %   ÔÓ    ÓAPPENDIX€GÔ# †7 %y¬  % %ª %cä   # ÔÐ   	 X      ÐÓ   :    ÓßA €7 - )                 °° x         d  E°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   ½   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡9 %cä %  % %   ÔAPPENDIX€GÔ# †: %y¬  % %¬ %cä   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ß, @0Ð  A   Z  ‹" A r i a l   R e g u l a r         F ƒŒ	  	   Z   2 C G   T i m e s   ( W N )   R e g u l a r          
   Î  Ý
 ƒ  Vf$ ÝÓ          Ó€€€€€òòÚ    Ú2Ú
   
 ÚóóÝ    ÝÓ9  %  ÿÿ  ä < ” ì D œ ô L ¤ ü!°   œX9 ÓThis€Circular's€use€of€the€term€"material€weaknessÔ3  )   m a t e r i a l   w e a k n e s s     3 Ô"€should€not€be€confused€with€use€of€the€sameÐ   	 X      Ðterm€by€government€auditors€to€identify€management€control€weaknesses€which,€in€their€opinion,€poseÏa€risk€or€a€threat€to€the€internal€control€systems€of€an€audited€entity,€such€as€a€program€or€operation.€ÏAuditors€are€required€to€identify€and€report€those€types€of€weaknesses€at€any€level€of€operation€orÏorganization,€even€if€the€management€of€the€audited€entity€would€not€report€the€weaknesses€outside€theÏagency. ? C : \ C A \ P O L M A N \ C S - S E A L . T I F   ÿWPC                 ,,     Ê¾    Ê¾  9         Ê¾,,        ÿÿÿ  ÿ €=·Ê¾}ÿx Àþÿ9 À ÿ6 Àÿ7 À ÿ5 Àÿ6 € ÿ3 Àÿ5 € ÿ2 Àÿ4 à ÿ2 Àÿ3 ð ÿ1 Àÿ2 üÿÿÀ ÿ0 Àÿ2 € ÿ ð ÿ/ Àÿ1 ðÿ
 ÿ/ Àÿ0 þÿ ø ?ÿ. Àÿ0 àÿ ðÿ. Àÿ/ ü ÿ ÿ- Àÿ/à   ?ÿ øÿ- Àÿ.þ   ÿÀ   ÿ, Àÿ.à   ÿÿ, Àÿ-þ   ÿø   ÿ+ Àÿ-à  ÿð  ÿ+ Àÿ-   ÿ   ÿ* Àÿ,ø  ÿð  ÿ* Àÿ,€  ÿþ   ÿ) Àÿ+ü  ÿà  ÿ) Àÿ+à  ?ÿ	 ü ÿ
þ  ÿ) Àÿ+  ÿ	 € ÿ	ð  ÿ( Àÿ*ø  ÿ þ
 ÿþ  ÿ( Àÿ*À ÿ ü ?ÿà  ÿ( Àÿ)þ  ÿ ÿü  ÿ' Àÿ)ð  ÿ À ÿÿ€ ÿ' Àÿ)€ ÿ ð ÿ ÿð  ÿ' Àÿ(ü  ÿ ü ÿ	ü   ÿþ  ÿ& Àÿ(ð  ÿ ÿ€   ÿ€ ÿ& Àÿ(€ ÿà   ÿþ   ÿð  ÿ& Àÿ'þ  ÿþ   ÿø   ?ÿþ  ÿ% Àÿ'ð  ÿà  ÿÀ  ÿÀ ÿ% Àÿ'À ÿþ   ÿ   ?ÿø  ÿ% Àÿ'  ?ÿà  ÿø  ÿ  ?ÿ$ Àÿ&ø ÿþ  ÿà  ?ÿÀ ÿ$ Àÿ&à ÿð  ?ÿ  ÿð ÿ$ Àÿ&€ ÿ€ ÿð  ÿþ  ÿ# Àÿ%þ  ÿø  ÿ  ÿÀ ÿ# Àÿ%ø ÿ€ ÿð  ÿø ÿ# Àÿ%À ÿü  ?ÿ  ÿþ ÿ# Àÿ%  ÿà ÿð ÿ€ ?ÿ" Àÿ$ü ÿ  ?ÿþ  ÿð ÿ" Àÿ$ð ÿø ÿà ÿø ÿ" Àÿ$À ?ÿÀ ÿü  ÿþ  ÿ" Àÿ$ ÿþ  ÿ€ ÿÀ ?ÿ! Àÿ#ü ÿð ÿð ÿð ÿ! Àÿ#ð ÿ€ ?ÿþ  ÿü ÿ! Àÿ#À ÿÿÿþ ÿ à ÿ  ÿ! Àÿ# ÿð ÿ ü ÿÀ ?ÿ  Àÿ"ü ÿ€ ÿ àÿ ÿ€ ÿð ÿ  Àÿ"ð ?ÿÿÿü ÿÀ?ÿà ?ÿ
à ?ÿÿÿþ ÿ  Àÿ"À ÿð ÿ€ÿ€ ÿ
ü ÿ€ ÿ  Àÿ" ÿÀ ÿ ÿþ  ÿ ÿà ?ÿ Àÿ!ü ÿÿÿþ ÿ ÿü  ÿà ?ÿÿÿø ÿ Àÿ!ð ?ÿÿÿø ÿþ ÿø    ÿ
ü ÿÿÿþ ÿ Àÿ!à ÿà ÿþ ÿð p  ÿ
€ÿ ÿ Àÿ!€ÿ€ÿ  ÿþ ÿàÿ  ÿ
à ÿÿÿÀ ÿ Àÿ þ ÿÿÿþ ÿð ÿü ÿàÿÀ ÿþÿü ÿÿÿð ÿ Àÿ ø ÿÿÿðÿ  ÿü ÿ	Àÿà ÿü ÿ ÿÿÿü ÿ Àÿ à ÿÿÿÀÿø  ?ÿü ÿ	Àÿð ÿü ÿÀ ÿÿÿþ ÿ Àÿ Àÿ ÿÀ  ?ÿø  ÿ	€ÿø ÿþ  ÿø ?ÿÿÿ€ ÿ Àÿ  ÿÿÿø ?ÿü   ?ÿø  ÿ
€ÿü ÿÿ  ÿþ ÿÿÿà ÿ Àÿü ÿÿÿà ÿà   ÿø  ÿ
€ÿþ ÿÿ€ ÿ€ÿÿÿø ÿ Àÿø ?ÿÿÿ€ÿ ÿø  ÿ
€ÿÿ ÿÿÀ  ÿà ÿÿü ÿ Àÿà ÿÿÿþ ÿ ð ÿð  ?ÿ€ÿÿ ÿÿà  ÿø ÿÿÿ ÿ Àÿ€ÿÿÿø ?ÿ   | ÿð  ?ÿ€ÿÿ€ÿÿà  ?ÿþ ÿÿÿÀ ÿ Àÿ ÿÿÿà ÿø  ÿ€ÿà  ÿ€ÿÿ€ÿÿÿð  ?ÿ€ÿÿÿð ?ÿ Àÿü ÿÿÿÀÿÀ  ÿÿàÿà  ÿÀ ÿÀÿÿÿð  ÿà ÿÿÿü ÿ Àÿø ÿÿÿ ÿþ  ÿÿðÿà ÿÀ ÿÀÿÿÿð ?ÿ ÿø ?ÿÿþ ÿ Àÿàÿÿÿü ÿø  ÿÿøÿÀ ÿà ÿáÿÿÿà ÿÿ ÿ ÿÿÿ€ÿ Àÿ€ÿÿÿàÿð  ÿÿüÿÀ? ÿà  ?óÿÿÿàÿÿ€ ?ÿ€ÿÿÿÀ ÿ Àÿ ÿÿÿ€ÿð  ÿÿþÿÀ? ÿð  ÿàÿÿÀ ÿð ÿÿÿð ?ÿ Àÿü ÿÿþ ÿð  ÿÿÿÿ€? ÿø  ÿàÿÿà ÿü ?ÿÿü ÿ Àÿø ÿÿü ÿø  ?ÿÿÿÿ€? ÿü   ÿÿÿÀÿÿð ÿ ÿÿþ ÿ ÀÿàÿÿÿðÿÀ ?ÿÏÿ€ ÿþ   ÿÿÿÀÿÿð ÿÀÿÿÿ€ÿ ÀÿÀÿÿÿÀÿø ÿ‡ÿ   ÿ   ÿÿÿÀÿÿø ÿð ÿÿÿà ÿ Àÿ ÿÿÿ ÿü ÿƒÿÿÀ  ÿÿÿÀÿÿø ÿü ÿÿð ÿ Àÿþ ÿÿþ ?ÿþ ÿƒÿÿð  ÿÿÿ€ÿÿø ÿþ ÿÿü ?ÿ Àÿø ÿÿø ÿþ ÿÿ þ ÿþ  ÿÿÿ€ÿÿøÿÿþÿ€ÿÿþ ÿ Àÿð ÿÿÿàÿþ ÿÿ þÿÿÿÿ€  ÿÿÿ€ÿÿøÿÿøÿàÿÿÿ€ÿ ÀÿÀÿÿÿ€ÿ	 þÿ þ?ÿÿþÿð  ÿÿ ÿÿøÿÿøÿð ÿÿÿÀÿ Àÿ€ÿÿÿ ÿ	 þ ÿ ü?ÿÿþÿþ  ÿÿ ÿÿøÿÿø ÿü ?ÿÿð ÿ Àÿþ ÿÿü ÿ	 ü ÿ üÿÿþÿÿ€ ?ÿÿ ÿÿðÿÿø ?ÿ ÿÿø ?ÿ Àÿü ?ÿÿðÿ
€ð ÿü à ÿÿüÿÿà ?ÿþ ?ÿÿðÿÿü ÿ€ÿÿþ ÿ Àÿø ÿÿàÿ
€À ÿø ÿü ÿÿüÿÿø ÿþ ?ÿÿðÿÿþ ÿàÿÿÿ ÿ Àÿàÿÿÿ€ÿ€ÿ€   ÿøÿþ ÿÿüÿÿþ ÿþ ?ÿÿðÿÿÿ  ÿø ÿÿÿÀÿ ÀÿÀÿÿþ ?ÿø ÿÀ   ÿðÿÿ ÿÿüÿÿÿ ÿü ÿÿàÿÿÿ€ ?ÿþ ?ÿÿàÿ Àÿ€ÿÿü ÿÀ ÿ%À   ñÿÿÿðÿÿ ÿÿü ÿÿÿ€ÿü ÿÿàÿÿÿ€ ÿ ÿÿð ÿ Àÿþ ÿÿðÿ  ÿ%À   ?àÿÿÿðÿÿ€ÿÿø ÿÿ€ÿü ÿÿà?ÿÿÿÀ ÿÀÿÿü ?ÿ Àÿü ?ÿÿàÿü  ÿ%à   ?àÿÿÿàÿÿ€ÿÿø ÿÿ€ÿø ÿÿÀ?ÿÿÿÀ  ÿðÿÿþ ÿ Àÿð ÿÿÿ€ÿð   ÿ&à   ?àÿÿàÿÿ€ÿÿø ?ÿÿ€ÿø ÿÿÿÀ?ÿÿÿÀ  ?ÿü ÿÿÿ ÿ Àÿàÿÿÿ ?ÿ.À   ÿÿÿà  ?àÿÿÀÿÿ€ ÿÿø ÿÿ€?ÿø ÿÿÿÀÿÿÿ€  ÿþ ?ÿÿÀÿ ÀÿÀÿÿü ÿ*ÿÿÿà ?à?ÀÿÿÀÿÿ€ ?ÿø ÿÿ€?ÿø ÿÿÿ€ÿÿÿ€  ÿ€ÿÿàÿ Àÿ€ÿÿøÿ ü*?ÿÿÿð ð?À?ÿÿ€ÿÿ  ÿø ÿÿ ?ÿø ÿÿÿ€ÿÿÿ€  ÿÀÿÿø ÿ Àÿþ ÿÿàÿ+ð À ?ÿÿÿð ü?À?ÿÿ ÿþ   ÿø  ÿþ ÿð ÿÿÿ€ÿÿÿ ÿàÿÿü ?ÿ Àÿü ÿÿÀÿ'À ?ð ?ÿÿÿð þÀ?ÿþ ÿø   ø  ?ø ÿðÿÿÿ€ÿ ð ?ÿøÿÿþ ÿ Àÿø ÿÿÿ ?ÿ0  ÿø ?ÿÿÿø ÿÿÀ?ÿü  à   ü À ÿÿðÿÿÿ ÿÿÿþ ü ÿü ÿÿ€ÿ Àÿ;ðÿÿþ ÿÿÿü ÿü ?ÿÿÿø ÿÿ€?ÿð  À   ÿÿ   ÿÿðÿÿÿ ÿÿÿþ þ ÿ ?ÿÿÀÿ ÀÿÀÿÿø ÿ1ð ÿü ?ÿÿÿø ÿÿ€ÿÀ  À  ÿÿÿÀ  ÿÿðÿÿÿÿÿÿü ÿ ÿ€ÿÿàÿ Àÿ€ÿÿðÿ1À ÿü ?ÿÿÿø ÿÿ ÿÀ  À  ÿÿÿà  ÿÿðÿÿþÿÿÿü ÿÀÿàÿÿø ÿ Àÿ ÿÿàÿ  ÿþ ?ÿÿÿø ?ÿþ ÿ€  ð ÿø  ÿÿðÿÿþÿÿÿø ?ÿàÿðÿÿü ÿ Àÿ þ ÿÿ€ÿÿÿþ  ÿþ ?ÿÿÿü ?ÿü ÿÀ  ÿ  ?ÿÿðÿÿüÿÿÿø ?ÿàÿø ÿÿþ ÿ Àÿü ÿÿÿ ?ÿÿÿü  ÿü ?ÿÿÿü ?ÿø ÿà ÿà ÿÿÿð ÿÿüÿÿÿð ?ÿð ÿþ ÿÿ€ÿ Àÿðÿÿþ ÿÿÿø  ÿü ÿÿÿü ÿà ÿø ÿÿüÿÿÿð ?ÿø ÿ ÿÿÀÿ Àÿàÿÿøÿð  ÿü ÿÿÿü ÿ€ ÿø ÿøÿÿÿà ?ÿø ÿÀÿÿàÿ ÀÿÀÿÿðÿø  ÿø ÿþ ü  ?ÿü ?ÿðÿÿÿà ?ÿø ÿàÿÿðÿ Àÿ€ÿÿÀÿø  ÿð ÿþ à  ÿþ ÿðÿÿÿÀ ?ÿø ÿøÿÿø ÿ Àÿ ?ÿÿ€ÿø ÿà ÿ þ ÿ ÿàÿÿÿÀ ÿø ÿü ÿÿü ÿ Àÿþ ÿÿ ?ÿþ ÿÀÿ þ ÿ ÿ€ÿÿÿ€ ÿð ÿÇÿÿÿþ ÿÿ ?ÿ Àÿüÿÿü ÿ ÿ  ÿ þÿ€ < ÿÿÿ€ ÿà ÿÿ€ÿÿ€ÿ Àÿðÿÿøÿ€ü  ÿü   ÿà   ?ÿÿÿ   ÿÀ ÿ ÿÀÿÿÀÿ ÀÿàÿÿðÿÀ `  ?ÿÿÿü   ÿð   ÿÿÿ   € ÿ ?ÿÿÿàÿÿàÿ ÀÿÀÿÿàÿ Àÿÿÿð  ÿü   ÿÿÿþÿÿ€ÿÿÿðÿÿðÿ Àÿ€ÿÿÀÿ àÿÿÿà  ?ÿ  ÿÿÿþÿÿ€ÿÿÿü ÿÿø ÿ Àÿ ?ÿÿ ?ÿ àÿ?ÿÀ ÿÀ ÿÿÿüÿÿÀÿÿÿþ ÿü ÿ Àÿþ ÿþ ÿ ðþÿ€ ÿü ÿÿÿü €  ÿÿÀÿ ?ÿþ ÿ Àÿü ÿÿüÿ ðþÿ  ÿ
ø ?À  ÿÿà ÿÀÿÿ€ÿ Àÿøÿÿøÿÿÿÿø  € |ÿ ÿð à  ÿÿà ?ÿÿÿàÿÿÀÿ Àÿðÿÿðÿÿÿüÿÿÿø ÿÀ <ÿ€?ÿð ð  ÿÿà ÿÿÿðÿÿàÿ ÀÿÀÿÿÀÿÿÿðÿÿÿü ÿà ÿçÿÀ ø  ÿÿà ÿÿÿøÿÿðÿ Àÿ€ÿÿ€ÿÿÿàÿÿÿü ÿð  ÿ ƒ  ÿü  ÿÿÿð ÿÿÿþ ÿÿø ÿ Àÿ ?ÿÿ ÿÿÿÀÿÿÿþ ÿø  ÿà   ÿ   ÿü ÿÿÿð ÿ ÿü ÿ Àÿþ ÿþ ÿ  ÿÿÿþ ÿø  ÿ þ ÿ   ÿü ?ÿÿÿð  ÿ€?ÿþ ÿ Àÿü ÿÿüÿÿÿþ  ÿÿÿ ÿü  ÿ
 ü ÿ
  ÿþ ÿÿÿð  ÿÿÿÀÿÿ ?ÿ Àÿøÿÿøÿÿÿø  ?ÿÿÿ ÿþ  ÿ	 ü
 ÿ	€ ÿü ÿð  ÿÿÿàÿÿÀÿ Àÿðÿÿðÿÿÿð  ÿÿÿ ÿþ  ÿ	 ÿÀ ÿü ÿð  ?ÿÿÿðÿÿàÿ ÀÿàÿÿÀÿÿÿà  ÿÿÿ€ÿÿ  ?ÿ Àÿà ÿü ÿð  ?ÿÿÿüÿÿðÿ ÀÿÀÿÿ€?ÿÿÿÀ  ÿÿÿ€ÿÿ€ ?ÿ ø ÿð ÿü ÿð `ÿÿÿþ ÿÿøÿ Àÿ€ÿÿ ÿÿÿ   ÿÿÿÀÿÿÀ ÿ ÿü  ÿø ÿð ÿñÿ ÿü ÿ Àÿ ?ÿþ ÿÿÿþ ÀÿÿÿÀ ÿÿàÿ ð ÿþ  ÿø ÿøÿàÿÿÿ€?ÿþ ÿ Àÿþ ÿüÿÿÿü ðÿÿÿà ÿøÿ ÿ€ ø ÿøÿàÿÿÿÀÿÿ ?ÿ Àÿü ÿÿøÿÿÿð ?üÿÿÿð ÿ	 ð ÿà ?ð ÿøÿàÿÿÿàÿÿ€ÿ Àÿøÿÿðÿÿÿà ÿÿÿÿð ÿ	 ÿø ð ÿøÿðÿÿÿðÿÿÀÿ ÀÿðÿÿàÿÿÿÀ ÿÿÃÿÿÿø ÿ ð ÿü ð ÿøÿðÿÿÿüÿÿàÿ Àÿ
àÿÿÀ?ÿÿÿ€ ÿø  ÿ € ?ÿ à ÿøÿø ÿÿþÿÿðÿ Àÿ
Àÿÿ€ÿÿþ  ÿü  ÿ ø ÿàà ÿøÿø ?ÿÿÿ ÿÿøÿ ÀÿÀÿÿ ÿÿÿü  ÿü  ÿ Àÿøà ÿøÿø ÿÿÿ€ÿü ÿ Àÿ€?ÿþÿÿÿø  ÿü  ÿ þ ÿà ÿøÿø ÿÿÿÀ?ÿþ ÿ Àÿ ÿüÿÿÿð  ?ÿü  ÿ ð ÿà ÿø ÿø ÿÿÿàÿÿ ÿ Àÿþ ÿÿøÿÿÿÀ  ?ÿü  ÿ € ÿà qÿÿÿø ÿð ÿÿÿðÿÿ€?ÿ Àÿüÿÿðÿÿÿ€  ÿü  ÿ ü ÿà  ÿÿÿø ÿà  ÿÿÿøÿÿÀÿ Àÿøÿÿàÿÿÿ   ÿø  ÿ ð ÿð  ÿÿÿø €  ÿÿüÿÿàÿ ÀÿðÿÿÀ?ÿÿþ   ÿø ÿ € ÿð  ÿÿÿø <   ?ÿÿþ ÿÿàÿ Àÿàÿÿ€ÿÿø  ÿð ÿ þ ÿø  ÿÿÿøÿÿÿ ÿðÿ ÀÿÀÿÿ ÿÿÿð ~ ÿà ?ÿ ð ÿü ÿÿÿøÿÿÿ€?ÿøÿ Àÿ€ÿþÿÿÿà ÿ ÿÀ ÿ À ÿþ ÿÿÿø?ÿÿÿÀÿü ÿ Àÿ ?ÿüÿÿÿàÿ€ÿ€ÿ ÿ ÿÿÿø   üÿÿÿàÿþ ÿ Àÿþ ÿøÿÿÿÀÿÀ ÿ€ÿ ü ÿ	Àÿÿÿð   ÿðÿÿ ?ÿ Àÿþ ÿÿðÿÿÿÀÿà ÿÀ?ÿ à ÿøÿÿÿð  ÿøÿÿ€ÿ ÀÿüÿÿàÿÿÿÀÿð ?ÿ Áÿ  ÿð  ?ÿüÿÿ€ÿ ÀÿøÿÿÀ?ÿÿÿàÿð ?ÿ	 ü  ÿà  ÿþ ÿÿÀÿ Àÿðÿÿ€ÿÿÿàÿø ÿ	 ð  ÿà ÿ ÿÿàÿ Àÿàÿÿ ÿðÿü ÿ	 À!ÿÀ ÿ€ÿðÿ ÀÿÀÿþÿðÿþ ÿ	" ?ÿ€ ÿÀ?ÿøÿ Àÿ€?ÿüÿøÿÿ ÿ ü" ÿ€ÿàÿü ÿ Àÿ ÿøÿüÿÿ ÿ à" ÿ ÿðÿþ ÿ Àÿþ ÿðÿüÿÿ€ÿ €# ÿþ ÿøÿÿ ?ÿ Àÿþ ÿÿàÿþÿÿÀ ÿ þ$ ÿàx ÿüÿÿ€?ÿ ÀÿüÿÿÀ?ÿ ÿÿà ÿ ø$ ÿà  ÿþÿÿÀÿ Àÿøÿÿ€ÿ€ÿÿð ?ÿ à$ ÿÀ  ÿ	 ÿÿàÿ Àÿðÿÿ ÿÀÿÿð ÿ €%ÿà  ?ÿ	€ÿàÿ Àÿàÿÿÿàÿÿø Àÿ& ?ÿà  ?ÿ	À?ÿðÿ ÀÿÀÿþÿðÿÿü   ÿ ü& ÿð  ÿ	àÿøÿ ÀÿÀÿüÿü   ÿ ð& ÿø  ÿ	ðÿüÿ Àÿ€?ÿøÿþ   ÿ À& ÿþ  ÿ
øÿþ ÿ Àÿ ÿðÿ	  ÿ( ÿ  ÿ
üÿÿ ÿ Àÿþ ÿÿàÿ	  ÿ þ( ÿ€ ÿ
þÿÿ€?ÿ Àÿü ÿÿÀ?ÿ	€ ÿ ø( ÿà ÿ
ÿÿÀÿ Àÿüÿÿ€ÿ	€ ÿ à( ÿð ÿ
€ÿÿàÿ Àÿøÿÿ ÿ
À ÿ À)ÿü ?ÿ
€ÿðÿ Àÿðÿÿÿ
À ?ÿ*ÿÿÿþ ÿ
À?ÿðÿ Àÿàÿþÿ
À ÿÿÿü* ÿ ÿ
àÿøÿ Àÿàÿüÿ
Àÿ ø* ÿÀÿ
ðÿüÿ ÀÿÀÿøÿ
Àÿ à* ÿðÿ
øÿþ ÿ Àÿ€?ÿðÿ
€ÿ À+ÿøÿ
üÿÿ ÿ Àÿ ÿàÿ
 ÿ,ÿÿÿþÿ
üÿÿ ÿ Àÿþ ÿÿà?ÿ
 ?ÿÿÿþ, ÿþÿÿ€?ÿ ÀÿüÿÿÀÿ	þ ÿÿÿø, ÿ ÿÿÀÿ Àÿüÿÿ€ÿ	þÿ ð, ÿ€ÿàÿ Àÿøÿÿ ÿ
þÿ À, ÿÀÿàÿ Àÿðÿþÿ
þÿ €- ÿÀ?ÿðÿ Àÿðÿüÿ. ?ÿàÿøÿ Àÿàÿüÿ ü. ÿðÿüÿ ÀÿÀÿøÿ ø. ÿøÿþÿ Àÿ€?ÿðÿ ð. ÿüÿþ ÿ Àÿ ÿàÿ À/ÿüÿÿ ÿ Àÿ ÿà?ÿ €/ ÿþÿÿ€ÿ Àÿþ ÿÿÀÿ0 ?ÿ ÿÿÀ?ÿ Àÿüÿÿ€ÿ ü0 ÿ€ÿÀÿ Àÿüÿÿ€ÿ ø0 ÿÀÿàÿ Àÿøÿÿÿ ð0 ÿÀ?ÿðÿ Àÿðÿþÿ À0 ÿàÿøÿ Àÿðÿüÿ €1 ÿðÿøÿ Àÿàÿøÿ2 ?ÿøÿüÿ ÀÿÀÿøÿ þ2 ÿøÿþÿ ÀÿÀ?ÿðÿ ü2 ÿüÿþÿ Àÿ€ÿà?ÿ ð2 ÿþÿÿ ÿ Àÿ ÿà?ÿ à2 ÿÿÿ€ÿ Àÿ ÿÿÀÿ À3ÿ ÿÿÀ?ÿ Àÿþÿÿ€ÿ €3 ÿ€ÿà?ÿ Àÿüÿÿÿ4 ?ÿÀÿðÿ Àÿüÿÿÿ þ ø ÿà?ÿðÿ Àÿøÿþÿ øü ÿàÿøÿ Àÿðÿüÿ ðþ ÿðÿøÿ Àÿðÿøÿ àÿ ÿøÿøÿ Àÿàÿøÿ ÀÿÀÿüÿüÿ Àÿàÿðÿ €ÿà ÿüÿþÿ ÀÿÀ?ÿàÿ?ÿð ?ÿþÿþ ÿ Àÿ€ÿà?ÿ þÿø ÿÿÿ ÿ Àÿ€ÿÀÿ üÿÿü ÿ ÿÿ€ÿ
 Àÿ ÿÿ€ÿ øÿÿþ ÿ€ÿÿ€?ÿ
 Àÿÿÿ€ÿ ðÿÿÿ ÿ€ÿÀ?ÿ
 Àÿþÿÿÿ àÿÿÿ€ÿÀÿàÿ
 Àÿüÿÿÿ Àÿÿÿà 	 ÿð?ÿðÿ
 Àÿüÿþÿ €?ÿÿÿð?À ?ÿøÿðÿ
 Àÿøÿüÿÿÿÿøÿð ÿüÿøÿ
 Àÿðÿüÿ þàÿ üÿü ÿÿøÿ
 Àÿðÿøÿ üø ÿÿþ ÿÿüÿ
 Àÿàÿðÿ øü ÿ €ÿÿ€ ÿþÿüÿ
 Àÿà?ÿð?ÿ ðÿþ ÿ Àÿÿà ÿþÿþÿ
 ÀÿÀ?ÿà?ÿ àÿÿ€ ?ÿ ðÿÿø ÿþÿþ ÿ
 ÀÿÀÿÀÿ ÀÿÿÀ ÿ üÿÿÿüÿÿÿ ÿ
 Àÿ€ÿÀÿ €ÿÿðÿ þ ÿ ÿÀÿÿ€ÿ	 Àÿ ÿÿ€ÿÿÿü ÿ €
 ÿ À ?ÿÀÿ€ÿ	 Àÿÿÿ€ÿ þÿÿÿþ ÿ à
 ?ÿ ð ÿàÿÀ?ÿ	 Àÿþÿÿ ÿ ü ÿ €
 ?ÿ ø
 ÿ ü ÿà?ÿÀ?ÿ	 Àÿþÿþ ÿ ø ÿ à
ÿ þ	 ÿ þ ÿðÿàÿ	 Àÿüÿþ ÿ ð ?ÿ ü	 ÿ € ÿ ÿðÿðÿ	 Àÿüÿü ÿ à ÿ	 ÿ à ?ÿ À ÿøÿðÿ	 Àÿøÿø ÿ À ÿ À ÿ ü ÿ ð ÿøÿøÿ	 Àÿðÿøÿ € ÿ ø ÿ
 ÿ ü ÿüÿøÿ	 Àÿðÿðÿ € ÿ þ ÿ
 à ÿ þ ?ÿþÿüÿ	 Àÿàÿðÿ ?ÿ À ÿ
 ü ÿ € ÿþÿüÿ	 Àÿà?ÿà?ÿ þ ÿ ø ÿ À ÿ à ÿÿþÿ	 ÀÿÀ?ÿÀ?ÿ ü ÿ ?ÿ þ ÿ	 ð ÿÿÿ ÿ	 ÀÿÀÿÀÿ ø ÿ ð ÿð  ÿ
 ü ÿ€ÿÿ ÿ	 Àÿ€ÿ€ÿ ð ÿ	À  ÿ ÿ€ÿ€ÿ Àÿ€ÿÿ€ÿ ð ?ÿ
ð?ÿ  € ÿÀÿ€ÿ Àÿ ÿÿÿ à ÿ- àÿà?ÿÀ?ÿ Àÿÿÿÿ À ÿ. ð ÿà?ÿÀ?ÿ Àÿ
þÿþÿ € ÿ. ü ÿðÿàÿ Àÿ
þÿþÿ ÿ/ ?ÿðÿàÿ Àÿ
üÿüÿ þ ?ÿ/ € ÿøÿðÿ Àÿ
üÿüÿ þ ÿ ÿ à ÿüÿðÿ Àÿ
øÿøÿ ü ÿþÿ ø ÿüÿøÿ Àÿ
ðÿøÿ ø ÿüÿ þ ÿþÿøÿ Àÿ
ðÿðÿ ð ÿüÿ ÿþÿüÿ Àÿ
àÿà?ÿ à ?ÿüÿ À ÿÿþÿ Àÿ
àÿàÿ à ÿøÿ ðÿÿþÿ Àÿ
À?ÿÀÿ À ÿøÿ ü ÿ€ÿÿÿ Àÿ
À?ÿÀÿ € ÿøÿ þ ÿ€ÿÿ ÿ Àÿ
€ÿ€ÿ ÿøÿ € ?ÿÀÿÿ€ÿ Àÿ
€ÿÿ ?ÿðÿ À ÿÀÿ€ÿ Àÿ
 ÿÿÿ þÿðÿ ð ÿà?ÿÀÿ Àÿ
 ÿÿÿ ü ÿðÿ ü ÿð?ÿÀ?ÿ Àÿ	þÿþÿ ø ÿðÿ ÿðÿà?ÿ Àÿ	þÿþÿ ø ÿðÿ € ÿðÿàÿ Àÿ	þÿüÿ ð ?ÿðÿ à ÿøÿðÿ Àÿ	üÿüÿ àÿðÿ ð ÿ ÿøÿðÿ Àÿ	üÿøÿ À ÿà ÿ üÿþ?ÿüÿðÿ Àÿ	øÿøÿ À ÿà ÿ ÿüÿüÿøÿ Àÿ	øÿðÿ € ÿà ÿ À ?ÿüÿþÿøÿ Àÿ	ðÿð?ÿ ?ÿà ÿ ð ?ÿüÿÿüÿ Àÿ	ðÿð?ÿÿà ÿ ø ÿøÿÿüÿ Àÿ	àÿàÿ þ ÿÀ ÿ þ ÿøÿÿþÿ Àÿ	à?ÿÀÿþÿ ü ÿÀ ÿ ÿøÿ€ÿþÿ Àÿ	À?ÿÀÿü?ÿ ø ÿÀ ÿÀ   ÿøÿÀÿÿ ÿ Àÿ	Àÿÿü?ÿ ø ÿþ ÿÀ ÀÿÀ   ÿø ÿÀÿ ÿ Àÿ	€ÿÿøÿ ðÿ  ?À € ?ÿà   ÿð ÿàÿ€ÿ Àÿ	€ÿÿÿðÿà   ÿ	à  € ?  ÿà   ÿð ?Àÿÿà?ÿ€ÿ Àÿ	 ÿÿÿðÿà   ÿð   € >   ÿ àÿà   ?ÿÿð?ÿÀÿ Àÿ	ÿþÿàÿÀ   ÿ ü€ ÿ Àÿà   ?ÿÿðÿÀ?ÿ Àÿ	ÿþÿÀÿ€   ÿ  ÿ € ÿ€   ÿÿðÿà?ÿ Àÿþÿþÿ€ÿ€   ÿ À ÿ ?ÿ þÿÿÿøÿàÿ Àÿþÿüÿ€ÿ ÿ ð ÿ ?ÿ Àÿÿÿøÿðÿ Àÿüÿüÿÿþþ ÿ þ ÿ þ 
 ÿ þÿÿÿüÿÿÿüÿðÿ Àÿüÿøÿÿü   ÿ þ ÿ Àø ?ÿ üÿÿÿðÿÿÿüÿðÿ Àÿüÿøÿÿü   ÿ ü ÿ ð ÿ ÿ øÿÿÿàÿÿÿþÿøÿ Àÿøÿðÿÿü   ÿ ü ÿ ü?À ÿ øÿÿÿðÿÿÿþÿøÿ Àÿøÿð?ÿÿþÿ ø ÿ Àð ?ÿ ðÿÿÿð ÿÿüÿ Àÿðÿà?ÿÿÿ ÿ ð ?ÿ üø ÿ àÿÿÿü ÿÿüÿ Àÿðÿàÿÿÿ€   ÿ ð ÿÿ ÿ Àÿÿÿþ ?ÿÿþÿ ÀÿàÿÀÿÿÿÀÿÿÿà ÿ à?à ÿ À ÿ€   ÿ€ÿþÿ Àÿà?ÿÀÿ Àÿÿÿà ÿ þð ?ÿ €ÿà   ÿÀÿþÿ Àÿà?ÿÀÿ àÿÿÿÀ ÿ À ø ÿ €ÿø   ÿÀÿÿ ÀÿÀ?ÿ€ÿ ðÿÿÿ€ ÿ ø  ÿÿÿÿü   ÿàÿ ÿ ÀÿÀÿÿ øÿÿÿ€ ÿ €ÿÿÿ ÿ?ÿÿÿþ   ?ÿàÿ€ÿ ÀÿÀÿÿ üÿÿÿ ÿ
 þ?ÿÿþ ?ÿ þ ?ÿ   ?ÿà?ÿ€ÿ Àÿ€ÿÿÿ þÿÿÿÿ ÿÿøÿÿü ÿ þ ÿ   ?ÿð?ÿÀÿ Àÿ€ÿþÿþ   ÿÿÿþ ÿü ?ÿÿðÿÿü ÿ ü ÿ€  ÿðÿÀÿ Àÿ ÿþÿþ   ÿÿÿü ÿø ÿÿàÿÿø ÿ ü ÿ€  ÿðÿÀ?ÿ Àÿÿþÿþ   ÿÿÿü ?ÿð ÿÿàÿÿð ÿ ø ÿ€  ÿøÿà?ÿ Àÿÿüÿþ   ?ÿÿÿø ?ÿð ÿÿÀÿÿð ÿ ø ÿ   ÿøÿà?ÿ Àÿþÿüÿþ   ÿÿÿø ÿð ÿÿÀÿÿà ÿ ø ÿ   ÿüÿðÿ Àÿþÿüÿü   ÿÿÿð ÿð ÿÿ€ÿÿà8ÿ ð ÿ   ÿüÿðÿ Àÿþÿøÿü   ÿ ð ÿð ÿÿ!ÿÿÀpÿ ð ÿ àÿüÿðÿ Àÿüÿøÿø   ÿ à ÿø  ÿþ!ÿ€ð?ÿ ð ÿ ?øÿþÿøÿ Àÿüÿðÿø   ÿ à ÿø  ü!?ÿà?ÿ àÿ ÿÿþÿøÿ Àÿøÿð?ÿð   ÿ À ÿø  ø!üàÿ àÿ  ÿÿøÿ Àÿøÿð?ÿð   ÿ À ÿü  À"€Àÿ àÿÿÿÿÿüÿ Àÿøÿà?ÿà   ÿ € ÿ ü'ÿ Àÿÿÿÿÿüÿ Àÿðÿàÿà À ÿÿÿ€ ÿ þ'~ÿ À?ÿÿÿÿÿþÿ Àÿðÿàÿàð ÿÿÿ ÿ þ ÿð   üÿ À?ÿÿÿŸÿ€ÿþÿ ÀÿðÿÀÿàü ÿÿÿ ÿ  ÿþ   ðÿ À ÿ€ÿþÿ ÀÿàÿÀÿàÿþ ÿÿþ ÿ ÿ€   ÿ   Àÿ € ÿÀÿÿÿ Àÿà?ÿ€ÿ÷ÿÿ ÿÿþ ÿ € ÿð   ÿ€   ?ÿ € ÿÀÿÿ Àÿà?ÿ€ÿ€ÿÿüÿ Àÿø   ÿ À ÿ € ÿÀÿÿ ÀÿÀ?ÿÿÀÿÿüÿ à ÿü  ÿ àÿ € ÿàÿ€ÿ ÀÿÀÿÿàÿÿøÿ ð ÿü  ÿð   ÿ ÿà?ÿ€ÿ ÀÿÀÿÿðÿÿøÿ ø ÿü  ÿø   ÿ ÿà?ÿ€ÿ Àÿ€ÿÿøÿÿð ÿ ü ÿü  ÿü   ÿ ÿð?ÿÀÿ Àÿ€ÿþÿ ð ÿ þ ?ÿü  ÿ   ÿ ÿðÿÀÿ Àÿ€ÿþÿ à ÿ€   ÿü  ÿÀ  ÿ ÿøÿÀÿ Àÿ ÿþÿ à ÿà   ÿü  ÿð  ÿ ÿøÿà?ÿ Àÿÿþÿ À ?ÿø  ÿü  ÿü  ÿ	ÿøÿà?ÿ Àÿÿüÿ € ?ÿþ  ÿü  ÿþ  ÿ	ÿüÿà?ÿ Àÿþÿüÿ € ?ÿþ  ÿü  ÿþ  ÿ þ	 ÿ
üÿðÿ Àÿþÿüÿ	 ?ÿ  ÿü  ÿþ  ÿ þ	 ÿ
üÿðÿ Àÿþÿøÿ	 ?ÿ  ÿü  ÿ  ÿ þ	 ÿ
þÿøÿ Àÿþÿøÿ
 þ	 ?ÿ€ ÿü  ÿ  ÿ þ	 ?ÿ
þÿøÿ Àÿüÿøÿ
 þ	 ÿ€ ÿü  ÿ  ÿ þ	 ?ÿ
þÿøÿ Àÿüÿðÿ
 þ	 ÿ€ ÿü  ÿ  ÿ þ	 ÿÿøÿ Àÿüÿð?ÿ
 ü	 ÿ€ ÿü  ÿ  ?ÿ þ	 ÿÿüÿ Àÿüÿð?ÿ
 ü	 ÿÀ ÿþ  ÿ€ ?ÿ þ	 ÿÿüÿ Àÿøÿà?ÿ
 ø	 ÿÀ ÿþ  ÿ€ ?ÿ þ	 ÿÿüÿ Àÿøÿàÿ
 ø	 ÿÀ ?ÿþ  ÿ€ ?ÿ þ	 ÿÿþÿ Àÿøÿàÿ
 ø	 ÿÀ ?ÿþ  ÿÀ ?ÿ þ	 ÿÿþÿ ÀÿðÿÀÿ
 ð	 ÿÀ ?ÿþ  ÿÀ ?ÿ þ	 ÿÀÿþÿ ÀÿðÿÀÿ ð	 ÿÀ ÿþ  ÿÀ ?ÿ þ	 ÿÀÿÿÿ ÀÿðÿÀÿ à	 ÿ€ ÿþ  ÿ€ ÿ þ	 ÿÀÿÿÿ Àÿðÿ€ÿ à	 ÿ€ ÿþ  ÿ€ ÿ þ	 ÿàÿÿ Àÿà?ÿ€ÿ à	 ÿ€ ÿþ  ÿ€ ÿ þ	 ÿàÿÿ Àÿà?ÿÿ À	 ÿ  ÿþ  ÿ  ÿ þ
ÿàÿÿ Àÿà?ÿÿ À	 ÿ  ÿþ  ÿ  ÿ þ
ÿð?ÿÿ Àÿàÿÿ À	 ÿ  ÿþ  ÿþ  ÿ þ
ÿð?ÿ€ÿ ÀÿÀÿÿ €	 ÿþ  ÿþ  ÿþ  ÿ þ
 ÿ
ð?ÿÀÿ ÀÿÀÿÿ €	 ÿþ  ÿþ  ÿü  ÿ þ
 ÿ
ðÿÀÿ ÀÿÀþÿ €	 ÿü  ÿþ  ÿü  ÿ þ
 ÿ
øÿÀÿ Àÿ€ÿþÿ
 ÿü  ÿ  ÿü  ÿ þ
 ?ÿ
øÿàÿ Àÿ€ÿþÿ
 ÿü   ÿ  ÿø   ÿ þ
 ?ÿ
øÿàÿ Àÿ€ÿþÿ
 ÿø   ÿ  ÿø   ÿ þ
 ÿ
øÿàÿ Àÿ€ÿüÿ
 þ
 ÿø   ÿ  ÿð   ÿ þ
 ÿ
üÿàÿ Àÿ ÿüÿ
 þ
 ÿð   ÿ€ ÿð   ÿ þ
 ÿ
üÿà?ÿ Àÿÿüÿ
 þ
 ÿð   ?ÿ€ ÿà   ?ÿ þ
 ÿ
üÿð?ÿ Àÿÿüÿ
 ü
 ÿð   ?ÿ€ ÿà   ?ÿ þ
 ÿ
þÿð?ÿ Àÿÿøÿ
 ü
 ÿà   ÿÀ ÿÀ €ÿ þ
 ÿ
þÿð?ÿ Àÿþÿøÿ
 ü
 ÿà   ÿà ÿÀ Àÿ þ
 ÿ
þÿðÿ Àÿþÿøÿ
 ø
 ÿÀ   ÿà ÿ€àÿ þ
 ÿ
þÿøÿ Àÿþÿøÿ
 ø
 ÿÀ €ÿð ?ÿ€8àÿ þ
 ÿÿøÿ Àÿþÿðÿ
 ø
 ÿ€ Àÿø ÿ€8ðÿ þ
 ÿÿøÿ Àÿüÿð?ÿ
 ð
 ÿ€0Àÿþÿ xðÿ þ
 ÿÿøÿ Àÿüÿð?ÿ
 ð
 ÿ€8àÿ |øÿ þ
 ÿÿüÿ Àÿüÿð?ÿ
 ð
 ÿ xàÿþ üøÿ þ
 ÿÿüÿ Àÿüÿà?ÿ
 à
 ÿ øðÿþüüÿ þ
 ÿÿüÿ Àÿøÿà?ÿ
 à
 ÿþ øðÿüüüÿ þ
 ÿÿüÿ Àÿøÿàÿ
 à
 ÿþøøÿüüþ ÿ þÿÿüÿ Àÿøÿàÿ
 À
 ÿüøøÿøüÿ ÿ þÿÁÿþÿ Àÿøÿàÿ
 À
 ÿüøü ÿøüÿ ÿ þÿÀÿþÿ ÀÿøÿÀÿ
 À
 ÿüøü ÿðüÿ€?ÿ þ ÿ
Àÿþÿ ÀÿðÿÀÿ À
 ÿøøþ ÿðüÿ€?ÿ þ ÿ
Àÿþÿ ÀÿðÿÀÿ €
 ÿøøþ ÿàüÿÀÿ þ ÿ
àÿÿÿ ÀÿðÿÀÿ €
 ÿðøÿ ?ÿàüÿÀÿ þ ÿ
àÿÿ ÀÿðÿÀÿ €
 ÿðøÿ ?ÿÀüÿàÿ þ ?ÿ
àÿÿ Àÿðÿÿ ÿðøÿ€ÿÀüÿàÿ þ ?ÿ
àÿÿ Àÿðÿÿ ÿàøÿ€ÿÀ?üÿðÿ þ ?ÿ
àÿÿ Àÿà?ÿÿ ÿàøÿÀÿ€?üÿðÿ þ ÿ
ð?ÿÿ Àÿà?ÿÿ ÿÀøÿÀÿ€?üÿøÿ þ ÿ
ð?ÿÿ Àÿà?ÿÿ
 þ ÿÀ?øÿàÿ üÿøÿ ÿ
ð?ÿÿ Àÿà?ÿÿ
 þ ÿ€?øÿàÿ üÿøÿ ÿ
ð?ÿ€ÿ Àÿà?ÿÿ
 þ ÿ€øÿàÿþ ÿüÿü ÿ ÿ
ð?ÿÀÿ ÀÿÀÿÿ
 þ ÿ øÿðÿþ ÿüÿü ÿ ÿ
øÿÀÿ ÀÿÀÿÿ
 ü ÿ øÿðÿü ÿüÿþ ÿ ÿ
øÿÀÿ ÀÿÀþÿ
 ü ÿ ÿøÿøÿüÿüÿþ ÿ ÿ
øÿÀÿ ÀÿÀþÿ
 ü ÿþ ÿøÿøÿüÿüÿÿ ?ÿ ÿ
øÿÀÿÿÿÀÿÀþÿ
 ü ÿþÿøÿü ÿ ùÿøÿüÿÿ ?ÿ ÿ
øÿàÿÿÿÀÿ€ÿþÿ
 ø ÿüÿøÿü ÿÀ?ÿøÿüÿÿ€ÿ ÿ
üÿàÿÿÿÀÿ€ÿþÿ
 ø ÿüÿøÿþ ÿ ÿðÿüÿÿ€ÿ ÿ
üÿàÿÿÿÀÿ€ÿþÿ
 ø ?ÿøÿøÿþ ÿþ ÿðÿüÿÿÀÿ ÿ
üÿàÿÿÿÀÿ€ÿüÿ
 ø ?ÿøÿøÿÿ ?ÿü ÿàÿüÿÿÀÿ ÿ
üÿàÿÿÿÀÿ€ÿüÿ
 ð ?ÿøÿøÿÿ ?ÿð  ÿàÿüÿÿàÿ ÿ
üÿàÿÿÿÀÿ€ÿüÿ
 ð ?ÿðÿøÿÿ€ÿà  ÿ
Àÿüÿÿàÿ ÿ
üÿà?ÿÿÿÀÿ ÿüÿ
 ð ?ÿðÿøÿÿ€ÿ€  ?ÿ
Àÿüÿÿðÿ ÿ
þÿð?ÿÿÿÀÿÿüÿ
 ð ?ÿàÿøÿÿÀÿ   ÿ
€ÿüÿÿðÿ ÿ
þÿð?ÿÿÿÀÿÿüÿ
 ð ?ÿàÿøÿÿÀÿ
þ   ÿ
€?ÿüÿÿðÿ €
 ÿ
þÿð?ÿÿÿÀÿÿøÿ
 à ?ÿÀÿøÿÿÀÿ
ø   ÿ
 ?ÿüÿÿøÿ €
 ÿ
þÿð?ÿÿÿÀÿÿøÿ
 à ?ÿÀÿøÿÿàÿ
 ðÿ
 ?ÿüÿÿø ÿ €ÿ
þÿðÿÿÿÀÿÿøÿ
 à ?ÿÀ?ÿøÿÿàÿ
 à ÿ	þ ÿüÿÿü ÿ €ÿÿðÿÿÿÀÿÿøÿ
 à ?ÿ€?ÿüÿÿðÿ
 € ÿ
þ ÿüÿÿü ÿ €ÿÿðÿÿÿÀÿþÿøÿ
 à ?ÿ€ÿüÿÿðÿ
 ÿ
ü ÿÿüÿÿþ ?ÿ € ÿ
ÿðÿÿÿÀÿþÿøÿ
 À ?ÿ ÿü ÿÿøÿ	 þ ÿ
ü ÿÿü ÿÿþ ?ÿ € ÿ
ÿðÿÿÿÀÿþÿøÿ
 À ?ÿ ÿü ÿÿø ÿ	 ø ÿ
ø ÿÿü ÿÿÿ ÿ € ÿ
ÿøÿÿÿÀÿþÿð?ÿ
 À?ÿÿÿþ ÿÿü ÿÿü ÿ	 ð ÿ
øÿÿü ÿÿÿ ÿ € ÿ
ÿøÿÿÿÀÿþÿð?ÿ
 À?ÿÿÿþ ÿÿü ÿÿü ÿ À ?ÿ
ðÿÿø ÿÿÿ ÿ € ?ÿ
ÿøÿÿÿÀÿþÿð?ÿ
 À?ÿÿÿü ÿÿü ÿÿü ÿ € ÿ
ðÿÿø ÿÿÿ€ÿ € ?ÿ
ÿøÿÿÿÀÿþÿð?ÿ
 €?ÿÿÿüÿÿø ÿÿþ ÿ ÿ
àÿÿø ÿÿÿ€ÿ € ?ÿ
ÿøÿÿÿÀÿþÿð?ÿ
 €ÿÿÿøÿÿø ÿÿþ ?ÿ ü ÿ
Àÿÿø ÿÿ ÿ € ?ÿ
ÿøÿÿÿÀÿþÿð?ÿ
 €ÿÿÿøÿÿø ÿÿþ ÿ øÿÀÿÿð ?ÿþ  ÿÿÿ€ ?ÿ
ÿøÿÿÿÀÿüÿðÿ
 €ÿÿÿðÿÿø ÿÿþ ÿ ð ÿ  ÿÀ ÿ€  ?ÿÿÿ€ ÿ
€ÿøÿÿÿÀÿüÿàÿ
 €ÿÿÿðÿÿð ÿþ ÿ à ÿ þ
ÿÿÿÀ ÿ
€ÿøÿÿÿÀÿüÿàÿ
 €ÿÿÿà ÿÿà ÿü ÿ € ÿ ü
ÿÿÿÀ ÿ
€ÿüÿÿÿÀÿüÿàÿ
ÿÿÿ€ € ÿ ÿ ø
ÿÿÿÀ ÿ
€ÿüÿÿÿÀÿüÿàÿ
ÿÿÿ
ÿ þ ÿ ø
ÿÿÿÀ ÿ
ÀÿüÿÿÿÀÿüÿàÿ
ÿÿÿ
 ÿ ø	ÿ ü
?ÿÿÿÀ ÿ
ÀÿüÿÿÿÀÿøÿàÿ
ÿÿþ
 ÿ ð	 ?ÿ ü
?ÿÿÿÀ ÿ
ÀÿüÿÿÿÀÿøÿàÿ
ÿÿþ
 ?ÿ à	 ÿ þ
ÿÿÿÀ ÿ
ÀüÿÿÿÀÿøÿàÿ
ÿÿÿ
 ÿ €	 ÿþ  ÿÿÿÀ ÿ
ÀüÿÿÿÀÿøÿàÿ	 þÿÿÿ
 ÿ
 ÿ
  €   ø  ÿ À ÿ
ÀüÿÿÿÀÿøÿàÿ
 þÿÿÿ
 ÿ þ
 ÿ€ ü ÿ À ÿ
ÀüÿÿÿÀÿøÿÀÿ
 þÿ €	ÿ üÿÀ ø ÿ À ÿ
ÀþÿÿÿÀÿøÿÀÿ
 þÿÀ  àÿ ð ?ÿÀ ø ÿ À ÿ
ÀþÿÿÿÀÿøÿÀÿ
 þÿÀ  à ÿ à ÿ àð ÿ À ÿ
àþÿÿÿÀÿøÿÀÿ
 þÿà  à ÿ € ÿ ðà ÿ À ÿ
àþÿÿÿÀÿøÿÀÿ
 þÿà  à ÿ ÿ øÀ ÿ À ÿ
à?þÿÿÿÀÿøÿÀÿ
 þÿ ð ÿ þ ÿ ü€ ÿ À ÿ
à?þÿÿÿÀÿøÿÀÿ
 üÿ ø ÿ ø ÿ þ  ?ÿ À ÿ
à?þÿÿÿÀÿðÿÀÿ
 üÿ ü ÿ ð ?ÿ ÿ à ÿ
à?þÿÿÿÀÿðÿÀÿ
 üÿ þ ÿ à  ÿ €ÿ à ÿ
à?ÿÿÿÿÀÿðÿÀÿ
 üÿ þ ?ÿ À < ÿ À ÿ à ÿ
à?ÿÿÿÿÀÿðÿ€ÿ
 üÿ ÿ € ~ ÿ à ÿ à ÿ
à?ÿÿÿÿÀÿðÿÿ
 üÿ €ÿ þÿ€ ÿ ð ÿ à ÿ
à?ÿÿÿÿÀÿðÿÿ
 ü ÿ À ÿ üÿà ÿ ø ÿ à ÿ
à?ÿÿÿÿÀÿðÿÿ
 ü ÿ à ÿ ðÿü ?ÿ þ ?ÿ à ÿ
ð?ÿÿÿÿÀÿðÿÿ
 ø ÿ ð ÿ à?ÿü ÿ ÿ à ÿ
ð?ÿÿÿÿÀÿðÿÿ
 ø ÿ ü ÿ Àÿü ÿ € ÿ à ÿ
ð?ÿÿÿÿÀÿðÿÿ
 ø ÿ þ ?ÿ €ÿø ÿ à ÿ à ÿ
ð?ÿÿÿÿÀÿðÿÿ
 ø ÿ ÿ þÿðÿ ø ÿ à ÿ
ðÿÿÿÿÀÿðÿÿ
 ø ÿ À ÿ üÿð ÿ þ ?ÿ à ÿ
ðÿÿÿÿÀÿðÿÿ
 ø ÿ à ÿ ðÿð ?ÿ €ÿ à ÿ
ðÿÿÿÿÀÿðÿÿ
 ø ÿ ø ÿ àÿà ÿà   ÿ à ÿ
ðÿÿÿÿÀÿðÿÿ
 ø ÿ þ ?ÿ Àÿà ÿü   ?ÿ à ÿ
ðÿÿÿÿÀÿð?ÿÿ
 ð ÿÀ   ÿ €ÿà ÿÀ ÿ à ÿ
ðÿÿÿÿÀÿà?ÿÿ
 ð ÿø   ÿ þÿàÿ à ÿ
ðÿÿÿÿÀÿà?ÿÿ
 ð ÿ   ?ÿ üÿà ÿ à ÿ
ðÿÿÿÿÀÿà?ÿÿ
 ð ÿø ÿ ø ÿ à ÿ
ðÿÿÿÿÀÿà?ÿƒÿ
 ð ÿ à ÿ à ÿ
ðÿÿÿÿÀÿà?ÿÿ
 ð ÿ À ÿ ð ÿþ ÿÿðÿÿÿÿÀÿà?ÿÿ
 ð ÿ € ÿ ðÿÿÿàÿø  ÿÿøÿÿÿÿÀÿà?ÿÿ
 ð ÿ þÿ ðÿÿþ  ÿø  ÿøÿÿÿÿÀÿà?ÿÿÿÿð ÿ ü ?ÿ ðÿÿü  ?ø  ÿøÿÿÿÿÀÿà?ÿÿÿÿð ÿ ø  ÿ ðÿÿü  ?ü  ÿøÿ€ÿÿÿÀÿà?ÿÿþÿÿð ÿ à 8  ÿ ðÿÿø  þ  ?ÿøÿ€ÿÿÿÀÿà?ÿÿþÿÿð ÿ À |€ ÿ ðÿÿø  ÿÿ€ ?ÿøÿ€ÿÿÿÀÿà?ÿÿþÿÿð ÿ € ü?À ÿ ðÿÿø ÿÿà ?ÿøÿ€ÿÿÿÀÿà?ÿÿüÿÿð ÿ þþà ÿ ðÿÿø ÿÿø ?ÿøÿ€ÿÿÿÀÿà?ÿÿøÿÿð ÿ üÿ€ÿü ?ÿ ðÿÿø ?ÿÿü ?ÿøÿ€ÿÿÿÀÿà?ÿÿðÿÿð ÿ øÿðÿþ ÿ ðÿÿø ÿÿÿþ ?ÿøÿ€ÿÿÿÀÿà?ÿÿÀ ÿÿð ÿ à?ÿøÿþ ÿ ðÿÿøÿ
 ?ÿøÿ€ÿÿÿÀÿà?ÿÿÿÿüÿÿð ÿ À?ÿøÿþ ÿ ðÿÿøÿ
€?ÿøÿ€ÿÿÿÀÿà?ÿÿÿÿàÿÿð ÿ €ÿøÿüÿ ðÿÿøÿ
€?ÿøÿ€ÿÿÿÀÿà?ÿÿÿÿ€ÿÿð ÿ þÿðÿø ÿ ðÿÿøÿ
À?ÿøÿ€ÿÿÿÀÿà?ÿÿÿþÿÿð ÿ üÿàÿø ÿ ðÿÿøþ ÿÀ?ÿøÿ€ÿÿÿÀÿà?ÿÿÿüÿÿð ÿ øÿàÿð ÿ øÿÿøð  ?À?ÿøÿ€ÿÿÿÀÿà?ÿÿÿøÿÿð ÿ àÿàÿð ÿ øÿÿøà  à?ÿøÿ€ÿÿÿÀÿà?ÿÿÿøÿÿð ÿ ÀÿÀÿð ÿ øÿÿøà  à?ÿøÿ€ÿÿÿÀÿà?ÿÿÿðÿÿð ÿ €ÿÀÿðÿ øÿÿøð  à?ÿøÿ€ÿÿÿÀÿà?ÿÿÿàÿÿð ÿ þÿÀÿð ÿ øÿÿøø  ?à?ÿøÿ€ÿÿÿÀÿà?ÿÿÿàÿÿð ÿ üÿÀøà ÿ øÿÿøü  ÿà?ÿøÿ€ÿÿÿÀÿà?ÿÿÿÀ  ø ÿÿð ÿ ø÷€ ÿ øÿÿøÿ ÿà?ÿøÿ€ÿÿÿÀÿà?ÿÿÿÀ ÿÿðÿÿð ÿ à ÿ øÿÿøÿ€ÿà?ÿøÿ€ÿÿÿÀÿà?ÿÿÿÀÿÿÿüÿÿð ÿ À ÿ øÿÿøÿ€ÿà?ÿøÿ€ÿÿÿÀÿà?ÿÿÿ€ÿÿÿþÿÿð ÿ €ÿ øÿÿøÿÀÿà?ÿøÿ€ÿÿÿÀÿà?ÿÿÿ€?ÿÿÿþÿÿð ÿ þ ?ÿ
 øÿÿøÿÀÿà?ÿøÿ€ÿÿÿÀÿà?ÿÿÿ€?ÿÿÿð ÿ ü  ÿ
 øÿÿðÿàÿà?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿÿÿð ÿ ø€ ÿ
 øÿÿðÿàÿà?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿÿÿð ÿ à À ÿ
 øÿÿðÿàÿà?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿƒÿÿð ÿ À <àÿ
 øÿÿðÿàÿÀ?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿÇÿÿð ÿ ~?ð ÿ	 øÿÿðÿÀÿÀ?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿ ð ÿ
 þÿ€ÿü ÿ	 øÿÿðÿ€ÿ ?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿ ð ÿ
 üÿàÿÿ ÿ	 üÿÿð ~ ü ?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿ ð ÿ
 ðÿüÿÿ ÿ	 üÿÿð	?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿ ð ÿ
 àÿüÿþ ÿ	 üÿÿð	?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿ ð ÿ
 Àÿüÿþÿ	 üÿÿð	?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿïÿÿð ÿ
 €ÿøÿü ÿ üÿÿð	?ÿøÿÿÿÿÀÿà?ÿÿÿ€ÿÃÿÿð ÿ	 þÿðÿü ÿ üÿÿð	?ÿøÿÿÿÿÀÿðÿÿÿ€ÿƒÿÿð ÿ	 üÿðÿü ÿ üÿÿð	?ÿðÿÿÿÿÀÿðÿÿÿÀÿÿÿð ÿ	 ðÿàÿø ÿ üÿÿð	ÿðÿÿÿÿÀÿðÿÿÿÀ?ÿÿÿø ÿ	 àÿàÿø ÿ üÿÿð	ÿðÿÿÿÿÀÿðÿÿÿÀ?ÿÿÿþÿÿø ÿ	 Àÿàøÿ üÿÿð	ÿðÿÿÿÿÀÿðÿÿÿàÿÿÿüÿÿø ÿ	ÿàø ?ÿ üÿÿð	ÿðÿÿÿÿÀÿðÿÿÿàÿÿÿøÿÿø ÿ þÿà|ø ÿ üÿÿð	ÿðÿÿÿÿÀÿðÿ€ÿÿðÿÿÿàÿÿø ÿ üÿÀ  ÿ üÿÿð	ÿðÿÿÿÿÀÿðÿ€ÿÿð    ÿÿø ÿ ø  ÿ üÿÿðÿÿÿø ÿðÿÿÿÿÀÿðÿ€ÿÿøÿÿø ÿ àÿÀÿ üÿÿðÿ
 ÿðÿÿÿÿÀÿðÿ€ÿÿøÿÿø ÿ Àÿà ÿ üÿÿðÿ
€ÿðÿÿÿÿÀÿðÿ€ÿÿüÿÿø ÿ €ÿø ?ÿ üÿÿðÿ
€ÿðÿÿÿÿÀÿðÿ€ÿÿþÿÿø ÿ þÿü ÿ üÿÿðÿ
Àÿð?ÿÿÿÿÀÿðÿ€ÿÿÿ€ÿÿü ÿ ü?ÿÿ ÿ þÿÿðÿ
Àÿð?ÿÿÿÿÀÿðÿÀÿÿÿàÿÿü ÿ øÿÿ€	 à ÿ þÿÿð?ÿ
àÿð?ÿÿÿÿÀÿøÿÀÿÿÿøÿÿü ÿ à ÿÿÿàðÿ þÿÿø?ÿ
àÿð?ÿÿÿÿÀÿøÿÀÿøÿÀÿÿü ÿ À <ÿÿÿðø ÿ þÿÿüÿ
ðÿÿð?ÿÿÿÿÀÿøÿÀÿüÿÿü ÿ € ~ÿÿÿüü ?ÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿþÿÿü ÿ þ ÿÿÿÿþ?ÿ€ ÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿÿÿü ÿ üÿ€ ?ÿ €ÿÿà ÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿÿÿü ÿ øÿð ÿ Àÿÿð ÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿÿÿþ ÿ àÿøÿ àÿÿàÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿÃÿÿþ ÿ À?ÿø ÿ øÿÿà ÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿçÿÿþ ÿ €?ÿø ÿ üÿÀ ÿ þ ÿ
à?þÿÿÿÀÿøÿÀÿ	 þ ÿÿø ÿ?ÿ€ ÿ þ ÿ
à?þÿÿÿÀÿøÿàÿ	 þ ÿ üÿð ?ÿ €?ÿ€ ÿ þ ÿ
à?þÿÿÿÀÿüÿàÿ
 ÿ øÿà ÿ àÿ€ ÿ þ ÿ
à?þÿÿÿÀÿüÿàÿÿÿ ÿ ðÿàÿ ðÿ ÿ þ ÿ
À?üÿÿÿÀÿüÿàÿþÿ ÿ Àÿà ÿ üÿ ?ÿ þ ÿ
ÀüÿÿÿÀÿüÿà?ÿüÿ ÿ €ÿà ÿ þÿ ÿÿÿÿ?ÿÀüÿÿÿÀÿüÿà?ÿüÿ ÿÿà ÿÿ ÿÿÿø ÿÀüÿÿÿÀÿüÿà?ÿøÿ ÿ üÿà ÿ À ÿÿÿø ÿÀüÿÿÿÀÿüÿà?ÿøÿ ÿ øÿÀ ?ÿ à ÿÿÿð  ÿÀüÿÿÿÀÿüÿà?ÿüÿ €
 ÿ ðÀÿ ø ÿÿÿø  ?ÿÀüÿÿÿÀÿüÿð?ÿüÿ €
 ÿ À ÿ ü ?ÿÿÿø  ?ÿ€üÿÿÿÀÿþÿð?ÿþÿ €
 ÿ € ÿ	 ÿ?ÿÿø  ?áÿ€üÿÿÿÀÿþÿð?ÿÿÿ €
 ÿ ÿ	 € ÿ?ÿÿü  ?À?ÿÿÿ€øÿÿÿÀÿþÿð?ÿ
 €
 ÿ ü ÿ	 À ÿ?ÿÿü  Àÿÿÿ€øÿÿÿÀÿþÿðÿ
 €
 ÿ ø ?ÿ	 ð	 0ÿ?ÿÿø ÿÀÿÿÿ€ÿøÿÿÿÀÿþÿðÿ
 À
 ÿ ðÿ
 ø	 xÿÿÿ?ÿÿø ÿÀÿÿÿ€ÿøÿÿÿÀÿþÿøÿ
 À
 ÿ à ÿ
 þ	 ü?ÿÿÿ?ÿÿð ÿÿðÿÿÿ€ÿøÿÿÿÀÿþÿøÿ
 À
 ÿ € ` ÿþÿÿÿÿÿðÿÿø ÿÿÿ€ÿøÿÿÿÀÿþÿøÿ
 À
 ÿ ð ÿ Àÿ€ÿÿÿ€
ÿÿàÿÿü ÿÿ ÿøÿÿÿÀÿÿøÿ
 À
?ÿÿÿþø ÿ àÿàÿÿÿ€
ÿÿÀÿÿÿ ÿÿ ÿøÿÿÿÀÿÿøÿ
 À
?ÿÿÿøü ?ÿ ð?ÿðÿÿÿ€
ÿÿÀ?ÿÿÿ€?ÿÿ ÿøÿÿÿÀÿÿøÿ
 à
?ÿÿÿðÿÿ ü?ÿðÿÿ€
ÿÿ€ÿÿÿÀ?ÿÿÿðÿÿÿÀÿ ÿøÿ
 à
?ÿÿÿà?ÿà ÿ þ?ÿðÿÿ€
ÿÿÿ€ÿàÿÿÿðÿÿÿÀÿ ÿøÿ
 à
?ÿÿÿÀÿð ÿ €ÿàÿÿ€
ÿÿÿ ÿðÿÿÿðÿÿÿÀÿ ÿüÿ
 à
?ÿÿÿÿð ÿ Àÿàÿÿ€
ÿÿÿÿðÿÿÿðÿÿÿÀÿ ÿüÿ
 à
?ÿÿþÿà ÿ àÿÀÿÿ€
ÿÿÿÿøÿþÿðÿÿÿÀÿ€ÿüÿ
 ð
?ÿÿü?ÿà ?ÿ øÿÀÿÿ€
ÿÿþÿøÿþÿð?ÿÿÿÀÿ€ÿüÿ
 ð
?ÿÿð?ÿÀ ÿ üÿÀ?ÿ€	ÿÿþÿüÿþÿà?ÿÿÿÀÿ€üÿ
 ð
?ÿÿàÿÀ ÿÿÀÿ€	ÿÿþÿüÿþÿà?ÿÿÿÀÿ€üÿ
 ð
?ÿÿÀÿ€ ÿ €ÿÀÿ€	ÿÿþÿüÿþÿà?ÿÿÿÀÿ€þÿ
 ø
?ÿÿÿ€ ÿ àÿÀÿ€	ÿÿþÿüÿþÿà?ÿÿÿÀÿ€þÿ
 ø
?ÿþÿ€ ÿ ð‡Àÿ€	ÿÿüÿüÿüÿà?ÿÿÿÀÿÀþÿ
 ø
?ÿüÿ€ ?ÿ üÿ€	ÿÿüÿüÿüÿà?ÿÿÿÀÿÀ?þÿ
 ø
?ÿðÿ€ ÿ þ?€	ÿÿüÿüÿüÿàÿÿÿÀÿÀ?þÿ
 ü
?ÿàï ÿ€	ÿÿüÿüÿüÿÀÿÿÿÀÿÀ?þÿ
 ü
?ÿÀ  ÿ À€	ÿÿþÿüÿüÿÀÿÿÿÀÿÀ?ÿÿ
 ü
ÿ ÿ à€	ÿÿþÿüÿüÿÀÿÿÿÀÿÀ?ÿÿ
 ü
þ ÿ ðÿÿþ ÿøÿøÿÀÿÿÿÀÿà?ÿÿ ?ÿÿþ
ü ?ÿ üÿÿþ ÿÿÿøÿøÿÀÿ Àÿàÿÿü ÿÿþ
ð ÿ þ	 ÿÿÿ ?ÿÿÿðÿøÿ€ÿ Àÿàÿÿð ÿÿþ
à ÿ	 ÿÿÿ ÿÿÿðÿøÿ€ÿ Àÿàÿ€ÿà ÿÿþ
À ÿ À€ÿÿÿ ÿÿÿàÿðÿ€ÿ Àÿðÿ€ÿÀ  ÿÿÿ
  ÿ àÀÿÿÿ€ÿÿÿÀÿðÿ€ÿ Àÿðÿ€ÿ€  ÿÿ
 € ÿ øàÿÿÿ€ ÿÿÿ€ÿðÿ€ÿ Àÿðÿ€ÿà€  ?ÿÿÀ ?ÿ üÿüÿÿÿÀ ÿþ ?ÿðÿÿ ÀÿðÿÀÿ ?   ?ÿÿà ÿÿþÿÿÿà  ÿð ÿðÿÿ ÀÿðÿÀÿÿð ?   ÿÿ€ðÿ €ÿþÿÿÿàÿàÿÿ ÀÿðÿÀÿÿ€ > Àÿÿ€?ü ÿ Àÿþ?ÿÿÿðÿÿàÿÿ ÀÿøÿÀÿÿ  > àÿÿ€ÿÿ ÿ ðÿü?ÿÿÿøÿÿàÿÿ Àÿøÿàÿþ  ~ ðÿÿÀÿÿÀ ÿ øÿø?ÿÿÿüÿÿàþÿ Àÿøÿàÿþ  ü øÿÿÀÿÿÀ ?ÿ þÿø?ÿÿÿþÿÿà?þÿ Àÿøÿà?ÿþ ü øÿÿÀÿÿ€ ÿÿø ÿÿÿÀ?þÿ Àÿüÿà?ÿÿ ü üÿÿàÿÿ€ÿ €ÿð ÿ
À   ÿÿÀ?þÿ Àÿüÿà?ÿÿ€ü üÿÿàÿÿ ÿ àÿð ÿ
à   ?ÿÿÀ?þÿ Àÿüÿð?ÿÿÀü üÿÿðÿ ÿ ðÿðÿ
ø   ÿÿÿÀ?üÿ Àÿüÿðÿÿàþ üÿÿðþ ÿ øÿðÿ
þ  ÿÿÿ€üÿ Àÿüÿðÿÿàþ þÿÿð?þ ÿ þ``ÿ	À ÿÿÿ€üÿ Àÿþÿøÿÿàþ þÿÿø?þ ÿÿþÿ€üÿ Àÿþÿøÿÿàþ üÿÿø?þÿ À ÿ€øÿ Àÿþÿøÿÿà?þ üÿÿø?þ ÿ à ÿ ÿøÿ Àÿþÿøÿÿà?þ üÿÿø?þ ÿ ø ÿ ÿøÿ Àÿÿüÿÿà?þ üÿÿü 8 ÿ ü ÿ ÿøÿ Àÿ ÿþÿÿÀ?þ üÿÿü ÿ ÿÿðÿ Àÿ ÿÿÿÿÀ?ÿ øÿÿü ÿ € ÿ
þÿðÿ Àÿ ÿÿ‡ÿÿÀÿ øÿÿþÿ àÀÿÿùÿþÿðÿ Àÿ€ÿÿ‡ÿÿÀÿ ðÿÿþ ÿ ðàÿÿðÿþÿðÿ Àÿ€ÿ‡ÿÿÀÿ ðÿÿÿ ÿ øðÿÿàÿþÿðÿ Àÿ€ÿÿÿÀÿ àÿÿÿ ÿ þüÿÿÀÿüÿà?ÿ ÀÿÀÿÿÿÀÿ À ÿÿÿ€ ÿÿÿÿÀÿüÿà?ÿ ÀÿÀ?ÿÿÿÀ?ÿ € ÿÿ€À ?ÿ Àÿÿ€
ÿÿÀÿüÿà?ÿ ÀÿÀ?ÿÿÿÀ?ÿ   ÿÿ€àÿ àÿÿ€
ÿÿ€ÿüÿà?ÿ ÀÿÀ?ÿÿÿà?ÿ   ÿÿ€ø ÿ øÿÿ€
ÿÿ€ÿøÿÀÿ Àÿà?ÿÿÿà?ÿ   ÿÿÿÀ?þ ÿ üÿÿÿÿ ?ÿøÿÀÿ Àÿàÿ€ÿÿàÿ  ÿÿÿÀ
ÿÿ€ ÿ þþ?ÿÿ ?ÿøÿÀÿ Àÿàÿ€ÿÿàÿ  ÿÿÿà
ÿÿÀ ÿ €þ?ÿÿ ÿøÿÀÿ ÀÿàÿÀÿÿðþ  ?ÿÿÿà
ÿÿÀ ÿ À?þ?ÿþ ÿðÿ€ÿ ÀÿðÿÀÿÿðþ ÿ à
ÿÿ€ÿ ð?þÿþ ÿðÿ€ÿ Àÿ
ðÿÀÿøü ÿ ðÿÿ ÿ øüÿü  ÿðÿ€ÿ Àÿ
ðÿÀÿüø ÿ ðÿÿ ÿ þüÿÿü  ?ÿàÿ€ÿ Àÿ
øÿàÿü   ?ÿ øþ ÿþÿÿüÿÿü  ÿàÿÿ Àÿ
øÿà?ÿþ   ?ÿ øþ ÿ€ ?ÿÀÿÿø  ÿàÿÿ Àÿ
øÿà?ÿþ   ÿ øþ ÿü  ÿàÿÿø   ?ÿÿÿÿà?ÿÿ Àÿ	øÿà?ÿÿ   ÿ üþÿà  ÿøÿÿø   ÿþÿÿÀ?þÿ Àÿ	üÿðÿÿ€  ÿ üþ ÿ€   ÿüÿÿð   ÿüÿÿÀ?þÿ Àÿ	üÿðÿÿÀ ÿ þ?þ ÿ?ÿÿÿð?øÿÿÀþÿ Àÿ	üÿðÿÿà ÿ þ>~ ÿ üÿ€ÿÿàðÿÿ€üÿ Àÿ	þÿøÿÿø ÿ  ÿ øÿÀÿÿàÿÿ€üÿ Àÿ	þÿøÿÿÿ ÿ ?ÿ ðÿðÿÿàÿÿ€ÿüÿ Àÿþÿøÿÿ àÿøÿÿààÿÿ ÿüÿ Àÿÿüÿ € ÿ ÀÿþÿÿÀ?üÿÿÿøÿ Àÿ ÿüÿ € ÿ €ÿÿÿÿÀ?ÿÿÿÿøÿ Àÿ ÿþÿ À ÿÿÿÀÿÿÀÿà   ÿþÿøÿ Àÿ€ÿþÿ À ÿÿÿà?ÿÿàÿÿü   ÿþÿðÿ Àÿ€ÿþÿ à ?ÿ þÿÿø ?ÿ	€  ?ÿþÿðÿ Àÿ€ÿÿ àÿ þÿü ÿ	à  ?ÿüÿðÿ ÀÿÀÿÿ ð ÿ üÿþ ÿ	ø  ?ÿüÿà?ÿ ÀÿÀ?ÿÿ ð ÿ üÿÿ€ÿ  ÿüÿà?ÿ ÀÿÀ?ÿÿ ø ÿ
ü  €  ?ÿÿÀÿÀ ÿøÿà?ÿ Àÿà?ÿ€ÿÿÿÇÿ ø ÿ
ü  ð  ?ÿÿð ÿð ÿøÿÀ?ÿ ÀÿàÿÀÿÿÿÿ ü ?ÿ
ü ÿü  ?ÿÿø ÿø ÿÿøÿÀÿ ÀÿàÿÀÿÿÿ ÿ üÿ
ü ÿþ  ?ÿÿü ÿü ÿÿðÿÀÿ ÀÿðÿÀÿþ ÿ þ ÿ
ü ÿÿ  ?ÿÿÿ ÿüÿÿðÿ€ÿ Àÿðÿàÿþ ÿ þ ÿø ÿÿ€ ?ÿÿÿ€ ÿüÿÿðÿ€ÿ Àÿðÿà?ÿþ ÿ ÿø ÿÿÀ ?ÿÿÿà ÿüÿÿà?ÿ€ÿ Àÿøÿà?ÿþ ÿ ÿø ÿÿà ?ÿÿÿð ÿüÿÿà?ÿ ÿ Àÿøÿð?ÿÿ ÿ € ?ÿø ÿÿà ÿÿÿü ÿüÿÿàÿÿ Àÿøÿðÿÿÿ €ÿø ÿÿà ÿÿÿþÿÿãÿüÿÿÀÿÿ Àÿüÿðÿÿïÿ À ÿø ÿÿð ÿ €ÿÿÃÿüÿÿÀÿþÿ Àÿüÿøÿ à ÿø ÿÿð ÿ À?ÿÿÿþÿÿ€ÿþÿ Àÿüÿøÿ à ÿø ÿÿð ÿ à?ÿÿÿþÿÿ€ÿüÿ Àÿþÿøÿ ð ÿð ÿÿð ÿ øÿþÿÿüÿ Àÿþÿüÿ ð ?ÿð ÿÿð ÿ üÿþÿÿüÿ Àÿÿüÿ ø ÿ	þð ÿÿð ÿÿÿüÿÿøÿ Àÿ ÿþÿ ø ÿ	ð @ ÿÿà ÿ €ÿÿüÿþÿøÿ Àÿ ÿþÿ ü ÿ	€   ÿÿà ÿ à
ÿÿøÿþÿøÿ Àÿ€ÿÿ ü ÿðÿ ðÿÿà ÿ ð
ÿÿðÿþÿðÿ Àÿ€ÿÿ þ ÿà ÿÿÿÀ ÿ ø
ÿÿð ÿüÿðÿ Àÿ€ÿÿ þ ?ÿ€ ÿÀÿÿ€ ÿ þ
ÿÿà ÿüÿðÿ ÀÿÀ?ÿ€ÿ ÿ øÿÿ€ ÿ
ÿÿà ÿøÿàÿ ÀÿÀ?ÿ€ÿ €
 ÿ ôÿÿ  ÿ À	ÿÿÀ ?ÿøÿà?ÿ ÀÿàÿÀÿ €
 ÿ Àÿ  ÿ à	ÿÿÀ ?ÿøÿÀ?ÿ ÀÿàÿÀÿ À
ÿÿÿü?ÿ  ÿ ø	ÿÿ€ ÿðÿÀÿ ÀÿàÿÀÿ À
ÿÿÿÀ?ÿ  ÿ ü	ÿÿ€ ÿðÿÀÿ Àÿðÿà?ÿ à
?ÿÿÿ€?ÿ€ ÿ	?ÿÿ  ÿà?ÿ€ÿ Àÿðÿà?ÿ à
ÿ ?ÿ€ ÿ €?ÿÿ  ÿà?ÿ€ÿ Àÿøÿðÿ ð	ÿÿÿþ ?ÿÀ ÿ àÿÿ  ÿà?ÿ ÿ Àÿøÿðÿ ø	ÿÿÿþ ÿà ÿ üÿÿþ ÀÿÀÿÿ Àÿøÿøÿ ø	ÿÿÿü ÿÿà ÿ þÿÿÿø ÿÀÿÿ Àÿüÿøÿ ü	ÿÿÿü ÿÿð ÿ þÿÿÿü ÿ€ÿþÿ Àÿüÿøÿ þ ÿ üÿÿø ÿ ü ÿþ ?ÿ€ÿþÿ Àÿþÿüÿ þ ÿ üÿÿø ÿ ü ÿ ÿ ÿüÿ Àÿþÿüÿ ÿ üÿÿü ÿ ü ÿ€ÿÿüÿ Àÿ	 ÿþÿ € ÿ þÿÿü ÿ ø ÿÀÿÿüÿ Àÿ	 ÿþÿ € ÿ þÿÿü ÿ ø ÿàÿþÿøÿ Àÿ	€ÿÿ À ÿÿÿü ÿ ðÿÿãÿÿðÿþÿøÿ Àÿ	€ÿÿ à ÿ €ÿÿþÿÿþ ÿ àÿÿÁÿÿøÿüÿðÿ Àÿ	€ÿ€ÿ àÿ à ÿ	à   ÿÿþ ÿ à?ÿÿÿÿü ÿüÿðÿ Àÿ	À?ÿ€ÿ ð ÿ ø ÿ	ø   ÿÿþ ÿ À?ÿÿÿÿþ ÿøÿàÿ Àÿ	À?ÿÀÿ ð ÿÿ	þð ÿÿþ ÿ Àÿþÿÿÿ ?ÿøÿà?ÿ Àÿ	àÿÀÿ ø ?ÿ À0ÿø ÿÿþ ÿ €ÿÿþÿÿÿ ÿøÿà?ÿ Àÿ	àÿà?ÿ ü ÿ à ÿø ÿÿþ ÿ €ÿÿüÿÿÿ€ÿðÿÀÿ Àÿ	ðÿà?ÿ ü ÿ à ÿø ÿÿþ ÿ	ÿÿü ÿÿÿÀÿð?ÿÀÿ Àÿ	ðÿðÿ þ ÿ àÿü ÿÿü ÿ þ	ÿÿø ÿÿÿÀÿà?ÿ€ÿ Àÿ	ðÿðÿ ÿ ðÿü ÿÿü ÿ ü	ÿÿø ?ÿÿàÿàÿ€ÿ Àÿ	øÿðÿ ÿ ðÿü ÿÿø ÿ ü	ÿÿð ÿÿàÿÀÿ ÿ Àÿ	øÿøÿ € ÿð ÿ€  ÿü ÿÿø ÿ ø	ÿÿð  ÿÀ ÿ€ÿÿÿ Àÿ	üÿøÿ À ÿð ÿÀ  ÿü  ÿÿð ÿ ðÿÿàÿÿÿ€ÿÿÿ Àÿ	üÿüÿ àÿð ÿÀ  ÿþ  ÿà ÿ ðÿÿÀ?ÿÿÿÿþÿ Àÿ	þÿüÿø ÿÿÿà ÿ	ð àøà  ÿþ  ÿÀ ÿ àÿÿÀÿÿÿÿþÿ Àÿ	þ ÿþÿÀ ÿÿÿð ?ÿ	ð Ààà  ÿþ  ÿ€ ÿ À?ÿÿ€ÿÿþÿüÿ Àÿ
 ÿþÿ   ÿÿÿø ?ÿ	ð €ÀÀ  ÿþ   ü  ÿ €ÿÿ€ÿÿþÿüÿ Àÿ
 ÿÿü   ?ÿÿü ÿ	ð  ÀÀ  ÿ ÿÿÿÿÿÿüÿøÿ Àÿ
€ÿ ÿð   ÿÿü ÿ	ð  À €  ÿ ÿ þÿÿÿÿÿüÿøÿ Àÿ
€?ÿ€ÿà   ÿÿþ ÿð  Àÿ ÿ üÿÿþÿÿøÿðÿ Àÿ
À?ÿ€ÿÀ   ÿÿÿ ÿð   €ÿ € ÿ øÿÿþÿÿøÿðÿ Àÿ
ÀÿÀÿ€   ÿÿÿ€ ÿð   €ÿ € ÿ øÿÿüÿÿðÿàÿ Àÿ
àÿà?ÿÿÿÿÀ ÿø   €ÿ À ÿ ðÿÿüÿÿÿÿðÿà?ÿ Àÿ
àÿà?ÿ	þ  ðÿÿÿàÿø   €ÿ À ?ÿ àÿÿüÿÿÿ   ?ÿÿà?ÿÀ?ÿ Àÿ
ðÿðÿ	ü  ?þ ÿÿÿà	ÿÿÿø   €ÿ à ?ÿ €ÿÿüÿ	€ ÿÿà?ÿÀÿ Àÿ
ðÿðÿ	ø  ÿÿ ÿÿð	?ÿÿÿø   €ÿ ð ÿÿÿüÿÀÿ€ÿ Àÿ
øÿøÿ	ð ÿÿ€ÿÿø	ÿÿÿø   €ÿ ð ÿ þ?ÿÿÿÿ€ÿ€ÿ Àÿ
øÿøÿ	ð ÿÿÀ?ÿÿø	ÿÿÿø   €ÿ øÿ ü ÿ€ÿÿ ÿ Àÿ
üÿüÿ	à ÿÿà?ÿÿü	ÿÿÿø   €ÿ üÿ øÿ ÿÿÿ Àÿ
üÿüÿ	À ÿÿà?ÿÿþ	ÿÿÿø   Àÿ þ ÿ ðÿÿþÿ Àÿ
þÿþÿ	À ÿÿÿðÿÿÿ	ÿÿÿø   Àÿ ÿ à ÿþÿþÿ Àÿ
þ ÿþÿ	Àÿÿÿðÿÿÿ	ÿÿÿø   Àÿ€   ÿ À ÿüÿüÿ Àÿ ÿÿÿ
€ÿÿÿðÿÿÿ€ÿÿø   Àÿà   ÿ € ÿüÿüÿ Àÿ ÿ ÿ
€ÿÿÿøÿÿÿÀ?ÿÿø   Àÿð   ?ÿ þ ÿøÿøÿ Àÿ€?ÿ€ÿÿÿ ÿÿÿøÿÿÿàÿÿø   Àÿü   ÿ ü ÿøÿøÿ Àÿ€?ÿÀÿÿÿ ÿÿÿøÿÿÿðÿÿø   Àÿ  ÿ ø ?ÿðÿðÿ ÀÿÀÿÀ?ÿÿÿ ?ÿÿÿøÿÿÿøÿÿø   ÀÿÀ ÿ ð ÿàÿðÿ ÀÿÀÿà?ÿÿÿ ?ÿÿÿøÿÿÿøÿÿü   àÿüÿ Àÿÿüÿàÿà?ÿ Àÿàÿàÿÿÿ ÿÿÿøÿÿÿü	ÿÿü   à   ÿ €ÿÿÿð ÿÀ?ÿà?ÿ Àÿðÿðÿÿÿ ÿÿÿø ÿÿÿþ	?ÿü   ð   ÿ þÿÿÿÀ ?ÿÀ?ÿÀÿ Àÿðÿøÿÿÿ ÿø ÿÿÿ	ÿþ   ø   ÿ üÿÿÿ  ÿ€?ÿÀÿ Àÿøÿøÿÿþ ÿð ?ÿÿÿ€
ÿÿ€  þ  ÿ ðÿÿþ  ÿ€ÿ€ÿ	 Àÿøÿüÿÿþ ÿð ÿÿÿÀ ÿ' àÿÿü  ÿ ÿÿ ÿ	 Àÿüÿüÿÿþÿð ?ÿÿÿà ÿ' €ÿÿø  ÿþÿÿÿ	 Àÿüÿþÿÿÿÿà ?ÿÿÿð	 ÿ&	ÿÿð  ÿþÿþÿ	 Àÿþ ÿþÿÿÿÿà ÿÿÿø	 ?ÿ% ü	?ÿÿà  ÿüÿþÿ	 Àÿ ÿÿ ÿÿÿÿà ÿ ü	 ÿ% ð	ÿÿÀ  ÿøÿüÿ	 Àÿ ÿ€ÿÿ ÿÀÿ ü	 ÿ% À	ÿÿÿ€   ÿøÿüÿ	 Àÿ€?ÿ€ÿÿ ÿ€ÿ þ	 ÿ%	ÿÿÿ€   ÿðÿøÿ	 Àÿ€?ÿÀ?ÿÿ€ÿ€ÿ
 ÿ# ü	ÿÿÿ À ÿàÿðÿ	 ÀÿÀÿàÿÿ€ÿÿÿ€ÿ €	 ?ÿ# ø	ÿÿþ ?à ÿàÿðÿ	 ÀÿÀÿàÿÿ€ÿÿÿ ?ÿ À	 ÿ# à	ÿÿü ð ÿÀ?ÿà?ÿ	 ÀÿàÿðÿÿÀ?ÿÿÿ ÿ à	 ÿ# €	ÿÿø ÿð ÿÀ?ÿà?ÿ	 ÀÿðÿðÿÿÀÿÿÿÿ ð	 ÿ" þ

?ÿÿøÿø ÿÿÿ€ÿÀÿ	 Àÿðÿøÿÿàÿÿÿ‡ÿÿçÿÿÿø
 ÿ! ü

ÿÿðÿø ÿÿƒÿ ÿÿ€ÿ	 ÀÿøÿüÿÿðÿÁÿÿÿü
 ÿ! ð

ÿÿÿàÿø ÿÿÿ ÿÿ€ÿ
 Àÿøÿüÿÿðÿ€ÿÿÿþ
 ÿ! À	ÿÿÿÀÿø ?ÿÿÿÿþÿÿÿ
 Àÿüÿþÿÿø ÿøÿÿÿ€ÿÿÿ
 ÿ!
ÿÿÿ€ÿø ÿ€ÿÿÿüÿþÿ
 Àÿþ ÿÿ ÿÿø  ?ÿÿÿÀÿÿÿ€
 ?ÿ ü
ÿÿÿ ÿð  ?€ÿÿÿüÿþÿ
 Àÿþ ÿÿ€ÿÿü   ÿÿÿÀÿÿÿÀ
 ÿ à
ÿÿÿ ÿð   ÿÿøÿüÿ
 Àÿ ÿ€ÿþ   ?ÿÿÿàÿÿÿà
 ÿ €
ÿÿþ ÿàÿÿðÿøÿ
 Àÿ€?ÿÀ?ÿÿ   ?ÿÿÿàÿÿÿð ÿ þ?ÿÿü ÿàÿÿðÿøÿ
 Àÿ€?ÿÀ?ÿÿÀ  ÿÿÿàÿÿÿø ÿ øÿÿø ÿÀÿÿàÿðÿ
 Àÿ	Àÿàÿÿð ÿà ÿÿÿþ ÿ Àÿÿÿø ÿ€ÿÿÀÿàÿ
 Àÿ	Àÿðÿÿü ÿà ÿÿÿÿÿÿÿð ÿÿÿÿÀ?ÿà?ÿ
 Àÿ	àÿøÿÿÿÀÿà ?ÿÿÿ€ ÿ üÿÿÿà  þÿÿÿ€ÿÀ?ÿ
 ÀÿðÿøÿÀ ÿÿÿÀ ÿ àÿÿÿÀ  <ÿÿÿ ÿ€ÿ
 ÀÿðÿüÿÀ ÿÿÿàÿ €ÿÿÿ€?€ ÿÿÿ ÿÿ€ÿ
 Àÿøÿþÿ€ ÿÿÿð ?ÿ þÿÿÿ
ÿÀ ÿÿþÿÿ ÿ Àÿüÿþ ÿ  ÿÿÿø ÿ ðÿÿÿÿð ÿÿüÿþÿ Àÿü ÿÿ ÿþ  ÿÿÿüÿ Àÿÿÿþÿü ÿÿøÿþÿ Àÿþ ÿÿ€ÿü   ÿÿÿþ ÿ þÿÿÿþÿþ ÿÿøÿüÿ Àÿ ÿ€?ÿø   ÿ € ÿ øÿÿÿþ ð  ÿÿ€ÿÿðÿøÿ Àÿ ?ÿÀ?ÿð   ÿ Àÿ À	ÿÿÿþü  ÿàÿøÿ Àÿ€?ÿàÿà  ÿÿÿà ÿ ÿþ  ÿàÿðÿ ÀÿÀÿðÿÀ Àÿ ð ÿ ø ÿ  ÿÀ?ÿàÿ ÀÿÀÿðÿÀ ?ñÿ ø ÿ à ?ÿÀ ÿ€?ÿàÿ Àÿàÿøÿ€ ÿ þ ÿÿà ÿ ÿÀ?ÿ Àÿðÿüÿ ÿÿ ø ÿð  ÿ ÿÿ€ÿ Àÿðÿþÿþ ÿÿáÿ € ?ÿ à ÿü  ÿþ ÿÿ ÿ Àÿøÿþ ÿ
ü ÿÿàÿÿÿÀ ÿ ÿþ  ?àÿÿÿüÿÿ ÿ Àÿüÿÿ ÿ
ø ÿÿà?ÿÿÿàÿ ü ÿ  Àÿÿøÿþÿ Àÿü ÿÿ€ÿ
ð ÿÿàÿÿÿø ÿ à ?ÿ€   ÿÿøÿüÿ Àÿþ ÿÿÀ?ÿ
à ?ÿÿàÿÿÿü ÿ ÿà   ÿÿðÿøÿ Àÿ ÿÀÿ
À ÿÿðÿÿÿþÿ üÿð   ÿÿàÿøÿ Àÿ€?ÿàÿ€ ÿÿÿðÿ ÿ à ÿø   ÿÿÿÀÿðÿ Àÿ€ÿðÿ  ÿÿÿð ÿ € ÿ €ÿÿÿüÿü   ÿÿÿÀ?ÿàÿ ÀÿÀÿðÿ ÿÿÿð ÿÿÿàÿ üÿÿÿøÿþ  ÿÿÿ€?ÿàÿ Àÿàÿøÿþ ÿÿÿð ?ÿÿÿð ÿ ðÿÿÿàÿ
  ÿÿÿ ÿÀ?ÿ Àÿðÿüÿþ ÿÿÿð ÿÿÿø ÿ ÀÿÿÿÀ ÿ
À ÿÿþ ÿÿ€ÿ Àÿðÿþ ÿü ÿÿÿð ÿÿÿþÿ þÿ€ ÿ
à ÿÿþÿÿ ÿ Àÿøÿÿ ÿü ÿÿÿà ÿ ?ÿ
 øÿÿÿþ  ?ÿ	ð ÿÿüÿÿ ÿ Àÿüÿÿ ÿÿÿü ?ÿÿÿÀ ÿ € ÿ
 àÿÿÿü  ?ÿ	ð ÿÿøÿþÿ Àÿþ ÿÿ€?ÿÿÿø ?ÿÿÿÀ ÿ à ÿ
 €ÿÿÿø  ÿ	ø ?ÿÿðÿüÿ Àÿþ ÿÀÿÿÿø ÿÿÿ€ ÿ ð ÿ þ?ÿÿÿð  ÿ	ø ÿÿàÿøÿ Àÿ	 ÿàÿÿÿø ÿ  ÿ ü ÿ øÿÿÿà  ÿ	ø ÿÿÿÀÿøÿ Àÿ€?ÿðÿÿÿø ÿÿÿþ  ÿ þ ÿ à ÿ€  ÿ	ø ÿÿÿÀ?ÿðÿ ÀÿÀÿðÿÿÿø ÿÿÿü ‡ÿ ÿ € ÿ   ÿ	øÿÿÿ€?ÿàÿ ÀÿÀÿøÿÿÿøÿÿÿø ?ÿ Àÿ þÿÿÿþ üÿ	ðÿÿÿ ÿÀÿ Àÿàÿüÿÿÿøÿÿÿð ÿ à ?ÿ øÿÿÿü ?þÿ	ðÿÿþ ÿÿ€?ÿ Àÿðÿþ ÿÿÿøÿÿÿðÿ ø ÿ àÿÿÿð ÿÿƒÿ	ðÿÿüÿÿ€?ÿ Àÿøÿÿ ÿÿüÿÿÿàÿ þ ÿ €ÿàÿÿçÿ	ðÿÿøÿÿ ÿ Àÿüÿÿ€?ÿÿü ÿÿÿÀÿ ÿ þ ÿÀÿð?ÿÿðÿþ ÿ Àÿü ÿÿÀÿÿü ÿÿÿ€ÿ À ÿ ü ÿ ÿðÿÿðÿüÿ Àÿþ ÿàÿÿþ ÿÿ ÿ ð ?ÿ ðÿÿÿþ ÿ
àÿøÿ Àÿ ?ÿàÿÿþ ÿþ ?ÿ ü ÿ àÿÿÿü ÿ
Àÿøÿ Àÿ€?ÿðÿÿÿ ?ÿü ÿ þ ÿ €ÿø ÿøÿ	€?ÿðÿ ÀÿÀÿøÿÿÿ€ÿø ÿ	 € ÿ ÿà ÿøÿ ÿàÿ ÀÿÀÿüÿÿÿ€ÿàÿà?ÿ à ÿ þ ÿÀÿø?ÿþ ÿÿÀÿ Àÿàÿþ ÿÿÿÀÿÀÿ ÿ ðÿ ø ?ÿ€ÿøÿüÿÿÀ?ÿ Àÿðÿÿ ÿÿàÿ€ÿÿÿü ÿ ü?ÿÿÿð ÿ ÿøÿøÿÿ€?ÿ Àÿøÿÿ€?ÿÿð þ ÿÿÿð  ÿ þÿÿÿà ÿü ÿøÿãÿðÿÿ ÿ ÀÿüÿÿÀÿÿø   ÿÿÿà  ÿ €ÿÿÿÀ ÿø ÿøÿáÿàÿþ ÿ Àÿþ ÿÿàÿÿü   ?ÿÿÿÀ  ?ÿ àÿÿÿ€ ÿð ÿøÿÀÿÀÿüÿ Àÿ ÿðÿÿþ   ÿÿÿÀ  ÿ øÿÿþ ÿà  ÿø ÿÀÿ€ÿøÿ Àÿ
 ?ÿðÿÿÿ   ÿ€  ÿ þÿÿüÿÀ  ø ÿà?ÿ ?ÿðÿ Àÿ
€ÿøÿÿÿÀ ÿ€Àÿ €ÿÿø ÿ€  ð àÿþ ÿàÿ Àÿ
Àÿü ÿÿÿà ÿ ðÿ àÿð ÿ€  ?ð ?àÿþ ÿÿÀÿ Àÿ
àÿþ ÿÿø ÿ øÿ ø?ÿà ?ÿ€  à àÿü ÿÿÀÿ Àÿðÿÿ ?ÿÿþ ?ÿÿÿþ ü ÿ þÿÀÿ€  À ðÿøÿÿ€?ÿ Àÿøÿÿ€ÿþ ?þ ÿ Àÿ€ ÿÁà   ðÿðÿÿ ÿ ÀÿøÿÿÀÿþ ?ÿ ÿ ðÿ ÿ øðÿàÿþ ÿ Àÿü ÿÿàÿþ ÿ€?ÿ üÿ ÿ þðÿÀÿüÿ Àÿþ ÿðÿþ ÿ€ÿþ ÿðÿ€ÿøÿ Àÿ ?ÿøÿþ ÿÀÿ Àü ÿ   ~ð ÿ ?ÿðÿ Àÿ€ÿü ÿþ ÿÀ ÿ ø ð ÿ€ ÿßð ÿÿÿþ ÿàÿ ÀÿÀÿþ ÿþ ÿà ÿ þÿ	À ÿÿà ÿÿÿüÿÿÀÿ Àÿàÿÿ ?ÿ ÿà ÿ € ÿ	à ÿÿàÿÿÿøÿÿ€ÿ Àÿðÿÿ€ÿŸ ÿà ÿ ð ÿ‡ÿÿÿð ÿÿÀÿÿÿðÿÿ ?ÿ ÀÿøÿÿÀÿþ€ ÿà ÿ þ ÿþÿÿÿð ÿÿÀÿÿÿàÿþ ÿ Àÿü ÿÿàÿü€ ð ÿ À ÿþÿÿÿø ÿÿ€ÿÿÿÀÿþ ÿ Àÿþ ÿðÿøÀ ?ðÿ ð ÿøÿÿÿü ÿÿ ÿÿÿ ?ÿüÿ Àÿ ?ÿøÿøà ðÿ þ ÿ€ ÿÿÿþ ÿþ ?ÿÿþ ÿøÿ Àÿ€ÿü ÿðà ðÿ € ÿà  ÿ ÿü ÿÿü ÿÿðÿ ÀÿÀÿþ ÿàð ðÿ ð ÿ€  ÿÿÿ ÿøÿÿÿøÿÿàÿ Àÿàÿÿ ÿàø ðÿ þÿþ   ÿÿÿ€ ÿàÿÿÿðÿÿÀÿ ÀÿðÿÿÀÿ
Àü àÿÿÀÿ À ÿø   ?ÿÿÿÀ Àÿÿÿàÿÿ€?ÿ Àÿøÿÿàÿ
Àþ  ðÿÿ€ÿ ø ?ÿð   ?ÿÿÿà  ÿÿÿÀÿÿ ?ÿ Àÿü ÿÿðÿ
€ÿ  p?ÿÿ€ÿ € ÿà   ?ÿÿÿð   ?ÿÿÿ€ÿþ ÿ Àÿþ ÿøÿ
 ÿ€ pÿÿ  ÿ ð ÿÀ   ÿÿÿð   ÿÿÿ ?ÿü ÿ Àÿ ?ÿü ÿ ÿÀ ?ÿÿþ  ?ÿ þÿ€þ ÿÿÿø   ÿÿÿü ÿÿøÿ Àÿ€ÿþ ÿÿÿþ ÿà ÿÿþ  ÿ à ÿ ÿÀÿÿÿü  ÿÿÿøÿÿðÿ ÀÿÀÿÿ ?ÿÿÿþ ÿð ÿÿþ  ÿ þÿ ÿðÿÿÿþ  ÿÿÿðÿÿàÿ Àÿàÿÿ€ÿÿÿþ ÿð ÿÿü   ÿ À ÿþ ÿÿøÿÿÿþ  ÿÿÿàÿÿÀÿ ÀÿðÿÿÀÿÿÿþ ÿø ÿÿü   ?ÿ þÿþÿÿÿÿ  ÿÿÿÀÿÿ€ÿ Àÿø ÿÿàÿÿÿþ ÿü ÿÿø   ÿ ð ÿüÿ  ?ÿÿÿ€ÿþ ?ÿ Àÿü ÿøÿÀÿþ ÿÿø   ÿ € ÿ	üÿ€ ÿÿÿ ?ÿü ÿ Àÿþ ?ÿü ÿüÿÿ ÿÿð   ÿ þ ÿ	üÿÿÿÿ
€ ÿÿÿü ÿø ÿ Àÿ ÿþ ÿÿÿþÿÿ ÿÿðþ  ÿ ü ÿ
üÿÿð ÿÿÿ€ÿÿÿø ÿÿðÿ Àÿ€ÿÿ ÿ ÿÿ€ÿÿðÿ  ÿ	 ü	 ÿøÿÿ€ ÿÿÿ ÿÿÿðÿÿàÿ ÀÿÀÿÿ€ÿ ÿ€ÿÿàÿ€  ÿ
 ø ÿøÿø  ÿÿÿ ÿÿÿàÿÿÀÿ Àÿàÿÿàÿ€ÿÀÿÿà?ÿ€  ?ÿÿü ÿ€  ÿÿþ ?ÿÿÿ€ÿÿ€ÿ Àÿðÿÿðÿ€?ÿÀÿÿà?ÿ   ÿ  üÿÿü ÿÿÿ ÿÿ ÿ Àÿø ÿÿø ÿÀÿÀÿÿàÿ   ÿ  üÿÿü ÿÿÿþ ?ÿþ ?ÿ Àÿþ ÿü ÿÿÿàÿ€ÿÿáÿÿÿ  üÿøÿÿÿü ÿÿü ÿ Àÿ ?ÿþ ?ÿÿÿàÿ ÿ ÿ üÿøÿÿÿøÿÿø ÿ Àÿ€ÿÿ€ÿÿÿðþ ÿþ € ?ÿ þ?ÿüÿÿÿàÿÿðÿ ÀÿÀÿÿÀÿÿÿø  ÿþ à ?ÿ þ?ÿþÿÿÿÀÿÿÀÿ Àÿàÿÿàÿÿÿü   ÿþ ð ?ÿ  ?ÿ€ÿÿ€ÿ Àÿðÿÿð ÿÿÿþ   ?ÿü ø ?ÿ €   < ÿþ ?ÿÿ ÿ Àÿø ÿÿü ÿÿÿ   ÿü ø ?ÿ À  ÿ ÿü ÿþ ?ÿ Àÿü ÿþ ?ÿÿÿ€  ÿø ?ü ÿ à  ÿÀÿø ÿÿü ÿ Àÿþ ÿÿ ÿÿÿà ÿø ?ü ÿ ø ÿÿÀÿàÿÿð ÿ Àÿ ÿÿÀÿÿÿø ÿ	ø ü ÿÿÿð ÿþ ?ÿÿàÿÀÿÿàÿ ÀÿÀÿÿàÿÿÿþ ÿ
ð ü ÿÿÿ€ ÿ àÿ€ÿÿÀÿ Àÿàÿÿðÿ ãÿ
ð ÿþ ÿÿþ  ÿ àÿþ ÿÿ€ÿ Àÿðÿÿü ÿ	
à ÿþÿÿø  ÿ àÿü ?ÿÿ ÿ Àÿø ÿþ ?ÿ	àÿþÿÿà   ÿÀÿð ÿÿü ?ÿ Àÿü ?ÿÿ ÿ	ÀÿþÿÿÀ   ?ÿÀ?ÿàÿÿø ÿ Àÿ ÿÿÀÿ	Àÿüÿÿ€   ÿ€?ÿÀÿÿð ÿ Àÿ€ÿÿàÿ	€ÿüÿþ þ ÿÿà ÿøþÿ	‡ÿÿÿ ÿ ÿÿÀÿ ÀÿÀÿÿð ÿ	€ÿüÿü ÿÀÿÿÀ  ÿ€ ÿ	ÿÿþ ÿÿÿþ ÿÿ€ÿ Àÿàÿÿü ?ÿ€ÿüÿü ÿàÿÿ€  ?ÿþ   ÿ	 ÿø ÿø ?ÿÿ ÿ Àÿø ÿÿþ ÿ ÿþÿø ?ÿðÿÿ€  ÿÿ€ ÿÿü   ÿ	 ÿàÿð ÿÿþ ÿ Àÿü ?ÿÿ ÿ ÿþÿð ÿø ÿÿ€  ÿþ  ÿÿð   ÿ	€ÿ ÿÀÿÿø ?ÿ Àÿþ ÿÿÀÿþ ÿà ÿÿü ÿÿÀ  ÿþ   ÿÿà   ÿ	€   ÿ€ÿÿð ÿ Àÿ ÿÿà ÿþ ÿà ÿÿþ ÿð  ÿü   ÿÀ   ÿ	€   ÿÿÿþ ÿÿàÿ ÀÿÀÿÿø ÿü ÿÀÿÿþ ÿü  ÿø   ÿ€ð ÿ	À   ÿÿÿü ÿÿÀÿ Àÿàÿÿü ÿü ÿ€ÿÿÿ ?ÿþ  ÿø   ÿÿ€þ ÿ	À   ÿÿÿð ÿÿ ÿ Àÿð ÿÿÿ ÿø ?ÿ€ÿÿÿ ?ÿÿ  ÿð  ÿÿ ?ÿ€ÿ	à  ÿà ÿÿþ ÿ Àÿø ?ÿÿ€ÿð ?ÿ€ÿÿÿ ÿÿ€ ÿð  ÿÿ ÿàÿ	à  ÿ€ÿÿü ?ÿ Àÿü ÿÿàÿà ÿ ÿÿÿ ÿÿ€ ÿð  ?ÿþ ÿðÿ	ð  ÿ ÿÿð ÿ Àÿþ ÿÿð ÿÀ  ÿ ÿÿÿ ÿÿ€ ÿà  ÿþ ÿÿøÿ	ðÿü ÿÿàÿ Àÿ€ÿÿü ÿ€  ÿ ÿÿÿ ÿÿ€ ÿà  ÿÿþ ÿÿüÿ	øÿð ?ÿÿ€ÿ ÀÿÀÿÿþ ÿ   ÿþ ÿÿÿ ÿÿ€ ÿÀ  ÿÿþ ÿÿþÿ	üÿà ÿÿÿ ÿ Àÿà ÿÿÿ€ÿ   ÿþ ÿÿÿ ÿÿ€ ÿÀ ÿÿþ ÿÿÿ	üÿ€ÿÿþ ÿ Àÿð ?ÿÿÀÿ€  ÿþ ÿÿÿ ÿÿ€ ÿÀ ÿÿþ ÿÿƒÿ	þÿþ ÿÿø ?ÿ Àÿü ÿÿð ÿ€  ÿþ ÿÿÿ ÿÿ€  ÿ€ ÿÿþ ?ÿÿïÿ
 ¿ÿü ÿÿð ÿ Àÿþ ÿÿø ÿà  ÿþ ÿÿÿ ÿÿ€  ÿ€ ÿÿþ ÿð ?ÿÿÀÿ Àÿ€ÿÿþ ÿø  ÿÿÿþ ÿÿÿ ÿÿ€  ÿ  ÿÿþ   ?ÿÀ ÿÿ€ÿ ÀÿÀ ÿÿÿ€ÿþ  ?ÿÿÿþ ÿÿÿ ÿÿ€    ÿÿþ ?ÿ€ÿÿÿ ÿ Àÿà ÿÿÀ ÿ€ ÿÿÿþ ÿÿÿ ÿÿ€  ~  ÿÿÿ ÿþ ÿÿü ?ÿ Àÿø ÿÿð ?ÿà ÿÿÿþ ÿÿÿ ÿÿ€  ~  ÿÿÿ ÿø ÿÿø ÿ Àÿü ÿÿü ÿø ÿÿÿþ ÿÿþ ÿÿ€  <  ÿÿÿÿà ?ÿÿàÿ Àÿ ÿÿþ ÿþ ÿÿÿþ ÿÿþ ÿÿ€  <  ÿÿÿ€ ?ÿ€ ÿÿ€ÿ Àÿ€ÿÿÿ€ÿÀÿÿÿþ ÿÿþ ÿÿ€   ÿÿÿÀ ÿ ÿÿÿ ÿ Àÿà ÿÿà ÿðÿ
 ÿÿþ ÿÿ€ÿÿÿà ÿü ÿÿü ÿ Àÿð ?ÿÿø ÿüÿ
 ÿÿü ÿÿ€<ÿÿÿð ÿð ÿÿø ÿ Àÿü ÿÿü ÿ Ïÿ ÿÿü ÿÿ€<  €ÿÿÿü ÿÀ ?ÿÿà ÿ Àÿþ ÿÿÿ ÿ	 ÿÿü ÿÿ€<  €ÿ€   ÿ  ÿÿÿ€ÿ Àÿ€ÿÿÿÀ ÿ€ÿÿø ÿÿ€>  €ÿø   ÿü ÿÿÿ ÿ ÀÿÀ ÿÿð ÿ€ÿÿø ?ÿÿ€>  €ÿü  ÿð ÿÿü ÿ Àÿð ?ÿÿü ÿÀÿÿð ?ÿÿ€>  €ÿü ÿÀ ÿÿø ?ÿ Àÿø ÿÿÿ ÿÀÿÿð ÿÿ€?  €ÿÀÿ  ÿÿà ÿ Àÿþ ÿÿÿ€ ÿàÿÿà ÿÿ€?  €ÿÿÿáÿÿÿðÿ
ü ÿÿÿÀÿ Àÿ€ ÿÿÿà ÿàÿÿà ÿÿÿ€?  €ÿÿÿÀÿÿÿøÿ
ð ÿÿÿ ÿ ÀÿÀ ÿÿø ÿðÿÿÀÿÿÿ€?  €ÿÿÿÀÿÿøÿ
À ÿÿü ÿ Àÿð ÿÿþ ÿøÿÿ€ÿÿÿ€?€ ?€ÿÿÿÀÿÿüÿ
  ?ÿÿø ?ÿ Àÿø ÿÿÿ€ ?ÿø ÿ ÿÿÿ € ?€ÿÿÿÀ?ÿÿüÿ	ü  ÿÿÿà ÿ Àÿþ ÿÿÿà ÿü ?ü ÿÿÿ € ?€ÿÿÿÀÿÿüÿ	ð ÿÿÿ€ÿ Àÿ € ÿÿÿø ÿþ ð ÿÿÿ À €ÿÿÿÀÿÿøÿ	€ ÿÿþ ÿ Àÿ À ÿÿþ  ÿ€   ÿÿÿ À €ÿÿÿÀÿÿøÿþ  ?ÿÿü ÿ Àÿ ð ÿÿÿ€ ?ÿÀ   ÿÿÿ À €ÿÿÿÀÿÿðÿø  ÿÿÿð ?ÿ Àÿ ü ÿÿÿà ÿà   ÿÿÿþ ?À ÿ ÿÿÿÀ ÿÿàÿÀ ÿÿÿÀ ÿ Àÿ! ÿÿÿø ÿø  ÿÿÿþ ?à ÿ ÿÿÿÀ ?ÿÀÿ  ÿÿÿ ÿ Àÿ!À ÿÿÿ  ?ÿþ  ÿÿÿü ?à ÿ ÿÿÿÀ ÿ ÿø  ÿÿü ÿ Àÿ!à ÿÿÿÀ ÿ€ ?ÿÿÿð à þ ÿÿÿà ÿà ÿÿÿø ÿ Àÿ!ø ÿÿÿð ÿüÿ€ à ü ÿÿÿà ?ÿ€ ÿÿÿà ÿ Àÿ!	þ ÿÿÿþ  ÿ
þ   `   ÿÿÿà ÿü  ?ÿÿÿ€ÿ Àÿ"€ ÿÿÿ€ ÿ
 þÿÿÿàÿð  ÿÿÿþ ÿ Àÿ"à ÿÿÿð ÿ
 þÿÿà   ÿ€ ÿÿÿø ÿ Àÿ"	ø ÿÿÿü  ÿ	 þÿÿð  ÿ	ü  ÿÿÿà ?ÿ Àÿ"ü ÿ  ÿ
   0ÿÿð?à ÿð  ÿÿÿ€ ÿ  Àÿ#  ÿà ÿ
€  |ÿÿøÿ
€ ÿÿÿþ ÿ  Àÿ#	À ÿÿÿü  ?ÿ	ü ÿ|   ÿ	ø  ÿÿÿø ÿ  Àÿ#ð ÿ  ÿ   ÿ	À  ÿÿÿà ?ÿ  Àÿ#ü ÿà  ÿð  ÿþ  ÿ  ÿ! Àÿ$	  ÿÿÿø  ÿ þÿ	ð  ÿÿÿü ÿ! Àÿ$À ÿ  ÿ	€  ÿÿÿø ÿ! Àÿ$ð ÿà  ÿü  ÿÀ ?ÿ! Àÿ$
ü  ÿÿÿü  ÿÀ  ÿ  ÿ" Àÿ%  ÿ   ?ÿ
þ   ÿÿÿø ÿ" Àÿ%À ÿð  ÿà  ÿà ÿ" Àÿ%ð  ÿþ   ?ÿü   ÿ  ÿ" Àÿ%ü  ?ÿÀ  ÿÀ  ÿü ÿ# Àÿ&  ÿü   ?ÿø   ÿà ÿ# Àÿ&à ÿ€  ÿ€   ÿ€ ÿ# Àÿ&ø  ?ÿø   ÿø   ÿü  ÿ$ Àÿ&þ  ÿ€   ÿ ÿð ÿ$ Àÿ'À  ÿø   ÿÀ   ÿ  ÿ$ Àÿ'ð  ÿ€   ÿ ø ?ÿü  ÿ$ Àÿ'þ  ÿ ø ÿ ü ÿà ÿ% Àÿ(€  ÿ € ?ÿ þ ÿ  ÿ% Àÿ(à  ÿ ø ?ÿ	 þ ÿø  ?ÿ% Àÿ(ü  ÿ à ÿ àÿÀ ÿ& Àÿ)€  ÿ ÿ À ÿþ  ÿ& Àÿ)à  ÿ ð ÿð  ?ÿ& Àÿ)ü  ÿ À ÿ€ ÿ' Àÿ*€  ?ÿ ÿø  ÿ' Àÿ*ð  ÿ ÿÀ  ?ÿ' Àÿ*ü   ?ÿ þ ÿü  ÿ( Àÿ+€  ÿ	 ÿà  ÿ( Àÿ+ø   ÿ ð ÿ	   ?ÿ( Àÿ,   ÿ ãÿð  ÿ) Àÿ,à   ÿ   ÿ) Àÿ,þ   ÿà   ÿ* Àÿ-À   ÿþ   ÿ* Àÿ-ø   ÿÀ   ÿ* Àÿ.À   ÿø   ÿ+ Àÿ. øÿÿ, Àÿ/À   ÿÀ   ÿ, Àÿ/ ü ÿ ø ÿ, Àÿ0 À ÿ ø ÿ- Àÿ0 ü ÿ ü ÿ- Àÿ1 à ÿ	 ø ÿ. Àÿ2 ÿ €ÿ/ Àÿ2 øÿÿÿà ÿ/ Àÿ3 À ÿ0 Àÿ4 ÿ1 Àÿ4 þ ÿ1 Àÿ5 þ ?ÿ2 Àÿ6 þ ÿ3 Àÿ8	 ?ÿ4 Àÿ9 ü ÿ6 Àÿ<üÿ9 Àÿx Àþ#   
   %  Ý
 ƒ  ¯' ÝÝ    Ýà€    ääC (# àÔ ‡| %cæ %  % %   ÔÔ ‡| &ãç & %|%cæ ÔFOREWORDˆÐ   	 X      ÐßA €7 - )                 °° x         d dE°1 xA ßÐ   	 2Ú    ÐÔ# †  &ù´ & &|&ãç-   # ÔÔ# †  %yµ  % & &ù´L   # Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   U  Ý
 ƒ3   C) ÝÝ    ÝßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐÔ ‡ %cæ %  % %   ÔÔ ‡ &ãç & %%cæ ÔJune€1996à€    NN (# àU.S.€Customs€Service€AIS€Security€Policy€ManualÔ# †  &ù´ & &&ãçq   # ÔÔ# †  %yµ  % & &ù´   # ÔˆÐ   	 g    Ð, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Ú  Ý
 ƒ   ¯* ÝÝ    ÝßA €7 - )                 °° x         d  E°W xA ßÐ   	 X      ÐÔ ‡‚ %cæ %  % %   ÔÔ ‡‚ &ãç & %‚%cæ ÔU.S.€Customs€Service€AIS€Security€Policy€Manual€à€    ÎÎB (# àJune€1996Ô# †‚ %cæ % &‚&ãç   # ÔÔ ‡‚ &ãç & %‚%cæ ÔÔ# †  &ù´ & &‚&ãçq   # ÔÔ ‡‚ &ãç & & &ù´ ÔˆÐ   	 g    ÐÔ# †  &ù´ & &‚&ãç_  # ÔÔ# †  %yµ  % & &ù´  # Ô, @0Ð  A   Z  ‹" A r i a l   R e g u l a r          
   Î   Ý
 ƒ  ¯' ÝÝ    ÝÔ ‡2  %cæ %  % %   Ôà€    88C (# àCONTENTSÔ# †  %yµ  % %2 %cæ   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d^ E°1 xA ß 
   »   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡Ý  %cæ %  % %   ÔCONTENTSÔ# †  %yµ  % %Ý %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   Ò   Ý
 ƒ  ¯' ÝÝ    Ýà€    ¨¨? (# àÔ ‡K  %cæ %  % %   ÔINTRODUCTIONÔ# †  %yµ  % %K %cæ-   # ÔˆÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ß 
   ¿   Ý
 ƒM  ¯( ÝÝ    ÝÔ ‡ß  %cæ %  % %   ÔINTRODUCTIONÔ# †  %yµ  % %ß %cæ   # ÔÐ   	 X      ÐßA €7 - )                 °° x         d  E°1 xA ßÝ
 ƒ   ! ÝÝ    Ýñ›%ñ›ñ›%ñÑ    X° ÑÑ   X° ÑÙ      ÙÑ7 €N  pQN ò ò       dÈ                  dÈ 7 Ññ›%ñÖ €º       ÿÿ Öñ›%ññ ›%ñÖ €>       ÿÿ Öñ›%ññ›%ñÖ €»       ÿÿ Öñ›%ññ ›%ñÖ €]       ÿÿ Öñ›%ñÑ   ý 
 ÑÑ     ÑÓ    ÓÔ €  &ù´ &  % %   ÔÔ ‡  ¼Zü ¼ & &ù´ Ôà@    ää  ì àòòÔ# †  &ù´ & ¼ ¼ZüF  # ÔÔ ‡  x† x & &ù´ ÔAUTOMATED€INFORMATIONˆÐ   	 X      Ðà@    íí ì àSYSTEMS€SECURITY€POLICYÔ# †  &ù´ & x x†  # ÔÔ ‡  »Úÿ
 » & &ù´ ÔóóˆÐ   	 ˆ0   ÐÌÌÌÌÌßj € >6               & "  `  x0	ßÿÄ
 À  `  À(ø  El
À„    À„        !
ÑV   j ßâ   	 °!
°!
°(#°(# âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	 °!
°!
°!
°!
 âÌâ   	  °(#°(#°!
°!
 âÌÌà@    77# ì àòòCIS€HB€1400„05ˆÐ   	 ô"œ    Ðà@    ±±& ì àJune€1996óóà@ @    D   àˆÐ   	 B$ê!   ÐÌÌÌÌÌòòDepartment€of€the€Treasuryà€    üü' (# àOffice€of€Information€and€TechnologyˆÐ   	 þ*¦(#   ÐUnited€States€Customs€Serviceà€    xx (# àAutomated€Information€Systems€Security€DivisionóóÔ# †  &ù´ &
 » »Úÿ3  # ÔˆÐ	    Ú+‚)$ ýv  ÐÑ    
 ÑÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ìì* ì àˆÌÐ	    ¢J 2  Ðñ›%ñÖ  €{      ÿÿ Öñ›%ññ ›%ñÖ  €d       ÿÿ Öñ›%ññ›%ñÖ €~ º    Öñ›%ññ ›%ñÖ €ž  º    Öñ›%ññ›%ñÖ € » Ã  Öñ›%ññ ›%ñÖ €·  » Ã  Öñ›%ñÑ    
 Ñà€    êêC (# àÔ ‡  °üª ° & &ù´ ÔForewordÔ# †  &ù´ & ° °üªÁ  # ÔˆÐ   	 X      ÐßA €& - )                 °° x         d  E°7¨ xA ßÐ   	 8à   ÐÌThe€U.S.€Customs€Service,€Office€of€Information€and€Technology€Automated€Information€SystemsÏ(AIS)€Security€Policy€Manual€is€intended€for€those€who€use€Customs€AIS€services€and€systems.ÏInformation€throughout€the€manual€supports€the€Customs€mission€by€providing€direction€and€guidanceÏto€protect€AIS€resources.€€It€establishes€uniform€policies,€responsibilities,€and€authorities€for€carryingÏout€the€Customs€AIS€Security€Program.€€Security€is€provided€for€information€that€is€collected,Ïprocessed,€transmitted,€stored,€or€distributed€for€all€other€agencies€utilizing€Customs€general€supportÏsystems€and€major€applications.ÌÌThis€high„level€policy€manual€supplements€the€AIS€security€policies€established€by€the€U.S.€DepartmentÏof€the€Treasury,€and€is€consistent€with€government„wide€policies,€standards,€and€procedures€issued€byÏthe€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     ×O Ôñš%ññ›%ñ,€the€Department€of€Commerce,€the€General€ServicesÏAdministration,€and€the€Office€of€Personnel€Managementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t      M Ôñš%ññ›%ñ.€€Additional€detailed€and€specific€proceduralÏguidelines,€particular€to€Customs€needs€and€requirements,€will€be€issued€in€an€iterative€fashion,€asÏappropriate.€€Prior€releases€of€this€manual€(CIS€HB€1400„04)€are€superseded.ÌÌÔ ‡  %yµ  % & &ù´ ÔAdditional€copies€may€be€obtained€by€submitting€Customs€Form€CF€205€to€U.S.€Customs€Service,Ð   	 '   ÐPrinting€&€Mail€Team,€1301€Constitution€Avenue,€NW,€Room€B338,€Washington,€DC€20229.€€Non„¼Customs€Federal€and€civil€agencies,€organizations,€and€members€of€the€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y      / Ôñš%ññ›%ñ€may€contactÏtheir€Customs€representative,€or€obtain€the€manual€via€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t     u! ÔÔ!     I n t e r n e t     u! Ôñš%ññ›%ñ€from€Customs€World€Wide€Webñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b      - Ôñš%ññ›%ñÏ(WWW)€page€on€the€National€Technical€Information€Service€(NTIS)€FedWorld,€atòòÐ   	 ç   Ðhttp://fedworld.govóó,€as€available.Ð   	 Ái   ÐÔ# †  &ù´ &  % %yµç  # ÔÌThe€U.S.€Customs€Service€wishes€to€extend€special€thanks€to€the€Federal€Bureau€of€Investigationñ ›%ññš%ñÔO  E   F e d e r a l   B u r e a u   o f   I n v e s t i g a t i o n     @O Ôñš%ññ›%ñ,ÏInformation€Systems€Security€Unit,€for€valuable€input€which€provided€the€basis€for€the€development€ofÏthis€document,€to€the€National€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y     aA Ôñš%ññ›%ñ€for€their€review€and€suggestions,€and€to€the€U.S.ÏDepartment€of€the€Treasury,€Office€of€Information€Systems€Security,€for€their€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     c# Ôñš%ññ›%ñ€and€guidance.ÌÌÌÌÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà0    h(#(# àà0    Àh(#h(# à(original€ñ ›%ñsigndñ›%ññ›%ñsignedñ›%ñ€by€George€J.€Weise)Ð    À(#À(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà0    h(#(# àà0    Àh(#h(# àà0    À(#À(# àCommissionerñ ›%ññš%ñÔ)     C o m m i s s i o n e r     i) Ôñš%ññ›%ñÐ    (#(#  ÐÌÌDistributionñ ›%ññš%ñÔ)     D i s t r i b u t i o n     i) Ôñš%ññ›%ñ:€€G-25Ð	    ±"Y %    ÐÑ    
 ÑÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ìì* ì àˆÌÐ	    ¢J    Ðñ›%ñÖ  €„ {Ã  Öñ›%ññ ›%ñÖ  €¿  {Ã  Öñ›%ññ›%ñÖ €…      ÿÿ Öñ›%ññ ›%ñÖ €Ã       ÿÿ Öñ›%ñÓ    ÓÑ    
 ÑÑ €H  P¨  Ñà@ @  TT" ì àÔ ‡  °üª ° & &ù´ ÔÔ ‡  °„½ ° ° °üª ÔContentsÐ   	 X      ÐßA €& - )                 °° x         d  E°7¨ xA ßÔ# †  °üª ° ° °„½í  # ÔÔ# †  &ù´ & ° °üªÎ  # ÔÐ   	 8à   ÐÓ   ’   ÓÌÌÓ €5    Óñš%ñÓ     ÓÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿö   ÝÌà0     àà     ° àÝ     ÝINTRODUCTIONà‚#    4"4"H (#. ,
,
 (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿö     ÝŒˆÐ   	 m   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿò   Ýà0     àà0    `	(#(# àà      àÝ     Ý1.1à0    `	`	(#`	(# àPURPOSEà‚#    4"4"H (#. ŠŠ `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿò     ÝŒˆÐ   	 Gï   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ   Ýà0     àà0    `	(#(# àà      àÝ     Ý1.2à0    `	`	(#`	(# àREFERENCESà‚#    4"4"H (#. ðð `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ  .   ÝŒˆÐ   	 !	É   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ7   Ýà0     àà0    `	(#(# àà      àÝ     Ý1.3à0    `	`	(#`	(# àDEFINITIONSà‚#    4"4"H (#. ââ `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ7  R   ÝŒˆÐ   	 û	£   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ\   Ýà0     àà0    `	(#(# àà      àÝ     Ý1.4à0    `	`	(#`	(# àSCOPEà‚#    4"4"H (#. žž `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ\  w   ÝŒˆÐ   	 Õ
}	   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ{   Ýà0     àà0    `	(#(# àà      àÝ     Ý1.5à0    `	`	(#`	(# àBACKGROUNDà‚#    4"4"H (#. nn `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ{  –   ÝŒˆÐ   	 ¯W	
   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿŸ   Ýà0     àà0    `	(#(# àà      àÝ     Ý1.6à    `	 àINFORMATION€SECURITY€POLICY€AND€GUIDANCE€HIERARCHYà‚#    4"4"H (#. ::F `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„6ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿŸ  º   ÝŒˆÐ   	 ‰1
   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿã   ÝÌà0     àà     ° àÝ     ÝGENERAL€POLICYà‚#    4"4"H (#. â
â
 (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿã  þ   ÝŒˆÐ   	 =å   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿá    Ýà0     àà0    `	(#(# àà      àÝ     Ý2.1à0    `	`	(#`	(# àGENERAL€POLICY€STATEMENTà‚#    4"4"H (#. , `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿá   ü    ÝŒˆÐ   	 ¿   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ"   Ýà0     àà0    `	(#(# àà      àÝ     Ý2.2à0    `	`	(#`	(# àROLES€AND€RESPONSIBILITIESà‚#    4"4"H (#. ââ. `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ"  ."   ÝŒˆÐ   	 ñ™   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿG#   ÝÌà0     àà     ° àÝ     ÝAIS€SECURITY€LIFE€CYCLEà‚#    4"4"H (#. êê! (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿG#  b#   ÝŒˆÐ   	 ¥M   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿN$   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.1à0    `	`	(#`	(# àSECURITY€PLANNINGà‚#    4"4"H (#. ÒÒ% `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿN$  i$   ÝŒˆÐ   	 '   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚y%   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.1.1à0    ¸¸(#¸(# àApprovalsà‚#    4"4"H (#. ºº" ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚y%  ”%   ÝŒˆÐ   	 Y   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚²&   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.1.2à0    ¸¸(#¸(# àAIS€Security€Planà‚#    4"4"H (#. ôô* ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚²&  Í&   ÝŒˆÐ   	 3Û   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚ó'   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.1.3à0    ¸¸(#¸(# àDisaster€Recovery€and€Contingency€Operations€Planningà‚#    4"4"H (#. ^^N ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚ó'  (   ÝŒˆÐ   	 µ   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿX)   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.2à0    `	`	(#`	(# àSECURITY€REQUIREMENTSà‚#    4"4"H (#. °°) `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿX)  s)   ÝŒˆÐ   	 ç   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚‡*   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.2.1à0    ¸¸(#¸(# àPolicy€Derived€Requirementsà‚#    4"4"H (#. TT4 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚‡*  ¢*   ÝŒˆÐ   	 Ái   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚Ò+   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.2.2à    ¸ àRisk€Managementà‚#    4"4"H (#. þþ( ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„5ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚Ò+  í+   ÝŒˆÐ   	 ›C   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ	-   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.3à0    `	`	(#`	(# àDEVELOPMENTà‚#    4"4"H (#. ÀÀ `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„6ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ	-  $-   ÝŒˆÐ   	 u   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ..   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.4à0    `	`	(#`	(# àCERTIFICATION€AND€ACCREDITATIONà‚#    4"4"H (#. ¼¼3 `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„6ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ..  I.   ÝŒˆÐ   	 O÷   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚g/   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.4.1à0    ¸¸(#¸(# àCertificationà‚#    4"4"H (#. ^^& ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„7ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚g/  ‚/   ÝŒˆÐ   	 )Ñ   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚¤0   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý3.4.2à0    ¸¸(#¸(# àAccreditationà‚#    4"4"H (#. ¤¤& ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„8ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚¤0  ¿0   ÝŒˆÐ   	 «   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿá1   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.5à0    `	`	(#`	(# àPROCEDURES€AND€PRACTICESà‚#    Ø!Ø!G (#. øø, `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿá1  ü1   ÝŒˆÐ   	 Ý…   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ3   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.6à0    `	`	(#`	(# àEDUCATION,€TRAINING,€AND€AWARENESSà‚#    Ø!Ø!G (#. &&6 `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ3  /3   ÝŒˆÐ   	 ·_   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿQ4   Ýà0     àà0    `	(#(# àà      àÝ     Ý3.7à0    `	`	(#`	(# àSECURITY€OVERSIGHTà‚#    Ø!Ø!G (#. ,,& `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿQ4  l4   ÝŒˆÐ   	 ‘9   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿ~5   ÝÌà0     àà     ° àÝ     ÝMINIMUM€SECURITY€REQUIREMENTSà‚#    4"4"H (#. °°' (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿ~5  ™5   ÝŒˆÐ   	 Eí!   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ‹6   Ýà0     àà0    `	(#(# àà      àÝ     Ý4.1à0    `	`	(#`	(# àFACILITY€SECURITYà‚#    4"4"H (#. jj% `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ‹6  ¦6   ÝŒˆÐ   	  Ç"   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚¶7   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.1.1à0    ¸¸(#¸(# àPhysicalà‚#    4"4"H (#. &&! ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚¶7  Ñ7   ÝŒˆÐ   	 ù ¡#   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚î8   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.1.2à0    ¸¸(#¸(# àEnvironmentalà‚#    4"4"H (#. & ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚î8  	9   ÝŒˆÐ   	 Ó!{$   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ+:   Ýà0     àà0    `	(#(# àà      àÝ     Ý4.2à0    `	`	(#`	(# àPERSONNEL€SECURITYà‚#    4"4"H (#. JJ& `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ+:  F:   ÝŒˆÐ   	 ­"U %   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿW;   Ýà0     àà0    `	(#(# àà      àÝ     Ý4.3à0    `	`	(#`	(# àAUTOMATED€SECURITYà‚#    4"4"H (#. ´´& `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿW;  r;   ÝŒˆÐ   	 ‡#/!&   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚ƒ<   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.3.1à0    ¸¸(#¸(# àMinimum€Security€Requirementsà‚#    4"4"H (#. hh6 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚ƒ<  ž<   ÝŒˆÐ   	 a$	"'   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚Ð=   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.3.2à0    ¸¸(#¸(# àSecurity€Assurancesà‚#    4"4"H (#. œœ, ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„5ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚Ð=  ë=   ÝŒˆÐ   	 ;%ã"(   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚?   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.3.3à0    ¸¸(#¸(# àDesirable€Security€Featuresà‚#    4"4"H (#. ÌÌ4 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚?  .?   ÝŒˆÐ   	 &½#)   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ^@   Ýà0     àà0    `	(#(# àà      àÝ     Ý4.4à0    `	`	(#`	(# àADMINISTRATIVE€SECURITYà‚#    4"4"H (#. DD+ `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ^@  y@   ÝŒˆÐ   	 ï&—$*   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚A   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.1à0    ¸¸(#¸(# àAccountability€and€Access€Control€Criteriaà‚#    4"4"H (#. ZZC ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚A  ªA   ÝŒˆÐ   	 É'q%+   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚éB   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.2à0    ¸¸(#¸(# àSoftware€and€Data€Securityà‚#    4"4"H (#. ÀÀ3 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„8ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚éB  C   ÝŒˆÐ   	 £(K&,   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚3D   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.3à0    ¸¸(#¸(# àTechnical€Support€and€Maintenanceà‚#    4"4"H (#. ::: ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„9ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚3D  ND   ÝŒˆÐ   	 })%'-   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚„E   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.4à0    ¸¸(#¸(# àPortable€Computer€Equipmentà‚#    Ø!Ø!G (#. žž4 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚„E  ŸE   ÝŒˆÐ   	 W*ÿ'.   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚ÐF   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.5à0    ¸¸(#¸(# àClassification€and€Controlsà‚#    Ø!Ø!G (#. œœ4 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚ÐF  ëF   ÝŒˆÐ   	 1+Ù(/   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚H   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.6à0    ¸¸(#¸(# àExternal€Labelsà‚#    Ø!Ø!G (#. NN( ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚H  7H   ÝŒˆÐ   	 ,³)0   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚\I   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.7à0    ¸¸(#¸(# àCustoms€Work€Performed€at€non„Customs€Locationsà‚#    Ø!Ø!G (#. 00H ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚\I  wI   ÝŒˆÐ   	 å,*1   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚¼J   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.4.8à0    ¸¸(#¸(# àUse€of€Non„Customs€Owned€AISsà‚#    Ø!Ø!G (#. ÀÀ6 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚¼J  ×J   ÝŒˆÐ    ¿-g+2 š  ÐÑ  H P¨  ÑÑ     ÑÑ
   
 ÑŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ6L   Ýà0     àà0    `	(#(# àà      àÝ     Ý4.5à0    `	`	(#`	(# àTELECOMMUNICATIONS€SECURITYà‚#    Ø!Ø!G (#. œœ/ `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ6L  QL   ÝŒˆÐ   	 	      ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚lM   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.5.1à0    ¸¸(#¸(# àInformation€System€Standardsà‚#    Ø!Ø!G (#. €€5 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚lM  ‡M   ÝŒˆÐ   	 ãÚ    ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚¹N   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.5.2à0    ¸¸(#¸(# àNetwork€Connectionsà‚#    Ø!Ø!G (#. , ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚¹N  ÔN   ÝŒˆÐ   	 ½´   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚ýO   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.5.4à0    ¸¸(#¸(# àElectronic€Mail€(E„Mail)à‚#    Ø!Ø!G (#. üü1 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚ýO  P   ÝŒˆÐ   	 —Ž   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚FQ   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.5.5à0    ¸¸(#¸(# àFacsimile€(FAX)à‚#    Ø!Ø!G (#. ¦¦( ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚FQ  aQ   ÝŒˆÐ   	 qh   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚†R   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.5.6à0    ¸¸(#¸(# àPBX€and€Voice€Mail€Systemsà‚#    Ø!Ø!G (#. ff3 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„14ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚†R  ¡R   ÝŒˆÐ   	 KB   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚ÑS   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     Ý4.5.7à0    ¸¸(#¸(# àCommunications€Security€(COMSEC)à‚#    Ø!Ø!G (#. ââ9 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„14ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚ÑS  ìS   ÝŒˆÐ   	 %	   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿ"U   ÝÌà0     àà     ° àÝ     ÝSECURITY€INCIDENTS€AND€VIOLATIONSà‚#    4"4"H (#. ––+ (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ5„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿ"U  =U   ÝŒˆÐ   	 Ù
Ð   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿ3V   ÝÌà0     àà     ° àÝ     ÝGLOSSARYà‚#    8!8!E (#. pp (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿ3V  NV   ÝŒˆÐ   	 „
   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿ.W   ÝÌà0     àà     ° àÝ     ÝBIBLIOGRAPHYà‚#    !!F (#. ø	ø	 (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿ.W  IW   ÝŒˆÐ   	 A8
   ÐŒÝ	     ÝÝ ‚$  ÿÿÿ ÝÝ     ÝÝ ‚$  ÿÿ,X   Ýà0     àà0    `	(#(# àà      àÝ     ÝòòSelected€Readingsóóà‚#    !!F (#. LL  `	(#`	(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„5ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ$  ÿÿ,X  GX   ÝŒˆÐ   	    ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿHY   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€AÐ      ÐòòAbbreviations€and€Acronymsóóà‚#    ""H (#. ff) (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñA„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿHY  cY   ÝŒˆÐ   	 «¢   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿpZ   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€BÐ      ÐòòGood€Security€Practicesóóà‚#    ""H (#. & (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñB„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿpZ  ‹Z   ÝŒˆÐ   	 ;2   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿ•[   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€CÐ      ÐòòControlled€Access€Protection€(C2)€Outlineóóà‚#    ""H (#. ``8 (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñC„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿ•[  °[   ÝŒˆÐ   	 ËÂ   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿÌ\   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€DÐ      ÐòòSecurity€Plan€Formatóóà‚#    ""H (#. BB# (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñD„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿÌ\  ç\   ÝŒˆÐ   	 [R   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿî]   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€EÐ      ÐòòComputer€Security€Trainingóóà‚#    ""H (#. (() (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñE„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿî]  	^   ÝŒˆÐ   	 ëâ   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿ_   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€FÐ      ÐòòSecurity€Requirements€Methodologyóóà‚#    $"$"H (#. ‚‚0 (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñF„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿ_  1_   ÝŒˆÐ   	 {r   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿE`   ÝÌà0     àà     ° àÝ     ÝAPPENDIX€GÐ      ÐòòOMB€Circularsóóà‚#    ""H (#. „„ (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿE`  ``   ÝŒˆÐ   	 !"   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚`a   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     ÝOMB€Circular€No.€A„123,€Introduction€&€Commentsà‚#    ""H (#. C ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚`a  {a   ÝŒˆÐ   	 ç!Þ#   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚¦b   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     ÝCircular€No.€A„123,€€Revisedà‚#    ""H (#.   0 ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„7ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚¦b  Áb   ÝŒˆÐ   	 Á"¸$   ÐŒÝ	     ÝÝ ‚%  ›‚ÿ ÝÝ     ÝÝ ‚%  ›‚Ùc   Ýà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà     `	 àÝ     ÝOMB€Circular€No.€A„130,€Appendix€III,€€Revisedà‚#    °!°!G (#. ""B ¸(#¸(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„16ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ%  ›‚Ùc  ôc   ÝŒˆÐ   	 ›#’%   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿe   ÝÌà0     àà     ° àÝ     ÝINDEXà‚#    î î D (#. òò (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIndex„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿe  :e   ÝŒˆÐ   	 O%F!'   ÐŒÝ	     ÝÝ ‚#  ÿÿÿ ÝÝ     ÝÝ ‚#  ÿÿf   ÝÌà0     àà     ° àÝ     ÝReaderððs€Comment€Formà‚#    ººB (#.  (#(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñComment„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñÝ ƒ#  ÿÿf  3f   ÝŒˆÐ   	 'ú")   ÐŒÝ	     ÝÓ	    ê   Óñš%ñÌÐ	    ·(®$+ ý  Ðñ š%ñÑ  H P¨  ÑÑ    
 ÑÑ
   
 Ññš%ñÑ    u ÑÑ7 €N  ‘®N X X       dð N ò ò       dÈ 7 ÑÙ      ÙØ       ØØ       ØÑ €+      ÑÓ     Óñ›%ñÖ  €† „é   Öñ›%ññ ›%ñÖ  €Æ  „é   Öñ›%ññ›%ñÖ €‡ …é   Öñ›%ññ ›%ñÖ €Î  …é   Öñ›%ñÔ €  &ù´ & & &ù´ Ôà€    ââB (# àÔ ‡  °üª ° & &ù´ ÔÔ ‡"  °„½ ° ° °üª ÔCHAPTER€1Ô# †  °üª ° °" °„½âh  # ÔÔ# †  &ù´ & ° °üªÃh  # ÔˆÐ   	 X      Ðà€    ÎÎ? (# àÔ ‡  °üª ° & &ù´ ÔÔ ‡'  °„½ ° ° °üª ÔòòÔ
      ÔINTRODUCTIONÔ     ¹i   ÔóóÔ# †  °üª ° °' °„½—i  # ÔÔ# †  &ù´ & ° °üªxi  # ÔˆÐ   	 8à   ÐßA €& - )                 °° x         d  E°¨ xA ßÐ   	 À   ÐÌòòÔ
     Ô1.1à0     àPURPOSEÔ    œj   ÔóóÐ    ™A (#(#  ÐÌà0     àThis€document€establishes€uniform€policies,€responsibilities,€and€authorities€for€implementing€theÏU.S.€Customs€Service,€from€now€on€called€òòCustomsóó,€Automated€Information€Systems€(AIS)Ð   	 '
Ï   ÐSecurity€Program.€€It€promotes€the€Customs€mission€and€provides€guidance€to€protect€Customs€AISÏresources€and€assure€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     &3 Ôñš%ññ›%ñ€for€all€agency€information€collected,€processed,€transmitted,Ïstored,€or€disseminated€in€its€general€support€systems€and€major€applications.Ð    (#(#  ÐÌà0     àCustoms€AIS€security€policies€are€consistent€with€government„wide€policies,€standards,€andÏprocedures€issued€by€the€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     @O Ôñš%ññ›%ñ€(OMB),€the€Department€of€Commerce,Ïthe€General€Services€Administration€and€the€Office€of€Personnel€Managementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t      M Ôñš%ññ›%ñ€(OPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñ).€€At€aÏminimum,€the€Customs€AIS€Security€Program€includes€the€set€of€controls€established€by€OMBÏCircular€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     o Ôñš%ññ›%ñ,€Appendix€III,€òòSecurity€of€Federal€Automated€Information€Resourcesóó,€datedÐ   	 Õ}   ÐFebruary€8,€1996.Ð    (#(#  ÐÌòòÔ
     Ô1.2à0     àREFERENCESÔ    vp   ÔóóÐ    c (#(#  ÐÌà0     àThe€Bibliography€contains€specific€reference€citations€used€in€the€AIS€Security€Policy€Manual,€andÏSelected€Reading€references€which€support€the€policies.Ð    (#(#  ÐÌòòÔ
     Ô1.3à0     àDEFINITIONSÔ    ‘q   ÔóóÐ    ¥M (#(#  ÐÌà0     àAppear€in€the€Glossary.Ð    (#(#  ÐÌòòÔ
     Ô1.4à0     àSCOPEÔ    *r   ÔóóÐ    µ (#(#  ÐÌà0     àThis€policy€manual€supplements€the€AIS€security€policies€established€by€the€U.S.€TreasuryÏDepartment€and€presented€in€the€òòTreasury€Security€Manualóó,€TD€P€71„10.Ð    ›C (#(#  ÐÌà0     à(1)à0    `	(#(# àòòInclusionsóó:€Policy€provisions€apply€to€all€Customs€personnel,€contractors€acting€forÐ   	 O ÷!   ÐCustoms,€and€all€authorized€users€who€access€Customs€AISs,€networksñ ›%ññš%ñÔ!     n e t w o r k s     P! Ôñš%ññ›%ñ,€and€supportÏfacilities.€€Policy€provisions€also€apply€to€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     ' Ôñš%ññ›%ñ€organizations,€or€theirÏrepresentatives,€who€are€granted€access€to€Customs€AIS€resources,€including€otherÏgovernment€agencies€and€members€of€the€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y     / Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà     à(2)à0    `	 àòòExclusionsóó:€Microprocessors€embedded€in€or€dedicated€to€production€or€process€controlÐ   	 k%#'   Ðequipment€(e.g.,€test€and€laboratory€equipment)€are€not€covered€by€these€policyÏprovisions.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àòòPoint„of„contactóó:€Direct€questions€concerning€this€policy€manual€to€the€Directorñ ›%ññš%ñÔ!     D i r e c t o r     u! Ôñš%ññ›%ñ,€AISÐ   	 Ó({&+   ÐSecurity€Division,€Office€of€Information€and€Technology,€7681€Boston€Boulevard,ÏSpringfield,€Virginia€22153.Ð	#    ‡*/(- `	(#`	(#  # ÐòòÔ
     Ô1.5à0     àBACKGROUNDÔ    0x   ÔóóÐ    	    (#(#  ÐÌà0     àòòCustoms€Missionóó:€€[USCS€96PLAN;€USCS€IRMPLAN]Ð    ½´ (#(#  ÐÌà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝEnsure€that€all€goods€and€persons€entering€or€exiting€the€United€States€do€so€in€complianceÐ   	 ul   Ðwith€all€the€United€States€laws€and€regulation.Ð    `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝProtect€the€public€against€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     ÿ% Ôñš%ññ›%ñ€which€threaten€the€national€economy€and€health€andÐ   	 )	    Ðsafety.Ð    `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝBe€the€national€resource€for€information€on€goods€and€persons€crossing€our€borders.Ð    Ý
Ô `	(#`	(#  ÐÌà0     àCustoms€is€committed€to€carry€out€its€mission€with€increasing€effectiveness€and€efficiency€usingÏinformation€technology€as€an€essential€supporting€element.€€Customs€employees€worldwide€useÏAISs€for€all€facets€of€Customs€operations€and€to€support€law€enforcement,€government€agencies,Ïand€the€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l     ÿ% Ôñš%ññ›%ñ€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y     ÿ/ Ôñš%ññ›%ñ.€€These€activities€facilitate€enforcement€of€United€States€laws,Ïand€the€control€and€generation€of€significant€financial€revenue€to€the€U.S.€Treasury.Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àAIS€Security€Program€goals:Ð    ­¤ `	(#`	(#  ÐÌà0     àà0    `	(#(# àð ðAll€Federal€applications€require€some€level€of€protection.€€Certain€applications,€becauseÏof€the€sensitive€information€in€them,€however,€require€special€management€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     n# Ôñš%ññ›%ñ€andÏshould€be€treated€as€major.€€Adequate€securityñ ›%ññš%ñÔ3  )   A d e q u a t e   s e c u r i t y     ÿ3 Ôñš%ññ›%ñ€for€other€applications€should€be€providedÏby€security€of€the€systems€in€which€they€operate.ðð€€[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     e Ôñš%ññ›%ñ,AIII]Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEstablish€and€maintain€adequate€and€effective€AIS€security€safeguardsÐ   	 £š   Ð(countermeasures)€to€ensure€data€confidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y      / Ôñš%ññ›%ñ,€integrity,€and€operationalÏavailabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     y) Ôñš%ññ›%ñ€of€all€Customs€AISs€that€process,€store,€or€transmit€non„sensitive,€andÏsensitive€but€unclassifiedñ ›%ññš%ñÔE  ;   s e n s i t i v e   b u t   u n c l a s s i f i e d      E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ,€from€now€on€called€ð ðsensitiveðð)€information.Ð    ¸(#¸(#  ÐÌà0     àà    `	 à(b)à0    ¸(#(# àThe€security€program€is€designed€to€protect€AIS€processed€information€by:Ð    åÜ ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà    ¸ à(i)à0    `	(#`	(# àdenying€unauthorized€AIS€access;Ð    ™ (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àrestricting€legitimate€users€to€data€or€processes€for€which€they€areÐ   	 MD    Ðauthorized;€andÐ    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àcontrolling€access€because€of€inadequate€security€design,€implementation,Ð   	 Û!Ò#   Ðor€operation.Ð    (#(#  ÐÌà0     àà    `	 à(c)à0    ¸(#(# àAIS€security€safeguards€will€preserve€information€processing€integrity,€reliabilityÐ   	 i$` &   Ðand€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     u) Ôñš%ññ›%ñ€to€ensure€that€the€data€are€accurate€and€relevant€to€provide€lawÏenforcement€and€investigative€support,€help€achieve€Customs€revenue€collections,Ïand€meet€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l      % Ôñš%ññ›%ñ€and€administrative€requirements.€€The€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€ofÏCustoms€AIS€security€policies€is€evolutionary.€€When€fully€implemented,€securityÏprograms€will€conform€to€an€acceptable€level€of€mandated€Federal€requirements.Ð    ¸(#¸(#  ÐÌà0     àà    `	 à(d)à0    ¸(#(# àWithin€operational€constraints,€AIS€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     s3 Ôñš%ññ›%ñ€will€allow€required€AISÐ   	 _*V&-   Ðservices€to€be€available€to€authorized€users€while€denying€these€services€toÏunauthorized€users.Ð    ¸(#¸(#  Ðâ
    
 âÐ   	 í,ä(0   ÐÔ&  B Ôâ
    
 âà0     à(2)à0    `	(#(# àSecurity€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n      - Ôñš%ññ›%ñ:Ð    	    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àAll€Federal€data,€applications,€and€AISs€must€be€afforded€òòadequate€securityóóñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y      3 Ôñš%ññ›%ñ.Ð    ½´ ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     e Ôñš%ññ›%ñ,AIII]Ð    ¸(#¸(#  ÐÔ'  B	SŠ   ÔÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àUnless€otherwise€designated,€Customs€general€support€systems€and€majorÐ   	 KB   Ðapplications€are€considered€to€contain€sensitive€information.Ð    ¸(#¸(#  ÐÌ.à0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àClassifiedñ ›%ññš%ñÔ%     C l a s s i f i e d     u% Ôñš%ññ›%ñ€(national€security)€information€policy€and€procedures€are€addressed€inÐ   	 Ù
Ð   ÐòòSafeguarding€Classifiedñ ›%ññš%ñÔ%     C l a s s i f i e d      % Ôñš%ññ›%ñ€Information€Handbookóó,€CIS€HB€1400„03.Ð    ³ª	 ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àInformation€release:Ð    g^	 `	(#`	(#  ÐÌà0     àà0    `	(#(# àThe€public€release€of€information€is€controlled€by€statutes€(Freedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n      = Ôñš%ññ›%ñ€ActÏ(FOIAñ ›%ññš%ñÔ     F O I A     m Ôñš%ññ›%ñ),€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     f' Ôñš%ññ›%ñ€(PA),€Electronic€Communications€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     f' Ôñš%ññ›%ñ,€etc...).€RegulationsÏalso€control€the€release€of€such€information,€as€do€interagency€agreements.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0       Ôñš%ññ›%ñ;€TD€P€25„04;€TD€P€25„05]Ð    `	(#`	(#  ÐÌà0     à(4)à0    `	(#(# àPolicy€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     f' Ôñš%ññ›%ñ:Ð    ]T `	(#`	(#  ÐÌà0     àà0    `	(#(# àAIS€security€includes€applicable€security€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e      % Ôñš%ññ›%ñ€requirements.€€Additional€relatedÏprograms€are€incorporated€in€this€document€by€reference€and€should€be€considered€whenÏestablishing€and€reviewing€AIS€security€requirements.€Their€applicable€policies€andÏprocedures€may€be€obtained€via€the€appropriate€program€managers.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòOffice€of€Information€and€Technology€(OIT)óóÐ    SJ ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Office€of€Information€and€Technology€is€responsible€for€the€design,Ïdevelopment,€programming,€testingñ ›%ññš%ñÔ     t e s t i n g     , Ôñš%ññ›%ñ,€implementation,€and€mainten‚anceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ€of€CustomsÏautomated€information€systems,€and€oversightñ ›%ññš%ñÔ#     o v e r s i g h t      # Ôñš%ññ›%ñ€and€management€of€the€researchÏand€development€and€communications€functions€of€the€Customs€Service.€€TheÏOffice€is€responsible€for€management€of€all€Customs€computer€facilities,Ïhardware,€software,€data€and€voiceñ ›%ññš%ñÔ     v o i c e     h Ôñš%ññ›%ñ€telecommunica‚tionsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ,€and€related€financialÏresources.€€It€is€responsible€for€identifying€and€evaluating€new€technologies€forÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€to€Customs€automated€systems;€developing€and€maintaining€allÏoperational€aspects€of€Customs€computer€security€program;€establishing€requireƒ¼ments€for€computer„to„computer€interfaces€between€Customs€and€various€tradeÏgroups€and€govern‚ment€agencies;€representing€Customs€on€matters€related€toÏautomated€import€processing€and€systems€development;€and€implementing€a€viableÏInformation€Resources€Management€(IRMñ ›%ññš%ñÔ     I R M     c Ôñš%ññ›%ñ)€program.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòApplications€Development€DivisionóóÐ    ÷&î") ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Applications€Development€Division€is€responsible€for€the€design,Ïdevelopment,€program‚ming,€testingñ ›%ññš%ñÔ     t e s t i n g     , Ôñš%ññ›%ñ,€implementation€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ€of€CustomsÏautomated€information€systems.€€The€Division,€in€conjunction€with€the€ADPÏSteering€Committeeñ ›%ññš%ñÔ5  +   S t e e r i n g   C o m m i t t e e      5 Ôñš%ññ›%ñ,€is€responsible€for€approving€project€initiation.€€Specifically,Ïthis€organization€will€be€responsible€for:€€providing€system„specific€support€forÏusers€on€existing€applications€during€the€transition€to€new€integrated€systems;Ïchange€control€and€software€release;€and€correcting€system€problems€that€ariseÐ   	 Ë-Â)1   Ðafter€implementation.€€In€addition,€the€project€teams€operating€out€of€this€DivisionÏare€assigned€full€responsibility€for€development€of€new€systems€and€majorÏenhancements€to€existing€systems.€€They€are€multi„functional€and€integrated€toÏaddress€both€systems€development€efforts€and€new€technologies.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòUser€Support€Services€Divisionóó€Ð    KB ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€User€Support€Services€Division€is€responsible€for€functions€that€deal€directlyÏwith€field€users€on€a€daily€basis,€including€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€activities€supporting€mainframeÏand€distribut‚ed/PC/LAN€applications,€support€of€field€equipment,€includingÏinstallation€of€PCs,€LANs€and€peripheral€equipment,€data€and€voiceñ ›%ññš%ñÔ     v o i c e     g Ôñš%ññ›%ñÏcommunication€lines€and€circuits;€providing€user€assistance,€including€LANÏadministration;€operation€of€the€Customs€Help€Desk;€and€supporting€all€users€ofÏCustoms€automated€systems.€Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòAIS€Security€Division€(AISS)óóÐ    ÓÊ ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àDevelops€security€policies€and€standards.Ð    ‹‚ (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àProvides€liaison€activities€for€AIS€security„related€policies,€issues,€andÐ   	 ?6   Ðproducts:Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à€à0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     Ýwithin€Customs,Ð    óê h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     Ýto€the€Department€of€Treasury€and€outside€agencies,Ð    ÍÄ h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     Ýto€the€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y     ÿ/ Ôñš%ññ›%ñ,Ð    §ž h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     Ýto€other€law€enforcement€agencies,€andÐ    x h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     Ýto€private€organizations.Ð    [R h(#h(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àManages€security€software€packages.Ð     (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iv)à0    ¸(#¸(# àAdministers€security€access€controls€for€Customs€mainframe€systems.Ð    Ãº (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(v)à0    ¸(#¸(# àProvides€assistance€and€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     ÿ+ Ôñš%ññ›%ñ€for€Customs€AIS€users.Ð    wn (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(vi)à0    ¸(#¸(# àCoordinates€the€development€of€disasterñ ›%ññš%ñÔ!     d i s a s t e r     i! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     i! Ôñš%ññ›%ñ€and€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y      ' Ôñš%ññ›%ñ€plans.Ð    + "! (#(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòInformation€Resources€Management€Division€(IRMñ ›%ññš%ñÔ     I R M      Ôñš%ññ›%ñ)óóÐ    ß!Ö# ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àDevelops€guidelines€and€standards€for€all€developmental€activities.Ð    —#Ž% (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àPerforms€and€coordinates€IRMñ ›%ññš%ñÔ     I R M      Ôñš%ññ›%ñ€reviews,€and€monitors€corrective€actions.Ð    K%B!' (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àProvides€security€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     :# Ôñš%ññ›%ñ.Ð    ÿ&ö") (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iv)à0    ¸(#¸(# àEvaluates‚€and€plans€Customs€AIS€resource€capacity€require‚ments.Ð    ³(ª$+ (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(v)à0    ¸(#¸(# àCoordinates€strategic€planning€efforts.Ð    g*^&- (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(vi)à0    ¸(#¸(# àConducts€analytical€studies€as€needed€in€support€of€all€OIT€entities.Ð    ,(/ (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(vii)à0    ¸(#¸(# àProvides€technology€assessments.Ð    Ï-Æ)1 (#(#  Ð‡à0     àà0    `	(#(# àà0    ¸`	(#`	(# à(viii)à0    ¸(#¸(# àDevelops€the€Informa‚tion€Systems€Plan€(ISP).Ð    	    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ix)à0    ¸(#¸(# àPlans€and€coordinates€major€procurements€for€AIS€equipment€andÐ   	 ½´   Ðservices.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(x)à0    ¸(#¸(# àProvides€Systems€Development€Life€Cycleñ ›%ññš%ñÔM  C   S y s t e m s   D e v e l o p m e n t   L i f e   C y c l e     5M Ôñš%ññ›%ñ€(SDLCñ ›%ññš%ñÔ     S D L C     s Ôñš%ññ›%ñ)€advice,€assistance,€andÐ   	 KB   Ðensures€compliance.Ð    (#(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àòòSystems€Operations€Division€(OPS)óóÐ    Ù
Ð ¸(#¸(#  Ðà0     àà0    `	(#(# àÐ    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€€Systems€Operations€Division€is€responsible€for€managing€all€new€and€existingÏCustoms€computer€facilities,€hardware€and€software,€and€for€manag‚ing€the€relatedÏfinancial€re‚sources.€€It€is€respon‚sible€for€data€baseñ ›%ññš%ñÔ#     d a t a   b a s e     :# Ôñš%ññ›%ñ€ad‚ministra‚tion;€systemsÏengineering;€computer€operations;€commun‚ications€software€design€andÏimplementation;€and€manage‚ment€of€the€Customs€Data€Center€facilityñ ›%ññš%ñÔ!     f a c i l i t y      ! Ôñš%ññ›%ñ.€Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àòòSecurity€Programs€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n     @E Ôñš%ññ›%ñ€(SPDñ ›%ññš%ñÔ     S P D      Ôñš%ññ›%ñ)óóÐ    ­¤ ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Security€Programs€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n      E Ôñš%ññ›%ñ€prescribes€policy,€procedures,€and€specificationsÏfor€maintaining€Customs€personnel€security€programs.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Security€Programs€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n      E Ôñš%ññ›%ñ,€Security€Management€Branch€is€responsible€forÏfacilityñ ›%ññš%ñÔ!     f a c i l i t y     r! Ôñš%ññ›%ñ€and€industrial€security€programs.€Ð    ¸(#¸(#  ÐÌÔ&  ® Ôà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àòòCommunications€Management€Division€(CMD)óóÐ    x ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Office€of€Investigations,€Communications€Management€Division,ÏCommunications€Security€Branch€sets€policy€for€handling€CustomsÏcommunications€security€(COMSECñ ›%ññš%ñÔ     C O M S E C       Ôñš%ññ›%ñ)€materials€and€equipment,€and€establishesÏstandards€and€procedures€for€granting€authorization€to€Customs€employees€forÏaccess€or€use€of€those€materials€and€equipment.€€They€also€evaluate€and€approveÏAIS€cryptography€and€communications€security€measures.€€[USCS€4300„09]Ð    ¸(#¸(#  ÐÔ'  ®$º   ÔÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àòòOffice€of€Regulations€and€Rulings€(ORR)óóÐ    / &! ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Office€of€Regulations€and€Rulings,€Disclosure€Law€Branch,€sets€policy€forÏCustoms€Freedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n      = Ôñš%ññ›%ñ€Act€and€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     f' Ôñš%ññ›%ñ€(FOIAñ ›%ññš%ñÔ     F O I A     y Ôñš%ññ›%ñ/PA)€programs.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à[TD€P€25„04;€TD€P€25„05]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àÔ&  F Ô(h)à0    ¸`	(#`	(# àòòOffice€of€Chief€CounselóóÐ    O%F!' ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àThe€Office€of€Chief€Counsel€provides€legal€advice€to€all€Customs€Offices€onÏCustoms€enforcement€authorities€and€related€subjects.Ð    ¸(#¸(#  ÐÔ'  FO%”¿   ÔÐ	   	 »(²$+   ÐòòÔ
     Ô1.6à     àINFORMATION€SECURITY€POLICY€AND€GUIDANCE€HIERARCHYÔ    ëÀ   ÔóóÐ   	 	      ÐÌThe€following€is€for€general€information€purposes.€€It€is€copied€from€òòIntroduction€to€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€andÐ   	 ½´   ÐAccreditationóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ.€€[NCSC„TG„029]Ð   	 —Ž   ÐÌSecurity€policy€exists€at€different€levels€of€abstraction.€€Federal€and€national„level€policy€is€stated€in€publicÏlaws,€Executive€Orders€(EO),€National€Security€Directives€(NSD),€National€Security€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñÏand€Information€Systems€Security€(NSTISS)€issuances,€Federal€Information€Processing€StandardÏPublications€(FIPS€PUBS),€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     	O Ôñš%ññ›%ñ€(OMB)€circulars,€and€other€resources.€ÏFederal€service€and€agency€policies€interpret€Department€of€Defense€(DoD)€and€national„level€policies,€asÏappropriate,€and€may€impose€additional€requirements.Ìñ›%ñßo €   9               ) %  p  p0üÿ&
  `  Àà.p  €  E¬/x8    x<  ZÌÞ aäÎ  o ßâ   	 °±°±°(#°(# â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	  °(#°(#°±°± âñ›%ññ ›%ñßo €  Ò 9               ) %  p  p0üÿ&
  `  Àà.p  €  E¬/x8    x<  ZÌÞ aäÎ  o ßñ›%ñÌ*à0     àTEMPESTñ ›%ññš%ñÔ     T E M P E S T       Ôñš%ññ›%ñ€generally€applies€to€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     8% Ôñš%ññ›%ñ€information€and€is€not€addressed€in€this€manual.€€It€refersÐ   	 # !   Ðcontrol€of€electronic€emanations€and€is€not€authorization€to€use€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     8% Ôñš%ññ›%ñ€data.€TEMPESTñ ›%ññš%ñÔ     T E M P E S T     d Ôñš%ññ›%ñ€issuesÏshould€be€directed€to€the€Treasury€Office€of€Information€Systems€Security.Ð    (#(#  Ðà0     à[TD€P€71„10;€HB€1400„03]Ð    (#(#  ÐÌÌMany€national€and€Federal€security€policy€documents€exist€that€apply€to€both€civil€and€defense€agencies.€ÏCurrent€overall€security€policy€does€not€reflect€an€interdependent,€cohesive€collection€of€securityÏdisciplines.€€This€proliferation€of€policy€makes€it€difficult€for€security€personnel€to€keep€up€with€theÏchanges€and€be€aware€of€all€the€applicable€policies€for€a€given€system.€€Rapidly€changing€technology€alsoÏmakes€it€difficult€for€policy€to€keep€up€with€new€security€challenges€caused€by€advances€in€capabilities€andÏtechnology.Ð	   	 )x%,   ÐÑ    ð Ññ›%ñÖ  €W  †é   Öñ›%ññ ›%ñÖ  €Ô  †é   Öñ›%ññ›%ñÖ €X  ‡é   Öñ›%ññ ›%ñÖ €×  ‡é   Öñ›%ñØ       ØØ       ØÑ €)   +  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡(  °„½ ° ° °üª ÔÓ   ÓÑ7 €N  ‘®N X X       dð N X X       dð 7 ÑCHAPTER€2Ð   	 X      ÐòòÔ
      ÔGENERAL€POLICYÔ     ·Î   ÔÔ# †  °üª ° °( °„½4Î  # ÔÔ# †  &ù´ & ° °üªÎ  # ÔóóÐ   	 8à   ÐÓ  SÎ   ÓßA €& - )                 °° x         d  E°¨ xA ßÐ   	 À   ÐÌòòÔ
     Ô2.1à0     àGENERAL€POLICY€STATEMENTÔ    «Ï   ÔóóÐ    ™A (#(#  ÐÌà0     à(1)à0    `	(#(# àA€Customs€AIS€is€any€automated€information€or€telecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ€system€owned,Ð   	 M	õ   Ðleased,€or€operated€by€or€for€Customs.Ð    `	(#`	(#  ÐÌà     à(2)à0    `	 àCustoms€will€implement€at€least€the€minimum€security€requirements€as€identified€in€thisÐ   	 Ûƒ		   Ðpolicy,€to€protect€AIS€resources€and€information€(non„sensitive€and€sensitive€data)Ïprocessed,€stored,€or€transmitted€by€Customs€AISs.€€Based€on€risk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t     s/ Ôñš%ññ›%ñ,€they€mayÏapply€additional€safeguards€to€provide€the€most€restrictive€set€of€controls€(privileges)€thatÏpermit€the€performance€of€authorized€tasks€(principle€of€least„privilege).€€[TD€P€71„10]Ð    `	(#`	(#  ÐÌà     à(3)à0    `	 àSensitive€information€in€Customs€AISs€must€be€safeguarded€against€unauthorizedÐ   	 ÷Ÿ   Ðdisclosure,€modification,€access,€use,€destruction,€or€delay€in€service.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à[USCS€1460„010]Ð    `	(#`	(#  ÐÌà     à(4)à0    `	 àAll€AISs€processing,€storing,€or€transmitting€sensitive€information€must€be€accredited.Ð    _ `	(#`	(#  Ðà0     àà0    `	(#(# à[TD€P€71„10]Ð    `	(#`	(#  ÐÌà     à(5)à0    `	 àConnectivity€is€prohibited€between€Customs€AISs€which€handle€sensitive€data€and€anyÐ   	 í•   Ðother€systems€or€networksñ ›%ññš%ñÔ!     n e t w o r k s     e! Ôñš%ññ›%ñ€not€under€Customs€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     m# Ôñš%ññ›%ñ,€unless€formally€approved€by€anÏappropriate€Customs€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     m# Ôñš%ññ›%ñ.€€[USCS€5500„07]Ð    `	(#`	(#  ÐÌà0     à(6)à0    `	(#(# àAll€Customs€AISs€are€for€official€Customs€business€only€and€users€have€no€expectation€ofÐ   	 Uý   Ðprivacy€while€using€these€resources.€€[USCS€5500„07]Ð    `	(#`	(#  ÐÌà     à(7)à0    `	 àAll€persons€who€use,€manage,€operate,€maintain,€or€develop€Customs€AISs,€applications,Ð   	 ã‹   Ðor€data€must€comply€with€these€policies.Ð    `	(#`	(#  ÐÌòòÔ
     Ô2.2à0     àROLES€AND€RESPONSIBILITIESÔ    ÏØ   ÔóóÐ    q  (#(#  ÐÌà0     àCustoms€performs€AIS€Security€through€a€variety€of€roles€with€specific€responsibilities.Ð    (#(#  Ðà0     àThe€general€AIS€Security€organization€is€shown€in€Figure€2.€Customs€AIS€Security€Organization.Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àòòCommissionerñ ›%ññš%ñÔ)     C o m m i s s i o n e r     &) Ôñš%ññ›%ñ€of€Customsóó€responsibilities:Ð    ³#[!% `	(#`	(#  ÐÌñ›%ñß‚ €C    L              < 8  x  x	C<  È  p  €  €  @  Pd d d d   EL	§%Èzt t à’        „k%X~  ‚ ßâ   	  °„°„°(#°(# âñ›%ññ ›%ñß‚ €C Ú   L              < 8  x  x	C<  È  p  €  €  @  Pd d d d   EL	§%Èzt t à’        „k%X~  ‚ ßñ›%ñÌÌÌÌÌÌâ   	  °(#°(#°„°„ âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àAnnually€certify€the€adequacy€of€Customs€AIS€Security€Program€to€theÐ   	 ‡*/(-   ÐDepartment€of€the€Treasury.Ð    ¸(#¸(#  Ðâ
    
 âÐ    ;,ã)/ É  ÐÔ&  ´ Ôâ
    
 âà0     àà    `	 à(b)à0    ¸(#(# àEnsure€that€a€viable€Customs€AIS€security€educationñ ›%ññš%ñÔ#     e d u c a t i o n     ×# Ôñš%ññ›%ñ,€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ,€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     ×# Ôñš%ññ›%ñÐ   	 	      Ðprogram€is€established.Ô'  ´	Ý   ÔÐ    ¸(#¸(#  ÐÌà0     àà    `	 à(c)à0    ¸(#(# àEnsure€that€Customs€AIS€Security€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     8+ Ôñš%ññ›%ñ€documentation€is€developed€andÐ   	 —Ž   Ðmaintained€according€to€Treasury€and€Federal€standards.Ð    ¸(#¸(#  ÐÌà0     àà    `	 à(d)à0    ¸(#(# àDesignate€Accrediting€Authorities€(AA)€for€sensitive€Customs€AISs.Ð    %	 ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àDesignate€an€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     a# Ôñš%ññ›%ñ€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     a# Ôñš%ññ›%ñ€for€review€and€validation€of€the€AIS€SecurityÐ   	 Ù
Ð   ÐProgram.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àDelegate€to€Headquarters€and€field€managers€the€responsibility€for€assigning€localÐ   	 g^	   ÐAIS€security€officers,€òòDesignated€Security€Officeróó€(DSO).Ð    A8
 ¸(#¸(#  ÐÌñ›%ñßm €¾  1 7              ' #  p
  0     `  Àˆ,Ø'  €  E°öxB  W&  d²Þ èõ   m ßâ   	 °±°±°(#°(# â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	 °±°±°±°± â°â   	  °(#°(#°±°± âñ›%ññ ›%ñßm €¾  Û 7              ' #  p
  0     `  Àˆ,Ø'  €  E°öxB  W&  d²Þ èõ   m ßñ›%ñÐ   	 Ã-º)1   Ðà0     à(2)à0    `	(#(# àThe€òòADP€Steering€Committeeóóñ ›%ññš%ñÔ5  +   S t e e r i n g   C o m m i t t e e      5 Ôñš%ññ›%ñ,€òòSecurity€Subcommitteeóó€responsibilities:Ð    	    `	(#`	(#  Ðñ›%ñß‚ €C E   L              < 8  x  x	Cr  È  p  €  €  @  Pd d d d   EL	YÈœt t à´        „çXÖ  ‚ ßâ   	  °„°„°(#°(# âñ›%ññ ›%ñß‚ €C Ü   L              < 8  x  x	Cr  È  p  €  €  @  Pd d d d   EL	YÈœt t à´        „çXÖ  ‚ ßñ›%ñÌÌÌÌÌâ   	  °(#°(#°„°„ âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àProvide€general€oversightñ ›%ññš%ñÔ#     o v e r s i g h t      # Ôñš%ññ›%ñ€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ€for€the€AIS€Security€Program.Ð    )	  ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àConduct€independent€reviews€of€the€AIS€Security€Program€and€assure€complianceÐ   	 Ý
Ô   Ðwith€Federal€and€Treasury€policies.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àReport€the€AIS€security€posture€status€to€the€Commissionerñ ›%ññš%ñÔ)     C o m m i s s i o n e r     Ö) Ôñš%ññ›%ñ.€Ð    kb	 ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àòòAssistant€Commissioneróóñ ›%ññš%ñÔ)     C o m m i s s i o n e r     &) Ôñš%ññ›%ñ,€OIT,€responsibilities:Ð     `	(#`	(#  Ðñ›%ñß‚ €C J   L              < 8  x  x	5`  È  p  €  €  @  Pd d d d   E>	]Èp	t t àˆ        výX˜
  ‚ ßâ   	  °v°v°(#°(# âñ›%ññ ›%ñß‚ €C à   L              < 8  x  x	5`  È  p  €  €  @  Pd d d d   E>	]Èp	t t àˆ        výX˜
  ‚ ßñ›%ñÌÌÌÌÌÌÌÌÌÌÌÌÌâ   	  °(#°(#°v°v âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEnsure€that€an€operational€AIS€security€program€is€in€place€which€provides€aÐ   	    Ðcentrally€administered€security€policy.€€The€AIS€Security€program€must€complyÏwith€at€least€the€minimum€security€requirements€defined€by€Treasury€and€otherÏFederal€mandates,€and€preserve€the€operational€flexibility€necessary€to€Customs.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àAccredit€sensitive€Customs€AIS€(general€support€systems€and€major€applications).Ð   	 QH    ÐThis€responsibility€is€shared€with€Process€Owners.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àImplement€Customs€AIS€Security€educationñ ›%ññš%ñÔ#     e d u c a t i o n      # Ôñš%ññ›%ñ,€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ,€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s      # Ôñš%ññ›%ñ€program.Ð    ß!Ö# ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àEstablish€adequate€and€effective€management€accountability€and€control€to€ensureÐ   	 “#Š%   Ðthe€protection€of€AIS€resources.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àDesignate€an€AIS€Security€Officer€to€develop,€implement,€and€enforce€the€AISÐ   	 !&"(   ÐSecurity€Program€to€comply€with€C2ñ ›%ññš%ñÔ     C 2     e Ôñš%ññ›%ñ€level€functional€security€requirements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àSupport€AIS€security€audits€and€reviews.Ð    ¯(¦$+ ¸(#¸(#  ÐÌà0     à(4)à0    `	(#(# àTheòò€Directorñ ›%ññš%ñÔ!     D i r e c t o r      ! Ôñš%ññ›%ñ,€AIS€Security€Divisionóó,€responsibilities:Ð    c*Z&- `	(#`	(#  Ðñ›%ñß‚ €C G   L              < 8  x  x	BS  È  p  €  €  @  Pd d d d   EK	”+Èœt t à´        ƒA+X·  ‚ ßâ   	  °ƒ°ƒ°(#°(# âñ›%ññ ›%ñß‚ €C ä   L              < 8  x  x	BS  È  p  €  €  @  Pd d d d   EK	”+Èœt t à´        ƒA+X·  ‚ ßñ›%ñÌÌÌÐ    Ï-Æ)1 °ƒ°ƒ  Ðà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àDevelop€and€promote€the€Customs€AIS€Security€program€policy,€including:Ð    	    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àInterpret€policy€relating€to€AIS€security€functions€and€develop€uniqueÐ   	 ½´   Ðguidance,€as€needed.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àAssist€with€policy€compliance€efforts€by€providing€explanation€orÐ   	 KB   Ðclarification€of€AIS€security„related€questions€on€issues€that€may€impactÏCustoms€mission.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àEnsure€security€administration€for€sensitive€AIS,€including€general€supportÐ   	 ³ª	   Ðsystems€and€major€applications.Ð    (#(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àCoordinate€the€Designated€Security€Officers€(DSOs)€for€sensitive€Customs€AISs,Ð   	 A8
   Ðand€provide€them€guidance€and€assistance€in€carrying€out€their€functions.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àReview€and€authorize€acquisitions,€in€coordination€with€the€DSOs,€and€certify€thatÐ   	 ÏÆ   Ðthe€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     ' Ôñš%ññ›%ñ€specifications€include€appropriate€AIS€security€requirements€for:Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)€à0    ¸(#¸(# àAIS€installation€facilityñ ›%ññš%ñÔ!     f a c i l i t y     n! Ôñš%ññ›%ñ€operations,€equipment,€or€applications.Ð    ]T (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àAcquisitionñ ›%ññš%ñÔ'     A c q u i s i t i o n     ' Ôñš%ññ›%ñ€of€AIS€hardware,€software,€and/or€related€services.Ð     (#(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àProvide€direction€and€guidance€to€system€developers€in€defining€and€approvingÐ   	 Å¼   Ðsoftware€development€security€requirements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àEnsure€that€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ€packages€are€prepared€for€sensitive€Customs€AISs€andÐ   	 SJ   Ðapplications.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àProvide€guidance€on€the€scope€and€contents€of€security€plans:Ð    áØ (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝReview€security€plans€prepared€by€or€for€the€DSOs.Ð    »² h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝPrepare€statements€of€residual€riskñ ›%ññš%ñÔ+  !   r e s i d u a l   r i s k     ÿ+ Ôñš%ññ›%ñ€and€compliance€summary,€toÐ   	 •Œ   Ðcomplete€each€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     ÿ+ Ôñš%ññ›%ñ€package.Ð    h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝSubmit€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     ÿ+ Ôñš%ññ›%ñ€package€to€the€appropriate€authorities.Ð    I@  h(#h(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àAct€as€a€liaison€for€AIS€security€issues€to€the€Information€ResourcesÐ   	 ý ô"   ÐManagement€(IRMñ ›%ññš%ñÔ     I R M     d Ôñš%ññ›%ñ)€and€Security€Programs€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n     E Ôñš%ññ›%ñ€(SPDñ ›%ññš%ñÔ     S P D     i Ôñš%ññ›%ñ)€managers.Ð    (#(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àMaintain€a€current€status€on€all€required€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     m+ Ôñš%ññ›%ñ€documentation.Ð    ‹#‚% ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àEstablish€and€maintain€a€Risk€Managementñ ›%ññš%ñÔ/  %   R i s k   M a n a g e m e n t      / Ôñš%ññ›%ñ€program,€including€risk€assessments,Ð   	 ?%6!'   Ðfor€sensitive€Customs€AIS€resources,€including:Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àAIS€facilities.Ð    Í'Ä#* (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àGeneral€support€AISs.Ð    )x%, (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àMajor€applications.Ð    5+,'. (#(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àAct€as€the€liaison€for€AIS€security€matters€to€the€Department€of€the€Treasury.Ð    é,à(0 ¸(#¸(#  ÐÐ   	 Ã-º)1   Ðà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àReport€computer€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s      5 Ôñš%ññ›%ñ€and€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     i% Ôñš%ññ›%ñ€to€the€OIT€AssistantÐ   	 	      ÐCommissionerñ ›%ññš%ñÔ)     C o m m i s s i o n e r     e) Ôñš%ññ›%ñ€(AC),€Process€Owners€(PO),€and€Office€of€Internal€Affairsñ ›%ññš%ñÔ1  '   I n t e r n a l   A f f a i r s      1 Ôñš%ññ›%ñ€(IA),Ïas€appropriate.Ð    ¸(#¸(#  ÐÌÔ&  Ž Ôà0     àà0    `	(#(# à(j)à0    ¸`	(#`	(# àCoordinate€Customs€AIS€Virusñ ›%ññš%ñÔ     V i r u s       Ôñš%ññ›%ñ€Prevention€program,€including,€recommendingÐ   	 qh   Ðvirusñ ›%ññš%ñÔ     v i r u s       Ôñš%ññ›%ñ€prevention€solutions,€providing€guidance€in€defining€the€requirements,€andÏselecting€the€approach.Ô'  ŽqÔ  ÔÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(k)à0    ¸`	(#`	(# àEstablish€standards€and€provide€guidance€for€the€preparation€of€AIS€Disasterñ ›%ññš%ñÔ!     D i s a s t e r     ! Ôñš%ññ›%ñÐ   	 Ù
Ð   ÐRecoveryñ ›%ññš%ñÔ!     R e c o v e r y     ! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Operations€plans€including,€conducting€of€agency„wideÏanalyses,€and€establishing€and€verifying€strategies€for€business€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     y! Ôñš%ññ›%ñ€andÏalternate€processing.€€This€includes€coordinating€the€development€of€viableÏDisasterñ ›%ññš%ñÔ!     D i s a s t e r     y! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     y! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Operations€plans€for€Customs€AIS€facilities.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(l)à0    ¸`	(#`	(# àEstablish€standards€and€provide€guidance€for€preparing€End„User€AISÐ   	 õì   ÐContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€plans.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(m)à0    ¸`	(#`	(# àEnsure€that€all€interactive€users€of€Customs€AIS€meet€at€least€the€minimumÐ   	 ƒz   Ðstandards€of€eligibility€for€access.€€[USCS€1460„010]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(n)à0    ¸`	(#`	(# àConduct€AIS€security€compliance€review€and€oversightñ ›%ññš%ñÔ#     o v e r s i g h t      # Ôñš%ññ›%ñ€activities.Ð     ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(o)à0    ¸`	(#`	(# àSupport€areas€or€issues€requiring€AIS€security„related€research€and€developmentÐ   	 Å¼   Ðeffort.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(p)à0    ¸`	(#`	(# àSupport€AIS€security€audits€and€reviews,€providing€assistance€as€appropriate.Ð    SJ ¸(#¸(#  ÐÌà0     à(5)à0    `	(#(# àòòIRMñ ›%ññš%ñÔ     I R M     i Ôñš%ññ›%ñ€manageróó€responsibilities:Ð    þ `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEnsure€security„related€quality€assurance€throughout€the€software€developmentÐ   	 ¿¶   Ðlife-cycle.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àCoordinate€with€AIS€Security€for€review€of€the€SDLCñ ›%ññš%ñÔ     S D L C      Ôñš%ññ›%ñ€documents€and€activities€toÐ   	 MD    Ðincorporate€security€into€developed€products.€€[TD€P€84-01]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    Û!Ò# ¸(#¸(#  ÐÌà0     à(6)à0    `	(#(# àòòProcess€Owneróóñ ›%ññš%ñÔ+  !   P r o c e s s   O w n e r      + Ôñš%ññ›%ñ€(identified€in€the€Major€Applicationñ ›%ññš%ñÔ3  )   M a j o r   A p p l i c a t i o n     &3 ÔÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñ€Security€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     Ö+ Ôñš%ññ›%ñ)€responsibilities:Ð    #†% `	(#`	(#  Ðà0     àà0    `	(#(# à[USCS€PPP]Ð    `	(#`	(#  Ðñ›%ñß‚ €C    L              < 8  x  x	_À  È  p  €  €  @  Pd d d d   Eh	&ÈÞt t àö         G%Xf  ‚ ßâ   	  ° ° °(#°(# âñ›%ññ ›%ñß‚ €C æ   L              < 8  x  x	_À  È  p  €  €  @  Pd d d d   Eh	&ÈÞt t àö         G%Xf  ‚ ßñ›%ñÌÌÌÌÌÌÌÌÌâ
    
 âÐ    ñ,è(0 ° °   ÐÔ&  Ž Ôâ
    
 âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àAccredit€assigned€Customs€AIS€Process€(responsibility€shared€with€the€AssistantÐ   	 	      ÐCommissionerñ ›%ññš%ñÔ)     C o m m i s s i o n e r     ) Ôñš%ññ›%ñ,€OIT).Ð    ¸(#¸(#  ÐÔ'  Ž	ö  ÔÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àEstablish€user€requirements€and€controls€that€conform€to€Customs€SystemÐ   	 —Ž   ÐDevelopment€Life€Cycle€(SDLCñ ›%ññš%ñÔ     S D L C     s Ôñš%ññ›%ñ)€Handbook.€€[USCS€5500„04]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àSpecify€that€locally€developed€sensitive€AIS€products€comply€with€C2ñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ€levelÐ   	 %	   Ðfunctional€security€requirements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àDesignate€or€ensure€that€information€sensitivity€levels€are€assigned€for€theÐ   	 ³ª	   Ðinformation€processed,€stored,€or€transmitted€by€the€Customs€AIS€Process.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àCoordinate€with€the€Customs€Office€of€Regulations€and€Rulings,€Disclosure€LawÐ   	 A8
   ÐBranch,€to€publish€a€"System€of€Records"€in€the€Federal€Register€for€any€CustomsÏProcessñ ›%ññš%ñÔ/  %   C u s t o m s   P r o c e s s      / Ôñš%ññ›%ñ€that€contains€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     s' Ôñš%ññ›%ñ€data,€as€appropriate.€€[TD€P€25„04]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àEnsure€that€user€access€requirements€and€controls€are€defined€for€the€Customs€AISÐ   	 ©    ÐProcess.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àDelegate€user€access€request€authorization.Ð    7. ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    ëâ ¸(#¸(#  ÐÌà0     à(7)à0    `	(#(# àòòApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     s' Ôñš%ññ›%ñ€Development€Manageróó€responsibilities:Ð    Ÿ– `	(#`	(#  Ðà0     àà0    `	(#(# àÐ    `	(#`	(#  Ðà0     àà0    `	(#(# àApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñ€development€managers€(both€OIT€and€development€organizations€external€toÏOIT)€have€data€ownership€responsibilities€for€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ„related€information€processed,Ïstored,€created,€manipulated€or€transmitted€by€and/or€for€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ,€unless€dataÏownership€is€otherwise€designated€by€agreements,€functions,€and/or€assignments.Ð    `	(#`	(#  Ðñ›%ñßf €C 6 2              "   `  xìÿ ˆ  È	  `  €  EL	GÈTt t àl        „¿X¤  f ßâ   	  °„°„°(#°(# âñ›%ññ ›%ñßf €C ç 2              "   `  xìÿ ˆ  È	  `  €  EL	GÈTt t àl        „¿X¤  f ßñ›%ñÌÌÌÌÌÌÌâ   	  °(#°(#°„°„ âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEnsure€that€locally€developed€AIS€products€comply€with€C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ€level€functionalÐ   	 µ"¬$   Ðsecurity€requirements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àEnsure€that€at€least€the€minimum€security€requirements€mandated€by€law,€statute,Ð   	 C%:!'   Ðor€regulation€are€incorporated€into€Customs€AIS€Process€applications.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àAdhere€to€Customs€System€Development€Life€Cycle€(SDLCñ ›%ññš%ñÔ     S D L C     W Ôñš%ññ›%ñ)€HandbookÐ   	 Ñ'È#*   Ðdevelopment€standards.€€[USCS€5500„04]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àPrepare€documentation€for€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     W+ Ôñš%ññ›%ñ€and€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     W+ Ôñš%ññ›%ñ€packages.Ð    _*V&- ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    ,
(/ ¸(#¸(#  Ðâ
    
 âÐ   	 í,ä(0   ÐÔ&  F Ôâ
    
 âà0     à(8)à0    `	(#(# àòòAIS€Owneróóñ ›%ññš%ñÔ#     A I S   O w n e r     Û# Ôñš%ññ›%ñ€responsibilities:Ð    	    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àOwnership€responsibilities€for€sensitive€Customs€AISs€are€assigned€to€the€OfficeÐ   	 Á¸   Ðof€Information€and€Technology,€unless€otherwise€identified.Ð    ¸(#¸(#  ÐÔ'  F	é+  ÔÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    OF ¸(#¸(#  ÐÌÔ&  ˆ Ôà0     à(9)à0    `	(#(# àòòAIS€Security€Administratoróó€responsibilities:Ð    
ú `	(#`	(#  ÐÌñ›%ñß‚ €C =   L              < 8  x  x	52  È  p  €  €  @  Pd d d d   E>	íÈzt t à’        v»Xt 	 ‚ ßâ   	  °v°v°(#°(# âñ›%ññ ›%ñß‚ €C é   L              < 8  x  x	52  È  p  €  €  @  Pd d d d   E>	íÈzt t à’        v»Xt 	 ‚ ßñ›%ñÌÌÌÌÌÌâ   	  °(#°(#°v°v âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àAct€as€the€primary€point„of„contact€for€AIS€security€issues.Ð    ×Î ¸(#¸(#  ÐÔ'  ˆ
/.  ÔÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àIdentify€security€threats€and€establish€safeguards€(countermeasures)€to€protectÐ   	 ‹‚   ÐCustoms€AIS€resources.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àImplement€security€policy€for€AIS€resources€for€which€Customs€has€directÐ   	    Ðoperational€responsibility.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àEnsure€that€all€personnel€receive€appropriate€AIS€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ.Ð    §ž ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àAdminister€the€Computer€Security€Incident€Reporting€Capability€(CSIRCñ ›%ññš%ñÔ     C S I R C     g Ôñš%ññ›%ñ)Ð   	 [R   Ðprogram€including€establishing€reporting€criteria,€and€coordinating€with€the€OfficeÏof€Internal€Affairsñ ›%ññš%ñÔ1  '   I n t e r n a l   A f f a i r s     81 Ôñš%ññ›%ñ€(IA),€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àReport€to€the€AIS€Security€Officer€any€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     5 Ôñš%ññ›%ñ,€such€as€attempts€to€gainÐ   	 Ãº   Ðunauthorized€access€to€information,€virusñ ›%ññš%ñÔ     v i r u s     y Ôñš%ññ›%ñ€infections,€or€other€events€affecting€AISÏsecurity,€including€damage€assessments€and€actions€taken€to€prevent€futureÏincidents,€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àEnsure€that€viable€End„User€AIS€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     d' Ôñš%ññ›%ñ€Plans€are€developed€to€assureÐ   	 !ü"   Ðcontinued€operations€of€essential€AIS€functions€should€an€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y      # Ôñš%ññ›%ñ€occur.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àCoordinate€local€AIS€Security€Administrators.Ð    “#Š% ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àAdvise€Customs€management€on€implementing€provisions€of€this€policy€andÐ   	 G%>!'   Ðapplicable€guidelines.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(j)à0    ¸`	(#`	(# àEnsure€all€AIS€operations€are€conducted€as€authorized€in€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     n+ Ôñš%ññ›%ñ,€or€thatÐ   	 Õ'Ì#*   Ðcertificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     n+ Ôñš%ññ›%ñ€package€modifications€are€prepared€to€accommodate€the€variances.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(k)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    c*Z&- ¸(#¸(#  ÐÌà0     à(10)à0    `	(#(# àA€òòDesignated€Security€Officer€(DSO)óó€must€be€assigned€for€each€sensitive€AIS,€includingÐ   	 ,(/   Ðgeneral€support€systems€and€major€applications.Ð    `	(#`	(#  ÐÐ   	 Ï-Æ)1   Ðà0     àà0    `	(#(# àòòDesignated€Security€Officeróó:€€The€Customs€person€responsible€to€the€AA€for€ensuring€thatÐ   	 	      Ðsecurity€is€provided€for€and€implemented€throughout€the€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     % Ôñš%ññ›%ñ€of€an€AIS€(from€conceptÏdevelopment€through€design,€development,€operations,€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     ' Ôñš%ññ›%ñ,€and€disposal€phases).Ð    `	(#`	(#  ÐÌÔ&   Ôà0     àà0    `	(#(# àThe€DSO€responsibilities:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEnsure€that€appropriate€security€features€are€implemented€in€òònewóó€sensitive€AISsÐ   	 %	   Ðand€that€they€meet€at€least€the€minimum€security€requirements€defined€in€thisÏpolicy.Ð    ¸(#¸(#  ÐÔ'  q>  ÔÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àReview€and€authorize€acquisitions,€in€coordination€with€the€AIS€Security€Officer,Ïand€certify€that€appropriate€AIS€security€is€included€in€the€specifications€for€theÏoperation€of€an€AIS€installation€facilityñ ›%ññš%ñÔ!     f a c i l i t y     e! Ôñš%ññ›%ñ,€equipment,€or€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ,€and€forÏacquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     ' Ôñš%ññ›%ñ€of€AIS€hardware,€software,€or€related€services.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àPrepare€siteñ ›%ññš%ñÔ     s i t e     i Ôñš%ññ›%ñ€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     X+ Ôñš%ññ›%ñ€packages€in€preparation€for€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ.Ð    ÏÆ ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     X+ Ôñš%ññ›%ñ„related€activities€include:Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àConduct€design€reviews,€security€tests,€and€certify€the€results€whenÐ   	 7.   Ðsecurity„relevant€changes€(hardware,€software,€firmware,€etc.)€are€made,Ïto€ensure€that€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ€status€is€not€affected.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àIdentify€and€recommend€AIS€security€improvements€to€management.€Ð    Ÿ– (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àEnsure€that€configuration€managementñ ›%ññš%ñÔA  7   c o n f i g u r a t i o n   m a n a g e m e n t     ÖA Ôñš%ññ›%ñ€(CM)€is€used€and€maintained€toÐ   	 SJ   Ðprotect€the€AIS€security„related€features.Ð    (#(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àPrepare,€or€oversee€the€preparation€of,€AIS€security€plans,€and€maintain€relatedÐ   	 áØ   Ðdocumentation€for€each€AIS€under€their€purview.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àEnsure€the€distributionñ ›%ññš%ñÔ)     d i s t r i b u t i o n     m) Ôñš%ññ›%ñ€of€end„user€security€procedures€tailored€for€administrators,Ð   	 of   Ðand€operators€of€sensitive€AISs;€advising€users€of€the€security€features€andÏprocedures€used€on€the€AISs.€€[USCS€5500„04]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àCoordinate€with€the€appropriate€DSOs€of€other€AISs,€process€owners,€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñÐ   	 ×!Î#   Ðdevelopment€managers,€and€the€Customs€AIS€Security€Officer€to€ensure€thatÏplanning€adequately€addresses€the€AIS€security€requirements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àEstablish,€in€coordination€with€AIS€Security€Administration,€access€control€criteriaÐ   	 ?%6!'   Ðand€administrative€procedures€consistent€with€Customs€policy,€by€which€onlyÏauthorized€persons€gain€access€to€the€AIS.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àProvide€support€for€auditñ ›%ññš%ñÔ     a u d i t     t Ôñš%ññ›%ñ€trail€reviews€and€related€discrepancy€investigations.Ð    §(ž$+ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àReport€immediately€to€AIS€Security€Administration,€any€security€incident,€suchÐ   	 [*R&-   Ðas€attempts€to€gain€unauthorized€access€to€information,€virusñ ›%ññš%ñÔ     v i r u s       Ôñš%ññ›%ñ€infections,€or€otherÏevents€or€conditions€which€may€affect€AIS€security€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ.Ð    ¸(#¸(#  Ðâ
    
 âÐ   	 é,à(0   ÐÔ&  h Ôâ
    
 âà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àConduct€periodic€security€reviews€of€AIS€facilities€under€their€purview€to€assureÐ   	 	      Ðsafeguards€are€commensurate€with€the€AIS€information€being€stored,€processed€orÏtransmitted.Ð    ¸(#¸(#  ÐÔ'  h	¯N  ÔÌà0     àà0    `	(#(# à(j)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    qh ¸(#¸(#  ÐÌà0     à(11)à0    `	(#(# àòòLocal€AIS€Security€Administratoróó€responsibilities:Ð    %	 `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àRequest€and/or€grant€user€access€to€AIS€based€on€management€authorization.Ð    Ý
Ô ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àRemove€or€modify€user€access€based€on€authorized€requests€of€management,Ð   	 ‘ˆ
   Ðprocess€owners,€and/or€administrative€processes.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àConduct€authorized€reviews€of€the€user€access€to€assure€timely€detection€ofÐ   	    Ðsuspicious,€inappropriate,€or€unauthorized€activity.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àReport€to€DSO€or€AIS€Security€Administration,€any€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     :5 Ôñš%ññ›%ñ€or€otherÐ   	 ­¤   Ðevents€affecting€AIS€security€(e.g.,€virusñ ›%ññš%ñÔ     v i r u s     y Ôñš%ññ›%ñ€infections,€attempts€to€gain€unauthorizedÏaccess€to€information,€suspicious,€inappropriate,€or€unauthorized€activity,€etc.).Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð     ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àSupport€compliance€of€C2ñ ›%ññš%ñÔ     C 2     s Ôñš%ññ›%ñ€level€functional€security€requirements€for€locallyÐ   	 ÉÀ   Ðdeveloped€sensitive€AIS€products,€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     à(12)à0    `	(#(# àòòFacilityñ ›%ññš%ñÔ!     F a c i l i t y     n! Ôñš%ññ›%ñ€manageróó€(or€functional€equivalent)€responsibilities:Ð    WN `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEnsure€that€a€physical€inventory€is€maintained€(usually€by€the€local€propertyÐ   	    Ðofficer)€of€all€AIS€resources€within€their€area€of€responsibility.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àEnsure€the€physical€securityñ ›%ññš%ñÔ3  )   p h y s i c a l   s e c u r i t y     &3 Ôñš%ññ›%ñ€and€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     t+ Ôñš%ññ›%ñ€of€the€sensitive€AIS€facilityñ ›%ññš%ñÔ!     f a c i l i t y     i! Ôñš%ññ›%ñ€(siteñ ›%ññš%ñÔ     s i t e     t Ôñš%ññ›%ñ).Ð    ” ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àIncluded€in€these€responsibilities€are€AIS„related€safety€and€security€activitiesÏ(e.g.,€Occupant€Emergencyñ ›%ññš%ñÔ#     E m e r g e n c y     o# Ôñš%ññ›%ñ€Plan,€Physical€Securityñ ›%ññš%ñÔ3  )   P h y s i c a l   S e c u r i t y     &3 Ôñš%ññ›%ñ€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     t+ Ôñš%ññ›%ñ,€etc.).Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àCoordinate€with€appropriate€DSOs€any€AIS€security„relevant€facilityñ ›%ññš%ñÔ!     f a c i l i t y     l! Ôñš%ññ›%ñ€changes.Ð    ß!Ö# ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    “#Š% ¸(#¸(#  ÐÌà0     à(13)à0    `	(#(# àòòManageróó€and€òòSupervisoróó€responsibilities:Ð    G%>!' `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEnsure€that€sensitive€AIS€data€and€resources€within€their€area€of€responsibility€areÐ   	 ÿ&ö")   Ðproperly€protected€by€appropriate€security€safeguards.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àEnsure€that€subordinates€have€access€only€to€those€AIS€applications€and€dataÐ   	 )„%,   Ðnecessary€to€perform€authorized€tasks€(principle€of€least„privilege).Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àReport€to€the€appropriate€Security€Administrator€any€changes€to€employee€accessÐ   	 ,(/   Ðrequirements.€€Also€coordinate€with€appropriate€management€when€employee€orÏmanagement€transfers€occur€which€might€affect€AIS€access.Ð    Ï-Æ)1 ¸(#¸(#  Ð‡à0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àReview€employee€AIS€access€activity€to€ensure€compliance€to€AIS€securityÐ   	 	      Ðrequirements€and€provide€timely€detection€of€suspicious,€inappropriate,€orÏunauthorized€activity.Ð    ¸(#¸(#  ÐÌÔ&  Ž Ôà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àEnsure€that€a€DSO€is€identified€for€each€sensitive€AIS€(or€group€of€facilitiesÐ   	 qh   Ðdesignated€as€a€sensitive€AIS)€used€by€employees€under€their€managementÏauthorityñ ›%ññš%ñÔ#     a u t h o r i t y     ˆ# Ôñš%ññ›%ñ,€as€warranted.Ô'  Žq²a  ÔÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àReport€AIS€security„related€changes€in€their€own€job€status€to€the€responsibleÐ   	 Ù
Ð   ÐSecurity€Administrator.Ð    ¸(#¸(#  ÐÌà0     àà    `	 à(g)à0    ¸(#(# àEnsure€that€proposed€acquisitions€of€sensitive€AIS„related€hardware,€software,Ð   	 g^	   Ðcommunications,€applications,€and€equipment€satisfy€AIS€security€requirementsÏand€receive€DSO€concurrence€prior€to€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     ' Ôñš%ññ›%ñ.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àEnsure€that€sensitive€AIS€products€developed€under€their€management€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñÐ   	 ÏÆ   Ðcomply€with€C2ñ ›%ññš%ñÔ     C 2     o Ôñš%ññ›%ñ€level€functional€security€requirements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àEnsure€that€employees€under€their€management€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ€receive€AIS€securityÐ   	 ]T   Ðtrainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€relevant€to€their€assignments,€as€required€by€laws,€regulations,€MOUs,Ïor€other€agreements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(j)à0    ¸`	(#`	(# àAttend€AIS€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     ! Ôñš%ññ›%ñ€as€required€by€laws,€regulations,€MOUs,€or€otherÐ   	 Å¼   Ðagreements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(k)à0    ¸`	(#`	(# àAssist€with€AIS€security€audits€and€reviews,€as€appropriate.Ð    SJ ¸(#¸(#  ÐÌà0     à(14)à0    `	(#(# àòòUseróó€responsibilities:Ð    þ `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àProtect€access€IDs,€authentication€codes€(e.g.,€passwords,€personal€identificationÐ   	 ¿¶   Ðnumbers€[PIN],€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     Ö% Ôñš%ññ›%ñ€codes,€etc.)€from€improper€disclosure.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àAccess€only€authorized€AIS€applications€and€data€necessary€to€perform€approved€Ð   	 MD    Ðresponsibilities.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDue€to€technical€capability€of€some€AIS,€access€might€exceed€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ.€€AccessÏcapability€however,€does€not€equate€to€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ€(e.g.,€òòcasual€browsing€of€dataÐ   	 µ"¬$   Ðis€not€permittedóó).Ð    “#Š% ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àòòIt€is€a€violation€of€law€for€users€to€access€U.S.€Government€AIS€data€in€excessÐ   	 K%B!'   Ðof€their€authorization.€[18€USC€1030]óóÐ    %&"( ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àNotify€supervisor€and€AIS€Security€Administrator€when€AIS€access€or€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     )# Ôñš%ññ›%ñÐ   	 Ù'Ð#*   Ðis€no€longer€required€for€their€authorized€tasks.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àApply€the€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     g3 Ôñš%ññ›%ñ€required€by€AIS€security€policies€and€standards.Ð    g*^&- ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àComply€with€the€provisions€in€the€Customs€AIS€Security€Policy€manual.Ð    ,(/ ¸(#¸(#  Ðâ
    
 âÐ   	 õ,ì(0   ÐÔ&  ´ Ôâ
    
 âà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àAttend€AIS€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€as€required€by€laws,€regulations,€MOUs,€or€otherÐ   	 	      Ðagreements.Ô'  ´	q  ÔÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àProvide€assistance€with€AIS€security€audits€and€reviews€as€required€by€laws,Ð   	 —Ž   Ðregulations,€MOUs,€or€other€agreements,€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     à(15)à0    `	(#(# àòòExternal€agency€useróó€responsibilities:Ð    %	 `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àComply€with€U.S.€Government€AIS„related€laws€and€regulations.Ð    Ý
Ô ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àComply€with€inter„agency€MOUñ ›%ññš%ñÔ     M O U      Ôñš%ññ›%ñ€(Memorandum€of€Understanding)€or€other€formalÐ   	 ‘ˆ
   Ðagreements€between€themselves€and€Customs.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àExternal€agencies€must€designate€AIS€Security€Coordinators.€€The€head€of€theÏexternal€agency,€or€delegate€(òòas€identified€in€writingóó),€is€responsible€for€ensuringÐ   	 ùð   Ðthat€employees€and€contractors€under€their€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     # Ôñš%ññ›%ñ€observe€Customs€AISÏSecurity€Policy€as€identified€in€this€manual.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àProtect€access€IDs,€authentication€codes€(e.g.,€passwords,€personal€identificationÐ   	 aX   Ðnumbers€[PIN],€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     :% Ôñš%ññ›%ñ€codes,€etc.)€from€improper€disclosure.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àAccess€only€authorized€AIS€applications€and€data€necessary€to€perform€approvedÐ   	 ïæ   Ðactivities.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDue€to€the€technical€capability€of€some€AIS,€access€might€exceed€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ.€ÏAccess€capability€however,€does€not€equate€to€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ€(e.g.,€òòcasual€browsingÐ   	 WN   Ðof€data€is€not€permittedóó).Ð    5, ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àòòIt€is€a€violation€of€law€for€users€to€access€U.S.€Government€AIS€data€in€excessÐ   	 íä   Ðof€their€authorization.€[18€USC€1030]óóÐ    Ç¾ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àNotify€Customs€AIS€Security€Administrator€when€AIS€access€or€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     :# Ôñš%ññ›%ñ€is€noÐ   	 {r   Ðlonger€required€for€approved€tasks.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àUse€the€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€required€by€AIS€security€policies€and€standards.Ð    	! " ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àComply€with€the€provisions€in€the€Customs€AIS€Security€Policy€manual.Ð    ½"´$ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àAttend€AIS€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     o! Ôñš%ññ›%ñ€as€required€by€laws,€regulations,€MOUs,€or€otherÐ   	 q$h &   Ðagreements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àProvide€assistance€with€AIS€security€audits€and€reviews€as€required€by€laws,Ð   	 ÿ&ö")   Ðregulations,€MOUs,€or€other€agreements,€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     à(16)à0    `	(#(# àòòTrade€communityñ ›%ññš%ñÔ/  %   T r a d e   c o m m u n i t y      / Ôñš%ññ›%ñ€useróó€responsibilities:Ð    )„%, `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àComply€with€U.S.€Government€AIS„related€laws€and€regulations;Ð    E+<'. ¸(#¸(#  Ðâ
    
 âÐ   	 ,(/   ÐÔ&  B Ôâ
    
 âà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àComply€with€any€formal€agreements€governing€access€to€Customs€AIS€resources.Ð    	    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àTrade€communityñ ›%ññš%ñÔ/  %   T r a d e   c o m m u n i t y     Ù/ Ôñš%ññ›%ñ€user€access€to€Customs€AIS€resources€must€be€approved€by€theÏappropriate€Customs€Accrediting€Authorities€and€formally€documented.Ð    ¸(#¸(#  ÐÔ'  B	û€  ÔÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àAccess€only€authorized€AIS€applications€and€data€necessary€to€perform€approved€Ð   	 KB   Ðactivities.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAIS€access€will€be€restricted€to€authorized€data€and€processes.€€Due€to€theÏtechnical€capability€of€some€AIS€however,€access€might€exceed€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     n# Ôñš%ññ›%ñ.€€AccessÏcapability€does€not€equate€to€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     n# Ôñš%ññ›%ñ€(e.g.,òò€casual€browsing€of€data€is€notÐ   	 „
   Ðpermittedóó).Ð    kb	 ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àòòIt€is€a€violation€of€law€for€users€to€access€U.S.€Government€AIS€data€in€excessÐ   	 #   Ðof€their€authorization.€[18€USC€1030]óóÐ    ýô ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àProtect€access€IDs,€authentication€codes€(e.g.,€passwords,€personal€identificationÐ   	 ±¨   Ðnumbers€[PIN],€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€codes,€etc.)€from€improper€disclosure.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àNotify€Customs€AIS€Security€Administrator€when€AIS€access€or€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ€is€noÐ   	 ?6   Ðlonger€required€for€approved€tasks.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àUse€the€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€required€by€Customs€AIS€security€policies€and€standards.Ð    ÍÄ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àComply€with€the€provisions€in€the€Customs€AIS€Security€Policy€manual.Ð    x ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àAttend€AIS€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     o! Ôñš%ññ›%ñ€as€required€by€laws,€regulations,€MOUs,€or€otherÐ   	 5,   Ðagreements.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àSupport€Customs€AIS€security€audits€and€reviews€as€required€by€laws,€regulations,€Ð   	 Ãº   ÐMOUs,€or€other€agreements.Ð	    ” ¸(#¸(#  ÐÑ    à ÑØ       ØØ       Øñ›%ñÖ  €Y  W é 	  Öñ›%ññ ›%ñÖ  €ë  W é 	  Öñ›%ññ›%ñÖ €Z  X é 
  Öñ›%ññ ›%ñÖ €î  X é 
  Öñ›%ñÑ €[   )  ÑÓ   ÓÔ ‡  °üª ° & &ù´ ÔÔ ‡V  °„½ ° ° °üª ÔCHAPTER€3Ð   	 X      ÐòòÔ
      ÔAIS€SECURITY€LIFE€CYCLEÔ     V  ÔÔ# †  °üª ° °V °„½ # ÔÔ# †  &ù´ & ° °üª÷Œ # ÔóóÐ   	 8à   ÐßA €& - )                 °° x         d dE°¨ xA ßÐ   	 À   ÐÓ  ëŒ  ÓÌThis€section€documents€activities€for€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n      ' Ôñš%ññ›%ñ€and€development€of€AIS€and€related€applications.€€ItÏprovides€guidance€to€ensure€that€sensitive€AISs€and€applications€are€developed,€acquired,€and€documentedÏaccording€to€Customs€policy.ÌÌTopics€include:ÌÌòòSecurity€Planningóó.€€Security€planning€activities€are€the€responsibility€of€the€appropriate€Customs€Processñ ›%ññš%ñÔ/  %   C u s t o m s   P r o c e s s      / Ôñš%ññ›%ñÐ   	 µ]

   ÐOwnerñ ›%ññš%ñÔ+  !   P r o c e s s   O w n e r      + Ôñš%ññ›%ñ,€AIS€ownerñ ›%ññš%ñÔ#     A I S   o w n e r     e# Ôñš%ññ›%ñ,€Applications€Developer,€DSO,€and€AIS€Security€Officer.€€These€activities€pertain€toÏthe€development€or€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n      ' Ôñš%ññ›%ñ€of€new€Customs€AISs€and€applications,€or€changes€to€existing€ones.ÌÌòòCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n      + Ôñš%ññ›%ñ€and€Accreditationóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n      + Ôñš%ññ›%ñ.€€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n      + Ôñš%ññ›%ñ€and€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€activities€are€the€responsibility€of€theÐ   	 Å   Ðappropriate€Accrediting€Authorities€(AAs),€DSO,€and€the€AIS€Security€Officer.ÌÌòòSecurity€Educationñ ›%ññš%ñÔ#     E d u c a t i o n     o# Ôñš%ññ›%ñ,€Trainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ,€and€Awarenessóóñ ›%ññš%ñÔ#     A w a r e n e s s     o# Ôñš%ññ›%ñ.€€These€activities€are€ongoing€and€apply€to€all€personnel€whoÐ   	 «S   Ðmanage,€use,€or€operate€Customs€AISs,€whether€or€not€they€are€Customs€employees.ÌÌòòSecurity€Oversightóóñ ›%ññš%ñÔ#     O v e r s i g h t     o# Ôñš%ññ›%ñ.€€The€AIS€Security€Officer€conducts€policy„related€security€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     o# Ôñš%ññ›%ñ€activities€forÐ   	 9á   Ðongoing€day„to„day€operations.€€The€ADP€Steering€Committeeñ ›%ññš%ñÔ5  +   S t e e r i n g   C o m m i t t e e     Ö5 Ôñš%ññ›%ñ,€Security€Subcommittee,€is€designated€asÏthe€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     # Ôñš%ññ›%ñ€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     # Ôñš%ññ›%ñ€for€Customs€AIS€Security€Program.€ÌÌòòÔ
     Ô3.1à0     àSECURITY€PLANNINGÔ    _—  ÔóóÐ    ¡I (#(#  ÐÌà0     àSecurity€planning€activities€support€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€of€all€sensitive€Customs€AISs,€includingÏgeneral€support€systems€and€major€applications.€€This€section€discusses€the€processes€for€AISÏsecurity€planning,€risk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ,€disasterñ ›%ññš%ñÔ!     d i s a s t e r     e! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     e! Ôñš%ññ›%ñ,€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y     n' Ôñš%ññ›%ñ€operations,€and€theÏdocumentation€required€to€achieve€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n      + Ôñš%ññ›%ñ€and€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ.Ð    (#(#  ÐÌà0     àPrior€to€the€development€or€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n      ' Ôñš%ññ›%ñ€of€sensitive€AISs€and€applications,€the€AIS€Security€OfficerÏmust€be€consulted€to€establish€the€scope€of€the€security„related€activities€and€necessaryÏdocumentation.Ð    (#(#  ÐÌòòÔ
     Ô3.1.1à0     àApprovalsÔ    œ  ÔóóÐ    ÿ!§# (#(#  ÐÌà0     àThe€security€planning€process€requires€the€DSO€to€seek€approvals€at€several€steps€during€systemÏplanning€activities.Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àTo€the€extent€feasible,€security€requirements€must€be€defined€prior€to€the€start€of€AISÐ   	 A&é#(   Ðdevelopment,€€be€approved€by€the€DSO€and€AIS€Security€Officer,€and€included€as€part€ofÏthe€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     Ö' Ôñš%ññ›%ñ€process.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àPrior€to€the€start€of€AIS€development,€system€designs€must€include€security€reviews€andÐ   	 ©)Q',   Ðbe€approved€by€the€AIS€Security€Officer.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àSecurity€test€plans€and€security€testingñ ›%ññš%ñÔ     t e s t i n g     Ö Ôñš%ññ›%ñ€results€must€be€approved€by€the€AIS€SecurityÐ   	 7,ß)/   ÐOfficer.Ð#    -¹*0 `	(#`	(#w # Ð‡à0     à(4)à0    `	(#(# àPrior€to€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ,€AIS€security€planning€documentation€must€be€approved€by€AISÐ   	 	      ÐSecurity€Administration.Ð    `	(#`	(#  ÐÌòòÔ
     Ô3.1.2à0     àAIS€Security€PlanÔ    ¡  Ôóóñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     8+ Ôñš%ññ›%ñÐ    —Ž (#(#  ÐÌà0     àThe€objective€of€security€planning€is€to€improve€the€protection€of€AIS€resources€and€information.Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àInformation€owners€(those€managers€most€directly€affected€by€and€interested€in€theÐ   	 ÿ	ö   Ðinformation€or€processing€capabilities),€must€demonstrate€how€they€are€planning€to€protectÏinformation€and€processing€capabilities€from€loss,€misuse,€unauthorized€access,Ïmodification,€unavailability,€or€undetected€security„related€activities.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àThe€AIS€Security€Officer€will€define€the€scope€and€format€for€Customs€AIS€security€plansÐ   	 A8
   Ðto€ensure€a€standardized€approach€that€provides€sufficient€information€to€assess€the€securityÏposture€and€complies€with€applicable€regulations.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àEach€sensitive€Customs€AIS€requires€a€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ€to€document€its€security€requirements,Ð   	 ©    Ðfrom€development€or€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n      ' Ôñš%ññ›%ñ,€through€implementation€and€operation,€to€disposal.€€TheÏassigned€DSO€will€prepare€and€maintain€the€system€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àWhen€an€existing€non„sensitive€AIS€is€changed€to€a€sensitive€Customs€AIS,€anÐ   	    Ðappropriate€AIS€Security€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     8+ Ôñš%ññ›%ñ€must€be€prepared.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àAIS€Security€Officer€will€€determine€the€final€boundaries€for€AIS€networksñ ›%ññš%ñÔ!     n e t w o r k s     l! Ôñš%ññ›%ñ.Ð    Ÿ– ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àThe€DSOs€will€clearly€define€the€boundaries€of€non„networked€sensitive€AISsÐ   	 SJ   Ðunder€their€purview€and€are€responsible€for€ensuring€that€the€AISs€are€operatedÏaccording€to€the€approved€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ.Ð    ¸(#¸(#  ÐÌà0     à(4)à0    `	(#(# àAn€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ€will€include€at€least€the€following:€(See€also:€Appendix€D)Ð    »² `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àRisk€managementñ ›%ññš%ñÔ/  %   R i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ€actions€pertaining€to€the€AIS.€€(See€also:€Section€3.2.2)Ð    of ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àA€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n      + Ôñš%ññ›%ñ€statement€that€reflects€the€results€of€security€features€tests€andÐ   	 # !   Ðimplementation€schedules€applicable€to€the€AIS.€€(See€also:€Section€3.4)Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àA€Disasterñ ›%ññš%ñÔ!     D i s a s t e r     i! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     i! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Operations€Plan,€consisting€of:€€(See€also:Ð   	 ±"¨$   ÐSection€3.1.3)Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àemergencyñ ›%ññš%ñÔ#     e m e r g e n c y      # Ôñš%ññ›%ñ€response€plan,Ð    ?%6!' (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àback„up€operations€plan,€andÐ    ó&ê") (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àpostdisaster€recoveryñ ›%ññš%ñÔ!     r e c o v e r y      ! Ôñš%ññ›%ñ€plan.Ð    §(ž$+ (#(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àSecurity€procedures€and€practices€for€users€and€operators€of€AISs.€€€(See€also:Ð   	 [*R&-   ÐSection€3.5)Ð    ¸(#¸(#  Ðâ
    
 âÐ   	 ,(/   ÐÔ&  Ž Ôâ
    
 âà0     à(5)à0    `	(#(# àA€single€(generic)€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ€can€€cover€multiple€AISs€in€some€situations.€€Such€plansÐ   	 	      Ðmust€consider€ownership€responsibilities,€administrative€burdens,€technical€complexity,Ïand€be€cost„effective.Ô'  Ž	±  ÔÐ    `	(#`	(#  ÐÌÔ&  B Ôà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àA€single€(generic)€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ€can€include€multiple€comparable€AISs€inÐ   	 qh   Ðsimilar€and€associated€operating€environments.€€If€additional€security€measures€forÏa€particular€operating€environment€are€required,€they€can€be€added€asÏsupplemental€to€the€primary€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ,€rather€then€create€a€new€plan.€€The€planÏmust€show€how€the€changes€are€associated€and€maintain€the€plan€integrity.Ô'  Bq³  ÔÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àA€single€(generic)€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ€can€cover€related€AIS€resources€that€performÐ   	 „
   Ðsimilar€and/or€associated€functions€and€are€physically€and€logically€located€in€theÏsame€general€area.€€The€plan€might€Include€Local€Area€Networksñ ›%ññš%ñÔ!     N e t w o r k s     l! Ôñš%ññ›%ñ€(LANs),€hostsÏwith€terminals,€groups€of€stand„alone€personal€computers,€workstations,€and€otherÏrelated€office€automation€systems.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àA€single€(generic)€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ€can€cover€related€AIS€resources€that€performÐ   	 ©    Ðsimilar€and/or€associated€functions€in€support€of€a€common€mission,€but€might€beÏat€unspecified€or€physically€and/or€logically€diverse€locations.€€Such€a€plan€mustÏconsider€the€diversity€of€conditions€that€might€be€encountered€and€ensure€thatÏadequate€and€appropriate€levels€of€security€are€provided.€€The€plan€might€includeÏpersonal€computers,€workstations,€and€other€related€AIS€equipment€over€WideÏArea€Networksñ ›%ññš%ñÔ!     N e t w o r k s     l! Ôñš%ññ›%ñ€(WANs),€Local€Area€Networksñ ›%ññš%ñÔ!     N e t w o r k s     l! Ôñš%ññ›%ñ€(LANs),€and/or€otherÏcommunications€networksñ ›%ññš%ñÔ!     n e t w o r k s     l! Ôñš%ññ›%ñ€or€mediums.Ð    ¸(#¸(#  ÐÌòòÔ
     Ô3.1.3à0     àDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€Operations€PlanningÔ    W»  ÔóóÐ    SJ (#(#  ÐÌà0     à(1)à0    `	(#(# àEach€essential€(mission„critical)€sensitive€Customs€AIS,€including€general€support€systemsÐ   	 þ   Ðand€major€applications,€or€grouping€of€like€systems,€shall€have€a€viable€and€logicalÏDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€Operations€Plan.€€Plans€shall€be€well„written,Ïroutinely€reviewed,€tested,€and€updated€to€provide€for€reasonable€continuity€of€AIS€supportÏif€normal€operations€are€interrupted.€€This€enables€rapid€restoration€of€vital€operations€andÏresources,€and€reduces€downtime.€€[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     e Ôñš%ññ›%ñ,AIII]Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àDisasterñ ›%ññš%ñÔ!     D i s a s t e r     y! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     y! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€Operations€planning€elements€must€include,€at€leastÐ   	 ý ô"   Ðthe€following:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y      # Ôñš%ññ›%ñ€response€procedures€appropriate€to€government€laws,€regulations,€andÐ   	 ‹#‚%   Ðdirectives,€civil€disorder,€fire,€flood,€natural€disasterñ ›%ññš%ñÔ!     d i s a s t e r      ! Ôñš%ññ›%ñ,€bomb€threat,€or€otherÏincidents€or€activity€where€lives,€property,€or€the€capability€to€perform€essentialÏfunctions€are€threatened€or€seriously€impacted.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àBack„up€operations€plans,€procedures,€and€responsibilities€to€ensure€that€essentialÐ   	 Í'Ä#*   Ð(mission„critical)€operations€will€continue€if€normal€processing€or€dataÏcommunications€are€interrupted€for€an€unacceptable€period.€€The€minimallyÏacceptable€level€of€degraded€operation€of€the€essential€(mission„critical)€systemsÏor€functions€must€be€identified€and€ranked€so€that€plan€priorities€are€accomplished.€ÏThis€must€include€appropriate€provisions€for€storage,€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñ,€and€retrievalÏof€essential€back„up€and€operational€support€data.Ð    ¸(#¸(#  ÐÐ   	 Ã-º)1   ÐÔ&  h Ôà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àPost„disasterñ ›%ññš%ñÔ!     d i s a s t e r     Ö! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     Ö! Ôñš%ññ›%ñ€procedures€and€responsibilities€to€facilitate€the€rapidÐ   	 	      Ðrestoration€of€normal€operations€at€a€primary€siteñ ›%ññš%ñÔ     s i t e     r Ôñš%ññ›%ñ,€or€if€necessary€at€an€alternateÏfacilityñ ›%ññš%ñÔ!     f a c i l i t y     Ö! Ôñš%ññ›%ñ,€following€destruction,€major€damage,€or€other€significant€interruptions€ofÏthe€primary€siteñ ›%ññš%ñÔ     s i t e     t Ôñš%ññ›%ñ.Ô'  h	¢Å  ÔÐ    ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àThe€AIS€Security€Officer€is€responsible€for€ensuring€the€development€of€AIS€Disasterñ ›%ññš%ñÔ!     D i s a s t e r     Ö! Ôñš%ññ›%ñÐ   	 KB   ÐRecoveryñ ›%ññš%ñÔ!     R e c o v e r y     Ö! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     ' Ôñš%ññ›%ñ€Operations€Plans€for€general€support€systems€and€majorÏapplications,€and€for€defining€the€testingñ ›%ññš%ñÔ     t e s t i n g     c Ôñš%ññ›%ñ€requirements€that€the€DSOs€will€carry€out.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àThe€AIS€Disasterñ ›%ññš%ñÔ!     D i s a s t e r     y! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     y! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     ' Ôñš%ññ›%ñ€Operations€Plans€shall€provide€forÐ   	 ³ª	   Ðviable€and€reasonable€continuity€of€essential€AIS€capabilities€if€normal€operationsÏare€interrupted.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€AIS€Security€Officer€provides€guidance€for€the€formulation€of€these€plans.€Ð   	    ÐThe€plans€must€address€the€business€continuity€requirements€for€interfacing€withÏapplications€and€be€supported€by€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€plans.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àAIS€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€planning€activities€are€conducted€in€concert€withÐ   	 ƒz   Ðfacilityñ ›%ññš%ñÔ!     f a c i l i t y     y! Ôñš%ññ›%ñ€disasterñ ›%ññš%ñÔ!     d i s a s t e r     y! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     y! Ôñš%ññ›%ñ€planning€and/or€end„user€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€planning,€whenÏsuch€plans€exist.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àFacilityñ ›%ññš%ñÔ!     F a c i l i t y     y! Ôñš%ññ›%ñ€disasterñ ›%ññš%ñÔ!     d i s a s t e r     y! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     y! Ôñš%ññ›%ñ€plans€address€physical€securityñ ›%ññš%ñÔ3  )   p h y s i c a l   s e c u r i t y      3 Ôñš%ññ›%ñ,€the€protection€of€generalÐ   	 ëâ   ÐAIS€support,€and€help€ensure€the€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     i) Ôñš%ññ›%ñ€of€critical€assets€(resources)€toÏfacilitate€the€continuity€of€operationsñ ›%ññš%ñÔA  7   c o n t i n u i t y   o f   o p e r a t i o n s     _A Ôñš%ññ›%ñ€during€an€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y     o# Ôñš%ññ›%ñ.Ð    ¸(#¸(#  ÐÌà0     à(4)à0    `	(#(# àThe€DSO€will€develop€and€maintain€a€current€viable€AIS€Disasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ€andÐ   	 SJ   ÐContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Operations€Plan€for€each€sensitive€and/or€mission„critical€AIS€(generalÏsupport€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m      = Ôñš%ññ›%ñ,€microcomputers,€etc.).€€The€plan€will€provide€reasonable€assurance€thatÏcritical€data€processing€support€can€be€continued,€or€quickly€resumed,€if€normal€operationsÏare€interrupted.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àDepending€on€the€results€of€the€criticality€assessment€(business€impact€analysisñ ›%ññš%ñÔA  7   b u s i n e s s   i m p a c t   a n a l y s i s     _A Ôñš%ññ›%ñ),Ð   	 of   Ðthe€DSO€may€determine€that€an€AIS€is€not€sufficiently€critical€to€the€agency€orÏuser€community€to€warrant€a€Disasterñ ›%ññš%ñÔ!     D i s a s t e r     m! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     m! Ôñš%ññ›%ñ€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     c' Ôñš%ññ›%ñ€Operations€Plan.€ÏIn€this€event€the€DSO€will€provide€a€Continuity€of€Operationsñ ›%ññš%ñÔA  7   C o n t i n u i t y   o f   O p e r a t i o n s     _A Ôñš%ññ›%ñ€Statement€to€thatÏeffect,€subject€to€the€approvalñ ›%ññš%ñÔ!     a p p r o v a l      ! Ôñš%ññ›%ñ€of€the€Accrediting€Authorities.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àEnd„User€AIS€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Plans€shall€be€developed,€reviewed,€and€updated€atÐ   	 ‹#‚%   Ðleast€every€three€years,€or€whenever€major€processing€environment€changes€occurÏ(e.g.,€physical€siteñ ›%ññš%ñÔ     s i t e     g Ôñš%ññ›%ñ,€hardware,€software,€operating€systems,€etc.).Ð    ¸(#¸(#  ÐÌà0     à(5)à0    `	(#(# àAll€plans€must€be€operationally€tested€at€a€frequency€commensurate€with€the€risk€andÐ   	 ó&ê")   Ðimportance€of€loss€or€harm€that€could€result€from€disruption€of€AIS€support.Ð    `	(#`	(#  ÐÌòòÔ
     Ô3.2à0     àSECURITY€REQUIREMENTSÔ    ¾Û  ÔóóÐ    )x%, (#(#  ÐÌòòÔ
     Ô3.2.1à0     àPolicy€Derived€RequirementsÔ    &Ü  ÔóóÐ    5+,'. (#(#  ÐÌà0     àSecurity€requirements€must€be€risk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ€based€and€result€from€an€analysis€of€policy€asÏapplied€to€data€and€augmented€by€a€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ.€€These€requirements€must€be€compared€to€an€AISÐ   	 Ã-º)1   Ðsecurity€features€cost„benefit€analysis,€not€against€the€minimum€requirements.€€Appendix€FÏdiscusses€policy€methodology.Ð    (#(#  ÐÌòòÔ
     ÔÔ&  ö Ô3.2.1.1à    `	 àGlobal€Security€PolicyÔ    †Þ  ÔóóÐ   	 —Ž   ÐÌà0     àThe€security€policy€of€Customs€is€to€operate€its€AISs€in€compliance€with€existing€Federal€andÏnational„level€policy€as€stated€in€public€laws€(PL),€Executive€Orders€(EO),€Federal€InformationÏProcessing€Standard€Publications€(FIPS€PUBS),€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     	O Ôñš%ññ›%ñ€(OMB)Ïcirculars€and€bulletins,€Treasury€Directives€(TD),€and€Customs€Directives€(CD);€to€protect€the€dataÏand€information€in€the€AISs;€and€to€effectively€support€the€Customs€mission.Ô'  ö—“Þ  ÔÐ    (#(#  ÐÌòòÔ
     Ô3.2.1.2à    `	 àCost„Effective€SecurityÔ    Qá  ÔóóÐ   	 g^	   ÐÌà0     àFederal€regulations€and€Treasury€directives€require€that€(i)€resources€are€used€consistent€with€theÏagency€mission;€(ii)€programs€and€resources€are€protected€from€waste€fraud€and€mismanagement;Ïand€(iii)€the€best€available€and€most€cost„effective€products€are€used€in€the€design€andÏimplementation€of€AIS€security€protection.€The€selection€of€security€products€must€consider€theÏcosts€of€managing€and€administering€such€products.€€Meeting€these€requirements,€and€theÏcontinually€increasing€demands€for€protection€of€information,€requires€consideration€of€productsÏwhich€are€compatible€with€existing€and€anticipated€AIS€hardware€and€software€configurations.€Ï[OMB€A123;€TD€P€71„10]à0    h(#(# àÐ     h(#h(#  ÐÌòòÔ
     Ô3.2.2à     àRisk€ManagementÔ    ä  Ôóóñ ›%ññš%ñÔ/  %   R i s k   M a n a g e m e n t      / Ôñš%ññ›%ñÐ   	 Å¼   ÐÌà0     à(1)à0    `	(#(# àRisk€managementñ ›%ññš%ñÔ/  %   R i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ€is€the€total€process€of€identifying,€controlling,€and€eliminating€orÐ   	 yp   Ðreducing€risks€that€may€affect€AIS€resources.€€It€includes:€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€(identify€andÏanalyze€the€risks);€a€determination€of€the€appropriate€levels€of€resources€necessary€toÏprotect€the€AIS;€a€management€decision€to€implement€selected€AIS€security€€safeguardsÏbased€on€the€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ,€including€accepting€residual€riskñ ›%ññš%ñÔ+  !   r e s i d u a l   r i s k      + Ôñš%ññ›%ñ,€if€necessary;€and€effectivenessÏreviews.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àRisks€are€derived€from€the€analysis€of€threats€and€vulnerabilities.€€A€formal€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñÐ   	 of   Ðrequires€determining€relativity€among€risks€and€assessing€associated€damage€or€lossÏpotentials.€€This€relationship€forms€the€basis€for€selecting€effective€safeguards.€€BeforeÏstarting€the€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€process,€the€AIS€Security€Officer€should€be€consulted€forÏguidance€on€the€scope€of€the€analysis€and€the€recommended€approach.€€In€the€absence€ofÏspecific€directions,€refer€to€the€òòTreasury€Risk€Assessmentñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t      / Ôñš%ññ›%ñ€Guidelineóó.€€[TD€P€85„03]€Ð    ±"¨$ `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àA€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€will€be€conducted€or€sponsored€by€the€AIS€Security€Officer€forÐ   	 e$\ &   Ðeach€Customs€general€support€AIS€(mainframe€or€network)€facilityñ ›%ññš%ñÔ!     f a c i l i t y     s! Ôñš%ññ›%ñ€for€theÏfollowing€conditions.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àWhenever€a€new€or€substantially€modified€AIS€facilityñ ›%ññš%ñÔ!     f a c i l i t y     s! Ôñš%ññ›%ñ€design€is€approved.Ð    Í'Ä#* (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àBefore€design€specifications€for€new€general€support€AISs€and€theirÐ   	 )x%,   Ðsupporting€installations€are€approved.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àWhenever€a€significant€change€occurs€to€the€general€support€AIS€(e.g.,Ð   	 ,(/   Ðadding€a€LAN;€changing€from€batch€to€on„line€processing;€adding€dial„upñ ›%ññš%ñÔ     d i a l „ u p       Ôñš%ññ›%ñÏcapability,€etc.).€€The€criteria€for€defining€significant€changes€will€beÐ   	 Ã-º)1   Ðcommensurate€with€the€sensitivity€of€the€data€processed€by€the€generalÏsupport€AIS.Ð    (#(#  ÐÌÔ&  h Ôà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iv)à0    ¸(#¸(# àAt€periodic€intervals€established€by€the€AIS€Security€OfficerÐ   	 —Ž   Ðcommensurate€with€the€sensitivity€of€the€data€processed,€but€not€to€exceedÏevery€three€years,€if€no€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€is€performed€during€that€period.Ð    (#(#  ÐÔ'  h—¬ð  ÔÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€DSO€will€coordinate€or€conduct€a€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€which€focuses€on€theÐ   	 ÿ	ö   Ðautomated€(technical)€and€administrative€security€control€techniques€associatedÏspecifically€with€the€AIS€or€process€under€review.€€This€includes€the€interfaceÏbetween€the€operating€systems€and€the€applications,€and/or€the€communicationsÏenvironment€and€the€applications,€and€the€threats€inherent€in€processing€in€aÏspecific€environment.€€Facilityñ ›%ññš%ñÔ!     F a c i l i t y     s! Ôñš%ññ›%ñ€(physical)€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€must€be€considered€whenÏdefining€and€approving€security€specifications€for€the€major€applications€orÏnetwork€systems.Ð    ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àResponsibility€for€carrying€out€the€recommendations€of€a€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€rests€with€theÐ   	 ©    Ðmanager€of€the€AIS€facilityñ ›%ññš%ñÔ!     f a c i l i t y     s! Ôñš%ññ›%ñ€under€review,€or€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€developer,€as€appropriate.€ÏResponse€to€the€recommended€safeguards€includes€implementation€schedules,€or€rationaleÏfor€non„implementation.€€They€must€evaluate€the€recommendations€and€determine€whetherÏto€carry€them€out€based€on€technical€and€operational€feasibility,€and€costs.€€CustomsÏAccreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     W+ Ôñš%ññ›%ñ€Authorities€(AAs)€will€consider€the€effects€of€the€reviewer's€actions€inÏmaking€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     W+ Ôñš%ññ›%ñ€decisions.Ð    `	(#`	(#  ÐÌòòÔ
     Ô3.3à0     àDEVELOPMENTÔ    Aù  ÔóóÐ    yp (#(#  ÐÌà0     à(1)à0    `	(#(# àThe€Customs€System€Development€Life€Cycle€(SDLCñ ›%ññš%ñÔ     S D L C      Ôñš%ññ›%ñ)€methodology€described€in€theÐ   	 -$   ÐSDLCñ ›%ññš%ñÔ     S D L C      Ôñš%ññ›%ñ€handbook€applies€to€all€systems€and€applications€(mainframe,€networked,€or€stand„¼alone),€developed€by€or€for€Customs€and€used€by€Customs€employees,€contract€personnel,Ïother€government€agencies,€and€persons€or€companies€using€Customs€resources,€whetherÏor€not€under€direct€control€of€the€Office€of€Information€and€Technology€(OIT).€€ItÏincorporates€a€standards„based€approach€to€systems€development€and€AIS€developmentÏpolicies.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àThe€SDLCñ ›%ññš%ñÔ     S D L C      Ôñš%ññ›%ñ€handbook€is€required€reading€for€all€persons€new€to€the€Customs€automationÐ   	 ý ô"   Ðenvironment€and€incorporates€Government€and€industry€development€standards€applicableÏto€Customs.€€It€describes€the€minimum€requirements€that€Customs€applications€must€meetÏto€comply€with€existing€standards€and€directives€throughout€their€projected€life„cycles€andÏfacilitates€a€step„by„step€process€to€deliver€accurate,€effective€and€efficient€AISs€to€theÏusers.€€[USCS€5500„4]Ð    `	(#`	(#  ÐÌòòÔ
     Ô3.4à0     àCERTIFICATIONñ ›%ññš%ñÔ+  !   C E R T I F I C A T I O N     8+ Ôñš%ññ›%ñ€AND€ACCREDITATIONÔ    ’þ  Ôóóñ ›%ññš%ñÔ+  !   A C C R E D I T A T I O N     8+ Ôñš%ññ›%ñÐ    ó&ê") (#(#  ÐÌà0     àCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€and€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ,€although€related,€are€not€the€same€processes€nor€do€they€have€theÏsame€objectives.€€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€is€a€short€term€activity€that€is€repeated€after€any€significant€AIS„¼related€change€and€is€a€prerequisite€for€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     6+ Ôñš%ññ›%ñ.€€Accreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     6+ Ôñš%ññ›%ñ€is€a€long„term€authorization,Ïup€to€three€years,€for€an€AIS€to€operate€based€on€the€facts,€plans,€and€schedules€developed€duringÏcertificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     6+ Ôñš%ññ›%ñ.Ð    (#(#  Ðâ
    
 âÐ   	 é,à(0   ÐÔ&  ´ Ôâ
    
 âà0     à(1)à0    `	(#(# àEach€Customs€general€support€AIS€and€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n      3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€is€considered€to€contain€orÐ   	 	      Ðprocess€sensitive€information€and€must€be€certified€and€accredited.Ô'  ´	Ù  ÔÐ    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àAll€other€Customs€AISs€and€applications€which€contain€or€process€sensitive€informationÐ   	 —Ž   Ðand€must€be€certified€and€accredited,€as€appropriate.Ð    `	(#`	(#  ÐÌòòÔ
     ÔÔ&  h Ô3.4.1à0     àCertificationÔ    3  Ôóóñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñÐ    %	 (#(#  ÐÌà0     àCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€is€the€comprehensive€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€and€evaluation€of€the€technical€and€nontechnical€AISÏsecurity€features,€and€other€safeguards€used€in€support€of€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€process.Ô'  h%	@  Ô€€It€establishesÏthe€extent€to€which€a€particular€AIS€design€and€implementation€meet€a€specified€set€of€securityÏrequirements.€€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€primarily€addresses€software€and€hardware€security€safeguards,€butÏalso€considers€procedural,€physical,€and€personnel€security€measures€employed€to€enforce€AISÏsecurity€policy.Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àSoftware€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñÐ    ÏÆ `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòIn„house€developed€softwareóó.€€Design€reviews€and€systems€tests€will€beÐ   	 ƒz   Ðperformed,€and€a€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€of€the€results€recorded,€for€newly€developedÏsoftware,€and€for€existing€software€when€significant€modifications€are€made.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòGovernment„Off„The„Shelf€Software€(GOTS)óó.€€Government€developed€softwareÐ   	 ëâ   Ðwill€be€examined€to€assure€that€the€software€does€not€contain€features€which€mightÏbe€detrimental€to€Customs€AIS€security.€€Software€design€reviews€and€systemsÏtests€will€be€performed,€and€a€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€of€the€results€recorded€when€significantÏmodifications€are€made€to€GOTS€software.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòCommercialñ ›%ññš%ñÔ%     C o m m e r c i a l     n% Ôñš%ññ›%ñ„Off„The„Shelf€Software€(COTSñ ›%ññš%ñÔ     C O T S     c Ôñš%ññ›%ñ)óó.€€Commercially€procured€softwareÐ   	 þ   Ðwill€be€examined€to€assure€that€the€software€does€not€contain€features€which€mightÏbe€detrimental€to€AIS€security.€€Security„related€software€will€be€examined€toÏassure€that€the€security€features€function€as€specified.Ð    ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àThe€DSO€will€oversee€or€conduct€AIS€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€tests.€€Individuals€who€conduct€theÐ   	 I@    Ðcertificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€will€be€independent€of€the€AIS€developers,€if€resources€are€available.€ÏThe€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€process€and€results€will€be€documented€in€a€format€that€ensures€that€the€testsÏcan€be€repeated€and€achieve€the€results€reflected€in€the€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€report,€if€required.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àAIS€security€safeguards€must€be€modified€to€correct€any€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s      ) Ôñš%ññ›%ñ€found€duringÐ   	 ‹#‚%   Ðcertificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ,€as€appropriate.Ð    `	(#`	(#  ÐÌà0     à(4)à0    `	(#(# àCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€will€vary€with€the€AIS€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     8+ Ôñš%ññ›%ñ€of€operation.Ð    &"( `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòDedicatedóó€security€modeñ ›%ññš%ñÔ?  5   D e d i c a t e d   s e c u r i t y   m o d e     ? ÔÔ+  !   s e c u r i t y   m o d e     i+ Ôñš%ññ›%ñ€does€not€require€extensive€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     i+ Ôñš%ññ›%ñ€efforts€as€usersÐ   	 Í'Ä#*   Ðand€data€are€not€required€to€be€separated€with€technical€security€measures.€ÏCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     i+ Ôñš%ññ›%ñ€focuses€on€the€physical,€procedural,€and€personnel€security€measuresÏto€ensure€that€all€users€have€the€appropriate€access€approvalñ ›%ññš%ñÔ!     a p p r o v a l     i! Ôñš%ññ›%ñ€and€need„to„know€forÏall€Customs€data€on€the€AIS.€€(Example:€a€standalone€personal€computer).Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòSystem„highóó€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     i+ Ôñš%ññ›%ñ€requires€that€hardware€and€software€security€featuresÐ   	 é,à(0   Ðreliably€segregate€users€from€data€for€which€they€do€not€have€a€need„to„know,€inÐ   	 Ã-º)1   Ðaddition€to€the€requirements€of€Dedicated€security€modeñ ›%ññš%ñÔ?  5   D e d i c a t e d   s e c u r i t y   m o d e     ? ÔÔ+  !   s e c u r i t y   m o d e     i+ Ôñš%ññ›%ñ.€€(Example:€a€generalÏsupport€AIS).Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòCompartmentedóó€and€òòmultilevelóó€security€modes€are€used€for€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     e% Ôñš%ññ›%ñ€AISs€and€areÐ   	 —Ž   Ðnot€addressed€in€the€manual.€€(Reference:€CIS€HB€1400„03).Ð    ¸(#¸(#  ÐÌà0     à(5)à0    `	(#(# àThe€AIS€Security€Officer€will€provide€guidance€on€conducting€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     i+ Ôñš%ññ›%ñ€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ.Ð    %	 `	(#`	(#  ÐÌòòÔ
     Ô3.4.2à0     àAccreditationÔ    A  Ôóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     8+ Ôñš%ññ›%ñÐ    Ù
Ð (#(#  ÐÌà0     àð ðAny€significant€modification€made€to€an€SBUñ ›%ññš%ñÔ     S B U     d Ôñš%ññ›%ñ€AIS€or€network€should€be€reviewed€to€determineÏthe€impact€on€security.ððÐ    (#(#  ÐÌà0     àð ðModified€systems/networksñ ›%ññš%ñÔ!     n e t w o r k s     i! Ôñš%ññ›%ñ€will€be€reaccredited€by€appropriate€officials€as€outlined€in€TD€P€71„¼10,€Sect.€7.A€in€light€of€the€results€of€the€security€review.ðð€€[TD€P€71„10]Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àAccreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     6+ Ôñš%ññ›%ñ€is€the€official€management€authorization€to€operate€an€AIS€based€on€theÐ   	 ©    Ðfollowing€criteria.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àThe€particular€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     6+ Ôñš%ññ›%ñ€of€operation.Ð    7. ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€defined€set€of€threats,€with€related€vulnerabilities€and€prescribed€safeguards.Ð    ëâ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àThe€given€operational€environment.Ð    Ÿ– ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àThe€stated€operational€concept.Ð    SJ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àThe€stated€interconnection€to€other€AISs.Ð    þ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àThe€operational€necessity.Ð    »² ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àAn€acceptable€level€of€risk€for€which€the€Accrediting€Authorities€have€formallyÐ   	 of   Ðassumed€responsibility.Ð    ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àThe€Accrediting€Authorities€(AA)€officially€declare€that€a€certified€AIS€will€adequatelyÐ   	 ý ô"   Ðprotect€related€information,€will€operate€in€one€of€the€following€security€modes,€and€acceptÏsecurity€responsibilities€for€the€AIS€operation.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àThe€AIS€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     V+ Ôñš%ññ›%ñ€of€operation€òòisóó€based€on€data€sensitivity,€€access€approvalñ ›%ññš%ñÔ!     a p p r o v a l     o! Ôñš%ññ›%ñ,€andÐ   	 e$\ &   Ðneed„to„know€of€the€AIS€users.€€Available€or€proposed€AIS€security€features€òòdo€notóóÐ   	 ?%6!'   Ðdetermine€the€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     V+ Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àApplicable€Security€Modes€of€operations€are:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòDedicatedóó€security€modeñ ›%ññš%ñÔ?  5   D e d i c a t e d   s e c u r i t y   m o d e     ,? ÔÔ+  !   s e c u r i t y   m o d e     i+ Ôñš%ññ›%ñ.€€(See€also:€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     i+ Ôñš%ññ›%ñ.€Section€3.4.1.(4)(a).Ð    )x%, ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòSystem„highóó€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     i+ Ôñš%ññ›%ñ.€€(See€also:€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     i+ Ôñš%ññ›%ñ.€Section€3.4.1.(4)(b).Ð    5+,'. ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àAll€sensitive€AISs,€including€general€support€systems€and€major€applications,€must€beÐ   	 é,à(0   Ðsubmitted€for€and€be€accredited€expeditiously.Ð    Ã-º)1 `	(#`	(#  Ð‡à0     à(4)à0    `	(#(# àThe€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     X+ Ôñš%ññ›%ñ€documentation,€discussed€in€Section€3.1,€will€be€submitted€by€theÐ   	 	      ÐDSO€to€the€AIS€Security€Officer€for€review.€€The€AIS€Security€Officer€will€develop€aÏsummary€of€compliance€to€include€security€requirements€and€a€statement€of€residual€riskñ ›%ññš%ñÔ+  !   r e s i d u a l   r i s k     X+ Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     à(5)à0    `	(#(# àPrior€to€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ,€Customs€Information€Resources€Management€(IRMñ ›%ññš%ñÔ     I R M     d Ôñš%ññ›%ñ)€and€SecurityÐ   	 qh   ÐPrograms€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n      E Ôñš%ññ›%ñ€(SPDñ ›%ññš%ñÔ     S P D     i Ôñš%ññ›%ñ)€representatives€will€review€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     m+ Ôñš%ññ›%ñ€documentation,€forÏsensitive€AIS,€including€the€summary€of€compliance€and€statement€of€residual€riskñ ›%ññš%ñÔ+  !   r e s i d u a l   r i s k     m+ Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     à(6)à0    `	(#(# àThe€appropriate€Customs€AAs€will€make€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     m+ Ôñš%ññ›%ñ€decision€based€on€the€summaryÐ   	 Ù
Ð   Ðof€compliance,€a€statement€of€residual€riskñ ›%ññš%ñÔ+  !   r e s i d u a l   r i s k     m+ Ôñš%ññ›%ñ,€and€an€approved€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     m+ Ôñš%ññ›%ñ.€€TheÏaccreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     m+ Ôñš%ññ›%ñ€process€results€in€a€decision€that€the€AIS€is:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àaccredited€to€operate,€orÐ    A8
 ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àgiven€interim€operating€approvalñ ›%ññš%ñÔ!     a p p r o v a l     i! Ôñš%ññ›%ñ€for€a€specific€time€pending€satisfactoryÐ   	 õì   Ðcompletion€€of€specified€requirements,€orÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àdenied€permission€to€operate,€until€identified€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s      ) Ôñš%ññ›%ñ€are€corrected.Ð    ƒz ¸(#¸(#  ÐÌà0     à(7)à0    `	(#(# àEvery€sensitive€AIS€covered€by€this€policy€must€be€reaccredited€at€least€every€three€years.€Ð   	 7.   ÐThe€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     m+ Ôñš%ññ›%ñ€status€and€supporting€documentation€will€be€reviewed€and€revised€forÏthe€following€conditions€or€events,€as€appropriate.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àA€significant€change€occurs€in€the€hardware,€software,€or€data€communicationsÐ   	 Ÿ–   Ðconfiguration€that€impacts€the€AIS€security€safeguards€defined€in€the€originalÏaccreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€package.€€A€significant€change€is€one€whose€impact€is€such€that€it€Ïneeds€to€be€brought€to€the€attention€of€the€AAs.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€sensitivity€level€of€the€information€being€processed€is€significantly€changed.Ð    áØ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àThe€security€modeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e      + Ôñš%ññ›%ñ€of€operation€is€changed.Ð    •Œ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àAIS€facilityñ ›%ññš%ñÔ!     f a c i l i t y     o! Ôñš%ññ›%ñ€or€remote€terminal€area€changes€occur,€including€relocations€orÐ   	 I@    Ðstructural€modifications,€which€may€affect€AIS€security.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àWhenever€a€major€office€relocation€occurs€(e.g.,€moves€to€a€new€building),€theÏAIS€Security€Officer€should€conduct€an€AIS€compliance€review€to€decide€whetherÏthe€change€in€physical€location€impacts€the€AIS€security€posture.€€The€results€ofÏthe€security€review€should€be€retained€as€part€of€Customs€AIS€securityÏdocumentation.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àAn€AIS€security„related€event€occurs€that€appears€to€invalidate€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ.Ð    ó&ê") ¸(#¸(#  ÐÌà0     à(8)à0    `	(#(# àThe€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€package€revision€and€review€process€will€include€at€least€the€followingÐ   	 §(ž$+   Ðactivities€and€information.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àThe€same€steps€required€for€the€original€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€package€will€be€completed.€Ð   	 5+,'.   ÐPortions€of€the€package€which€configuration€managementñ ›%ññš%ñÔA  7   c o n f i g u r a t i o n   m a n a g e m e n t     1A Ôñš%ññ›%ñ€shows€to€still€be€valid,Ïneed€not€be€redone.Ð    ¸(#¸(#  ÐÐ   	 Ã-º)1   Ðà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€IRMñ ›%ññš%ñÔ     I R M     " Ôñš%ññ›%ñ€and€SPDñ ›%ññš%ñÔ     S P D     " Ôñš%ññ›%ñ€representatives€will€review€and€approve€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     X+ Ôñš%ññ›%ñ,Ð   	 	      Ðsummary€of€compliance,€and€statement€of€residual€riskñ ›%ññš%ñÔ+  !   r e s i d u a l   r i s k     X+ Ôñš%ññ›%ñ,€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àThe€appropriate€AAs€will€review€and€reaccredit€the€AIS.Ð    —Ž ¸(#¸(#  ÐÌà0     à(9)à0    `	(#(# àThe€AIS€Security€Officer€will€maintain€a€record€system€containing€the€status€of€theÐ   	 KB   Ðdocuments€in€the€Customs€AIS€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ€packages.Ð    `	(#`	(#  ÐÌÔ&  Ž Ôà0     à(10)à0    `	(#(# àThe€AAs€are€the€only€ones€authorized€to€exempt€an€operation€from€the€securityÐ   	 Ù
Ð   Ðrequirements€specified€in€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ€statement.€€This€exemptionñ ›%ññš%ñÔ#     e x e m p t i o n     o# Ôñš%ññ›%ñ€must€be€formallyÏdocumented€in€a€written€waiverñ ›%ññš%ñÔ     w a i v e r     n Ôñš%ññ›%ñ€and€retained€with€the€original€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ€package.Ô'  ŽÙ
B  ÔÐ    `	(#`	(#  ÐÌòòÔ
     Ô3.5à0     àPROCEDURES€AND€PRACTICESÔ    oD  ÔóóÐ    A8
 (#(#  ÐÌà0     àThis€policy€manual€does€not€contain€AIS€security„related€procedures€and€practices.€€They€areÏpresented€separately€and€provided€to€Customs€AIS€users,€administrators,€and€operators,€asÏappropriate.€€Procedures€and€practices€explain€specific€AIS€security€mechanism€operations€so€thatÏusers,€administrators,€and€operators€may€consistently€and€effectively€protect€Customs€information.€ÏSuch€information€should€also€be€addressed€during€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ,€when€applicable.€(€See€also:€SectionÏ1.5.1)Ð    (#(#  ÐÌòòÔ
     Ô3.6à0     àEDUCATIONñ ›%ññš%ñÔ#     E D U C A T I O N     :# Ôñš%ññ›%ñ,€TRAININGñ ›%ññš%ñÔ!     T R A I N I N G      ! Ôñš%ññ›%ñ,€AND€AWARENESSÔ    G  Ôóóñ ›%ññš%ñÔ#     A W A R E N E S S     :# Ôñš%ññ›%ñÐ    ëâ (#(#  ÐÌà0     àð ðThe€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t      ; Ôñš%ññ›%ñ€requires€Federal€agencies€to€provide€for€the€mandatory€periodicÏtrainingñ ›%ññš%ñÔ!     t r a i n i n g     e! Ôñš%ññ›%ñ€in€computer€security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     c# Ôñš%ññ›%ñ€and€accepted€computer€security€practice€of€all€employeesÏwho€are€involved€with€the€management,€use,€or€operation€of€a€Federal€computer€system€within€orÏunder€the€supervision€of€the€Federal€agency.€€This€includes€contractors€as€well€as€employees€ofÏthe€agency.ððÐ    (#(#  ÐÌà0     àð ðTraining€is€particularly€important€in€view€of€the€changing€nature€of€information€resourcesÏmanagement.€€Decentralization€of€information€technology€has€placed€the€management€of€automatedÏinformation€and€information€technology€directly€in€the€hands€of€nearly€all€agency€personnel€ratherÏthan€in€the€hands€of€a€few€employees€at€centralized€facilities.ððÐ    (#(#  ÐÌà0     àð ðThe€OMB€Circular€A„130ñ ›%ññš%ñÔ     A „ 1 3 0       Ôñš%ññ›%ñ,€Appendix€III€enforces€such€mandatory€trainingñ ›%ññš%ñÔ!     t r a i n i n g     ! Ôñš%ññ›%ñ€by€requiring€itsÏcompletion€prior€to€granting€access€to€the€system.ðð€€[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     g Ôñš%ññ›%ñ,AIII]Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àThe€Directorñ ›%ññš%ñÔ!     D i r e c t o r     ! Ôñš%ññ›%ñ,€AIS€Security€Division,€shall€ensure€that€a€Customs€AIS€Security€Educationñ ›%ññš%ñÔ#     E d u c a t i o n     )# Ôñš%ññ›%ñ,Ð   	 ‹#‚%   ÐTrainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ,€and€Awarenessñ ›%ññš%ñÔ#     A w a r e n e s s     )# Ôñš%ññ›%ñ€Program€is€established.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àTrainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€may€be€presented€in€stages,€for€example,€as€more€access€is€granted.€€In€someÐ   	 &"(   Ðcases,€the€trainingñ ›%ññš%ñÔ!     t r a i n i n g     Ö! Ôñš%ññ›%ñ€should€be€in€the€form€of€classroom€instruction.€€In€other€cases,Ïinteractive€computer€sessions€or€well-written€and€understandable€brochures€may€beÏsufficient,€depending€on€the€risk€and€magnitude€of€harm€related€to€the€subject€matter.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àRefresher€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s      # Ôñš%ññ›%ñ€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€frequency€shall€be€determined€by€the€Directorñ ›%ññš%ñÔ!     D i r e c t o r      ! Ôñš%ññ›%ñ,€AIS€Security.Ð    [*R&- `	(#`	(#  ÐÌà0     à(4)à0    `	(#(# àEach€new€user€of€a€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ€in€some€sense€introduces€a€risk€to€all€otherÐ   	 ,(/   Ðusers.€Therefore,€each€user€should€be€versed€in€acceptable€behavior€--€the€rules€of€theÏsystemñ ›%ññš%ñÔ7  -   r u l e s   o f   t h e   s y s t e m     m7 Ôñš%ññ›%ñ€--€before€being€allowed€to€use€the€system.Ð    Ã-º)1 `	(#`	(#  Ð‡à0     à(5)à0    `	(#(# àTrainingñ ›%ññš%ñÔ!     T r a i n i n g     Ö! Ôñš%ññ›%ñ€should€be€tailored€to€what€a€user€needs€to€know€to€use€the€system€securely,€givenÐ   	 	      Ðthe€nature€of€that€use,€and€how€to€get€help€in€the€event€of€difficulty€with€using€or€securityÏof€the€system.Ð    `	(#`	(#  ÐÌÔ&  Ž Ôà0     à(6)à0    `	(#(# àAccess€provided€to€members€of€the€public€should€be€constrained€by€controls€in€theÐ   	 qh   Ðapplications€through€which€access€is€allowed,€and€trainingñ ›%ññš%ñÔ!     t r a i n i n g     Ö! Ôñš%ññ›%ñ€should€be€within€the€context€ofÏthose€controls.Ô'  ŽqU  ÔÐ    `	(#`	(#  ÐÌÔ&  Ž Ôà0     à(7)à0    `	(#(# àAdditional€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     ˆ# Ôñš%ññ›%ñ€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€will€be€provided€when€significant€changes€occur€in€AISÐ   	 Ù
Ð   Ðsecurity€environments€or€procedures,€or€to€employees€who€assume€new€positions€orÏassignments€dealing€with€information€at€a€higher€level€of€sensitivity.Ô'  ŽÙ
îV  ÔÐ    `	(#`	(#  ÐÌà0     à(8)à0    `	(#(# àSecurity€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     ˆ# Ôñš%ññ›%ñ€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€should€include€the€following€topics,€as€appropriate.Ð    A8
 `	(#`	(#  Ð.Ìà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àCommon€AIS€threats,€vulnerabilities,€and€risks.Ð    õì ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àInformation€accessibility,€handling,€labeling,€and€storage€protectionÐ   	 ©    Ðconsiderations.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àPhysical€and€environmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     X+ Ôñš%ññ›%ñ€AIS€protection€considerations.Ð    7. ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àAIS€data€access€controls€and€rules€of€behaviorñ ›%ññš%ñÔ3  )   r u l e s   o f   b e h a v i o r     3 Ôñš%ññ›%ñ.Ð    ëâ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àProcedures€for€disasterñ ›%ññš%ñÔ!     d i s a s t e r     e! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     e! Ôñš%ññ›%ñ€and€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y     v' Ôñš%ññ›%ñ€operations€plans.Ð    Ÿ– ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àAIS€security€configuration€managementñ ›%ññš%ñÔA  7   c o n f i g u r a t i o n   m a n a g e m e n t     2A Ôñš%ññ›%ñ€and€control€requirements.Ð    SJ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àAIS„related€security€incident€reporting€requirements€and€procedures.Ð    þ ¸(#¸(#  ÐÌà0     à(9)à0    `	(#(# àSpecialized€trainingñ ›%ññš%ñÔ!     t r a i n i n g     i! Ôñš%ññ›%ñ€is€required€for€all€individuals€given€access€to€an€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ,€includingÐ   	 »²   Ðmembers€of€the€public.€€It€should€vary€depending€on€the€type€of€access€allowed€and€theÏrisk€that€access€represents€to€the€security€of€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€and€information€in€it.€€ThisÏtrainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€will€be€in€addition€to€that€required€for€access€to€a€support€system.€€Such€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñÏmay€vary€from€a€notification€at€the€time€of€access€(e.g.,€for€members€of€the€public€usingÏan€information€retrieval€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ)€to€formal€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€(e.g.,€for€an€employee€that€worksÏwith€a€high-risk€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ).Ð    `	(#`	(#  ÐÌÔ&  h Ôà0     à(10)à0    `	(#(# àAll€personnel€who€design,€develop,€operate,€or€maintain€sensitive€AIS€will€be€providedÐ   	 ‹#‚%   Ðsecurity€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€appropriate€to€the€level€of€risk€they€present€to€Customs€AIS.€€The€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñÏshall€address€the€types€of€security€and€internal€control€techniques€that€ought€to€beÏincorporated€into€AIS€development,€operation,€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñ.Ô'  h‹#£c  ÔÐ    `	(#`	(#  ÐÌà0     à(11)à0    `	(#(# àAIS€Security€Administration€should€be€consulted€for€guidance€on€achieving€trainingñ ›%ññš%ñÔ!     t r a i n i n g     e! Ôñš%ññ›%ñÐ   	 Í'Ä#*   Ðobjectives.Ð    `	(#`	(#  ÐÌòòÔ
     Ô3.7à0     àSECURITY€OVERSIGHTÔ    åf  Ôóóñ ›%ññš%ñÔ#     O V E R S I G H T     :# Ôñš%ññ›%ñÐ    [*R&- (#(#  ÐÌà0     àThe€ADP€Steering€Committeeñ ›%ññš%ñÔ5  +   S t e e r i n g   C o m m i t t e e      5 Ôñš%ññ›%ñ,€Security€Subcommittee,€is€the€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     m# Ôñš%ññ›%ñ€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     m# Ôñš%ññ›%ñ€for€Customs€AISÏSecurity€Program.€€(See€also:€Section€2.2(2))Ð    (#(#  ÐÐ   	 Ã-º)1   Ðà0     àThe€AIS€Security€Officer€conducts€ongoing€day„to„day€operational€policy„related€security€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     ˆ# Ôñš%ññ›%ñÏactivities€and€ensures€that€periodic€AIS€security€reviews€are€conducted.Ð    (#(#  ÐÌÔ&  h Ôà0     à(1)à0    `	(#(# àThe€AIS€Security€Officer€must€develop€and€maintain,€with€the€assistance€of€AIS€SecurityÐ   	 —Ž   ÐAdministration,€IRMñ ›%ññš%ñÔ     I R M     i Ôñš%ññ›%ñ,€and€SPDñ ›%ññš%ñÔ     S P D     i Ôñš%ññ›%ñ€managers,€a€list€of€AISs€requiring€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ.€€This€listÏmust€be€annually€verified€and€should€include€the€recommended€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     X+ Ôñš%ññ›%ñ€priority€andÏAA€identity€for€each€AIS.Ô'  h—þi  ÔÐ    `	(#`	(#  ÐÌÔ&  Ž Ôà0     à(2)à0    `	(#(# àGiven€the€global€nature€of€Customs€AIS€resources,€the€appointment€of€DSOs€provide€localÐ   	 Ù
Ð   Ðoversightñ ›%ññš%ñÔ#     o v e r s i g h t     o# Ôñš%ññ›%ñ€and€help€to€ensure€adherence€to€AIS€security€policy.€€They€provide€points„of„¼contact€for€accomplishing€AIS€security„related€activities.Ô'  ŽÙ
cl  ÔÐ    `	(#`	(#  Ðà0     àÐ    (#(#  Ðà0     à(3)à0    `	(#(# àCustoms€Office€of€Information€and€Technology€(OIT)€is€a€sign„off€to€AIS„relatedÐ   	 A8
   Ðacquisitions€and€will€enforce€AIS€security€as€part€of€the€procurement€process.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àThe€AIS€Security€Officer€reviews€and€authorizes€all€security„related€acquisitions€forÏsensitive€AISs€to€ensure€that€the€appropriate€AIS€security€requirements€are€included€in€theÏspecifications€for€the€operation€of€an€AIS€installation€facilityñ ›%ññš%ñÔ!     f a c i l i t y      ! Ôñš%ññ›%ñ,€equipment,€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñÏsystem,€or€the€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n      ' Ôñš%ññ›%ñ€of€AIS€hardware,€software,€or€related€services.Ð    `	(#`	(#  ÐÌà0     à(4)à0    `	(#(# àThe€Contracting€Officerñ ›%ññš%ñÔ7  -   C o n t r a c t i n g   O f f i c e r     N7 Ôñš%ññ›%ñ€Technical€Representative€(COTRñ ›%ññš%ñÔ     C O T R     c Ôñš%ññ›%ñ)€has€contract€oversightñ ›%ññš%ñÔ#     o v e r s i g h t      # Ôñš%ññ›%ñ€and€willÐ   	    Ðensure€that€the€contractor„related€AIS€security€requirements€are€followed€throughout€theÏcontract€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     O% Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     à(5)à0    `	(#(# àThe€AIS€security€policy€program€is€implemented€through€the€following€actions:Ð    yp `	(#`	(#  ÐÌà0     àà0    `	(#(# à(i)à0    ¸`	(#`	(# àappointment€of€DSOs;Ð    -$ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(ii)à0    ¸`	(#`	(# àacquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     f' Ôñš%ññ›%ñ€reviews;Ð    áØ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(iii)à0    ¸`	(#`	(# àreview€and€approvalñ ›%ññš%ñÔ!     a p p r o v a l     n! Ôñš%ññ›%ñ€of€security€requirements€to€support€AIS€development;Ð    •Œ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(iv)à0    ¸`	(#`	(# àpreparation,€approvalñ ›%ññš%ñÔ!     a p p r o v a l     n! Ôñš%ññ›%ñ,€and€implementation€of€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     i+ Ôñš%ññ›%ñ€requirements;Ð    I@  ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(v)à0    ¸`	(#`	(# àpreparation€and€approvalñ ›%ññš%ñÔ!     a p p r o v a l     i! Ôñš%ññ›%ñ€of€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     i+ Ôñš%ññ›%ñ€documentation;Ð    ý ô" ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(vi)à0    ¸`	(#`	(# àsecurity€trainingñ ›%ññš%ñÔ!     t r a i n i n g     i! Ôñš%ññ›%ñ€reviews;Ð    ±"¨$ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(vii)à0    ¸`	(#`	(# àsecurity€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€and€auditing;€andÐ    e$\ & ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(viii)à0    ¸`	(#`	(# àsecurity€incident€reporting.Ð	    &"( ¸(#¸(#  ÐÑ    e Ññ›%ñÖ  €  Y é   Öñ›%ññ ›%ñÖ  €ñ  Y é   Öñ›%ññ›%ñÖ €  Z é   Öñ›%ññ ›%ñÖ €ô  Z é   Öñ›%ñØ       ØØ       ØÑ €\   [  ÑÔ ‡  °üª ° & &ù´ ÔÓ   ÓCHAPTER€4Ð   	 X      ÐòòÔ
      ÔMINIMUM€SECURITY€REQUIREMENTSÔ     ©z  ÔÔ# †  &ù´ & ° °üª]z # ÔóóÐ   	 8à   ÐßA €& - )                 °° x         d  E°¨ xA ßÓ  |z  ÓÐ   	 À   ÐÌà0     àThe€AIS€security€goal€is€to€develop€a€functionally€secure,€efficient,€cost„effective€environmentÏbased€on€an€assessment€of€security€risks€and€safeguards.€€All€AISs€processing,€storing,€orÏtransmitting€sensitive€information€must€meet€the€requirements€of€this€policy€through€automated€orÏmanual€means.€€More€stringent€requirements€may€be€imposed€based€on€a€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     V+ Ôñš%ññ›%ñ.Ð    (#(#  ÐÌà0     àThis€section€documents€the€minimum€security€requirements€for€Customs€AISs€processing€sensitiveÏdata€with€respect€to:€Facilityñ ›%ññš%ñÔ!     F a c i l i t y     s! Ôñš%ññ›%ñ,€Personnel,€Automated,€and€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     :5 Ôñš%ññ›%ñ€security.Ð    (#(#  ÐÌòòÔ
     Ô4.1à0     àFACILITYñ ›%ññš%ñÔ!     F A C I L I T Y     i! Ôñš%ññ›%ñ€SECURITYÔ    ´~  ÔóóÐ    i (#(#  ÐÌà0     à(1)€à0    `	(#(# àThe€Security€Programs€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n      E Ôñš%ññ›%ñ€(SPDñ ›%ññš%ñÔ     S P D     i Ôñš%ññ›%ñ),€Security€Management€Branch,€prescribes€policies,Ð   	 Å   Ðprocedures,€and€standards€for€the€Customs€facilityñ ›%ññš%ñÔ!     f a c i l i t y     r! Ôñš%ññ›%ñ€security€program.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àFacilityñ ›%ññš%ñÔ!     F a c i l i t y     r! Ôñš%ññ›%ñ€security€addresses€the€requirements€to€provide€adequate€physical€andÐ   	 «S   Ðenvironmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     m+ Ôñš%ññ›%ñ€controls€based€on€the€level€of€risk€to€the€AISs€supported€in€a€facilityñ ›%ññš%ñÔ!     f a c i l i t y     t! Ôñš%ññ›%ñ,€asÏidentified€by€a€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     m+ Ôñš%ññ›%ñ.€€The€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     i3 Ôñš%ññ›%ñ€must€not€be€less€than€the€minimumÏrequirements€discussed€in€this€section,€unless€a€written€waiverñ ›%ññš%ñÔ     w a i v e r       Ôñš%ññ›%ñ€has€been€granted€by€theÏAccrediting€Authorities€(AAs).Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àFor€the€purposes€of€this€policy,€an€AIS€facilityñ ›%ññš%ñÔ!     f a c i l i t y     o! Ôñš%ññ›%ñ€includes€physical€space€housing€AISÐ   	 Ço   Ðequipment€such€as€terminals,€microcomputers,€mainframe€systems,€communicationsÏequipment,€or€supporting€environmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     l+ Ôñš%ññ›%ñ€control€utilities.€€Facilities€also€include€dataÏstorage€and€AIS€documentation€libraries€(e.g.,€off„siteñ ›%ññš%ñÔ     s i t e     n Ôñš%ññ›%ñ€back„up€storage€facilities).Ð    `	(#`	(#  ÐÌòòÔ
     Ô4.1.1à0     àPhysicalÔ    V†  ÔóóÐ    	± (#(#  ÐÌà0     à(1)à0    `	(#(# àPhysical€securityñ ›%ññš%ñÔ3  )   P h y s i c a l   s e c u r i t y     i3 Ôñš%ññ›%ñ€is€concerned€with€the€measures€designed€to€prevent€unauthorized€physicalÐ   	 ½e   Ðaccess€to€equipment,€facilities,€material,€information,€and€documents,€and€to€safeguardÏthem€against€espionage,€sabotage,€damage,€tampering,€theft,€and€other€covert€or€overtÏacts.€€AIS€hardware,€software,€documentation,€and€all€sensitive€information€handled€byÏthe€AIS€will€be€protected€to€prevent€unauthorized€disclosure,€modification,€or€destruction.€ÏAIS€hardware,€software,€or€documentation€must€be€protected€if€access€to€such€resourcesÏmay€reveal€information€that€can€be€used€to€eliminate,€bypass,€or€otherwise€renderÏineffective€the€security€safeguards€(countermeasures)€used€to€protect€sensitive€information.Ð    `	(#`	(#  ÐÌà0     àÔ&   Ô(2)à0    `	(#(# àSensitive€Customs€information,€while€operational,€must€be€processed,€stored,€orÐ   	 g%#'   Ðtransmitted€in€physical€spaces€(i.e.,€buildings,€communications€facilities,€etc.)€which€areÏunder€exclusive€Customs€control,€including€MOUs€(Memorandum€of€Understanding)€andÏcontractual€agreements.€€When€not€in€operation,€or€under€the€direct€control€of€anÏauthorized€person,€Customs€AISs€and€information€must€be€protected€by€control€systemsÏand€measures€consistent€with€Customs€facilityñ ›%ññš%ñÔ!     f a c i l i t y     ! Ôñš%ññ›%ñ€security€program.Ô'  g%Š  ÔÐ    `	(#`	(#  ÐÌà0     àà0    `	(#(# àPrior€to€conducting€sensitive€AIS€operations€at€any€location,€AIS€security€planning€mustÏconsider€the€facilityñ ›%ññš%ñÔ!     f a c i l i t y     ! Ôñš%ññ›%ñ€security€program€as€part€of€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€process.Ð    `	(#`	(#  ÐÐ    -¹*0    ÐÔ&  h Ôà0     à(3)à0    `	(#(# àFor€all€types€of€facilities€where€sensitive€information€is€stored,€processed,€or€transmitted,Ð   	 	      Ðphysical€access€will€be€restricted€to€those€individuals€who€are€authorized€according€to€theÏpersonnel€security€requirements€and€who€are€necessary€to€complete€assigned€job€functionsÏand€related€duties.€€(See€also:€Section€4.2)Ô'  h	ø  ÔÐ    `	(#`	(#  ÐÌà0     àà0    `	(#(# àAll€other€personnel€granted€facilityñ ›%ññš%ñÔ!     f a c i l i t y     Ö! Ôñš%ññ›%ñ€access€must€be€properly€escorted€and€restricted€to€thoseÏareas€necessary€to€complete€their€tasks.€€Sensitive€Customs€information€must€be€protectedÏfrom€unauthorized€disclosure€to€such€persons.Ð    `	(#`	(#  ÐÌòòÔ
     Ô4.1.2à0     àEnvironmentalÔ    ú  Ôóóñ ›%ññš%ñÔ+  !   E n v i r o n m e n t a l     X+ Ôñš%ññ›%ñÐ    ³ª	 (#(#  ÐÌà0     à(1)à0    `	(#(# àEnvironmentalñ ›%ññš%ñÔ+  !   E n v i r o n m e n t a l     X+ Ôñš%ññ›%ñ€controls€address€the€requirements€to€provide€appropriate€temperature€andÐ   	 g^	   Ðhumidity€controls,€fire€protection,€power,€and€natural€disasterñ ›%ññš%ñÔ!     d i s a s t e r     t! Ôñš%ññ›%ñ€protection€necessary€toÏensure€the€continuity€of€operationsñ ›%ññš%ñÔA  7   c o n t i n u i t y   o f   o p e r a t i o n s     ÖA Ôñš%ññ›%ñ€for€AIS€facilities€and€equipment.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àAreas€that€support€desktop€AIS€equipment€generally€require€environmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     p+ Ôñš%ññ›%ñ€controlsÐ   	 ÏÆ   Ðspecified€for€human€safety€and€comfort.€€Additional€physical,€electrical,€temperature,€andÏhumidity€controls€may€be€needed€to€ensure€reliable€AIS€operations€in€some€cases.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àFacilities€supporting€large„scale€AIS€operations,€such€as€mainframe€computers€andÐ   	 7.   Ðtelecommunication€facilities,€may€require€additional€environmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     p+ Ôñš%ññ›%ñ€controls€as€determinedÏby€operational€needs€and€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     p+ Ôñš%ññ›%ñ.€€The€following€additional€controls€should€beÏconsidered:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àFire€prevention,€detection,€suppression,€and€protection€measures.Ð    yp ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àWater€hazard€detection,€prevention,€and€corrective€measures.Ð    -$ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àElectric€power€supply€protection.Ð    áØ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àTemperature€and€humidity€controls.Ð    •Œ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àProtective€or€control€measures€from€the€effects€of€earthquakes,€lightning,Ð   	 I@    Ðwindstorms,€and€other€natural€disasters.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àProtective€or€control€measures€from€the€effects€of€industrial,€environmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     p+ Ôñš%ññ›%ñ,€orÐ   	 ×!Î#   Ðother€physical€conditions€which€might€seriously€impact€normal€AIS€operations.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(g)à0    ¸`	(#`	(# àHousekeeping€protection€from€dirt,€dust,€and€other€contaminants.Ð    e$\ & ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(h)à0    ¸`	(#`	(# àPersonnel€safety€features.Ð    &"( ¸(#¸(#  ÐÌòòÔ
     Ô4.2à0     àPERSONNEL€SECURITYÔ    Eœ  ÔóóÐ    Í'Ä#* (#(#  ÐÌà0     à(1)à0    `	(#(# àThe€Security€Programs€Divisionñ ›%ññš%ñÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n     @E Ôñš%ññ›%ñ€(SPDñ ›%ññš%ñÔ     S P D     i Ôñš%ññ›%ñ)€sets€policy€and€provides€procedures€and€guidanceÐ   	 )x%,   Ðin€support€of€Customs€personnel€security€program.€€Prior€to€conducting€AIS€operations,Ïand€as€part€of€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     m+ Ôñš%ññ›%ñ€process,€AIS€security€planning€must€consider€the€personnelÏsecurity€program.Ð    `	(#`	(#  Ðâ
    
 âÐ   	 é,à(0   ÐÔ&  Ž Ôâ
    
 âà0     à(2)à0    `	(#(# àòòAll€personnelóó€entrusted€with€the€management,€operation,€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ,€or€use€of€a€CustomsÐ   	 	      ÐAIS€processing,€storing,€or€transmitting€sensitive€information€require€appropriateÏpersonnel€security€approvalñ ›%ññš%ñÔ!     a p p r o v a l     e! Ôñš%ññ›%ñ.€€[USCS€51000„05]Ô'  Ž	ñž  ÔÐ    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àòòCustoms€personnelóó€and€òòNon„Customsñ ›%ññš%ñÔ'     N o n „ C u s t o m s     Ö' Ôñš%ññ›%ñ€contractor€personnelóó€entrusted€with€the€management,Ð   	 qh   Ðoperation,€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ,€or€use€of€sensitive€Customs€AISs€require€an€appropriateÏauthorization€and€must€have€a€completed€Background€Investigation€(BI).Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à[USCS€1460„010]Ð    `	(#`	(#  ÐÌà0     à(4)à0    `	(#(# àòòNon„Customsñ ›%ññš%ñÔ'     N o n „ C u s t o m s     Ö' Ôñš%ññ›%ñ€government€personnelóó€entrusted€with€the€management,€operation,Ð   	 ³ª	   Ðmaintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ,€or€use€of€sensitive€Customs€AISs€require€an€appropriate€authorization€andÏbackground€investigation.Ð    `	(#`	(#  ÐÌà0     à(5)à0    `	(#(# àòòNon„Customsñ ›%ññš%ñÔ'     N o n „ C u s t o m s     Ö' Ôñš%ññ›%ñ€personnel€(members€of€the€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y     Ù/ Ôñš%ññ›%ñ)óó,€who€use€Customs€AISs€mustÐ   	    Ðbe€authorized€in€writing€by€the€AIS€Security€Officer,€Process€Ownerñ ›%ññš%ñÔ+  !   P r o c e s s   O w n e r      + Ôñš%ññ›%ñ,€or€some€otherÏformalized€process€that€assures€appropriate€authorization.Ð    `	(#`	(#  ÐÌà0     à(6)à0    `	(#(# àòòNon„Customsñ ›%ññš%ñÔ'     N o n „ C u s t o m s      ' Ôñš%ññ›%ñ€AIS€technical€support€personnelóó€who€are€required€to€perform€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñÐ   	 ƒz   Ðon€Customs€AISs€within€Customs„controlled€facilities€may€be€approved€for€unescortedÏaccess€based€on€an€appropriate€authorization€and€a€completed€BI.Ð    `	(#`	(#  ÐÌà0     à(7)à0    `	(#(# àAIS€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     e! Ôñš%ññ›%ñ€must€be€provided€to€all€personnel€who€manage,€operate,€develop€orÐ   	 ëâ   Ðuse€AISs.€€(See€also:€Section€3.6)Ð    `	(#`	(#  ÐÌòòÔ
     Ô4.3à0     àAUTOMATED€SECURITYÔ    æ¨  ÔóóÐ    yp (#(#  ÐÌà0     àThis€section€establishes€near„term€requirements€and€long„term€goals€to€improve€the€security€ofÏCustoms€AISs€through€increasing€reliance€on€automated€security€features.€€Theòò€minimum€securityÐ   	 þ   Ðrequirementsóó€addressed€in€this€section€are€feasible€in€the€current€Customs€AIS€environment.€€AsÐ   	 ãÚ   Ðtechnology€evolves,€the€òòdesirable€security€featuresóó€identified€in€this€section€should€be€assessedÐ   	 ¿¶   Ðduring€AIS€planning€and€development.Ð    (#(#  ÐÌòòÔ
     Ô4.3.1à0     àMinimum€Security€RequirementsÔ    [«  ÔóóÐ    OF  (#(#  ÐÌòòà0     àNational€Policy€on€Controlled€Access€Protectionóó.€€The€White€House,€€NationalÐ   	 !ú"   ÐTelecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ€and€Information€Systems€Security€Committee,€07/15/87,€directs€that€byÏFederal€agencies€must€provide€automated€Controlled€Access€Protection€(C2ñ ›%ññš%ñÔ     C 2     c Ôñš%ññ›%ñ€level)€for€all€sensitiveÏor€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     a% Ôñš%ññ›%ñ€information€processed€or€maintained€by€AIS,€when€all€users€do€not€have€the€sameÏauthorization€to€use€the€sensitive€information.€€[NTISSP€200]Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àAISs€used€for€the€processing€of€sensitive€information€must€have€the€security€functionalityÐ   	 &"(   Ðof€the€C2ñ ›%ññš%ñÔ     C 2     s Ôñš%ññ›%ñ€level€of€trust,€as€defined€in€the€Department€of€Defense€(DoD),€òòTrustedÐ   	 ù&ð")   ÐComputer€System€Evaluation€Criteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ€(TCSECñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñ).€€[5200.28„STD]Ð    Ó'Ê#* `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àIn€cases€where€C2ñ ›%ññš%ñÔ     C 2     C Ôñš%ññ›%ñ€functional€security€requirements€are€time€consuming,Ð   	 ‡)~%,   Ðtechnically€unsound,€or€adversely€affect€operations€to€an€unacceptable€degree,Ïother€safeguards€may€be€substituted€if€they€maintain€the€level€of€system€securityÏcommensurate€with€the€sensitivity€of€the€data.€€The€AIS€Security€Officer€mustÏapprove€exceptions€(written€waiverñ ›%ññš%ñÔ     w a i v e r     C Ôñš%ññ›%ñ)€to€C2ñ ›%ññš%ñÔ     C 2     e Ôñš%ññ›%ñ€functional€security€requirements€forÏsensitive€AIS.€€(See€also:€Appendix€C)Ð    É-À)1 ¸(#¸(#  Ð‡à0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€National€Computer€Security€Center€(NCSC)€Technical€Guide,€òòTrustedÐ   	 	      ÐNetwork€Interpretation€of€the€Trusted€Computer€System€Evaluation€Criteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     Ög Ôñš%ññ›%ñ€(TNI„Ð   	 ãÚ    ÐTCSECñ ›%ññš%ñÔ     T C S E C     8 Ôñš%ññ›%ñ,€commonly€known€as€the€ð ðred€bookðð),€provides€guidance€on€achievingÏC2ñ ›%ññš%ñÔ     C 2     8 Ôñš%ññ›%ñ€functionality€in€networksñ ›%ññš%ñÔ!     n e t w o r k s     ! Ôñš%ññ›%ñ.€€[NCSC„TG„005]Ð    ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àThe€design€of€AISs€that€process,€store,€or€transmit€sensitive€information€must€include€atÐ   	 KB   Ða€minimum,€the€automated€security€features€discussed€in€this€section.€€Security€safeguardsÏwill€be€in€place€to€ensure€each€person€having€access€to€a€sensitive€AIS€is€individuallyÏaccountable€for€their€actions€on€the€system.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòUser€Identificationóó.€€User€access€will€be€controlled€and€limited€based€on€positiveÐ   	 „
   Ðuser€identification€and€authentication€mechanisms€that€support€the€minimumÏrequirements€of€access€control,€least€privilegeñ ›%ññš%ñÔ/  %   l e a s t   p r i v i l e g e      / Ôñš%ññ›%ñ,€and€system€integrity.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòAuthenticationóó.€€For€AIS€requiring€authentication€controls,€the€AIS€will€ensureÐ   	 õì   Ðthat€each€user€is€authenticated€prior€to€AIS€access.€€The€preferred€method€forÏauthenticating€users€is€a€passwordñ ›%ññš%ñÔ!     p a s s w o r d     i! Ôñš%ññ›%ñ€system€where€authentication€is€done€each€timeÏthe€passwordñ ›%ññš%ñÔ!     p a s s w o r d     i! Ôñš%ññ›%ñ€is€used.€€More€sophisticated€authentication€techniques,€such€asÏð ðsmart€cards,ðð€MISSIñ ›%ññš%ñÔ     M I S S I     d Ôñš%ññ›%ñ€(Multilevel€Information€Systems€Security€Initiative)Ïtechnology€(Fortezza,€Capstone,€etc.),€biological€recognition€systems€(retinaÏscanners,€hand€print,€voiceñ ›%ññš%ñÔ     v o i c e     d Ôñš%ññ›%ñ€recognition,€etc.),€must€be€cost„justified€through€theÏrisk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€process.€€[MISSI]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòAuditñ ›%ññš%ñÔ     A u d i t     a Ôñš%ññ›%ñ€Recordsóó.€€AIS€transactions€are€subject€to€recording€and€routine€review€forÐ   	 Ÿ–   Ðinappropriate€or€illegal€activity.€€Auditñ ›%ññš%ñÔ     A u d i t     a Ôñš%ññ›%ñ€trail€records€should€be€sufficient€in€detailÏto€facilitate€reconstruction€of€events€if€compromise€or€malfunction€occurs,€or€isÏsuspected,€and€should€be€reviewed€as€specified€in€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     6+ Ôñš%ññ›%ñ.€€The€auditñ ›%ññš%ñÔ     a u d i t     y Ôñš%ññ›%ñÏtrail€records€should€contain€at€least€the€following€information.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àIdentifier€of€each€user€and€device€accessing€or€attempting€to€access€anÐ   	 »²   ÐAIS.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àThe€time€and€date€of€the€access€and€of€the€logoff.Ð    I@  (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àIdentify€activities€that€might€modify,€bypass,€or€negate€AIS€securityÐ   	 ý ô"   Ðsafeguards.Ð    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iv)à0    ¸(#¸(# àLog€of€security„relevant€actions€associated€with€processing.Ð    ‹#‚% (#(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àòòObject€Reuseóóñ ›%ññš%ñÔ)     O b j e c t   R e u s e      ) ÔÔ     R e u s e     R Ôñš%ññ›%ñ.€€Sensitive€AIS€must€clearñ ›%ññš%ñÔ     c l e a r     R Ôñš%ññ›%ñ€memory€and/or€data€storage€areas€(RAM,Ð   	 ?%6!'   ÐDASD,€tape,€R/W€Optical,€etc.)€prior€to€reallocation€of€the€area€to€a€differentÏuser.€€This€prevents€one€user€from€obtaining€residual€datañ ›%ññš%ñÔ+  !   r e s i d u a l   d a t a     6+ Ôñš%ññ›%ñ€of€another€user.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àòòAccess€Controlóó.€€Sensitive€AIS€may€implement€additional€discretionary€accessÐ   	 §(ž$+   Ðcontrolñ ›%ññš%ñÔI  ?   d i s c r e t i o n a r y   a c c e s s   c o n t r o l      I Ôñš%ññ›%ñ€(DAC)€measures€such€as€file€passwords,€access€control€lists,€diskÏencryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     y% Ôñš%ññ›%ñ,€or€other€techniques,€as€defined€in€the€approved€system€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     c+ Ôñš%ññ›%ñ.Ð    ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àFor€sensitive€AIS€the€following€òòWarning€Banneróóñ ›%ññš%ñÔ-  #   W a r n i n g   B a n n e r     c- Ôñš%ññ›%ñ€(exactly€as€worded€in€Figure€3)€mustÐ   	 ,(/   Ðbe€displayed€to€users€at€logon€time,€followed€by€a€pause€requiring€manual€intervention€toÏcontinue.€€This€addresses€the€concern€that€users€are€informed€that€all€Customs€AISs€areÐ   	 Ç-¾)1   Ðsubject€to€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g     Ö% Ôñš%ññ›%ñ€and€that€by€using€the€AIS€they€consent€to€such€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g     Ö% Ôñš%ññ›%ñ.Ð    `	(#`	(#  Ðñ›%ñßn €C L D 8 
             ( $  p  x ÿd  p	  `  €  €  E¸
Gp8t t ˆT  ZpÞ ð	ã d 
 n ßâ   	  °ð	°ð	°(#°(# âñ›%ññ ›%ñßn €C ù û 8 
             ( $  p  x ÿd  p	  `  €  €  E¸
Gp8t t ˆT  ZpÞ ð	ã d 
 n ßñ›%ñÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌâ   	  °(#°(#°ð	°ð	 âà0     à(4)à0    `	(#(# àAutomaticòò€interactive„session€timeoutóó€(logoff)€will€be€provided€for€all€general€supportÐ   	 Ÿ–   Ðand/or€sensitive€AISs.€€This€will€lockout€a€user€session€after€an€interval€of€€inactivity,€notÏto€exceed€the€time€interval€and€restart€requirements€specified€in€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     2+ Ôñš%ññ›%ñ.ÏSystem€logon€will€be€required€to€re„access€the€AIS.Ð    `	(#`	(#  ÐÌà0     à(5)à0    `	(#(# àInterconnections€between€sensitive€Customs€AISs€and€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s      ' Ôñš%ññ›%ñ€AISs€must€beÐ   	 áØ   Ðestablished€through€controlled€interfaces€and€will€be€accredited€at€the€highest€security€levelÏof€information€on€the€network.€€Consult€the€AIS€Security€Officer€for€guidance€onÏestablishing€controlled€interfaces.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àControlled€interface€functions€are€a€combination€of€gateway€and€guard€functions.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝGateways€provide€secure€points€of€interconnection€between€networksñ ›%ññš%ñÔ!     n e t w o r k s     ! Ôñš%ññ›%ñ,€connectedÐ   	 ×!Î#   Ðperipheral€devices,€remote€terminals,€or€remote€hosts,€and€provide€a€reliableÏexchange€of€information€to€allow€secure€interconnections€between€components.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝAutomated€guard€processors€and€security€filters€(e.g.,€firewall)€are€software,Ð   	 ?%6!'   Ðcombined€hardware/software€techniques,€or€specialized€hardware€that€filterÏinformation€in€a€data€stream€based€on€associated€security€information€and/or€dataÏcontent.Ð    ¸(#¸(#  ÐÌòòÔ
     Ô4.3.2à0     àSecurity€AssurancesÔ    "Ñ  ÔóóÐ    )x%, (#(#  ÐÌà0     à(1)à0    `	(#(# àAISs€will€be€examined€when€received€from€the€vendorñ ›%ññš%ñÔ     v e n d o r       Ôñš%ññ›%ñ(s)€and€before€being€placed€intoÐ   	 5+,'.   Ðoperation.€€The€following€areas€must€be€considered:Ð    `	(#`	(#  Ðâ
    
 âÐ   	 é,à(0   ÐÔ&  B Ôâ
    
 âà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòHardwareóó.€€An€examination€will€result€in€assurance€that€the€equipment€appears€toÐ   	 	      Ðbe€in€good€working€order€and€has€no€components€that€might€be€detrimental€to€theÏsecure€operation€of€the€resource€when€placed€under€Customs€control€andÏcognizance.€€Subsequent€changes€and€developments€which€affect€security€mayÏrequire€additional€examination.Ô'  B	¬Ò  ÔÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòIn„house€Developed€Softwareóó€or€òòGovernment„Off„The„Shelfóó€(GOTS).€€New€orÐ   	 %	   Ðsignificantly€changed€software€developed€by€or€specifically€for€Customs€or€theÏGovernment€will€be€subject€to€testingñ ›%ññš%ñÔ     t e s t i n g     ‚ Ôñš%ññ›%ñ€and€review€at€all€stages€of€the€development,Ïas€required€by€the€SDLCñ ›%ññš%ñÔ     S D L C     g Ôñš%ññ›%ñ.€€[USCS€5500„4]Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòCommercialñ ›%ññš%ñÔ%     C o m m e r c i a l      % Ôñš%ññ›%ñ„Off„The„Shelf€Software€(COTSñ ›%ññš%ñÔ     C O T S     c Ôñš%ññ›%ñ)óó.€€Commercially€procured€softwareÐ   	 g^	   Ðwill€be€examined€to€assure€that€the€software€does€not€contain€features€which€mightÏbe€detrimental€to€AIS€security.€€Security„related€software€will€be€examined€byÏCustoms€authorized€personnel€to€assure€that€the€security€features€function€asÏspecified.Ð    ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àCustoms€endorses€the€use€of€products€from€the€Evaluated€Products€Listñ ›%ññš%ñÔ?  5   E v a l u a t e d   P r o d u c t s   L i s t      ? Ôñš%ññ›%ñ€(EPLñ ›%ññš%ñÔ     E P L     a Ôñš%ññ›%ñ)€of€theÐ   	 ƒz   ÐNational€Computer€Security€Center€(NCSC).€€EPLñ ›%ññš%ñÔ     E P L     a Ôñš%ññ›%ñ€products€are€computer€systems,Ïsoftware,€or€components€that€protect€information€while€it€is€being€stored€or€processed.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àWhen€certified€as€properly€implemented€through€the€process€discussed€in€Section€3.4,Ïthese€products€will€be€accepted€as€meeting€the€security€requirements€for€the€portion€of€theÏsensitive€AIS€where€they€are€used.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àWhen€EPLñ ›%ññš%ñÔ     E P L     a Ôñš%ññ›%ñ€products€are€not€specified€or€used€for€sensitive€AIS,€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     c+ Ôñš%ññ›%ñ€mustÐ   	 SJ   Ðinclude€a€functionality€statement€and€implementation€schedule€of€how€the€C2ñ ›%ññš%ñÔ     C 2     r Ôñš%ññ›%ñ€security€levelÏfunctionality€will€be€achieved.€The€statement€will€become€part€of€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     c+ Ôñš%ññ›%ñ€packageÏand€must€address€the€following€EPLñ ›%ññš%ñÔ     E P L     d Ôñš%ññ›%ñ€evaluation€areas.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòConfidence€in€software€sourceóó.€€In€acquiring€software€resources€to€be€used€as€partÐ   	 •Œ   Ðof€a€sensitive€AIS,€consideration€will€be€given€to€the€level€of€confidence€placed€inÏthe€vendorñ ›%ññš%ñÔ     v e n d o r     a Ôñš%ññ›%ñ€to€provide€a€quality€product,€to€support€the€security€features€of€theÏproduct,€and€to€help€in€the€correction€of€any€flaws.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòSecurity€performance€testingóóñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ.€€Security€performance€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€includes€bothÐ   	 ×!Î#   Ðcertificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     c+ Ôñš%ññ›%ñ€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€that€is€performed€before€the€AIS€is€accredited€and€ongoingÏperformance€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€that€is€performed€on€a€regular€basis.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àòòSecurity€penetration€testingóóñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ.€€In€addition€to€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€the€performance€of€the€AIS,€Ð   	 ?%6!'   Ðthere€will€be€testingñ ›%ññš%ñÔ     t e s t i n g     t Ôñš%ññ›%ñ€to€attempt€to€penetrate€the€security€safeguards€of€the€system.€ÏThe€test€procedures€will€be€documented€in€the€test€plan€for€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     c+ Ôñš%ññ›%ñ€and€in€theÏongoing€test€plan.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àòòLife„cycleñ ›%ññš%ñÔ%     L i f e „ c y c l e     n% Ôñš%ññ›%ñ€assuranceóó.€€The€development€of€hardware,€firmware,€and€software€willÐ   	 )x%,   Ðbe€conducted€under€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     n% Ôñš%ññ›%ñ€control€and€management.Ð    ¸(#¸(#  ÐÌà0     à(4)à0    `	(#(# àA€configuration€managementñ ›%ññš%ñÔA  7   c o n f i g u r a t i o n   m a n a g e m e n t      A Ôñš%ññ›%ñ€(CM)€system€is€required€to€preserve€the€AIS€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     a+ Ôñš%ññ›%ñÐ   	 ,(/   Ðintegrity€and€maintain€control€of€changes€to€any€of€the€AIS€features€that€may€alter€theÏaccreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     a+ Ôñš%ññ›%ñ€status.€€Examples€of€CM€activities€include€security„related€hardware€changes,Ð   	 Ã-º)1   Ðor€changes€to€any€line€of€source€or€object€code€of€the€security„related€software.€€The€CMÏsystem€will€record€by€whom,€for€what€reason,€and€when€the€change€is€made.€ÏDocumentation€of€the€security„related€hardware€and/or€software€design€will€be€maintainedÏand€kept€current.€€[NCSC„TG„006]Ð    `	(#`	(#  ÐÌòòÔ
     Ô4.3.3à0     àDesirable€Security€FeaturesÔ    /é  ÔóóÐ    KB (#(#  ÐÌà0     à(1)à0    `	(#(# àAIS€planning€must€consider€technological€advances€in€security€features.€The€planningÐ   	 ÿ	ö   Ðprocess€will€be€documented€and€approved€via€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àInteroperability€with€external€systems€must€consider€support€for€digital€signature€standardsÐ   	 „
   Ð(DSS),€nonrepudiation€in€messaging€systems,€and€data€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     n% Ôñš%ññ›%ñ€issues€as€they€relate€toÏinteragency€communications€or€interoperability.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àContinuous€On„Line€Automated€Monitoringñ ›%ññš%ñÔ%     M o n i t o r i n g     n% Ôñš%ññ›%ñ€and€Warning€functions€for€sensitive€AIS€canÐ   	 õì   Ðprovide€real„time€use€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g     n% Ôñš%ññ›%ñ€(auditñ ›%ññš%ñÔ     a u d i t     i Ôñš%ññ›%ñ)€and€real„time€warning€to€the€DSOs€of€suspectedÏAIS€misuse.Ð    `	(#`	(#  ÐÌà0     à(4)à0    `	(#(# àNetwork€Access€Control€Features€should€address€the€following€areas,€to€achieve€C2ñ ›%ññš%ñÔ     C 2     t Ôñš%ññ›%ñ€levelÐ   	 ]T   Ðsecurity€of€communications€paths:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àòòIdentification€and€Authentication€Forwardingóó.€€Reliable€forwarding€of€theÐ   	 ëâ   Ðidentification€should€be€used€between€AISs€when€users€are€connecting€through€aÏnetwork.€€When€identification€forwarding€cannot€be€verified,€a€request€for€accessÏfrom€a€remote€AIS€should€require€authentication€before€permitting€access€to€theÏsystem.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àòòProtection€of€Authenticator€Dataóó.€€In€forwarding€the€authenticator€information€andÐ   	 þ   Ðany€tables€(e.g.,€passwordñ ›%ññš%ñÔ!     p a s s w o r d      ! Ôñš%ññ›%ñ€tables)€associated€with€it,€the€data€should€be€protectedÏfrom€access€by€unauthorized€users€(e.g.,€by€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     n% Ôñš%ññ›%ñ)€to€ensure€its€integrity.Ð    ¸(#¸(#  ÐÌòòÔ
     Ô4.4à0     àADMINISTRATIVE€SECURITYÔ    Bò  ÔóóÐ    of (#(#  ÐÌà0     àAdministrative€security€consists€of€the€controls€and€operational€procedures€used€with€or€in€placeÏof€computer€security€features.€€Administrative€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     É3 Ôñš%ññ›%ñ€must€be€documented€in€the€AISÏsecurity€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     l+ Ôñš%ññ›%ñ,€Security€Features€Userððs€Guideñ ›%ññš%ñÔM  C   S e c u r i t y   F e a t u r e s   U s e r s   G u i d e      M Ôñš%ññ›%ñ€(SFUGñ ›%ññš%ñÔ     S F U G     t Ôñš%ññ›%ñ),€and€Trusted€Facilityñ ›%ññš%ñÔ!     F a c i l i t y     c! Ôñš%ññ›%ñ€Manualñ ›%ññš%ñÔ?  5   T r u s t e d   F a c i l i t y   M a n u a l     G? Ôñš%ññ›%ñ€(TFMñ ›%ññš%ñÔ     T F M     i Ôñš%ññ›%ñ)€forÏeach€accredited€AIS.Ð    (#(#  ÐÌòòÔ
     Ô4.4.1à0     àAccountability€and€Access€Control€CriteriaÔ    Ëõ  ÔóóÐ    e$\ & (#(#  ÐÌà0     àThe€DSO€will€establish€access€control€criteria€and€administrative€procedures€to€limit€access€toÏinformation€processed,€stored,€or€transmitted€by€sensitive€Customs€AISs.€These€activities€areÏdocumented€in€the€AIS€security€planning€process,€approved€by€the€AIS€Security€Officer,€andÏaccredited€as€discussed€in€Section€3.4€and€should€include€at€least€the€following:Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àThe€access€control€criteria€identify€who€is€authorized€AIS€access€and€who€is€responsibleÐ   	 [*R&-   Ðfor€approving€such€access.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àThe€individual€who€requires€access€must€possess€the€appropriate€securityÐ   	 é,à(0   Ðauthorization€and€have€a€valid€need„to„know.Ð    Ã-º)1 ¸(#¸(#  Ð‡à0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€AIS€security€features€must€have€the€capability€to€restrict€the€user's€access€toÐ   	 	      Ðonly€that€information€which€is€necessary€for€scope€of€the€job€or€assignment.Ð    ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àCustoms€and€contractor€personnel€who€access€sensitive€Customs€AISs€must€have€aÐ   	 —Ž   Ðcompleted€BI€(discussed€in€Section€4.2).€€Personnel€must€only€be€granted€access€to€AISsÏfor€which€they€have€a€valid€need„to„know€based€on€their€operational€needs€(i.e.,€principleÏof€least„privilege).Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àCustoms€AISs€are€generally€designed€for€the€use€of€Customs€personnel,€but€by€specialÐ   	 Ù
Ð   Ðarrangements€Customs€may€authorize€certain€types€of€access€to€other€Federal,€State,€local,Ïor€international€law€enforcement€agencies,€other€government€agencies,€private€contractors,Ïand€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y     Ö/ Ôñš%ññ›%ñ€members€in€support€of€particular€operations.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àWritten€requests€for€special€access€must€be€submitted€to€the€appropriate€Customs€SecurityÏAdministrator€who€coordinates€the€AIS€security€process€for€the€sponsoring€organization.€ÏThe€Security€Administrator€will€ensure€that€such€requests€meet€the€following€criteria.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àThe€individual€for€whom€access€is€requested€must€have€appropriate€securityÐ   	 ƒz   Ðauthorization€for€the€information€or€functions€which€are€being€requested.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€individual€must€have€a€valid€need„to„know€(i.e.,€access€is€an€operationalÐ   	    Ðnecessity)€documented€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€by€the€sponsoring€organization.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àThe€AIS€security€features€have€the€capability€to€restrict€the€user's€access€to€only€Ð   	 Ÿ–   Ðinformation€and/or€functions€appropriate€for€the€authorized€activities.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àIf€the€AIS€access€is€for€members€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y     Ö/ Ôñš%ññ›%ñ,€it€must€be€based€on€limits€asÐ   	 -$   Ðspecified€in€formal€agreements€with€Customs.Ð    ¸(#¸(#  ÐÌà0     à(4)à0    `	(#(# àSome€Customs€AISs€are€designed€for€the€support€of€the€law€enforcement,€tradeÐ   	 »²   Ðcommunities€(e.g.,€TECS,€ACS),€and€other€agencies.€€Access€requirements,€controls,€andÏprocedures€are€defined€for€each€system€and€documented€in€its€System€Security€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n      + Ôñš%ññ›%ñ.€ÏReference€the€appropriate€AIS€support€documentation€for€details€related€to€such€systems.Ð    `	(#`	(#  ÐÌòòÔ
     Ô4.4.2à0     àSoftware€and€Data€SecurityÔ    *  ÔóóÐ    ý ô" (#(#  ÐÌà0     à(1)à0    `	(#(# àAll€executable€software€used€on€sensitive€Customs€AISs€should€be€obtained€throughÐ   	 ±"¨$   Ðauthorized€procurement€channels.€€Software€acquired€by€any€other€means€(e.g.,€publicÏdomain€software,€bulletin€board€services,€personally€owned€software€[developed€orÏpurchased])€is€òòrestrictedóó€and€must€be€approved€in€writing€by€AIS€Security€AdministrationÐ   	 ?%6!'   Ðas€an€operational€necessity.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àSafeguards€must€be€in€place€to€detect€and€minimize€inadvertent€or€malicious€modificationÐ   	 Í'Ä#*   Ðor€destruction,€or€attempts€to€do€so,€of€a€sensitive€AIS's€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€software,€operatingÏsystem€software,€and€critical€data€files.€€The€safeguards€should€achieve€the€integrityÏobjectives€and€be€documented€in€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àExecutable€software€authorized€to€run€on€a€sensitive€Customs€AIS€will€beÐ   	 ,(/   Ðidentified€in€the€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     8+ Ôñš%ññ›%ñ.Ð    ¸(#¸(#  ÐÐ   	 Ã-º)1   ÐÔ&  ´ Ôà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€level€of€protection€must€be€commensurate€with€the€sensitivity€of€theÐ   	 	      Ðinformation€processed.Ô'  ´	š
  ÔÐ    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àAt€a€minimum,€essential€data€should€be€backed„up€and€the€media€stored€physicallyÐ   	 —Ž   Ðseparate€from€the€AIS€(preferably€at€an€off„siteñ ›%ññš%ñÔ     s i t e       Ôñš%ññ›%ñ€location).€€Appropriate€AISÏsecurity€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     3 Ôñš%ññ›%ñ€must€be€in€place€to€assure€viability€of€such€back„ups.Ð    ¸(#¸(#  ÐÌà0     à(3)à0    `	(#(# àVirusñ ›%ññš%ñÔ     V i r u s     y Ôñš%ññ›%ñ€and€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     s- Ôñš%ññ›%ñ€(software)€prevention€and€control€measures,€commensurate€withÐ   	 ÿ	ö   Ðthe€identified€level€of€risk,€will€be€employed€to€protect€the€integrity€of€the€software€andÏdata€for€applicable€AIS.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àThe€AIS€Security€Officer€manages€the€virusñ ›%ññš%ñÔ     v i r u s     u Ôñš%ññ›%ñ€protection€program€for€Customs€andÐ   	 g^	   Ðshould€be€contacted€for€approved€prevention€and€control€measures€(e.g.,€behaviorÏdetection,€scanning,€cleanup€techniques€and/or€procedures)€if€there€is€a€suspectedÏor€known€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     s- Ôñš%ññ›%ñ€(software)€threat.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àIdentified€incidents€of€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     s- Ôñš%ññ›%ñ€(software),€or€virusñ ›%ññš%ñÔ     v i r u s     u Ôñš%ññ›%ñ€infections€should€beÐ   	 ©    Ðreported€promptly€to€the€DSO,€AIS€Security€Officer,€and/or€IA,€as€appropriate.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àPrior€to€introduction€into€or€use€by€Customs,€AIS€data€recording€media€will€beÐ   	 7.   Ðscanned€for€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     s- Ôñš%ññ›%ñ€(software),€including:Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(i)à0    ¸(#¸(# àall€Customs„seized€AIS€machines€and€media,Ð    Å¼ (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(ii)à0    ¸(#¸(# àall€removable€AIS€magnetic€or€optical€recording€media€(e.g.,€floppyÐ   	 yp   Ðdisks,€CD„ROM,€etc.),€regardless€of€source,€andÐ    (#(#  ÐÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# à(iii)à0    ¸(#¸(# àall€fixed€AIS€storage€devices€(e.g.,€hard€drives,€R/W€Optical,€etc.),€on€aÐ   	 þ   Ðperiodic€basis.Ð    (#(#  ÐÌà0     à(4)à0    `	(#(# àUse€of€copyrighted€software€will€comply€with€copyrightñ ›%ññš%ñÔ#     c o p y r i g h t     o# Ôñš%ññ›%ñ€laws€and€licenseñ ›%ññš%ñÔ     l i c e n s e       Ôñš%ññ›%ñ€agreements.Ð    •Œ `	(#`	(#  ÐÌà0     à(5)à0    `	(#(# àIntroduction€of€data€from€sources€and/or€in€formats€other€than€those€specified€in€theÐ   	 I@    Ðappropriate€AIS€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ€(e.g.,€financial€data€received€from€financial€institutions)€mustÏbe€approved€in€writing€by€the€AIS€Security€Officer€as€an€operational€necessity.€€TheseÏactivities€must€be€in€conformance€with€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€of€the€AIS€and€FOIAñ ›%ññš%ñÔ     F O I A     i Ôñš%ññ›%ñ/PAÏ(Freedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n     = Ôñš%ññ›%ñ€Act/Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     f' Ôñš%ññ›%ñ)€requirements.Ð    `	(#`	(#  ÐÌà0     à(6)à0    `	(#(# àTo€maintain€software€integrity,€proper€configuration€managementñ ›%ññš%ñÔA  7   c o n f i g u r a t i o n   m a n a g e m e n t     ÖA Ôñš%ññ›%ñ€(CM)€and€controls€mustÐ   	 e$\ &   Ðbe€used€to€monitor€software€installation€and€updates.€€This€process€will€provide€a€historicalÏrecord€of€software€changes;€helping€to€ensure€that€the€software€functions€as€expected,€isÏmaintained,€and€that€only€authorized€software€is€permitted€on€the€AIS.Ð    `	(#`	(#  ÐÌòòÔ
     Ô4.4.3à0     àTechnical€Support€and€MaintenanceÔ    ®  Ôóóñ ›%ññš%ñÔ'     M a i n t e n a n c e     Ö' Ôñš%ññ›%ñÐ    §(ž$+ (#(#  ÐÌà0     à(1)à0    `	(#(# àTechnical€support€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ€activities€for€Customs€AIS€must€ensure€that:Ð    [*R&- `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àHardware€and€software€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ€activities€do€not€affect€the€integrity€ofÐ   	 ,(/   Ðexisting€safeguards€or€permit€the€introduction€of€security€exposures€into€an€AISÏ(e.g.,€computer€viruses,€Trojan€Horses,€logic€bombs,€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e      - Ôñš%ññ›%ñ,€etc.).Ð    Ã-º)1 ¸(#¸(#  Ð‡à0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àSensitive€Customs€AIS€electronic€storage€and€memory€devices€are€not€releasedÐ   	 	      Ðfrom€Customs€control€without€proper€clearingñ ›%ññš%ñÔ!     c l e a r i n g     Ö! Ôñš%ññ›%ñ€procedures€to€remove€residual€datañ ›%ññš%ñÔ+  !   r e s i d u a l   d a t a     V+ Ôñš%ññ›%ñ.€ÏExceptions€(waivers)€must€be€approved€by€the€AIS€Security€Officer.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àAutomated€(i.e.,€computer„connected)€dial„upñ ›%ññš%ñÔ     d i a l „ u p     d Ôñš%ññ›%ñ€diagnosticñ ›%ññš%ñÔ%     d i a g n o s t i c     a% Ôñš%ññ›%ñ€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñ€of€sensitiveÐ   	 qh   ÐCustoms€AIS€via€remote€communications€between€vendors€and€Customs€AISÏfacilities€is€prohibited€unless€authorized€by€Principal€Accrediting€Authorityñ ›%ññš%ñÔO  E   P r i n c i p a l   A c c r e d i t i n g   A u t h o r i t y      O ÔÔ#     A u t h o r i t y     c# Ôñš%ññ›%ñ€(PAAñ ›%ññš%ñÔ     P A A     r Ôñš%ññ›%ñ)Ïin€the€AIS€Accreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     d+ Ôñš%ññ›%ñ.€€The€Accreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     d+ Ôñš%ññ›%ñ€should€reference€an€approvedÏcontract,€MOUñ ›%ññš%ñÔ     M O U     d Ôñš%ññ›%ñ,€or€other€agreement€when€such€a€service€is€included.Ð    ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àAIS€technical€support€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñ€work€performed€in€Customs€facilities€(on„siteñ ›%ññš%ñÔ     s i t e     n Ôñš%ññ›%ñ)€mustÐ   	 „
   Ðbe€supervised€by€or€under€the€control€of€Customs€personnel€knowledgeable€in€appropriateÏAIS€operations.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àOn„siteñ ›%ññš%ñÔ     s i t e     n Ôñš%ññ›%ñ€AIS€technical€support€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñ€personnel€must€meet€the€personnel€securityÏrequirements.€€(See€also:€Section€4.2)Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àAIS€technical€support€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñ€must€be€considered€in€AIS€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     d+ Ôñš%ññ›%ñ.Ð    ƒz `	(#`	(#  ÐÌòòÔ
     Ô4.4.4à0     àPortableñ ›%ññš%ñÔ!     P o r t a b l e     i! Ôñš%ññ›%ñ€Computer€EquipmentÔ    /(  ÔóóÐ    7. (#(#  ÐÌà0     àCustoms€AIS€portableñ ›%ññš%ñÔ!     p o r t a b l e      ! Ôñš%ññ›%ñ€computers,€related€types€of€equipment,€and€storage€media€must€be€restrictedÏto€the€exclusive€authorized€Customs€use.€€Unattended€Customs€AIS€equipment€and€storage€mediaÏmust€be€secured€in€an€appropriate€manner€commensurate€with€the€sensitivity€of€the€data,Ïequipment,€and€authorized€use.€€To€the€extent€possible,€such€equipment€and€storage€media€mustÏbe€kept€in€the€possession€of€the€individual€to€whom€it€is€issued€or€charged€out.Ð    (#(#  ÐÌòòÔ
     Ô4.4.5à0     àClassificationñ ›%ññš%ñÔ-  #   C l a s s i f i c a t i o n     8- Ôñš%ññ›%ñ€and€ControlsÔ    ñ*  ÔóóÐ    þ (#(#  ÐÌà0     à(1)à0    `	(#(# àCustoms€AISs€that€store,€process,€or€transmit€sensitive€information€must€be€adequatelyÐ   	 »²   Ðsafeguarded€to€ensure€that€access€to€sensitive€Customs€information€is€restricted€to€CustomsÏauthorized€personnel,€and€operated€only€by€Customs€authorized€persons€in€facilitiesÏ(physical€space)€under€Customs€authorization€or€control.Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àWhen€not€under€the€control€of€Customs€authorized€personnel,€Customs€sensitive€AISs€andÐ   	 ý ô"   Ðrelated€equipment€must,€at€a€minimum,€be€secured€as€follows:Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àMicrocomputers,€terminals,€displays,€and€related€AIS€equipment€which€mightÐ   	 ‹#‚%   Ðprovide€unauthorized€access€to€sensitive€data€or€resources,€must€be€turned€off€orÏotherwise€made€unaccessible.€€Additional€appropriate€security€control€measuresÏmay€be€necessary€in€some€situations.€€Exceptions€(waivers)€must€be€part€of€theÏaccreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€statement€or€separately€approved€by€the€AIS€Security€Officer.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àDiskettes,€tapes,€removable€storage€devices,€printer€ribbons€or€laser€cartridges,Ð   	 §(ž$+   Ðand€other€AIS€media€which€contain€sensitive€information€must€be€labeled€andÏsecured€commensurate€with€the€highest€level€of€information€stored€on€the€device.€ÏDestruction€of€such€media€must€be€appropriate€to€the€level€of€sensitivity€of€theÏdata€stored€on€it.Ð    ¸(#¸(#  Ðâ
    
 âÐ   	 é,à(0   ÐòòÔ
     ÔÔ&  Ð Ôâ
    
 â4.4.6à0     àExternal€LabelsÔ    2  Ôóóñ ›%ññš%ñÔ     L a b e l s       Ôñš%ññ›%ñÐ    	    (#(#  ÐÌà0     àIn€an€AIS€environment€where€no€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     1% Ôñš%ññ›%ñ€information€is€processed€or€stored,€special€securityÏlabelsñ ›%ññš%ñÔ     l a b e l s     e Ôñš%ññ›%ñ€with€the€word€ð ðUnclassified,ðð€are€not€required€to€identify€that€the€storage€media€containsÏunclassified€information.€€However,€for€some€categories€of€SBUñ ›%ññš%ñÔ     S B U     s Ôñš%ññ›%ñ€data,€special€identification€labelsñ ›%ññš%ñÔ     l a b e l s     e Ôñš%ññ›%ñÏare€required.€€Reference€òòSafeguarding€Classifiedñ ›%ññš%ñÔ%     C l a s s i f i e d     1% Ôñš%ññ›%ñ€Information€Handbookóó,€for€the€appropriateÐ   	 KB   Ðprocedures.€€[USCS€HB€1400„03]Ð    (#(#  ÐÔ'  Ð	2  ÔÌà0     àThe€term€ð ðunclassifiedðð€is€not€a€security€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n      - Ôñš%ññ›%ñ,€but€is€a€category€of€data€within€which€areÏseveral€subcategories,€including€sensitive€but€unclassifiedñ ›%ññš%ñÔE  ;   s e n s i t i v e   b u t   u n c l a s s i f i e d     @E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ)€and€public€€information.Ð    (#(#  ÐÌà0     àSensitive€but€unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   b u t   u n c l a s s i f i e d     @E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ)€information€is€restricted€to€authorized€persons€with€a€need„to„¼know€and€requires€appropriate€controls€as€explained€in€this€manual.Ð    (#(#  ÐÌòòÔ
     Ô4.4.7à0     àCustoms€Work€Performed€at€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     ' Ôñš%ññ›%ñ€LocationsÔ    ¦8  ÔóóÐ    õì (#(#  ÐÌà0     àWhen€operational€necessity€requires€that€Customs€authorized€work€be€performed€at€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     ' Ôñš%ññ›%ñÏcontrolled€locations€(e.g.,€field€assignment,€work€at€homeñ ›%ññš%ñÔ)     w o r k   a t   h o m e     ) Ôñš%ññ›%ñ,€etc.),€the€following€policies€apply€andÏassociated€risks€must€be€appropriately€managed.Ð    (#(#  ÐÌà0     à(1)à0    `	(#(# àCustoms€management€must€determine€that€required€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€and€documentationÐ   	    Ðare€in€place€for€authorized€AIS€operations€and€that€SBUñ ›%ññš%ñÔ     S B U     i Ôñš%ññ›%ñ€information€is€properly€protected.€ÏAlthough€current€technology€makes€it€feasible€to€address€these€requirements,€providingÏadequate€safeguards€and€conducting€related€activities€for€individual€AISs€may€not€alwaysÏbe€cost„effective.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# àÔ&  h ÔAIS€security€control€documentation€includes€the€following.Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àSystem€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     l+ Ôñš%ññ›%ñ.Ð    áØ ¸(#¸(#  ÐÔ'  h-A=  ÔÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àRisk€analysisñ ›%ññš%ñÔ+  !   R i s k   a n a l y s i s     l+ Ôñš%ññ›%ñ.Ð    •Œ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(c)à0    ¸`	(#`	(# àContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€planñ ›%ññš%ñÔ1  '   C o n t i n g e n c y   p l a n      1 Ôñš%ññ›%ñ.Ð    I@  ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(d)à0    ¸`	(#`	(# àSecurity€procedures.Ð    ý ô" ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(e)à0    ¸`	(#`	(# àCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     n+ Ôñš%ññ›%ñ.Ð    ±"¨$ ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(f)à0    ¸`	(#`	(# àAccreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     n+ Ôñš%ññ›%ñ.Ð    e$\ & ¸(#¸(#  ÐÌà0     à(2)à0    `	(#(# àAIS€equipment€(whether€or€not€Customs€owned)€used€to€process€SBUñ ›%ññš%ñÔ     S B U     d Ôñš%ññ›%ñ€at€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s      ' Ôñš%ññ›%ñÐ   	 &"(   Ðcontrolled€locations€must€meet€the€security€requirements€for€sensitive€Customs€AISs€asÏpresented€in€this€policy€manual.Ð    `	(#`	(#  ÐÌà0     à(3)à0    `	(#(# àAuthorized€use€of€Customs€owned€computer€equipment€at€home€is€permitted€when€suchÐ   	 )x%,   Ðusage€is€consistent€with€the€policy€as€presented€in€this€manual.Ð    `	(#`	(#  Ðâ
    
 âÐ   	 5+,'.   ÐòòÔ
     ÔÔ&  B Ôâ
    
 â4.4.8à0     àUse€of€Non„Customsñ ›%ññš%ñÔ'     N o n „ C u s t o m s     Ö' Ôñš%ññ›%ñ€Owned€AISsÔ    D  ÔóóÐ    	    (#(#  ÐÌà0     à(1)à0    `	(#(# àIt€is€òòTreasury€policyóó€that,€ð ðPersonally„owned€computers€and€software€will€not€be€used€toÐ   	 ½´   Ðprocess€sensitive€but€unclassifiedñ ›%ññš%ñÔE  ;   s e n s i t i v e   b u t   u n c l a s s i f i e d     @E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ)€information€without€the€approvalñ ›%ññš%ñÔ!     a p p r o v a l     b! Ôñš%ññ›%ñ€of€the€PrincipalÏAccrediting€Authorityñ ›%ññš%ñÔO  E   P r i n c i p a l   A c c r e d i t i n g   A u t h o r i t y     	O ÔÔ#     A u t h o r i t y     c# Ôñš%ññ›%ñ.ðð€(Reference:€TD€P€71„10,€Chap.€VI,€Section€4.D.1).Ô'  B	'D  ÔÐ    `	(#`	(#  ÐÌà0     àà0    `	(#(# àòòTreasury€policyóó€defines,€òòPersonally„ownedñ ›%ññš%ñÔ1  '   P e r s o n a l l y „ o w n e d     i1 Ôñš%ññ›%ñ€computers€or€softwareóó€as,€ð ðComputers€orÐ   	 %	   Ðsoftware€purchased€with€non„government€funds,€except€those€turned€over€for€exclusiveÏU.S.€Government€control€and€use€and€where€the€hard„drive€will€be€properly€erased€whenÏthe€system€is€no€longer€in€U.S.€Government€use.ððÐ    `	(#`	(#  Ðà0     àà0    `	(#(# à(Reference:€TD€P€71„10,€Appendix€B.€€Definition€updated€11/24/95).Ð    `	(#`	(#  ÐÌà0     à(2)à0    `	(#(# àIt€is€òòCustoms€policyóó€that,€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     n' Ôñš%ññ›%ñ€owned€computers€or€software€will€not€be€used€toÐ   	 A8
   Ðprocess,€access,€or€store€Sensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     iE Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ)€information€without€the€writtenÏapprovalñ ›%ññš%ñÔ!     a p p r o v a l     B! Ôñš%ññ›%ñ€of€the€Principal€Accrediting€Authorityñ ›%ññš%ñÔO  E   P r i n c i p a l   A c c r e d i t i n g   A u t h o r i t y     	O ÔÔ#     A u t h o r i t y     c# Ôñš%ññ›%ñ€(PAAñ ›%ññš%ñÔ     P A A     r Ôñš%ññ›%ñ).Ð    `	(#`	(#  ÐÌà0     àà0    `	(#(# à(a)à0    ¸`	(#`	(# àPolicy€exceptions€(waivers)€must€be€approved€by€the€PAAñ ›%ññš%ñÔ     P A A     r Ôñš%ññ›%ñ€who€assumes€theÐ   	 ©    Ðassociated€risks€for€authorizing€the€use.Ð    ¸(#¸(#  ÐÌà0     àà0    `	(#(# à(b)à0    ¸`	(#`	(# àThe€protection€requirements€for€data€on€Customs€owned€equipment€apply€equallyÐ   	 7.   Ðto€the€protection€of€data€when€used€on€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     Ö' Ôñš%ññ›%ñ€owned€equipment.Ð    ¸(#¸(#  ÐÌòòÔ
     Ô4.5à0     àTELECOMMUNICATIONSñ ›%ññš%ñÔ5  +   T E L E C O M M U N I C A T I O N S     :5 Ôñš%ññ›%ñ€SECURITYóóÔ    àN  ÔÐ    Å¼ (#(#  ÐÌà0     àThe€Federal€government€is€developing€appropriate€security€policies€and€infrastructures€that€dealÏwith€the€rapidly€changing€field€of€telecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s     ,5 Ôñš%ññ›%ñ.€€Under€the€auspices€of€the€White€HouseÏOffice€of€Science€and€Technology€Policy,€the€National€Information€Infrastructureñ ›%ññš%ñÔW  M   N a t i o n a l   I n f o r m a t i o n   I n f r a s t r u c t u r e     NW Ôñš%ññ›%ñ€Task€ForceÏ(NITF)€is€a€driving€force€in€this€effort.€€The€NITF€includes€high„level€representatives€of€FederalÏagencies€that€play€a€major€role€in€the€development€and€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€of€information€andÏtelecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ€technologies.€€[GAO94285;€GAO9523]Ð    (#(#  ÐÌòòÔ
     Ô4.5.1à0     àInformation€System€StandardsÔ    üR  ÔÐ    of (#(#  ÐóóÌà0     àIt€is€the€policy€of€the€Department€of€the€Treasury€to€comply€with€all€mandatory€FederalÏInformation€Processing€Standards€(FIPS),€mandatory€Federal€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ€StandardsÏ(FED„STDs),€voluntary€FIPS,€FED„STDs,€American€National€Standards€Institute€(ANSI),€or€otherÏinformation€system€standards€and€guidelines€to€the€extent€they€are€determined€to€be€cost„effectiveÏand€appropriate€for€the€intended€use.€€A€waiverñ ›%ññš%ñÔ     w a i v e r       Ôñš%ññ›%ñ€process€is€defined€in€Treasury€òòInformation€SystemsÐ   	 ‹#‚%   ÐStandard€Programóó,€8/23/89.€€[TD€87„01;€COHEN]Ð    e$\ & (#(#  ÐÌòòÔ
     ÔÔ&  B Ô4.5.2à0     àNetwork€ConnectionsÔ    -V  ÔóóÐ    &"( (#(#  ÐÌà0     àTelecommunication€connections€between€Customs€AISs€and€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     Ö' Ôñš%ññ›%ñ€AISs€or€networksñ ›%ññš%ñÔ!     n e t w o r k s     s! Ôñš%ññ›%ñ,€publicÏor€private,€may€be€authorized€by€the€AIS€Security€Officer€under€the€following€conditions:Ð    (#(#  ÐÔ'  B&:V  ÔÌà0     à(1)à0    `	(#(# àNon„sensitive€Customs€AIS,€when€operated€in€a€dedicated€security€modeñ ›%ññš%ñÔ?  5   d e d i c a t e d   s e c u r i t y   m o d e     ? ÔÔ+  !   s e c u r i t y   m o d e     i+ Ôñš%ññ›%ñ,€must€be€locallyÐ   	 [*R&-   Ðdocumented,€including€the€administrative€approvalñ ›%ññš%ñÔ!     a p p r o v a l     o! Ôñš%ññ›%ñ€of€the€AIS€Security€Officer€and€aÏtechnical€description€of€the€connection(s).€€Example:€microcomputers,€PCs,€etc.,€that€doÏnot€contain€or€process€SBUñ ›%ññš%ñÔ     S B U     v Ôñš%ññ›%ñ€data€and€are€not€connected€physically€or€logically€to€any€otherÏCustoms€AIS€or€network€(Treasury€or€Customs).Ð    Ã-º)1 `	(#`	(#  Ð‡à0     à(2)à0    `	(#(# àAll€other€Customs€AIS€connections€to€non„Customsñ ›%ññš%ñÔ'     n o n „ C u s t o m s     ' Ôñš%ññ›%ñ€networksñ ›%ññš%ñÔ!     n e t w o r k s     s! Ôñš%ññ›%ñ€must€be€approved€by€the€AISÐ   	 	      ÐSecurity€Officer,€on€a€case„by„case€basis.€€The€AIS€Security€Officer€will€ensure€that€theÏappropriate€safeguards€are€in€place€and€that€documentation,€such€as€licenseñ ›%ññš%ñÔ     l i c e n s e       Ôñš%ññ›%ñ€agreements,Ïmemoranda€of€understanding€(MOUñ ›%ññš%ñÔ     M O U     s Ôñš%ññ›%ñ),€interconnection€agreements,€etc.,€are€executed€onÏbehalf€of€Customs,€as€part€of€the€approvalñ ›%ññš%ñÔ!     a p p r o v a l     s! Ôñš%ññ›%ñ€process.€€Example:€Customs€AIS€access€to€theÏNational€Information€Infrastructureñ ›%ññš%ñÔW  M   N a t i o n a l   I n f o r m a t i o n   I n f r a s t r u c t u r e     8W Ôñš%ññ›%ñ€(NII)€or€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l     o% Ôñš%ññ›%ñ€information€databases€(e.g.,ÏLEXIS/NEXIS,€Dun€&€Bradstreet€Business€records,€D&B€Worldbase,€etc.).Ð    `	(#`	(#  ÐÌòò4.5.3óóà0     àòòInternetñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñ€ServicesóóÐ    Ù
Ð (#(#  ÐÌà0     àòòTreasury€policyóó:€€Issued€April€28,€1995,€by€the€Deputy€Assistant€Secretary€for€InformationÐ   	 „
   ÐSystems.€€[TD€INTERNET]Ð    (#(#  ÐÌà0     àTreasury€operating€policy€requires€that€any€access€to€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñ€services€from€Treasury€AISÏ(including€Customs)€be€provided€via€protected€Internetñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñ€gateways€(access€control€mechanisms)€thatÏhave€been€approved€by€the€Office€of€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     ,5 Ôñš%ññ›%ñ€Management€(OTM).Ð    (#(#  ÐÌà0     àExceptions€must€be€approved€in€writing€by€the€Directorñ ›%ññš%ñÔ!     D i r e c t o r     i! Ôñš%ññ›%ñ,€OTM.Ð    (#(#  ÐÌÔ&  B Ôà0     àòòCustoms€policyóó:Ð    7. (#(#  ÐÌà0     àIn€addition€to€Treasury€policy,€Customs€owned€or€controlled€AISs€may€only€access€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t     ! ÔÔ!     I n t e r n e t     ! Ôñš%ññ›%ñÏvia€Customs€approved€gateways.Ð    (#(#  ÐÔ'  B7c  ÔÌà0     àThis€limitation€means€that€Customs€owned,€controlled,€or€authorized€computer€equipment,Ïregardless€of€its€location€or€means€of€connection€to€any€network€or€system,€may€not€be€used€toÏaccess€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t     ! ÔÔ!     I n t e r n e t     ! Ôñš%ññ›%ñ,€directly€or€indirectly€(e.g.,€via€service€providers€such€as€CompuServe,€AOL,Ïetc.)€unless€such€connection€is€via€a€Customs€approved€Internetñ ›%ññš%ñÔ!     I n t e r n e t     ! ÔÔ!     I n t e r n e t     ! Ôñš%ññ›%ñ€gateway€(i.e.,€firewall).€€WhileÏthe€configuration€of€some€networksñ ›%ññš%ñÔ!     n e t w o r k s     ! Ôñš%ññ›%ñ€make€it€technically€possible€to€access€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t     ! ÔÔ!     I n t e r n e t     ! Ôñš%ññ›%ñ€without€goingÏthrough€an€approved€gateway,€such€access€is€not€authorized.Ð    (#(#  ÐÌà0     àExceptions€to€this€policy€must€be€approved€in€writing€by€the€Directorñ ›%ññš%ñÔ!     D i r e c t o r     ! Ôñš%ññ›%ñ,€OTM,€U.S.€TreasuryÏDepartment.€€[TD€INTERNET]Ð    (#(#  ÐÌòòÔ
     Ô4.5.4à0     àElectronic€Mail€(E„Mail)Ô    £h  ÔóóÐ    ý ô" (#(#  ÐÌà0     àGovernment€projects€and€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l     1% Ôñš%ññ›%ñ€products€for€secure€electronic€mail€(E„Mail)€systems€areÏundergoing€rapid€development€and€will€be€available€in€the€coming€years.€€Until€such€products€areÏimplemented,€users€are€cautioned€NOT€to€send€sensitive€information€via€E„Mail.Ð    (#(#  ÐÌòòÔ
     Ô4.5.5à0     àFacsimileñ ›%ññš%ñÔ#     F a c s i m i l e      # Ôñš%ññ›%ñ€(FAXñ ›%ññš%ñÔ     F A X     m Ôñš%ññ›%ñ)Ô    xj  ÔóóÐ    &"( (#(#  ÐÌà0     àSensitive€information€will€only€be€transmitted€via€a€secure€facsimileñ ›%ññš%ñÔ#     f a c s i m i l e      # Ôñš%ññ›%ñ€system€(e.g.,€encrypted€or€viaÏa€protected€network).€€Commercialñ ›%ññš%ñÔ%     C o m m e r c i a l     1% Ôñš%ññ›%ñ„off„the„shelf€(COTSñ ›%ññš%ñÔ     C O T S     c Ôñš%ññ›%ñ)€software€and€hardware€are€available€toÏprovide€the€necessary€safeguards€and€should€be€employed€as€appropriate.Ð    (#(#  Ðâ
    
 âÐ   	 [*R&-   ÐòòÔ
     ÔÔ&  ª Ôâ
    
 â4.5.6à0     àPBXñ ›%ññš%ñÔ     P B X     Š Ôñš%ññ›%ñ€and€Voiceñ ›%ññš%ñÔ     V o i c e     Ö Ôñš%ññ›%ñ€Mail€SystemsÔ    'm  ÔóóÐ    	    (#(#  ÐÌà0     àPrivate€Branch€Exchanges€(PBXñ ›%ññš%ñÔ     P B X      Ôñš%ññ›%ñ)€and€Voiceñ ›%ññš%ñÔ     V o i c e     Ö Ôñš%ññ›%ñ€mail€systems€do€not€currently€meet€standard€securityÏspecifications€and€are€not€generally€considered€secure€systems.€€They€are€susceptible€toÏunauthorized€access€and€messages€left€on€a€voiceñ ›%ññš%ñÔ     v o i c e     Ö Ôñš%ññ›%ñ€mail€system€should€contain€the€least€amount€ofÏinformation€possible.€€Do€not€leave€any€information€on€a€voiceñ ›%ññš%ñÔ     v o i c e     Ö Ôñš%ññ›%ñ€mail€system€that,€if€compromised,Ïcould€damage€Customs€mission.€€Report€suspected€unauthorized€access€attempts€to€AIS€SecurityÏAdministration.Ð    (#(#  ÐÔ'  ª	4m  ÔÌà0     àPBXñ ›%ññš%ñÔ     P B X       Ôñš%ññ›%ñ€systems€must€be€physically€secured€and€system€security€features€configured€(to€the€extentÏpossible€for€a€specific€system)€to€prevent€unauthorized€access€to€dial„tones,€modems,€or€other€AISÏaccess.€€(See€also:€Appendix€D.€€Good€Security€Practicesñ ›%ññš%ñÔ5  +   S e c u r i t y   P r a c t i c e s      5 Ôñš%ññ›%ñ).Ð    (#(#  ÐÌà0     àVoiceñ ›%ññš%ñÔ     V o i c e     y Ôñš%ññ›%ñ€Mail€€and€Voiceñ ›%ññš%ñÔ     V o i c e     y Ôñš%ññ›%ñ€Interactive€Response€systems€must€be€configured€(to€the€extent€possible)Ïto€prevent€unauthorized€access€to€dial„tones,€modems,€or€other€AIS€access.Ð    (#(#  Ðà0     à(See€also:€Appendix€B.€€Good€Security€Practicesñ ›%ññš%ñÔ5  +   S e c u r i t y   P r a c t i c e s     [5 Ôñš%ññ›%ñ).Ð    (#(#  ÐÌòòÔ
     Ô4.5.7à0     àCommunications€Security€(COMSECñ ›%ññš%ñÔ     C O M S E C       Ôñš%ññ›%ñ)óóÔ    4t  ÔÐ    ƒz (#(#  ÐÌà0     àCOMSECñ ›%ññš%ñÔ     C O M S E C       Ôñš%ññ›%ñ€is€intended€is€to€deny€unauthorized€persons€information€derived€fromÏtelecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s     ,5 Ôñš%ññ›%ñ€of€the€United€States€Government€related€to€national€security€and€to€ensure€theÏauthenticity€of€such€communications.€€COMSECñ ›%ññš%ñÔ     C O M S E C     u Ôñš%ññ›%ñ€issues€should€be€directed€to€the€CommunicationsÏSecurity€Management€Branch,€Orlando,€FL.€€[USCS€4300„09]Ð	    Å¼ (#(#  ÐÑ    r ÑØ       ØØ       ØÑ €,   \  Ññ›%ñÖ  €.   é   Öñ›%ññ ›%ñÖ  €ü   é   Öñ›%ññ›%ñÖ €_   é   Öñ›%ññ ›%ñÖ €ÿ   é   Öñ›%ñÓ   ÓÔ ‡  °üª ° & &ù´ ÔÔ ‡Â  °„½ ° ° °üª ÔCHAPTER€5Ð   	 X      ÐòòÔ
      ÔSECURITY€INCIDENTSñ ›%ññš%ñÔ5  +   S E C U R I T Y   I N C I D E N T S      5 Ôñš%ññ›%ñ€AND€VIOLATIONSÔ     x  ÔÔ# †  °üª ° °Â °„½Õw # ÔÔ# †  &ù´ & ° °üª¶w # Ôóóñ ›%ññš%ñÔ%     V I O L A T I O N S     I% Ôñš%ññ›%ñÐ   	 8à   ÐßA €& - )                 °° x         d dE°¨ xA ßÓ  ªw  ÓÐ   	 À   ÐÌDefinition:€òòAIS€Security€Incidentóó.€€An€AIS€security€incident€is€any€event€and/or€condition€that€has€theÐ   	 ™A   Ðpotential€to€impact€the€security€and/or€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n      + Ôñš%ññ›%ñ€of€an€AIS€and€may€result€from€intentional€orÏunintentional€actions.ÌÌExamples€include:€unauthorized€attempts€to€gain€access€to€information;€introduction€of€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     ^- Ôñš%ññ›%ñ€orÏviruses€into€Customs€AISs;€loss€or€theft€of€computer€media;€or€the€failure€of€an€AIS€security€function€toÏperform€as€designed.€€For€reporting€purposes,€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     ^- Ôñš%ññ›%ñ€(software)€incidents€include€any€detectionÏof€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     8- Ôñš%ññ›%ñ,€whether€detected€on€magnetic€media€prior€to€the€mediaððs€entry€into€a€Customs€AIS€orÏafter€infection€of€the€AIS,€and€any€actual€execution€of€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     8- Ôñš%ññ›%ñ.ÌÌDefinition:€òòAIS€Security€Violationóó.€€An€event€which€may€result€in€disclosure€of€sensitive€or€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     d% Ôñš%ññ›%ñÐ   	 Å   Ðinformation€to€unauthorized€individuals,€or€that€results€in€unauthorized€modification€or€destruction€ofÏsystem€data,€loss€of€computer€system€processing€capability,€or€loss€or€theft€of€any€computer€systemÏresources.€€(See€also:€€TD€P€71„10,€Chapter€III.4)ÌÌ(1)à0     àCustoms€employees,€contractors,€and/or€users€should€report€security„related€incidents€and/orÐ   	 _   Ðviolationsñ ›%ññš%ñÔ%     v i o l a t i o n s     d% Ôñš%ññ›%ñ€through€the€appropriate€supervisory€channels€to€the€DSOs,€Security€Administrators,€AISÏSecurity€Officer,€or€Internal€Affairsñ ›%ññš%ñÔ1  '   I n t e r n a l   A f f a i r s     A1 Ôñš%ññ›%ñ€(IA),€as€appropriate.€€The€AIS€Security€Officer€will€maintainÏthe€appropriate€records€and€address€the€impact€of€the€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     A5 Ôñš%ññ›%ñ€on€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     n+ Ôñš%ññ›%ñ€statusÏof€related€AISs.€€Additional€security€safeguards€to€reduce€generic€risks€may€be€recommended,€asÏrequired.Ð    (#(#  ÐÌ(2)à0     àAdditionally,€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     t- Ôñš%ññ›%ñ€(software)€and€virusñ ›%ññš%ñÔ     v i r u s     u Ôñš%ññ›%ñ€infection€incidents€on€Customs€AIS€(i.e.,Ð   	 Uý   Ðmainframes,€microcomputers,€networksñ ›%ññš%ñÔ!     n e t w o r k s     c! Ôñš%ññ›%ñ,€PCS,€floppy€disks€or€other€media,€etc.)€should€beÏpromptly€reported€to€the€Customs€HELP€DESK,€1„800„927„8729,€for€technical€resolution.Ð    (#(#  ÐÌ(3)à0     àCustoms€employees€may€be€subject€to€disciplinary€action€for€failure€to€comply€with€Customs€AISÐ   	 ½e   Ðsecurity€policy,€whether€or€not€the€failure€results€in€criminal€prosecution.Ð    (#(#  ÐÌà0     àAIS€security„related€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     d% Ôñš%ññ›%ñ€are€addressed€in€the€Treasury€òòStandards€of€Ethical€Conduct€forÐ   	 K ó!   ÐEmployees€of€the€Executive€Branchóó€and€the€Customs€òòConduct€and€Employee€Responsibilitiesóó.€Ð   	 %!Í"   ÐSuch€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     d% Ôñš%ññ›%ñ€should€be€reported€through€the€appropriate€supervisory€channels€to€the€AISÏSecurity€Officer€and/or€IA,€as€appropriate.€€[TD€ETHICS;€USCS€51000„05]Ð    (#(#  ÐÌ(4)à0     àNon„Customsñ ›%ññš%ñÔ'     N o n „ C u s t o m s     e' Ôñš%ññ›%ñ€employees€who€fail€to€comply€with€this€policy€are€subject€to€having€their€access€toÐ   	 $5"&   ÐCustoms€AISs€and€facilities€terminated,€whether€or€not€the€failure€results€in€criminal€prosecution.Ð    (#(#  ÐÌ(5)à0     àAny€person€who€improperly€discloses€sensitive€or€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d      % Ôñš%ññ›%ñ€information€is€subject€to€criminal€andÐ   	 'Ã$)   Ðcivil€penalties€and€sanctions€under€a€variety€of€laws€(e.g.,€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     e' Ôñš%ññ›%ñ€...).Ð	#    õ'%* (#(#w # ÐÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ªª ì à(This€Page€Intentionally€Left€Blank)ˆÐ	   	 Ÿ–   ÐÑ    C ÑØ       ØØ       Øñ›%ñÖ  €h  . é   Öñ›%ññ ›%ñÖ  € . é   Öñ›%ññ›%ñÖ €m  _ é   Öñ›%ññ ›%ñÖ € _ é   Öñ›%ñÑ7 €I  ‘®I X X       dð N X X       dð 7 ÑÑ €¯   ,  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡r  °„½ ° ° °üª ÔÓ   ÓÔ
      ÔGLOSSARYÔ     ì‹  ÔÔ# †  °üª ° °r °„½Á‹ # ÔÔ# †  &ù´ & ° °üª¢‹ # ÔÐ   	 X      ÐßA €& - )                 °° x         d  E°7¨ xA ßÓ  à‹  ÓÐ   	 8à   ÐÌEditorððs€note:à0    `	 àComputer€terms€have€evolved€and€become€more€clearly€defined€during€the€past€decade.€Ð   	 ¹a   ÐThe€€referenced€definitions€are€from€recent€publications€of€established€sources,€and€areÏgenerally€preferred.€€DHD.Ð    `	(#`	(#  ÐÌSource€references:ÌÌà0     àà     ° àòòGlossary€of€Computer€Security€Terminologyóó,€developed€by€the€National€Security€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     Ö5 Ôñš%ññ›%ñ€andÐ   	 Õ
}	   ÐInformation€Systems€Security€Committee€(NSTISSC)€and€published€by€NIST€as€NISTIR€4659.€ÏAvailable€from€NTIS€as€PB92„112259.Ð    (#(#  ÐÌà0     àà     ° àòòGlossary€for€Computer€Security€Termsóó.€€National€Technical€Information€Service€(NTIS),€FIPSPUB39,Ð   	 =å   ÐSpringfield,€VA.,€02/15/76.€€òòWithdrawnóó€4/93.€€Replacement€is€FIPS€11„3.Ð    ¿ (#(#  ÐÌà0     àà     ° àòòIntroduction€to€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n      + Ôñš%ññ›%ñ€and€Accreditationóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n      + Ôñš%ññ›%ñ.€€National€Computer€Security€Center€(NCSC),Ð   	 Ïw   ÐNCSC-TG-029,€Ver.€1,€NSA,€Ft.€George€G.€Meade,€MD.,€January€1994.Ð    (#(#  ÐÌòòTreasury€Security€Manualóó,€TD€P€71„10,€Appendix€B,€1993.Ð   	 ]   ÐÌÌÔ ‡n  &¨ÿ & & &ù´ Ôà@    * ì àÔ ‡n  ‘  &n &¨ÿ ÔòòAÔ# †  µ©  n ‘'’ # ÔÔ# †  &ù´ &  µ©X’ # ÔóóˆÐ   	 ë“   ÐÌòòAccessóóÐ   	 •=   Ðà0     àA€specific€type€of€interaction€between€a€subject€and€an€object€that€results€in€the€flow€of€informationÏfrom€one€to€the€other.€€The€capability€and€opportunity€to€gain€knowledge€of,€or€to€alter€informationÏor€materials€including€the€ability€and€means€to€communicate€with€(i.e.,€input€or€receive€output),Ïor€otherwise€make€use€of€any€information,€resource,€or€component€in€a€computer€system.Ð    (#(#  ÐÌòòAccess€ControlóóÐ   	 ±Y   Ðà0     àThe€process€of€limiting€access€to€the€resources€of€a€system€to€only€authorized€persons,€programs,Ïprocesses,€or€other€systems.€€Synonymous€with€controlled€access€and€limited€access.€€Requires€thatÏaccess€to€information€resources€be€controlled€by€or€for€the€target€system.€€In€the€context€ofÏnetwork€security,€access€control€is€the€ability€to€limit€and€control€the€access€to€host€systems€andÏapplications€via€communications€links.€€To€achieve€this€control,€each€entity€trying€to€gain€accessÏmust€first€be€identified,€or€authenticated,€so€that€access€rights€can€be€tailored€to€the€individual.€Ð    (#(#  ÐÌòòAccreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ/Approvalóóñ ›%ññš%ñÔ!     A p p r o v a l     i! Ôñš%ññ›%ñÐ   	 %)#&   Ðà0     àThe€official€management€authorization€for€operation€of€an€AIS.€€It€provides€a€formal€declarationÏby€an€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     # Ôñš%ññ›%ñ€that€a€computer€system€is€approved€to€operate€in€a€particular€securityÏmodeñ ›%ññš%ñÔ+  !   s e c u r i t y   m o d e     6+ Ôñš%ññ›%ñ€using€a€prescribed€set€of€safeguards.€€Accreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     6+ Ôñš%ññ›%ñ€is€based€on€the€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     6+ Ôñš%ññ›%ñ€process€asÏwell€as€other€management€considerations.€€An€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     6+ Ôñš%ññ›%ñ€statement€affixes€security€responsibilityÏwith€the€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     o# Ôñš%ññ›%ñ€and€shows€that€proper€care€has€been€taken€for€security.Ð    (#(#  Ðâ
    
 âÐ    *E(, ÿ  ÐòòÔ&    Ôâ
    
 âAccrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(AA)óóÐ   	 	      Ðà0     àThe€official€who€has€the€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     :# Ôñš%ññ›%ñ€to€decide€on€accepting€the€security€safeguards€prescribed€for€aÏcomputer€system€or€that€official€who€may€be€responsible€for€issuing€an€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€statement€thatÏrecords€the€decision€to€accept€those€safeguards.Ð    (#(#  Ðà0     àSee€also:€€òòDesignated€Approving€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(DAA),€Principal€Accrediting€Authorityóóñ ›%ññš%ñÔO  E   P r i n c i p a l   A c c r e d i t i n g   A u t h o r i t y     ÖO ÔÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ.Ð    qh (#(#  ÐÔ'   	z›  ÔÌòòAdequate€Securityóóñ ›%ññš%ñÔ3  )   A d e q u a t e   S e c u r i t y     3 Ôñš%ññ›%ñÐ   	 )	    Ðà0     àSecurity€commensurate€with€the€risk€and€magnitude€of€the€harm€resulting€from€the€loss,€misuse,Ïor€unauthorized€access€to€or€modification€of€information.€€This€includes€assuring€that€systems€andÏapplications€used€by€the€agency€operate€effectively€and€provide€appropriate€confidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y      / Ôñš%ññ›%ñ,Ïintegrity,€and€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     y) Ôñš%ññ›%ñ,€through€the€use€of€cost„effective€management,€personnel,€operationalÏand€technical€controls.€€[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     i Ôñš%ññ›%ñ,€AIII]Ð    (#(#  ÐÌòòAdministrative€SystemsóóÐ   	    Ðà0     àAn€automated€Customs€system€to€provide€support€in€areas€of€accounting,€personnel,€payroll,Ïlogistics€and€other€support€services.Ð    (#(#  ÐÌòòADPóóÐ   	 ‡~   Ðà0     àAutomaticDataProcessing.€€See€also:€òòAutomated€Information€SystemóóÐ    aX (#(#  ÐÌòòAISóóÐ   	    Ðà0     àSee:€òòAutomated€Information€Systemóó.Ð    óê (#(#  ÐÌòòAIS€Owneróóñ ›%ññš%ñÔ#     A I S   O w n e r     :# Ôñš%ññ›%ñÐ   	 «¢   Ðà0     àThe€official€who€has€the€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     :# Ôñš%ññ›%ñ€to€decide€on€accepting€the€security€safeguards€prescribed€for€anÏAIS€and€is€responsible€for€issuing€an€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     T+ Ôñš%ññ›%ñ€statement€that€records€the€decision€to€acceptÏthose€safeguards.Ð    (#(#  Ðà0     àSee€also:òò€€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(AA)óó,òò€Applicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     ' Ôñš%ññ›%ñ€Owneróóñ ›%ññš%ñÔ3  )   A p p l i c a t i o n   O w n e r      3 Ôñš%ññ›%ñ,€òòProcess€Ownerñ ›%ññš%ñÔ+  !   P r o c e s s   O w n e r     Ö+ Ôñš%ññ›%ñ,€PAAñ ›%ññš%ñÔ     P A A      Ôñš%ññ›%ñ,€DAAóó.Ð    
 (#(#  ÐÌòòAIS€SecurityóóÐ   	 ËÂ   Ðà0     àMeasures€or€controls€that€safeguard€or€protect€an€AIS€against€unauthorized€(accidental€orÏintentional)€disclosure,€modification,€destruction€of€the€AIS€and€data,€or€denial€of€service.€€AISÏsecurity€provides€an€acceptable€level€of€risk€for€the€AIS€and€the€data€contained€in€it.€ConsiderationsÏinclude:€1)€all€hardware€and/or€software€functions,€characteristics,€and/or€features;€2)€operationalÏprocedures,€accountability€procedures,€and€access€controls€at€all€computer€facilities€in€the€AIS;€Ï3)€management€constraints;€4)€physical€structures€and€devices;€and€5)€personnel€andÏcommunications€controls.Ð    (#(#  ÐÌòòApplicationóóñ ›%ññš%ñÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñÐ   	 u$l &   Ðà0     àA€software€organization€of€related€functions,€or€series€of€interdependent€or€closely€relatedÏprograms,€that€when€executed€accomplish€a€specified€objective€or€set€of€user€requirements.€ÏCustoms€applications€include:€Automated€Commercialñ ›%ññš%ñÔ%     C o m m e r c i a l      % Ôñš%ññ›%ñ€System€(ACS),€Automated€Export€SystemÏ(AES),€Treasury€Enforcement€Communication€Systems€(TECS),€and€Administrative€Systems€(AS).€Ï[USCS€5500„05]€€See€also:€€òòMajor€Applicationóóñ ›%ññš%ñÔ3  )   M a j o r   A p p l i c a t i o n     
3 ÔÔ'     A p p l i c a t i o n     Ö' Ôñš%ññ›%ñ,€òòProcessóó.Ð    ·(®$+ (#(#  Ðâ
    
 âÐ   	 •)Œ%,   ÐòòÔ&    Ôâ
    
 âApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñ€Owneróóñ ›%ññš%ñÔ3  )   A p p l i c a t i o n   O w n e r     Ö3 Ôñš%ññ›%ñÐ   	 	      Ðà0     àThe€official€who€has€the€responsibility€to€ensure€that€the€program€or€programs€which€make€up€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ€accomplish€the€specified€objective€or€set€of€user€requirements€established€for€thatÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ,€including€appropriate€security€safeguards.Ð    (#(#  Ðà0     àSee€also:òò€€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(AA)óó,òò€Process€Owneróóñ ›%ññš%ñÔ+  !   P r o c e s s   O w n e r     Ö+ Ôñš%ññ›%ñ.Ð    qh (#(#  ÐÔ'   	Ì¬  ÔÌòòAuditóóñ ›%ññš%ñÔ     A u d i t     Ö Ôñš%ññ›%ñÐ   	 )	    Ðà0     àTo€conduct€the€independent€review€and€examination€of€system€records€and€activities.Ð    (#(#  ÐÌòòAuditñ ›%ññš%ñÔ     A u d i t     Ö Ôñš%ññ›%ñ€trailóóÐ   	 ·®	   Ðà0     àA€set€of€records€that€collectively€provides€documentary€evidence€of€processing.€€It€is€used€to€aidÏin€tracing€from€original€transactions€forward€to€related€records€and€reportsñ ›%ññš%ñÔ     r e p o r t s       Ôñš%ññ›%ñ,€and/or€backwards€fromÏrecords€and€reportsñ ›%ññš%ñÔ     r e p o r t s       Ôñš%ññ›%ñ€to€their€component€source€transactions.Ð    (#(#  ÐÌòòAutomated€Commercialñ ›%ññš%ñÔ%     C o m m e r c i a l     1% Ôñš%ññ›%ñ€System€(ACS)óóÐ   	 ùð   Ðà0     àA€joint€public/private€data€processing€system€used€by€Customs€and€the€import€trade€communityñ ›%ññš%ñÔ/  %   t r a d e   c o m m u n i t y      / Ôñš%ññ›%ñÏto€process€millions€of€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l     1% Ôñš%ññ›%ñ€cargo€shipments€entering€U.S.€commerce€each€year.Ð    (#(#  ÐÌòò€Automatic€Data€Processing€(ADP)óóÐ   	 aX   Ðà0     àThe€assembly€of€computer€hardware,€firmware,€and€software€used€to€categorize,€sort,€calculate,Ïcompute,€summarize,€store,€retrieve,€control,€process,€and/or€protect€data€with€a€minimum€ofÏhuman€intervention.€€ADP€systems€can€include,€but€are€not€limited€to,€process€control€computers,Ïembedded€computer€systems€that€perform€general€purpose€computing€functions,€supercomputers,Ïpersonal€computers,€intelligent€terminals,€offices€automation€systems€(which€includes€standaloneÏmicroprocessors,€memory€typewriters,€and€terminal€connected€to€mainframes),€firmware,€andÏother€implementations€of€AIS€technologies€as€may€be€developed:€they€also€include€applications€andÏoperating€system€software.€€See€also:€òòAutomated€Information€System€(AIS)óó.Ð    1( (#(#  ÐÌòòAutomated€Export€System€(AES)óóÐ   	 éà   Ðà0     àA€data€processing€system€used€by€Customs€to€provide€automatic€release€of€cargo€that€is€subject€toÏU.S.€export€regulatory€requirements,€collect€export€data€and€statistics€for€use€in€law€enforcement,Ïillegal€chemical€interdiction,€export€verification,€revenue€collection,€and€other€activities.Ð    (#(#  ÐÌòòAutomated€Information€System€(AIS)óóÐ   	 + "!   Ðà0     àAn€AIS€is€an€assembly€of€computer€hardware,€software,€and/or€firmware€configured€to€collect,Ïcreate,€communicate,€compute,€disseminate,€process,€store,€and/or€control€data€or€information.€ÏExamples€include:€information€storage€and€retrieval€systems,€mainframe€computers,Ïminicomputers,€personal€computers€and€workstations,€office€automation€systems,€automatedÏmessage€processing€systems€(AMPSs),€and€those€supercomputers€and€process€control€computersÏ(e.g.,€embedded€computer€systems)€that€perform€general€purpose€computing€functions.Ð    (#(#  Ðà0     à[TD€P€71„10]€Ð    (#(#  ÐÌòòÔ&   ÔAuthenticate/AuthenticationóóÐ   	 Õ'Ì#*   Ðà0     à1)à    `	 àThe€process€to€verify€the€identity€of€a€user,€device,€or€other€entity€in€a€computer€system,Ð   	 ¯(¦$+   Ðoften€as€a€prerequisite€to€allowing€access€to€resources€in€a€system.Ð    (#(#  Ðà0     à2)à    `	 àA€process€used€to€verify€that€the€origin€of€transmitted€data€is€correctly€identified,€withÐ   	 c*Z&-   Ðassurance€that€the€identity€is€not€false.€€To€establish€the€validity€of€a€claimed€identity.Ð    (#(#  ÐÔ'  Õ'õ»  ÔÌòòAuthenticated€useróóÐ   	 ñ,è(0   Ðà0     àA€user€who€has€accessed€an€AIS€with€a€valid€identifier€and€authentication€combination.Ð    Ë-Â)1 (#(#  Ð‡òòAuthorizationóóÐ   	 	      Ðà0     àThe€privileges€and€permissions€granted€to€an€individual€by€a€designated€official€to€access€or€useÏa€program,€process,€information,€or€system.€€These€privileges€are€based€on€the€individual'sÏapprovalñ ›%ññš%ñÔ!     a p p r o v a l     ! Ôñš%ññ›%ñ€and€need„to„know.Ð    (#(#  ÐÌòòÔ&  ö ÔAuthorized€PersonóóÐ   	 KB   Ðà0     àA€person€who€has€the€need„to„know€for€sensitive€information€in€the€performance€of€official€dutiesÏand€who€has€been€granted€authorized€access€at€the€required€level.€€The€responsibility€forÏdetermining€whether€a€prospective€recipient€is€an€authorized€person€rests€with€the€person€who€hasÏpossession,€knowledge,€or€control€of€the€sensitive€information€involved,€and€not€with€theÏprospective€recipient.Ð    (#(#  ÐÔ'  öK3À  ÔÌòòAvailabilityóóñ ›%ññš%ñÔ)     A v a i l a b i l i t y     &) Ôñš%ññ›%ñÐ   	 A8
   Ðà0     àThe€property€of€being€accessible€and€usable€upon€demand€by€an€authorized€entity.€€SecurityÏconstraints€must€make€AIS€services€available€to€authorized€users€and€unavailable€to€unauthorizedÏusers.Ð    (#(#  ÐÌÌÔ ‡o  &¨ÿ & & &ù´ ÔòòÔ ‡o  ‘  &o &¨ÿ ÔÓ   ÓBÔ# †  µ©  o ‘xÃ # ÔÔ# †  &ù´ &  µ©šÃ # ÔóóÐ   	 ]T   ÐÓ  ¹Ã  ÓÌÌòòBack„upóóÐ   	 áØ   Ðà0     àA€copy€of€a€program€or€data€file€for€the€purposes€of€protecting€against€loss€if€the€original€dataÏbecomes€unavailable.Ð    (#(#  ÐÌòòBack„up€OperationóóÐ   	 I@   Ðà0     àA€method€of€operations€to€complete€essential€tasks€as€identified€by€a€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     Ö+ Ôñš%ññ›%ñ.€€These€tasksÏwould€be€employed€following€a€disruption€of€the€AIS€and€continue€until€the€AIS€is€acceptablyÏrestored.€€See€also:€òòDisasterñ ›%ññš%ñÔ!     D i s a s t e r     s! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     s! Ôñš%ññ›%ñ,€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     ' Ôñš%ññ›%ñ€Operationsóó.Ð    ×Î (#(#  ÐÌòòBacteriaóóñ ›%ññš%ñÔ!     B a c t e r i a     y! Ôñš%ññ›%ñÐ   	 †   Ðà0     àA€malicious€computer€program€that€consumes€AIS€resources€by€replicating€itself.€€The€programÏdoes€not€explicitly€cause€damage€to€files€but€replicates€itself,€thereby€denying€normal€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     Ö) Ôñš%ññ›%ñÏof€AIS€resources.€€See€also:€òòVirusóóñ ›%ññš%ñÔ     V i r u s     i Ôñš%ññ›%ñ,òò€Wormñ ›%ññš%ñÔ     W o r m       Ôñš%ññ›%ñ,€Trojan€Horseñ ›%ññš%ñÔ)     T r o j a n   H o r s e     ) Ôñš%ññ›%ñ,€Malicious€Codeñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e      - Ôñš%ññ›%ñ,€Trap€Door.óóÐ    "! (#(#  ÐÌòòÔ&  B ÔBaudóóÐ   	 Õ#Ì#   Ðà0     àThe€signaling€rate€of€a€communications€device,€such€as€a€modem,€as€measured€by€the€changes€perÏsecond€of€an€event€(usually€an€electrical€or€optical€change).€€Using€encoding€the€bits„per„secondÏrate€can€be€multiples€of€the€Baud€rate.Ð    (#(#  ÐÔ'  BÕ#ðÉ  ÔÌòòBits„per„secondóóÐ   	 ($(   Ðà0     àThe€signaling€rate€of€a€communications€device,€such€as€a€modem,€measured€by€binary€digitsÏtransfers€per€second.€€Using€encoding,€bits„per„second€rate€can€be€multiples€of€the€Baud€rate.€Ð    (#(#  Ðà0     àSee€also:€€òòBAUDóó.Ð    ¥*œ&+ (#(#  ÐÌâ
    
 âÐ   	 ],T(-   ÐÔ&   Ôâ
    
 âà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡e  ‘   µ© ÔCóóÔ# †  µ©  e ‘üÌ # ÔÔ# †  &ù´ &  µ©ÝÌ # ÔˆÐ   	 	      ÐÌÌòòC2óóñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñÐ   	 „   Ðà0     àA€level€of€security€safeguard€criteria.€€See€also:€òòControlled€Access€Protection,€TCSECóóñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñ.Ð    g	^ (#(#  ÐÔ'  	žÌ  ÔÌòòCA„TOP€SECRETððóóÐ   	    Ðà0     àA€computer€system€security€program€marketed€by€Computer€Associates€InternationalÏCorporationðð.€€Originally€labeled€under€the€trade€mark€of€TOP„SECRETð)ð€it€was€renamed€CA„¼TOP€SECRETðð€to€avoid€confusion€with€the€DoD€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n      - Ôñš%ññ›%ñ.€Ð    (#(#  ÐÌòòCapstoneóóÐ   	 aX   Ðà0     àThe€U.S.€Governmentððs€long„term€project€to€develop€a€set€of€standards€for€publicly„availableÏcryptography,€as€authorized€€by€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     Ö; Ôñš%ññ›%ñ€of€1987.€The€Capstone€cryptographicÏsystem€will€consist€of€four€major€components€and€be€contained€on€a€single€integrated€circuitÏmicrochip€that€provides€non„DoD€data€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     u% Ôñš%ññ›%ñ€for€Sensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     `E Ôñš%ññ›%ñ€information.€€ItÏimplements€the€Skipjackñ ›%ññš%ñÔ!     S k i p j a c k     B! Ôñš%ññ›%ñ€algorithm.Ð    (#(#  Ðà0     àSee€also:€òòClipperóó,€òòFortezzaóó,€òòSensitive€But€Unclassifiedóóñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     1E Ôñš%ññ›%ñ,€òòMISSIóóñ ›%ññš%ñÔ     M I S S I     Ö Ôñš%ññ›%ñ.Ð    }t (#(#  ÐÌòòCategory€IóóÐ   	 5,   Ðà0     à"Consists€of€Federal€departments€and€agencies€expected€to€play€a€major€role€in€establishing€broadÏpolicy€parameters,€participating€in€setting€national€priorities,€and€defining€and€implementingÏstrategies€for€response€to€national€security€emergencies.€€Departments€and€agencies€in€this€categoryÏhave€uninterruptible€functions€which€are€vital€to€the€national€security,€immediate€survival,€andÏcontinuity€of€government."€(Reference:€TD€P€71„10,€V.1.I.2.a,€Attachment€Section€1,€10/01/92).€Ð    (#(#  Ðà0     àNote:€€The€Customs€Service€is€designated€Category€I.Ð    (#(#  ÐÌòòCertificationóóñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñÐ   	 ü   Ðà0     àThe€comprehensive€analysis€of€the€technical€and€nontechnical€features,€and€other€safeguards,€toÏestablish€the€extent€to€which€a€particular€AIS€meets€a€set€of€specified€security€requirements.€ÏCertificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€is€part€of€the€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€process€and€carries€with€it€an€implicit€mandate€forÏaccreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ.€€See€also:€òòAccreditationóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ.Ð    m d (#(#  ÐÌòòÔ&  ´ ÔChannelóóÐ   	 %"!   Ðà0     àAn€information€transfer€path€within€a€system€or€the€mechanism€by€which€the€path€is€affected.Ô'  ´%"wÙ  ÔÐ    (#(#  ÐÌòòCICSð)ð€(Customer€Information€Control€System)óóÐ   	 ³$ª $   Ðà0     àAn€IBMðð€program€product€for€the€management€of€on„line€communications€between€terminal€usersÏand€a€data€baseñ ›%ññš%ñÔ#     d a t a   b a s e     :# Ôñš%ññ›%ñ.Ð    (#(#  ÐÌòòCipheróóÐ   	 ($(   Ðà0     àAn€algorithm€for€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€or€decryption.€€A€cipher€replaces€a€piece€of€information€(an€elementÏof€plain€text)€with€another€object,€with€the€intent€to€conceal€meaning.€€Typically,€the€replacementÏrule€is€governed€by€a€secret€key.€€See€also:€òòEncryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ,€Decryptionóó.Ð    ©* &+ (#(#  Ðâ
    
 âÐ   	 ‡+~',   ÐòòÔ&  Ô Ôâ
    
 âClassificationóóñ ›%ññš%ñÔ-  #   C l a s s i f i c a t i o n      - Ôñš%ññ›%ñÐ   	 	      Ðà0     àA€systematic€arrangement€of€information€in€groups€or€categories€according€to€established€criteria.€ÏIn€the€interest€of€national€security€it€is€determined€that€the€information€requires€a€specific€degreeÏof€protection€against€unauthorized€disclosure€together€with€a€designation€signifying€that€such€aÏdetermination€has€been€made.€€The€established€categories€are€Top€Secret,€Secret,€and€Confidential,Ïas€specified€in€E.O.€12958,€4/17/95.€€For€details€on€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d      % Ôñš%ññ›%ñ€information€handling€processesÏreference:€CIS€HB€1400„03,€1991.€€See€also:€€òòLimited€Official€Useóó.Ð    %	 (#(#  ÐÔ'  Ô	7Ý  ÔÌòòÔ&    ÔClearñ ›%ññš%ñÔ     C l e a r     Ö Ôñš%ññ›%ñ€or€clearingñ ›%ññš%ñÔ!     c l e a r i n g      ! Ôñš%ññ›%ñ€(AIS€Storage€Media)óóÐ   	 Ý
Ô   Ðà0     àThe€removal€of€sensitive€data€from€AIS€storage€and€other€peripheral€devices€with€storage€capacity,Ïat€the€end€of€a€period€of€processing.€€It€includes€data€removal€in€such€a€way€that€assures,Ïproportional€to€data€sensitivity,€it€may€not€be€reconstructed€using€normal€system€capabilities,€i.e.,Ïthrough€the€keyboard.€€See€also:€òòRemanenceñ ›%ññš%ñÔ#     R e m a n e n c e     :# Ôñš%ññ›%ñ,€Object€Reuseóóñ ›%ññš%ñÔ)     O b j e c t   R e u s e     ) ÔÔ     R e u s e     Ö Ôñš%ññ›%ñ.Ð    E<
 (#(#  ÐÔ'   Ý
dà  ÔÌòòClipperóóÐ   	 ýô   Ðà0     àClipper€is€an€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€chip€developed€and€sponsored€by€the€U.S.€government€as€part€of€theÏCapstone€project.€€Announced€by€the€White€House€in€April,€1993,€Clipper€was€designed€to€balanceÏcompeting€concerns€of€Federal€law„enforcement€agencies€and€private€citizens€by€using€escrowedÏencryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€keys.€€See€also:€òòCapstone,€Fortezza,€MISSIñ ›%ññš%ñÔ     M I S S I     Ö Ôñš%ññ›%ñ,€Skipjackñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.óóÐ    e\ (#(#  ÐÌòòCommercialñ ›%ññš%ñÔ%     C o m m e r c i a l     1% Ôñš%ññ›%ñ„Off„The„Shelf€(COTSóóñ ›%ññš%ñÔ     C O T S      Ôñš%ññ›%ñ)Ð   	    Ðà0     àProducts€that€are€commercially€available€and€can€be€utilized€as€generally€marketed€by€theÏmanufacturer.€€Ð    (#(#  ÐÌòòCompromiseóóÐ   	 ‰€   Ðà0     àThe€disclosure€of€sensitive€information€to€persons€not€authorized€access€or€having€a€need„to„know.Ð    (#(#  ÐÌòòCOMSECñ ›%ññš%ñÔ     C O M S E C       Ôñš%ññ›%ñ€(Communication€security)óóÐ   	    Ðà0     àMeasures€and€controls€that€deny€unauthorized€persons€access€to,€and€ensure€the€authenticity€of,Ïsensitive€(or€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     1% Ôñš%ññ›%ñ)€information€derived€from€telecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ.€€For€details€on€applyingÏCOMSECñ ›%ññš%ñÔ     C O M S E C     u Ôñš%ññ›%ñ€to€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     a% Ôñš%ññ›%ñ€information€reference:€CIS€HB€1400„03,€1991.Ð    (#(#  ÐÌòòComputer€Fraud€and€Abuse€Act€of€1986óóÐ   	 YP    Ðà0     àThis€law€makes€it€a€crime€to€knowingly€gain€access€to€a€Federal€Government€computer€withoutÏauthorization€and€to€affect€its€operation.€€[18€USC€1030]€€See€also:€òòFederal€GovernmentÐ   	 !"   ÐComputeróó.Ð    ë!â# (#(#  ÐÌòòComputer€SecurityóóÐ   	 £#š%   Ðà0     àTechnological€and€managerial€procedures€applied€to€AIS€to€ensure€the€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     &) Ôñš%ññ›%ñ,€integrity,€andÏconfidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y      / Ôñš%ññ›%ñ€of€information€managed€by€the€AIS.€€See€also:€òòInformation€System€Securityóó.Ð    W%N!' (#(#  ÐÌòòComputer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     Ö; Ôñš%ññ›%ñ€of€1987óóÐ   	 '#)   Ðà0     àThe€law€provides€for€improving€the€security€and€privacy€of€sensitive€information€in€"federalÏcomputer€systems"„„"a€computer€system€operated€by€a€Federal€agency€or€other€organization€thatÏprocesses€information€(using€a€computer€system)€on€behalf€of€the€Federal€Government€toÏaccomplish€a€Federal€function."€€[PL€100„235]€€See€also:€òòFederal€Government€Computeróó.Ð    w*n&- (#(#  Ðâ
    
 âÐ   	 U+L'.   ÐòòÔ&  F Ôâ
    
 âConfidentialóóÐ   	 	      Ðà0     àA€security€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n      - Ôñš%ññ›%ñ€for€information€relevant€to€national€security.€€For€details€on€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     o% Ôñš%ññ›%ñÏinformation€handling€processes€reference:€CIS€HB€1400„03,€1991;€E.O.€12958,€4/17/95.Ð    (#(#  Ðà0     àSee€also:€òòLimited€Official€Useóó.Ð    —Ž (#(#  ÐÔ'  F	8ï  ÔÌòòConfidentialityóóñ ›%ññš%ñÔ/  %   C o n f i d e n t i a l i t y      / Ôñš%ññ›%ñÐ   	 OF   Ðà0     àThe€condition€when€designated€information€collected€for€approved€purposes€is€not€disseminatedÏbeyond€a€community€of€authorized€knowers.€€It€is€distinguished€from€secrecy,€which€results€fromÏthe€intentional€concealment€or€withholding€of€information.€€[OTA„TCT„606]Ð    (#(#  ÐÌà0     àConfidentialityñ ›%ññš%ñÔ/  %   C o n f i d e n t i a l i t y      / Ôñš%ññ›%ñ€refers€to:€1)€how€data€will€be€maintained€and€used€by€the€organization€that€collectedÏit;€2)€what€further€uses€will€be€made€of€it;€and€3)€when€individuals€will€be€required€to€consent€toÏsuch€uses.€€It€includes€the€protection€of€data€from€passive€attacks€and€requires€that€the€informationÏ(in€an€AIS€or€transmitted)€be€accessible€only€for€reading€by€authorized€parties.€€Access€can€includeÏprinting,€displaying,€and€other€forms€of€disclosure,€including€simply€revealing€the€existence€of€anÏobject.Ð    (#(#  ÐÌòòConfiguration€Managementñ ›%ññš%ñÔA  7   C o n f i g u r a t i o n   M a n a g e m e n t     NA Ôñš%ññ›%ñ€(CM)óóÐ   	 ‡~   Ðà0     àThe€management€of€changes€made€to€an€AIS€hardware,€software,€firmware,€documentation,€tests,Ïtest€fixtures,€test€documentation,€communications€interfaces,€operating€procedures,€installationÏstructures,€and€all€changes€thereto€throughout€the€development€and€operational€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     :% Ôñš%ññ›%ñ€of€theÏAIS.€€[NCSC„TG„006]Ð    (#(#  ÐÌòòContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     Ö' Ôñš%ññ›%ñ€Planóóñ ›%ññš%ñÔ1  '   C o n t i n g e n c y   P l a n     	1 Ôñš%ññ›%ñÐ   	 £š   Ðà0     àThe€documented€organized€process€for€implementing€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y      # Ôñš%ññ›%ñ€response,€back„up€operations,€andÏpost„disasterñ ›%ññš%ñÔ!     d i s a s t e r      ! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y      ! Ôñš%ññ›%ñ,€maintained€for€an€AIS€as€part€of€its€security€program,€to€ensure€theÏavailabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     ) Ôñš%ññ›%ñ€of€critical€assets€(resources)€and€facilitate€the€continuity€of€operationsñ ›%ññš%ñÔA  7   c o n t i n u i t y   o f   o p e r a t i o n s     8A Ôñš%ññ›%ñ€in€an€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y     o# Ôñš%ññ›%ñ.€Ð    (#(#  Ðà0     àSee€also:€òòDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ,€Emergencyñ ›%ññš%ñÔ#     E m e r g e n c y     o# Ôñš%ññ›%ñ€Planóó.Ð     (#(#  ÐÌÔ&  F ÔòòContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     ' Ôñš%ññ›%ñ€PlaningóóÐ   	 Ãº   Ðà0     àThe€process€of€preparing€a€documented€organized€approach€for€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y      # Ôñš%ññ›%ñ€response,€back„upÏoperations,€and€post„disasterñ ›%ññš%ñÔ!     d i s a s t e r      ! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y      ! Ôñš%ññ›%ñ€that€will€ensure€the€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     ) Ôñš%ññ›%ñ€of€critical€AIS€resources€andÏfacilitate€the€continuity€of€AIS€operations€in€an€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y     y# Ôñš%ññ›%ñ.Ð    (#(#  Ðà0     àSee€also:€òòContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Planñ ›%ññš%ñÔ1  '   C o n t i n g e n c y   P l a n     Ö1 Ôñš%ññ›%ñ,€Disasterñ ›%ññš%ñÔ!     D i s a s t e r     y! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     y! Ôñš%ññ›%ñ,€Emergencyñ ›%ññš%ñÔ#     E m e r g e n c y      # Ôñš%ññ›%ñ€Planóó,Ô'  FÃ¡û  ÔÐ    + "! (#(#  ÐÌòòControlled€Access€Protection€(C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ)óóÐ   	 ã!Ú#   Ðà0     àA€category€of€safeguard€criteria€as€defined€in€the€Trusted€Computer€Security€Evaluation€CriteriaÏ(TCSECñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñ).€€It€includes€identification€and€authentication,€accountability,€auditing,€object€reuseñ ›%ññš%ñÔ)     o b j e c t   r e u s e     ) ÔÔ     r e u s e     r Ôñš%ññ›%ñ,€andÏspecific€access€restrictions€to€data.€€This€is€the€minimum€level€of€control€for€SBUñ ›%ññš%ñÔ     S B U       Ôñš%ññ›%ñ€information.Ï(Reference:€TD€P€71„10,€VI,€4.B.1).€€See€also:€òòTCSECñ ›%ññš%ñÔ     T C S E C     r Ôñš%ññ›%ñ,€Appendix€Eóó€(this€document).Ð    K%B!' (#(#  ÐÌòòConventional€Encryptionóóñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñÐ   	 'ú")   Ðà0     àA€form€of€cryptosystem€in€which€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€and€decryption€are€performed€using€the€same€key.Ð    (#(#  Ðà0     àSee€also:€òòSymmetric€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ.óóÐ    ·(®$+ (#(#  ÐÌòòCOTSóóñ ›%ññš%ñÔ     C O T S     t Ôñš%ññ›%ñÐ   	 o*f&-   Ðà0     àSee:€€òòCommercialñ ›%ññš%ñÔ%     C o m m e r c i a l     1% Ôñš%ññ›%ñ„Off„The„Shelfóó.Ð    I+@'. (#(#  Ðâ
    
 âÐ   	 ',(/   ÐòòÔ&  ’ Ôâ
    
 âCountermeasuresóóÐ   	 	      Ðà0     àSee:€òòSecurity€SafeguardsóóÐ    ãÚ  (#(#  ÐÔ'  ’	  ÔÌòòCrackeróóÐ   	 ›’   Ðà0     àSee:€òòHackeróó.Ð    ul (#(#  ÐÌòòCritical€AssetsóóÐ   	 -	$   Ðà0     àThose€assets€which€provide€direct€support€to€the€organization's€ability€to€sustain€its€mission.€ÏAssets€are€critical€if€their€absence€or€unavailability€would€significantly€degrade€the€ability€of€theÏorganization€to€carry€out€its€mission,€and€when€the€time€that€the€organization€can€function€withoutÏthe€asset€is€less€than€the€time€needed€to€replace€the€asset.Ð    (#(#  ÐÌòòÔ&  l ÔCritical€processingóóÐ   	 I@
   Ðà0     àAny€applications€which€are€so€important€to€an€organization€that€little€or€no€loss€of€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     &) Ôñš%ññ›%ñ€isÏacceptable;€critical€processing€must€be€defined€carefully€during€disasterñ ›%ññš%ñÔ!     d i s a s t e r     t! Ôñš%ññ›%ñ€and€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y      ' Ôñš%ññ›%ñ€planning.€ÏSee€also:€òòCritical€AssetsÔ'  lI3  ÔóóÐ    ×Î (#(#  ÐÌòòCryptanalysisóóÐ   	 †   Ðà0     àThe€branch€of€cryptology€dealing€with€the€breaking€of€a€cipher€to€recover€information,€or€forgingÏencrypted€information€what€will€be€accepted€as€authentic.Ð    (#(#  ÐÌòòCryptographyóóÐ   	 ÷î   Ðà0     àThe€branch€of€cryptology€dealing€with€the€design€of€algorithms€for€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€and€decryption,Ïintended€to€ensure€the€secrecy€and/or€authenticity€of€messages.Ð    (#(#  ÐÌòòÔ&  ´ ÔCryptologyóóÐ   	 _V   Ðà0     àThe€study€of€secure€communications,€which€encompasses€both€cryptography€and€cryptanalysis.Ô'  ´_J  ÔÐ    (#(#  ÐÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡f  ‘   µ© ÔDóóÔ# †  µ©  f ‘R # ÔÔ# †  &ù´ &  µ©3 # ÔˆÐ   	 Ç¾   ÐÌÌòòDAAóóÐ   	 K!B    Ðà0     àSee:€òòDesignated€Approving€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ,€PAAñ ›%ññš%ñÔ     P A A     r Ôñš%ññ›%ñ,€AAóó.Ð    %"! (#(#  ÐÌòòDACóóÐ   	 Ý#Ô#   Ðà0     àSee:€òòDiscretionary€Access€Controlñ ›%ññš%ñÔI  ?   D i s c r e t i o n a r y   A c c e s s   C o n t r o l     &I Ôñš%ññ›%ñ,€C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ,€TCSECóóñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñ.Ð    ·$® $ (#(#  ÐÌòòDASD€(Direct€Access€Storage€Device)óóÐ   	 o&f"&   Ðà0     àA€physical€electromagnetic€data€storage€unit€used€in€larger€computers.€€Usually€these€consist€ofÏcylindrical€stacked€multi„unit€assemblies€which€have€large€capacity€storage€capabilities.Ð    (#(#  ÐÌòòDataóóÐ   	 ×)Î%*   Ðà0     àA€representation€of€facts,€concepts,€information,€or€instructions€suitable€for€communication,Ïinterpretation,€or€processing.€€It€is€used€as€a€plural€noun€meaning€ððfacts€or€informationðð€as€in:ÏòòThese€data€are€described€fully€in€the€appendixóó,€or€as€a€singular€mass€noun€meaning€ððinformationððÐ   	 e,\(-   Ðas€in:òò€The€data€is€entered€into€the€computeróó.€€[òòRandom€House€Websterððs€College€Dictionaryóó,€1994]Ð    A-8). (#(#  Ð‡òòData€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ€Standardñ ›%ññš%ñÔA  7   D a t a   E n c r y p t i o n   S t a n d a r d     2A Ôñš%ññ›%ñ€(DES)óóÐ   	 	      Ðà0     àData€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     i% Ôñš%ññ›%ñ€Standardñ ›%ññš%ñÔA  7   D a t a   E n c r y p t i o n   S t a n d a r d     NA Ôñš%ññ›%ñ€is€an€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     i% Ôñš%ññ›%ñ€block€cipher€defined€and€endorsed€by€the€U.S.Ïgovernment€in€1977€as€an€official€standard€(FIPS€PUB€59).€€Developed€by€IBMðð,€it€has€beenÏextensively€studied€for€over€15€years€and€is€the€most€well„know€and€widely€used€cryptosystem€inÏthe€world.€€See€also:€òòCapstone,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    qh (#(#  ÐÌòòData€integrityóóÐ   	 )	    Ðà0     àThe€state€that€exists€when€computerized€data€are€the€same€as€those€that€are€in€the€source€documentsÏand€have€not€been€exposed€to€accidental€or€malicious€alterations€or€destruction.€€It€requires€thatÏthe€AIS€assets€and€transmitted€information€be€capable€of€modification€only€by€authorized€parties.€ÏModification€includes€writing,€changing,€changing€status,€deleting,€creating,€and€the€delaying€orÏreplaying€of€transmitted€messages.€€See€also:€òòIntegrity,€System€integrityóó.Ð    kb	 (#(#  ÐÌòòDecipheringóóÐ   	 #   Ðà0     àThe€translation€of€encrypted€text€or€data€(called€ciphertext)€into€original€text€or€data€(calledÏplaintext).€€See€also:€òòDecryptionóó.Ð    ×Î (#(#  ÐÌòòDecryptionóóÐ   	 †   Ðà0     àThe€translation€of€encrypted€text€or€data€(called€ciphertext)€into€original€text€or€data€(calledÏplaintext).€€See€also:€òòDecipheringóó.Ð    C: (#(#  ÐÌòòDedicated€Security€Modeóóñ ›%ññš%ñÔ?  5   D e d i c a t e d   S e c u r i t y   M o d e     ,? ÔÔ+  !   S e c u r i t y   M o d e     8+ Ôñš%ññ›%ñÐ   	 ûò   Ðà0     àAn€operational€method€when€each€user€with€direct€or€indirect€individual€access€to€a€computerÏsystem,€its€peripherals,€and€remote€terminals€or€hosts€has€a€valid€personnel€security€authorizationÏand€a€valid€need„to„know€for€all€information€contained€within€the€system.Ð    (#(#  Ðà0     àSee€also:€òòSystem€High€Security€Modeóóñ ›%ññš%ñÔC  9   S y s t e m   H i g h   S e c u r i t y   M o d e     ÖC ÔÔ+  !   S e c u r i t y   M o d e     8+ Ôñš%ññ›%ñ.Ð    cZ (#(#  Ðà0     àÐ    (#(#  ÐòòDesignated€Approving€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(DAA)óóÐ   	    Ðà0     àThe€official€who€has€the€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     :# Ôñš%ññ›%ñ€to€decide€to€accept€the€security€safeguards€prescribed€for€an€AISÏor€the€official€who€may€be€responsible€for€issuing€an€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€statement€that€records€theÏdecision€to€accept€those€safeguards.€€See€also:€€òòAccrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ,€AA,€DAA,€PAAóóñ ›%ññš%ñÔ     P A A      Ôñš%ññ›%ñ.Ð    ©  (#(#  ÐÌòòDESóóÐ   	 aX    Ðà0     àSee:€òòData€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ€Standardóóñ ›%ññš%ñÔA  7   D a t a   E n c r y p t i o n   S t a n d a r d      A Ôñš%ññ›%ñÐ    ; 2! (#(#  Ðà0     àSee€also:€òòCapstone,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    !" (#(#  ÐÌòòDedicated€SystemóóÐ   	 Ñ"È$   Ðà0     àA€system€that€is€specifically€and€exclusively€dedicated€to€and€controlled€for€a€specific€mission,Ïeither€for€full€time€operation€or€a€specified€period€of€time.€€See€also:€òòDedicated€Security€Modeóóñ ›%ññš%ñÔ?  5   D e d i c a t e d   S e c u r i t y   M o d e     ? ÔÔ+  !   S e c u r i t y   M o d e     8+ Ôñš%ññ›%ñ.Ð    …$| & (#(#  ÐÌòòDenial€of€ServiceóóÐ   	 =&4"(   Ðà0     àThe€prevention€of€authorized€access€to€resources€or€the€delaying€of€time„critical€operations.€€RefersÏto€the€inability€of€an€AIS€system€or€any€essential€part€to€perform€its€designated€mission,€either€byÏloss€of,€or€degradation€of€operational€capability.Ð    (#(#  Ðâ
    
 âÐ   	 ¥)œ%,   ÐòòÔ&    Ôâ
    
 âDepartment€of€Defense€(DOD)€Trusted€Computer€System€Evaluation€Criteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñÐ   	 	      Ðà0     àThe€National€Computer€Security€Center€(NCSC)€criteria€intended€for€use€in€the€design€andÏevaluation€of€systems€that€will€process€and/or€store€sensitive€(or€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     :% Ôñš%ññ›%ñ)€data.€€This€documentÏcontains€a€uniform€set€of€basic€requirements€and€evaluation€classes€used€for€assessing€the€degreesÏof€assurance€in€the€effectiveness€of€hardware€and€software€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€built€in€the€design€andÏevaluation€of€AIS.€€[5200.28„STD]€€See€also:€òòC2ñ ›%ññš%ñÔ     C 2     r Ôñš%ññ›%ñ,€Orange€Bookñ ›%ññš%ñÔ'     O r a n g e   B o o k     ' Ôñš%ññ›%ñ,€TCSECóóñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñ.Ô'   	1$  ÔÐ    KB (#(#  ÐÌòòDesignated€Security€OfficeróóÐ   	 
ú   Ðà0     àThe€person€responsible€to€the€DAA€for€ensuring€that€security€is€provided€for€and€implementedÏthroughout€the€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     1% Ôñš%ññ›%ñ€of€an€AIS€from€the€beginning€of€the€system€concept€development€phaseÏthrough€its€design,€development,€operations,€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ,€and€disposal.€€[NCSC„TG„027]€Ð    (#(#  Ðà0     àSee€also:òò€DSOóó,€òòISSOóó.Ð    kb	 (#(#  ÐÌòòDigital€Signature€StandardóóÐ   	 #   Ðà0     àDSS€is€the€Digital€Signature€Standard,€which€specifies€a€Digital€Signature€Algorithm€(DSA),€andÏis€part€of€the€U.S.€governmentððs€Capstone€project.€€It€was€selected€by€NIST€and€NSA€to€be€theÏdigital€authentication€standard€of€the€U.S.€government,€but€has€not€yet€been€officially€adopted.Ð    (#(#  Ðà0     àSee€also:€òòCapstone,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    ‹‚ (#(#  ÐÌòòÔ&  l ÔDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ€PlanóóÐ   	 C:   Ðà0     àThe€procedures€to€be€followed€should€a€disasterñ ›%ññš%ñÔ!     d i s a s t e r      ! Ôñš%ññ›%ñ€(fire,€flood,€etc.)€occur.€€Disasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€recoveryñ ›%ññš%ñÔ!     r e c o v e r y      ! Ôñš%ññ›%ñ€plansÏmay€cover€the€computer€center€and€other€aspects€of€normal€organizational€functioning.€Ð    (#(#  Ðà0     àSee€also:€òòContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     ' Ôñš%ññ›%ñ€Planóóñ ›%ññš%ñÔ1  '   C o n t i n g e n c y   P l a n     Ö1 Ôñš%ññ›%ñ,€òòEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y      # Ôñš%ññ›%ñ€Planóó.Ô'  lC|,  ÔÐ    ÑÈ (#(#  ÐÌòòDiscretionary€Access€Controlñ ›%ññš%ñÔI  ?   D i s c r e t i o n a r y   A c c e s s   C o n t r o l     &I Ôñš%ññ›%ñ€(DAC)óóÐ   	 ‰€   Ðà0     àA€means€of€restricting€access€to€objects€based€on€the€identity€of€subjects€and/or€groups€to€whichÏthey€belong€or€on€the€possession€of€an€authorization€granting€access€to€those€objects.€€The€controlsÏare€discretionary€in€the€sense€that€a€subject€with€a€certain€access€permission€is€capable€of€passingÏthat€permission€(perhaps€indirectly)€onto€any€other€subject.€€[NCSC„TG„003]Ð    (#(#  ÐÌòòDiscretionary€processingóóÐ   	 ¥œ   Ðà0     àAny€computer€work€that€can€withstand€interruption€resulting€from€some€disasterñ ›%ññš%ñÔ!     d i s a s t e r      ! Ôñš%ññ›%ñ.Ð    (#(#  ÐÌòòDoDóóÐ   	 3 *!   Ðà0     àU.S.€Department€of€Defense.Ð    (#(#  ÐÌòòDoD€Directive€5200.28„STDóóÐ   	 Á"¸$   Ðà0     àThe€1988€DoD€policy€establishing€uniform€security€requirements,€administrative€controls,€andÏtechnical€measures€to€protect€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     1% Ôñš%ññ›%ñ€information€processed€by€DoD€computer€systems.Ð    (#(#  Ðà0     àSee€also:€òòC2ñ ›%ññš%ñÔ     C 2     s Ôñš%ññ›%ñ,€TCSECñ ›%ññš%ñÔ     T C S E C     i Ôñš%ññ›%ñ,€Orange€Bookóóñ ›%ññš%ñÔ'     O r a n g e   B o o k     ' Ôñš%ññ›%ñ.Ð    O%F!' (#(#  ÐÌòòDSOóóÐ   	 'þ")   Ðà0     àSee:€òòDesignated€Security€OfficeróóÐ    á'Ø#* (#(#  Ðà0     àSee€also:€òòISSOóóÐ    ¿(¶$+ (#(#  ÐÌòòDSSóóÐ   	 w*n&-   Ðà0     àSee:€òòDigital€Signature€Standard,€Capstone,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    Q+H'. (#(#  Ðâ
    
 âÐ   	 /,&(/   Ðà0     àà@    $$* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡g  ‘   µ© ÔEóóÔ# †  µ©  g ‘<7 # ÔÔ# †  &ù´ &  µ©7 # ÔˆÐ   	 	      Ðâ
    
 âÌÌòòEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y      # Ôñš%ññ›%ñ€ResponseóóÐ   	 „   Ðà0     àA€response€to€emergencies€such€as€fire,€flood,€civil€commotion,€natural€disasters,€bomb€threats,Ïetc.,€in€order€to€protect€lives,€limit€the€damage€to€property€and€the€impact€on€AIS€operations.Ð    (#(#  ÐÌòòEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y      # Ôñš%ññ›%ñ€Operating€RecordsóóÐ   	 õì   Ðà0     àRecords€which€are€vital€to€the€continuation€of€essential€functions€of€the€Department€and€itsÏoperating€units€and€should€be€safeguarded.€€Such€records€are€those€that€would€be€required€on€anÏimmediate€basis€to€support€the€implementation€of€the€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y     :# Ôñš%ññ›%ñ€operations€of€the€Department€toÏensure€the€continuity€of€the€Federal€government.€€(Reference:€TD€P€71„10,€V.1.III.2.a,€1992).Ð    (#(#  Ðà0     àSee€also:€òòVital€Recordsñ ›%ññš%ñÔ+  !   V i t a l   R e c o r d s     8+ Ôñš%ññ›%ñ€and€Rights€and€Interests€Recordsóó.Ð    7. (#(#  ÐÌòòEmanationsóóÐ   	 ïæ   Ðà0     àSee:€òòTEMPESTóóñ ›%ññš%ñÔ     T E M P E S T     , Ôñš%ññ›%ñ.Ð    ÉÀ (#(#  ÐÌòòÔ&  ’ ÔEncipheringóóÐ   	 x   Ðà0     àThe€conversion€of€plaintext€or€data€into€unintelligible€form€by€mean€of€a€reversible€translation€thatÏis€based€on€a€translation€table€or€algorithm.€€See€also:€òòEncryptionóóñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ.Ô'  ’“<  ÔÐ    5, (#(#  ÐÌòòÔ&  ’ ÔEncryptionóóñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñÐ   	 íä   Ðà0     àThe€conversion€of€plaintext€or€data€into€unintelligible€form€by€mean€of€a€reversible€translation€thatÏis€based€on€a€translation€table€or€algorithm.€€See€also:€òòEncipheringóó,€òòMISSIóóñ ›%ññš%ñÔ     M I S S I     i Ôñš%ññ›%ñ.Ô'  ’íí=  ÔÐ    ¡˜ (#(#  ÐÌòòEntityóóÐ   	 YP   Ðà0     àSomething€that€exists€as€independent,€distinct€or€self„contained.€€For€programs,€it€may€be€anythingÏthat€can€be€described€using€data,€such€as€an€employee,€product,€or€invoice.€€Data€associated€withÏan€entity€are€called€attributes.€€A€product's€price,€weight,€quantities€in€stock,€and€description€allÏconstitute€attributes.€€It€is€often€used€in€describing€distinct€business€organizations€or€governmentÏagencies.Ð    (#(#  ÐÌòòEnvironmentóóÐ   	 O!F    Ðà0     àThe€aggregate€of€external€circumstance,€conditions,€and€events€that€affect€the€development,Ïoperation,€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     ' Ôñš%ññ›%ñ€of€a€system.€€Environment€is€often€used€with€qualifiers€such€asÏcomputing€environment,€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ€environment,€or€threat€environment,€which€limit€the€scopeÏbeing€considered.Ð    (#(#  ÐÌòòEvaluationóóÐ   	 k&b"&   Ðà0     àEvaluation€is€the€assessment€for€conformance€with€a€preestablished€metric,€criteria,€or€standard.Ð    (#(#  ÐÌòòEvaluated€Products€Listñ ›%ññš%ñÔ?  5   E v a l u a t e d   P r o d u c t s   L i s t     ,? Ôñš%ññ›%ñ€(EPLñ ›%ññš%ñÔ     E P L      Ôñš%ññ›%ñ)óóÐ   	 ù(ð$)   Ðà0     àThe€òòInformation€Systems€Security€Products€and€Services€Catalogóó,€published€quarterly€by€NSA.€Ð   	 Ó)Ê%*   ÐContains€information€systems€security€products€and€services€that€have€been€evaluated€by€theÏNational€Computer€Security€Center€(NCSC)€and€approved€by€the€NSA€to€assist€in€the€selection€ofÏproducts€that€will€provide€an€appropriate€level€of€information€security.€See€also:€òòTrusted€Productóó.Ð    a,X(- (#(#  Ðà0     àÐ    ?-6). (#(#  Ð‡à0     àà@    55* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡k  ‘   µ© ÔFóóÔ# †  µ©  k ‘ÞF # ÔÔ# †  &ù´ &  µ©¿F # ÔˆÐ   	 	      ÐÌÌòòFederal€Government€Computeróó.Ð   	 „   Ðà0     àA€Federal€government€computer€is€any€computer€used€by€the€United€States€government€and/orÏFederally„insured€financial€institutions.€€[18€USC€1030]Ð    (#(#  Ðà0     àSee€also:€€òòComputer€Fraud€and€Abuse€Act€of€1986óó.Ð     (#(#  ÐÌòòFirewallóóÐ   	 ×Î   Ðà0     àA€collection€of€components€or€a€system€that€is€placed€between€two€networksñ ›%ññš%ñÔ!     n e t w o r k s      ! Ôñš%ññ›%ñ€and€possesses€theÏfollowing€properties:€1)€all€traffic€from€inside€to€outside,€and€vice„versus,€must€pass€through€it;Ï2)€only€authorized€traffic,€as€defined€by€the€local€security€policy,€is€allowed€to€pass€through€it;€3)Ïthe€system€itself€is€immune€to€penetration.€€[CHES94]Ð    (#(#  ÐÌòòFirmwareóóÐ   	 óê   Ðà0     àEquipment€or€devices€within€which€computer€programming€instructions€necessary€to€theÏperformance€of€the€deviceððs€discrete€functions€are€electrically€embedded€in€such€a€manner€that€theyÏcannot€be€electrically€altered€during€normal€device€operations.€€[NCSC„TG„006]Ð    (#(#  ÐÌòòFortezzaóóÐ   	 5,   Ðà0     àSee:€òòFortezza€Crypto€CardóóÐ     (#(#  ÐÌòòFortezza€Crypto€CardóóÐ   	 Ç¾   Ðà0     àA€credit€card€size€data€security€device€containing€MISSIñ ›%ññš%ñÔ     M I S S I     Ö Ôñš%ññ›%ñ€Phase€1€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€algorithms,€keyÏmaterial€and€user€related€information.€€This€device€is€based€on€a€Personal€Computer€Memory€CardÏInterface€Association€(PCMCIA)€card€which€has€been€built€to€perform€the€cryptographic€featuresÏrequired€by€the€MISSIñ ›%ññš%ñÔ     M I S S I       Ôñš%ññ›%ñ€Phase€1€program€(data€hashing,€signing,€encrypting€and€decrypting).€€ThisÏcard€was€formerly€known€as€the€ð ðTessera€Crypto€Card.ðð€€[MISSI]€Ð    (#(#  Ðà0     àSee€also:€€òòCapstone,€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ,€MISSIñ ›%ññš%ñÔ     M I S S I     i Ôñš%ññ›%ñ,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    ãÚ (#(#  ÐÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡l  ‘   µ© ÔGóóÔ# †  µ©  l ‘EP # ÔÔ# †  &ù´ &  µ©&P # ÔˆÐ   	 u l   ÐÌÌòòGatewayóóÐ   	 ù$ð "   Ðà0     àA€machine€or€set€of€machines€that€provides€relay€services€between€two€networksñ ›%ññš%ñÔ!     n e t w o r k s      ! Ôñš%ññ›%ñ.Ð    (#(#  ÐÌòòGeneral€Support€Systemóóñ ›%ññš%ñÔ=  3   G e n e r a l   S u p p o r t   S y s t e m      = Ôñš%ññ›%ñÐ   	 ‡'~#%   Ðà0     àAn€interconnected€set€of€information€resources€under€the€same€direct€management€control€whichÏshares€common€functionality.€€A€system€normally€includes€hardware,€software,€information,€data,Ïapplications,€communications,€and€people.€€A€system€can€be,€for€example,€a€local€area€networkÏ(LAN)€including€smart€terminals€that€support€a€branch€office,€an€agency„wide€backbone,€aÏcommunications€network,€a€departmental€data€processing€center€including€its€operating€system€andÏutilities,€a€tactical€radio€network,€or€a€shared€information€processing€service€organization€(IPSO).Ð    (#(#  Ðà0     à[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     Ö Ôñš%ññ›%ñ,€AIII]Ð    }-t), (#(#  Ð‡ÌÔ&   	 Ôà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡p  ‘   µ© ÔHÔ# †  µ©  p ‘0U # ÔÔ# †  &ù´ &  µ©U # ÔóóˆÐ   	 ãÚ    ÐÌÌòòHackóóÐ   	 g	^   Ðà0     àAny€software€in€which€a€significant€portion€of€the€code€was€originally€another€program.€€ManyÏhacked€programs€simply€have€the€copyrightñ ›%ññš%ñÔ#     c o p y r i g h t     ˆ# Ôñš%ññ›%ñ€notice€removed.€€Some€hacks€are€done€byÏprogrammers€using€code€they€have€previously€written€that€serves€as€a€boilerplate€for€a€set€ofÏoperations€needed€in€the€program€they€are€currently€working€on.€€In€other€cases€it€simply€meansÏa€draft.Ô'   	ãÜT  Ô€€Commonly€misused€to€imply€theft€of€software.€€See€also:€òòHackeróóÐ    © 		 (#(#  ÐÌòòHackeróóÐ   	 aX   Ðà0     àCommon€nickname€for€an€unauthorized€person€who€breaks€into€or€attempts€to€break€into€an€AISÏby€circumventing€software€security€safeguards.€€Also,€commonly€called€a€ð ðcracker.ððÐ    (#(#  Ðà0     àSee€also:€òòIntruderóó,€òòHackóó.Ð    ïæ (#(#  ÐÌÌòòà@    xx* ì àÔ ‡  µ©  & &ù´ ÔIóóÔ# †  &ù´ &  µ©aY # ÔˆÐ   	 x   ÐÌÌòòInformation€SecurityóóÐ   	 ü   Ðà0     àThe€protection€of€information€systems€against€unauthorized€access€to€or€modification€ofÏinformation,€whether€in€storage,€processing€or€transit,€and€against€the€denial€of€service€toÏauthorized€users€or€the€provision€of€service€to€unauthorized€users,€including€those€measuresÏnecessary€to€detect,€document,€and€counter€such€threats.Ð    (#(#  ÐÌòòInformation€Systems€Security€(INFOSEC)óóÐ   	 !   Ðà0     àThe€protection€of€information€assets€from€unauthorized€access€to€or€modification€of€information,Ïwhether€in€storage,€processing,€or€transit,€and€against€the€denial€of€service€to€authorized€users€orÏthe€provision€of€service€to€unauthorized€users,€including€those€measures€necessary€to€detect,Ïdocument,€and€counter€such€threats.€€INFOSEC€reflects€the€concept€of€the€totality€of€AIS€security.€Ð    (#(#  Ðà0     àSee€also:€òòComputer€Security.óóÐ    c"Z (#(#  ÐÌòòIdentificationóóÐ   	 $ !   Ðà0     àThe€process€that€enables€recognition€of€an€entity€by€a€system,€generally€by€the€use€of€uniqueÏmachine„readable€user€names.Ð    (#(#  ÐÌòòInformation€System€Security€Officer€(ISSO)óóÐ   	 ƒ'z#%   Ðà0     àThe€person€responsible€to€the€DAA€for€ensuring€that€security€is€provided€for€and€implementedÏthroughout€the€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     1% Ôñš%ññ›%ñ€of€an€AIS€from€the€beginning€of€the€system€concept€development€phaseÏthrough€its€design,€development,€operations,€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     Ö' Ôñš%ññ›%ñ,€and€disposal.€€[NCSC„TG„027]Ð    (#(#  Ðà0     àSee€also:òò€DSOóó,€òòDesignated€Security€OfficerÐ    ë*â&) (#(#  Ðâ
    
 âóóÐ   	 É+À'*   ÐòòÔ&  Ø Ôâ
    
 âIntegrityóóÐ   	 	      Ðà0     àA€subgoal€of€computer€security€which€ensures€that:€1)€data€is€a€proper€representation€ofÏinformation;€2)€data€retains€its€original€level€of€accuracy;€3)€data€remains€in€a€sound,€unimpaired,Ïor€perfect€condition;€3)€the€AIS€perform€correct€€processing€operations;€and€4)€the€computerizedÏdata€faithfully€represent€those€in€the€source€documents€and€have€not€been€exposed€to€accidental€orÏmalicious€alteration€or€destruction.€€[NCSC€C€TR€79„91]€€See€also:€òòData€integrity,€SystemÐ   	 KB   Ðintegrityóó.Ð    )	  (#(#  ÐÔ'  Ø	Í`  ÔÌòòInterconnected€SystemóóÐ   	 á
Ø   Ðà0     àAn€approach€in€which€the€network€is€treated€as€an€interconnection€of€separately€created,€managed,Ïand€accredited€AIS.Ð    (#(#  ÐÌòòInternetóóñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñÐ   	 I@
   Ðà0     àA€world„wide€ð ðnetwork€of€networksðð€that€uses€Transmission€Control€Protocol/Internetñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñ€ProtocolÏ(TCP/IP)€for€communications.€€[WACK]Ð    (#(#  ÐÌòòIntruderóóÐ   	 ±¨   Ðà0     àAn€individual€who€gains,€or€attempts€to€gain,€unauthorized€access€to€a€computer€system€or€to€gainÏunauthorized€privileges€on€that€system.€€See€also:€òòHackeróóÐ    e\ (#(#  ÐÌòòISSOóóÐ   	    Ðà0     àSee:€òòInformation€System€Security€Officeróó,€òò€DSOóó,€òòDesignated€Security€Officeróó.Ð    ÷î (#(#  ÐÌÌà0     àà@    VV* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡s  ‘   µ© ÔJóóÔ# †  µ©  s ‘hg # ÔÔ# †  &ù´ &  µ©Ig # ÔˆÐ   	 ‰€   ÐÌÌà@    nn" ì àNONE€AT€THIS€TIMEˆÌÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡t  ‘   µ© ÔKóóÔ# †  µ©  t ‘Xh # ÔÔ# †  &ù´ &  µ©9h # ÔˆÐ   	 ›’   ÐÌÌòòKey€Distributionñ ›%ññš%ñÔ)     D i s t r i b u t i o n     ) Ôñš%ññ›%ñ€CenteróóÐ   	 $ !   Ðà0     àA€system€that€is€authorized€to€transmit€temporary€session€keys€to€principals€(authorized€users).€ÏEach€session€key€is€transmitted€in€encrypted€form,€using€a€master€key€that€the€key€distributionñ ›%ññš%ñÔ)     d i s t r i b u t i o n     ) Ôñš%ññ›%ñÏshares€with€the€target€principal.€€See€also:€òòDSS,€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ,€Kerberosóó.Ð    ­&¤"$ (#(#  ÐÌòòKerberosóóÐ   	 e(\$&   Ðà0     àKerberos€is€a€secret„key€network€authentication€system€developed€by€MIT€and€uses€DES€forÏencryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€and€authentication.€€Unlike€a€public„key€authentication€system,€it€does€not€produceÏdigital€signatures.€€Kerberos€was€designed€to€authenticate€requests€for€network€resources€ratherÏthan€to€authenticate€authorship€of€documents.€€See€also:€òòDSSóó.Ð    Í+Ä'* (#(#  ÐÌÐ   	 …-|),   Ðà0     àà@    $$* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡u  ‘   µ© ÔLóóÔ# †  µ©  u ‘:m # ÔÔ# †  &ù´ &  µ©m # ÔˆÐ   	 	      ÐÌÌòòLabelóóÐ   	 „   Ðà0     àThe€marking€of€an€item€of€information€that€reflects€its€information€security€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n     V- Ôñš%ññ›%ñ.€€AnÏinternal€label€is€the€marking€of€an€item€of€information€that€reflects€the€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n     V- Ôñš%ññ›%ñ€of€that€itemÏwithin€the€confines€of€the€medium€containing€the€information.€€An€external€label€is€a€visible€orÏreadable€marking€on€the€outside€of€the€medium€or€its€cover€that€reflects€the€security€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n     V- Ôñš%ññ›%ñÏinformation€resident€within€that€particular€medium.€€See€also:€òòConfidential,€Limited€Official€Useóó.Ð    ÏÆ (#(#  ÐÌòòLAN€(Local€Area€Network)óóÐ   	 ‡~

   Ðà0     àAn€interconnected€system€of€computers€and€peripherals.€€LAN€users€can€share€data€stored€on€hardÏdisks€in€the€network€and€can€share€printers€connected€to€the€network.Ð    (#(#  ÐÌòòLeast€Privilegeóóñ ›%ññš%ñÔ/  %   L e a s t   P r i v i l e g e      / Ôñš%ññ›%ñÐ   	 ïæ   Ðà0     àThe€principle€that€requires€each€subject€be€granted€the€most€restrictive€set€of€privileges€needed€forÏthe€performance€of€authorized€tasks.€€The€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€of€this€principle€limits€the€damage€that€canÏresult€from€accident,€error,€or€unauthorized€use.€€[5200.28„STD]Ð    (#(#  ÐÌòòÔ&  l ÔLimited€Official€Use€(LOU)óóÐ   	 1(   Ðà0     àA€category€of€SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ€information€that€must€be€protected€in€the€same€manner€as€national€securityÏinformation€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     1% Ôñš%ññ›%ñ€Confidential.€(Reference:€TD€P€71„10,€III.2;€CIS€HB€1400„03).Ð    (#(#  Ðà0     àSee€also:€òòSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     @E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ)óó,€òòConfidentialóó.Ô'  l1“s  ÔÐ    ¿¶ (#(#  ÐÌÌà0     àà@    ÑÑ* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡v  ‘   µ© ÔMÔ# †  µ©  v ‘Zv # ÔÔ# †  &ù´ &  µ©;v # ÔóóˆÐ   	 QH   ÐÌÌòòMalicious€Codeóóñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e     - Ôñš%ññ›%ñÐ   	 ÕÌ   Ðà0     àSoftware€or€firmware€that€is€intentionally€included€in€an€AIS€for€an€unauthorized€purpose.Ð    (#(#  Ðà0     àSee€also:€òòBacteriaóóñ ›%ññš%ñÔ!     B a c t e r i a      ! Ôñš%ññ›%ñ,€òòTrapdooróó,€òòTrojan€Horseóóñ ›%ññš%ñÔ)     T r o j a n   H o r s e     ) Ôñš%ññ›%ñ,€òòVirusóóñ ›%ññš%ñÔ     V i r u s     Ö Ôñš%ññ›%ñ,€òòWormóóñ ›%ññš%ñÔ     W o r m       Ôñš%ññ›%ñ.Ð    ‰!€ (#(#  ÐÌòòMajor€Applicationóóñ ›%ññš%ñÔ3  )   M a j o r   A p p l i c a t i o n     3 ÔÔ'     A p p l i c a t i o n     Ö' Ôñš%ññ›%ñÐ   	 A#8    Ðà0     àAn€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€that€requires€special€attention€to€security€due€to€the€risk€and€magnitude€of€the€harmÏresulting€from€the€loss,€misuse,€or€unauthorized€access€to€or€modification€of€the€information€in€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ.€€Note:€All€Federal€applications€require€some€level€of€protection.€€Certain€applications,€Ïbecause€of€the€sensitive€information€in€them,€however,€require€special€management€oversightñ ›%ññš%ñÔ#     o v e r s i g h t      # Ôñš%ññ›%ñ€andÏshould€be€treated€as€major.€€Adequate€securityñ ›%ññš%ñÔ3  )   A d e q u a t e   s e c u r i t y      3 Ôñš%ññ›%ñ€for€other€applications€should€be€provided€byÏsecurity€of€the€systems€in€which€they€operate.€€[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     e Ôñš%ññ›%ñ,AIII]€€See€also:€òòApplicationóóñ ›%ññš%ñÔ'     A p p l i c a t i o n     r' Ôñš%ññ›%ñ,€òòProcessóó.Ð    ](T$& (#(#  Ðà0     àÐ    (#(#  ÐòòMicroprocessoróóÐ   	 *&(   Ðà0     àA€semiconductor€central€processing€unit€contained€on€a€single€integrated€circuit€chip.Ð    (#(#  Ðâ
    
 âÐ   	 É+À'*   ÐòòÔ&  ú Ôâ
    
 âMISSIóóñ ›%ññš%ñÔ     M I S S I      Ôñš%ññ›%ñÐ   	 	      Ðà0     àThe€MISSIñ ›%ññš%ñÔ     M I S S I      Ôñš%ññ›%ñ€is€a€National€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y     1A Ôñš%ññ›%ñ€(NSA)€program€which€provides€value€added€securityÏservices€for€Unclassified€But€Sensitive€(SBUñ ›%ññš%ñÔ     S B U     n Ôñš%ññ›%ñ)€information.€€These€services€provided€confidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y      / Ôñš%ññ›%ñÏthrough€data€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     i% Ôñš%ññ›%ñ€and€decryption,€original€authentication€through€public€key€digitalÏsignatures,€non„repudiation€(undeniable€proof€of€identity)€of€the€originator€and€recipient,€also€byÏpublic€key€digital€signatures€on€the€message€and€receipts€respectively,€and€data€integrity€throughÏa€secure€hashing€algorithm.€€[MISSI]€€See€also:€€òòCapstone,€Fortezza,€Crypto€CardÔ'  ú	v~  ÔóóÐ    %	 (#(#  ÐÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡w  ‘   µ© ÔNóóÔ# †  µ©  w ‘Á‚ # ÔÔ# †  &ù´ &  µ©¢‚ # ÔˆÐ   	 ·®	   ÐÌÌòòNational€Computer€Security€Centeróó€(NCSC)Ð   	 ;2   Ðà0     àThe€government€agency€part€of€the€National€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y      A Ôñš%ññ›%ñ€(NSA)€and€that€produces€technicalÏreference€materials€relating€to€a€wide€variety€of€computer€security€areas.€€It€is€located€at€9800ÏSavage€Rd.,€Ft.€George€G.€Meade,€MD.Ð    (#(#  ÐÌòòNational€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ€and€Information€Systems€Security€PolicyóóÐ   	 x   Ðà0     àDirects€Federal€agencies,€by€July€15,€1992,€to€provide€automated€Controlled€Access€ProtectionÏ(C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ€level)€for€AIS,€when€all€users€do€not€have€the€same€authorization€to€use€the€sensitiveÏinformation.€€[NTISSP€200]Ð    (#(#  ÐÌòòÔ&  B ÔNeed„to„KnowóóÐ   	 Ãº   Ðà0     àA€determination€by€the€owner€of€sensitive€information€that€a€prospective€recipient€has€aÏrequirement€for€access€to,€knowledge€of,€or€possession€of€the€information€in€order€to€perform€tasksÏor€services€essential€to€carry€out€official€duties.Ð    (#(#  ÐÔ'  BÃ«†  ÔÌòòÔ&  h ÔNetworkóóÐ   	 ü   Ðà0     àA€communications€medium€and€all€components€attached€to€that€medium€whose€responsibility€is€theÏtransference€of€information.€€Such€components€may€include€AISs,€packet€switches,Ïtelecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s     ,5 Ôñš%ññ›%ñ€controllers,€key€distributionñ ›%ññš%ñÔ)     d i s t r i b u t i o n     i) Ôñš%ññ›%ñ€centers,€and€technical€control€devices.Ô'  hˆ  ÔÐ    (#(#  ÐÌòòNetwork€SecurityóóÐ   	 G!>    Ðà0     àProtection€of€networksñ ›%ññš%ñÔ!     n e t w o r k s      ! Ôñš%ññ›%ñ€and€their€services€from€unauthorized€modification,€destruction,€orÏdisclosure,€and€the€provision€of€assurance€that€the€network€performs€its€critical€functions€correctlyÏand€there€are€no€harmful€side„effects.Ð    (#(#  ÐÌòòNISTóóÐ   	 ‰%€!%   Ðà0     àNational€Institute€of€Standards€and€Technology€in€Gaithersburg,€MD.€€(Prior€to€1988,€called€theÏNational€Bureau€of€Standards).€€NIST€publishes€a€wide€variety€of€materials€on€computer€security,Ïincluding€FIPS€publications.Ð    (#(#  ÐÌòòNon„RepudiationóóÐ   	 Ë)Â%*   Ðà0     àMethod€by€which€the€sender€is€provided€with€proof€of€delivery€and€the€recipient€is€assured€of€theÏsenderððs€identity,€so€that€neither€can€later€deny€having€processed€the€data.Ð    (#(#  Ðâ
    
 âÐ   	 Y,P(-   ÐòòÔ&  Ž Ôâ
    
 âNonvolatile€Memory€UnitsóóÐ   	 	      Ðà0     àDevices€which€continue€to€retain€their€contents€when€power€to€the€unit€is€turned€off€(e.g.€bubbleÏmemory,€Read€Only€Memory„ROM).Ô'  Ž	Ÿ  ÔÐ    (#(#  ÐÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡x  ‘   µ© ÔOóóÔ# †  µ©  x ‘åŽ # ÔÔ# †  &ù´ &  µ©ÆŽ # ÔˆÐ   	 KB   ÐÌÌòòObjectóóÐ   	 ÏÆ   Ðà0     àA€passive€entity€that€contains€or€receives€information.€€Access€to€an€object€potentially€impliesÏaccess€to€the€information€it€contains.€€Examples€of€objects€are€records,€blocks,€pages,€segments,Ïfiles,€directories,€directory€tree,€and€programs,€as€well€as€bits,€bytes,€words,€fields,€processors,Ïvideo€displays,€keyboards,€clocks,€printers,€network€nodes,€etc.Ð    (#(#  ÐÌòòObject€Reuseóóñ ›%ññš%ñÔ)     O b j e c t   R e u s e     &) ÔÔ     R e u s e     Ö Ôñš%ññ›%ñÐ   	 ëâ   Ðà0     àThe€reassignment€to€some€subject€of€a€medium€(e.g.,€page€frame,€disk€sector,€or€magnetic€tape)Ïthat€contained€one€or€more€objects.€€To€be€securely€reassigned,€no€residual€datañ ›%ññš%ñÔ+  !   r e s i d u a l   d a t a     8+ Ôñš%ññ›%ñ€from€previouslyÏcontained€object(s)€can€be€available€to€the€new€subject€through€standard€system€mechanisms.Ð    (#(#  Ðà0     à[NCSC„TG„025]€€See€also:€òòRemanenceóóñ ›%ññš%ñÔ#     R e m a n e n c e     t# Ôñš%ññ›%ñ.Ð    SJ (#(#  ÐÌòòOfficial€Use€OnlyóóÐ   	    Ðà0     àA€category€of€SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ€information€that€must€be€administratively€controlled€and€protected€at€a€securityÏlevel€at€least€equal€to€C2ñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ.€€(Reference:€TD€P€71„10,€III.2;€CIS€HB€1400„03,€1991).Ð    (#(#  Ðà0     àSee€also:€òòSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     @E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ),€C2óóñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ.Ð    ™ (#(#  ÐÌòòÔ&  ’ ÔOff„lineóóÐ   	 QH   Ðà0     àPertaining€to€the€operation€of€a€functional€unit€when€not€under€direct€control€of€a€computer.Ð    (#(#  Ðà0     àSee€also:€òòOn„lineóó.Ô'  ’Q–  ÔÐ    ü (#(#  ÐÌòòOn„lineóóÐ   	 ½´   Ðà0     àPertaining€to€the€operation€of€a€functional€unit€when€under€the€direct€control€of€a€computer.Ð    (#(#  Ðà0     àSee€also:€òòOff„lineóó.Ð    q h (#(#  ÐÌòòOrange€bookóóñ ›%ññš%ñÔ'     O r a n g e   b o o k     ' Ôñš%ññ›%ñÐ   	 )" !   Ðà0     àNamed€because€of€the€color€of€its€cover,€this€is€the€DoD€Trusted€Computer€System€EvaluationÏCriteriañ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ,€DoD€5200.28„STD.€€It€provides€the€information€needed€to€classify€computer€systems€asÏsecurity€levels€of€A,€B,€C,€or€D,€defining€the€degree€of€trust€that€may€be€placed€in€them.Ð    (#(#  Ðà0     àSee€also:€òòC2ñ ›%ññš%ñÔ     C 2     t Ôñš%ññ›%ñ,€TCSECóóñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñ.Ð    ‘%ˆ!% (#(#  ÐÌòòOverwrite€ProcedureóóÐ   	 I'@#'   Ðà0     àA€process€which€removes€or€destroys€data€recorded€on€a€computer€storage€medium€by€writingÏpatterns€of€data€over,€or€on€top€of,€the€data€stored€on€the€medium.Ð    (#(#  ÐÌâ
    
 âÐ   	 ±*¨&+   ÐÔ&  8 Ôâ
    
 âà0     àà@    55* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡y  ‘   µ© ÔPóóÔ# †  µ©  y ‘œ # ÔÔ# †  &ù´ &  µ©í› # ÔˆÐ   	 	      ÐÌÌòòPasswordóóñ ›%ññš%ñÔ!     P a s s w o r d      ! Ôñš%ññ›%ñÐ   	 „   Ðà0     àA€protected€and€private€character€string€used€to€authenticate€an€AIS€user.Ô'  8	®›  ÔÐ    (#(#  ÐÌòòPersonally„ownedñ ›%ññš%ñÔ1  '   P e r s o n a l l y „ o w n e d      1 Ôñš%ññ›%ñ€computers€or€softwareóóÐ   	    Ðà0     àð ðComputers€or€software€purchased€with€non„government€funds,€except€those€turned€over€forÏexclusive€U.S.€Government€control€and€use€and€where€the€hard„drive€will€be€properly€erased€whenÏthe€system€is€no€longer€in€U.S.€Government€use.ððÐ    (#(#  Ðà0     à(Reference:€TD€P€71„10,€Appendix€B.€€Definition€updated€11/24/95).Ð    (#(#  ÐÌòòPersonnel€SecurityóóÐ   	 7.   Ðà0     àThe€procedures€established€to€ensure€that€all€personnel€who€have€access€to€any€sensitiveÏinformation€have€all€required€authorities€or€appropriate€security€authorizations.Ð    (#(#  ÐÌòòPhysical€Securityóóñ ›%ññš%ñÔ3  )   P h y s i c a l   S e c u r i t y      3 Ôñš%ññ›%ñÐ   	 Ÿ–   Ðà0     àThe€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ€of€physical€barriers€and€control€procedures€as€preventative€measures€or€safeguardsÏagainst€threats€to€resources€and€information.Ð    (#(#  ÐÌòòPrincipal€Accrediting€Authorityñ ›%ññš%ñÔO  E   P r i n c i p a l   A c c r e d i t i n g   A u t h o r i t y     	O ÔÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(PAAñ ›%ññš%ñÔ     P A A     r Ôñš%ññ›%ñ)óóÐ   	 þ   Ðà0     àThe€official€who€has€the€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     :# Ôñš%ññ›%ñ€to€decide€on€accepting€the€security€safeguards€prescribed€for€anÏAIS€or€the€official€who€may€be€responsible€for€issuing€an€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     Ö+ Ôñš%ññ›%ñ€statement€that€records€theÏdecision€to€accept€those€safeguards.Ð    (#(#  Ðà0     àSee€also:€€òòAccrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(AA),€Designated€Approving€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(DAA)óó.Ð    of (#(#  ÐÌòòÔ&  ú ÔPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     ' Ôñš%ññ›%ñ€of€1974óóÐ   	 '   Ðà0     àA€US€law€permitting€citizens€to€examine€and€make€corrections€to€records€the€governmentÏmaintains.€€It€requires€that€Federal€agencies€adhere€to€certain€procedures€in€their€record€keepingÏand€interagency€information€transfers.€€Reference:€FIPS€Pub.€41,€05/30/75€(Implementing€theÏPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     Ö' Ôñš%ññ›%ñ€of€1975),€and€the€òòPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     Ö' Ôñš%ññ›%ñ€of€1974,€As€Amendedóó.€€[5€USC€552a.€PL€93„579]Ð    † (#(#  Ðà0     àSee€also:€òòSystem€of€Recordsóó.Ð    i ` (#(#  ÐÔ'  ú'%¥  ÔÌòòPrivate€Branch€Exchangeóóñ ›%ññš%ñÔ?  5   P r i v a t e   B r a n c h   E x c h a n g e     ,? Ôñš%ññ›%ñÐ   	 !"!   Ðà0     àPrivate€Branch€eXchangeñ ›%ññš%ñÔ?  5   P r i v a t e   B r a n c h   e X c h a n g e     ? Ôñš%ññ›%ñ€(PBXñ ›%ññš%ñÔ     P B X     t Ôñš%ññ›%ñ)€is€a€telephone€switch€providing€speech€connections€within€anÏorganization,€while€also€allowing€users€access€to€both€public€switches€and€private€network€facilitiesÏoutside€the€organization.€The€terms€PABX,€PBXñ ›%ññš%ñÔ     P B X     t Ôñš%ññ›%ñ,€and€PABX€are€used€interchangeably.Ð    (#(#  ÐÌòòProcessóóÐ   	 c&Z"&   Ðà0     àAn€organizational€assignment€of€responsibilities€for€an€associated€collection€of€activities€that€takesÏone€or€more€kinds€of€input€to€accomplish€a€specified€objective€that€creates€an€output€that€is€ofÏvalue.€€Customs€processes€include:€Passenger€Compliance,€Cargo€Compliance,€InformedÏCompliance,€Strategic€Trade,€Anti„smuggling,€Outbound€Process,€Intelligence€and€Investigations.€Ï[USCS€PPP]€€See€also:òò€Applicationóóñ ›%ññš%ñÔ'     A p p l i c a t i o n     h' Ôñš%ññ›%ñ.Ð    ¥*œ&+ (#(#  Ðâ
    
 âÐ   	 ƒ+z',   ÐòòÔ&  ú Ôâ
    
 âProcess€Owneróóñ ›%ññš%ñÔ+  !   P r o c e s s   O w n e r      + Ôñš%ññ›%ñÐ   	 	      Ðà0     àThe€official€who€defines€the€process€parameters€and€its€relationship€to€other€Customs€processes.€ÏThe€process€ownerñ ›%ññš%ñÔ+  !   p r o c e s s   o w n e r     8+ Ôñš%ññ›%ñ€has€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     e# Ôñš%ññ›%ñ€(AA)€to€decide€on€accepting€the€security€safeguardsÏprescribed€for€the€AIS€process€and€is€responsible€for€issuing€an€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€statement€that€recordsÏthe€decision€to€accept€those€safeguards.Ð    (#(#  Ðà0     àSee€also:òò€€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€(AA)óó,òò€Applicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     ' Ôñš%ññ›%ñ€Owneróóñ ›%ññš%ñÔ3  )   A p p l i c a t i o n   O w n e r      3 Ôñš%ññ›%ñ.Ð    KB (#(#  ÐÔ'  ú	¿¬  ÔÌòòPublic€Law€100„235óóÐ   	 
ú   Ðà0     àEstablished€minimal€acceptable€standards€for€the€government€in€computer€security€and€informationÏprivacy.€€See€also:€òòComputer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     1; Ôñš%ññ›%ñ€of€1987óó.Ð    ·®	 (#(#  ÐÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡z  ‘   µ© ÔQÔ# †  µ©  z ‘(² # ÔÔ# †  &ù´ &  µ©	² # ÔóóˆÐ   	 I@
   ÐÌÌà@    nn" ì àNONE€AT€THIS€TIMEˆÌÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡{  ‘   µ© ÔRóóÔ# †  µ©  { ‘³ # ÔÔ# †  &ù´ &  µ©ù² # ÔˆÐ   	 [R   ÐÌÌòòRainbow€SeriesóóÐ   	 ßÖ   Ðà0     àA€series€of€documents€published€by€the€National€Computer€Security€Center€(NCSC)€to€discuss€inÏdetail€the€features€of€the€DoD,€òòTrusted€Computer€System€Evaluation€Criteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ€(TCSECñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñ)€and€provideÐ   	 “Š   Ðguidance€for€meeting€each€requirement.€€The€name€"rainbow"€is€a€nickname€because€eachÏdocument€has€a€different€color€of€cover.€€See€also:€òòNCSCóó.Ð    G> (#(#  ÐÌòòReadóóÐ   	 ÿö   Ðà0     àA€fundamental€operations€that€results€only€in€the€flow€of€information€from€an€object€to€a€subject.Ð    (#(#  ÐÌòòRecoveryóóñ ›%ññš%ñÔ!     R e c o v e r y     m! Ôñš%ññ›%ñÐ   	 !„   Ðà0     àThe€process€of€restoring€an€AIS€facilityñ ›%ññš%ñÔ!     f a c i l i t y     m! Ôñš%ññ›%ñ€and€related€assets,€damaged€files,€or€equipment€so€as€toÏbe€useful€again€after€a€major€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y     )# Ôñš%ññ›%ñ€which€resulted€in€significant€curtailing€of€normal€ADPÏoperations.€€See€also:€òòDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryóóñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ.Ð    $ ! (#(#  ÐÌòòÔ&    ÔRemanenceóóñ ›%ññš%ñÔ#     R e m a n e n c e     )# Ôñš%ññ›%ñÐ   	 Ó%Ê!#   Ðà0     àThe€residual€information€that€remains€on€storage€media€after€erasure.€€For€discussion€purposes,Ïit€is€better€to€characterize€magnetic€remanenceñ ›%ññš%ñÔ#     r e m a n e n c e     )# Ôñš%ññ›%ñ€as€the€magnetic€representation€of€residualÏinformation€that€remains€on€magnetic€media€after€the€media€has€been€erased.€The€magnetic€fluxÏthat€remains€in€a€magnetic€circuit€after€an€applied€magnetomotive€force€has€been€removed.Ð    (#(#  Ðà0     à[òòRandom€House€Websterððs€College€Dictionaryóó,€1994;€NCSC„TG„025]€€See€also:€òòObject€Reuseóóñ ›%ññš%ñÔ)     O b j e c t   R e u s e     Ù) ÔÔ     R e u s e     Ö Ôñš%ññ›%ñ.Ô'   Ó%÷¸  ÔÐ    *&( (#(#  ÐÌòòResidual€Riskóóñ ›%ññš%ñÔ+  !   R e s i d u a l   R i s k     Ö+ Ôñš%ññ›%ñÐ   	 Í+Ä'*   Ðà0     àThe€part€of€risk€remaining€after€security€measures€have€been€implemented.Ð    (#(#  ÐÐ   	 -x),   ÐòòÔ&  l ÔRights€and€Interests€RecordsóóÐ   	 	      Ðà0     à"Records€that€are€necessary€for€the€preservation€of€the€rights€and€interests€of€individual€citizensÏand€the€Federal€government."€€(Reference:€TD€P€71„10,€V.1.III.2.b,€1992).Ð    (#(#  Ðà0     àSee€also:€òòEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y     :# Ôñš%ññ›%ñ€Operating€Recordsóó,€òòVital€Recordsóóñ ›%ññš%ñÔ+  !   V i t a l   R e c o r d s     Ö+ Ôñš%ññ›%ñ.Ô'  l	½  ÔÐ    —Ž (#(#  ÐÌòòRisk€Analysisóóñ ›%ññš%ñÔ+  !   R i s k   A n a l y s i s     Ö+ Ôñš%ññ›%ñÐ   	 OF   Ðà0     àThe€process€of€identifying€security€risks,€determining€their€magnitude,€and€identifying€areasÏneeding€safeguards.€€An€analysis€of€an€organizationððs€information€resources,€its€existing€controls,Ïand€its€remaining€organizational€and€AIS€vulnerabilities.€€It€combines€the€loss€potential€for€eachÏresource€or€combination€of€resources€with€an€estimated€rate€of€occurrence€to€establish€a€potentialÏlevel€of€damage€in€dollars€or€other€assets.€€[TD85-03]€€See€also:€òòRisk€Assessmentñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t      / Ôñš%ññ›%ñ,€RiskÐ   	 ‘ˆ
   ÐManagementóóñ ›%ññš%ñÔ/  %   R i s k   M a n a g e m e n t     / Ôñš%ññ›%ñ.Ð    of	 (#(#  ÐÌòòRisk€Assessmentóóñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t     / Ôñš%ññ›%ñÐ   	 '   Ðà0     àProcess€of€analyzing€threats€to€and€vulnerabilities€of€an€AIS€to€determine€the€risks€(potential€forÏlosses),€and€using€the€analysis€as€a€basis€for€identifying€appropriate€and€cost„effective€measures.Ï[TD85-03]€€See€also:€òòRisk€€Analysis,€Risk€Managementóóñ ›%ññš%ñÔ/  %   R i s k   M a n a g e m e n t     / Ôñš%ññ›%ñ.Ð    µ¬ (#(#  ÐÌà0     àNote:€Risk€analysisñ ›%ññš%ñÔ+  !   R i s k   a n a l y s i s     Ö+ Ôñš%ññ›%ñ€is€a€part€of€risk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t     / Ôñš%ññ›%ñ,€which€is€used€to€minimize€risk€by€specifyingÏsecurity€measures€commensurate€with€the€relative€values€of€the€resources€to€be€protected,€theÏvulnerabilities€of€those€resources,€and€the€identified€threats€against€them.€€The€method€should€beÏapplied€iteratively€during€the€system€life„cycleñ ›%ññš%ñÔ%     l i f e „ c y c l e     e% Ôñš%ññ›%ñ.€€When€applied€during€the€implementation€phaseÏor€to€an€operational€system,€it€can€verify€the€effectiveness€of€existing€safeguards€and€identify€areasÏin€which€additional€measures€are€needed€to€achieve€the€desired€level€of€security.€€There€areÏnumerous€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s      + Ôñš%ññ›%ñ€methodologies€and€some€automated€tools€available€to€support€them.Ð    (#(#  ÐÌòòRisk€Managementóóñ ›%ññš%ñÔ/  %   R i s k   M a n a g e m e n t      / Ôñš%ññ›%ñÐ   	 =4   Ðà0     àThe€total€process€of€identifying,€measuring,€controlling,€and€eliminating€or€minimizing€uncertainÏevents€that€may€affect€system€resources.€€Risk€managementñ ›%ññš%ñÔ/  %   R i s k   m a n a g e m e n t     / Ôñš%ññ›%ñ€encompasses€the€entire€system€life„¼cycles€and€has€a€direct€impact€on€system€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     6+ Ôñš%ññ›%ñ.€€It€may€include€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     6+ Ôñš%ññ›%ñ,€cost/benefitÏanalysis,€safeguard€selection,€security€test€and€evaluation,€safeguard€implementation,€and€systemÏreview.€€[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     a Ôñš%ññ›%ñ,AIII;€TD85-03]€€See€also:€òòRisk€Analysisñ ›%ññš%ñÔ+  !   R i s k   A n a l y s i s     6+ Ôñš%ññ›%ñ,€Risk€Assessmentóóñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t     / Ôñš%ññ›%ñÐ    v (#(#  ÐÌòòROMóóÐ   	 7 .!   Ðà0     àRead€Only€Memory.€€See€also:€òòNonvolatile€Memory€Unitsóó.Ð    !" (#(#  ÐÌòòRSAóóÐ   	 É"À$   Ðà0     àA€public„key€cryptosystem€for€both€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€and€authentication€based€on€exponentiation€inÏmodular€arithmetic.€The€algorithm€was€invented€in€1977€by€Rivest,€Shamir,€and€Adelman€and€isÏgenerally€accepted€as€practical€or€secure€for€public„key€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ.Ð    (#(#  Ðà0     àSee€also:€òòDES,€Capstone,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    1&("( (#(#  ÐÌâ
    
 âÐ   	 é'à#*   ÐÔ&  Æ Ôâ
    
 âà0     àà@    EE* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡|  ‘   µ© ÔSóóÔ# †  µ©  | ‘ÿÎ # ÔÔ# †  &ù´ &  µ©àÎ # ÔˆÐ   	 	      ÐÌÌòòSafeguardsóóÐ   	 „   Ðà0     àCountermeasures,€specifications,€or€controls,€consisting€of€actions€taken€to€decrease€theÏorganizations€existing€degree€of€vulnerability€to€a€given€threat€probability,€that€the€threat€willÏoccur.Ð    (#(#  ÐÔ'  Æ	¡Î  ÔÌòòSecurity€IncidentóóÐ   	 ÏÆ   Ðà0     àAn€AIS€security€incident€is€any€event€and/or€condition€that€has€the€potential€to€impact€the€securityÏand/or€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ€of€an€AIS€and€may€result€from€intentional€or€unintentional€actions.Ð    (#(#  Ðà0     àSee€also:€òòSecurity€Violationóó.Ð    ]T (#(#  ÐÌòòSecurity€PolicyóóÐ   	    Ðà0     àThe€set€of€laws,€rules,€directives,€and€practices€that€regulate€how€an€organization€manages,Ïprotects,€and€distributes€controlled€information.Ð    (#(#  ÐÌòòSecurity€RequirementsóóÐ   	 }t   Ðà0     àTypes€and€levels€of€protection€necessary€for€equipment,€data,€information,€applications,€andÏfacilities€to€meet€security€policies.Ð    (#(#  ÐÌòòSecurity€Safeguards€(countermeasures)óóÐ   	 åÜ   Ðà0     àThe€protective€measures€and€controls€that€are€prescribed€to€meet€the€security€requirementsÏspecified€for€a€system.€€Those€safeguards€may€include,€but€are€not€necessarily€limited€to:€hardwareÏand€software€security€features;€operating€procedures;€accountability€procedures;€access€andÏdistributionñ ›%ññš%ñÔ)     d i s t r i b u t i o n     &) Ôñš%ññ›%ñ€controls;€management€constraints;€personnel€security;€and€physical€structures,€areas,Ïand€devices.€€Also€called€safeguards€or€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ.Ð    (#(#  ÐÌòòSecurity€SpecificationsóóÐ   	 ÛÒ   Ðà0     àA€detailed€description€of€the€security€safeguards€required€to€protect€a€system.Ð    (#(#  ÐÌòòSecurity€ViolationóóÐ   	 i `   Ðà0     àAn€event€which€may€result€in€disclosure€of€sensitive€information€to€unauthorized€individuals,€orÏthat€results€in€unauthorized€modification€or€destruction€of€system€data,€loss€of€computer€systemÏprocessing€capability,€or€loss€or€theft€of€any€computer€system€resources.€€See€also:€òòSecurityÐ   	 ÷"î"   ÐIncidentóó.Ð    Õ#Ì# (#(#  ÐÌòòSensitive€InformationóóÐ   	 %„!%   Ðà0     àA€category€of€unclassified€Government€controlled€information.Ð    (#(#  Ðà0     àSee€also:€òòSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     @E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ),€Limited€Official€Use,€Confidentialóó.Ð    A'8#' (#(#  ÐÌòòSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     1E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ)€InformationóóÐ   	 ù(ð$)   Ðà0     àð ðAny€information,€the€loss,€misuse,€or€unauthorized€access€to€or€modification€of€which€couldÏadversely€affect€the€national€interest€or€the€conduct€of€Federal€programs,€or€the€privacy€to€whichÏindividuals€are€entitled€under€5€USC€552a€(Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     ' Ôñš%ññ›%ñ),€but€which€has€not€been€specificallyÏauthorized€under€criteria€established€by€an€Executive€orderñ ›%ññš%ñÔ/  %   E x e c u t i v e   o r d e r     / Ôñš%ññ›%ñ€or€an€Act€of€Congress€to€be€kept€secretÏin€the€interest€of€national€defense€of€foreign€policy.€€This€definition€is€synonymous€with€ð ðòòsensitiveÐ   	 ;-2).   Ðinformationóóðð€as€defined€in€Public€Law€100.235,€ð ðThe€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     Ö; Ôñš%ññ›%ñ€of€1987,ðð€datedÐ   	 	      ÐJanuary€8,€1988.€€In€addition,€Treasury€SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ€information€also€includes€trade€secret€or€confidentialÏinformation€protected€by€Section€1905€of€Title€18,€USC€(Trade€Secret€Act).€€All€informationÏdesignated€Limited€Official€Use€(LOU)€is€included€within€SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ€information.ðð€Ð    (#(#  Ðà0     à(Reference:€TD€P€71„10,€Appendix€B,€page€52;€also€Chapter€VI,€Section€2.A.4.b).Ð    (#(#  ÐÌà0     àð ðSBU€AIS€and€networksñ ›%ññš%ñÔ!     n e t w o r k s     ! Ôñš%ññ›%ñ€shall€be€protected€to€at€least€the€minimum€level€of€controlled€accessÏprotection€(C2ñ ›%ññš%ñÔ     C 2     o Ôñš%ññ›%ñ)€as€defined€in€Section€4.B.1.ðð€€(Reference:€TD€P€71„10,€Chapter€VI.4.B).Ð    (#(#  ÐÌà0     àð ðExamples€of€SBUñ ›%ññš%ñÔ     S B U     r Ôñš%ññ›%ñ€information€include€financial,€law€enforcement,€and€counternarcoticsÏinformation.€€(Reference:€TD€P€71„10,€Chapter€VI,€Section€2.A.4.b).Ð    (#(#  ÐÌà0     àòòEditor€Notesóó:Ð    E<
 (#(#  Ðà0     àSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     1E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ)€is€a€category€of€òòunclassifiedóó€Government€controlled€information.€Ð   	 #   ÐSimilar€terms€may€appear€in€other€government€documents€as€ð ðunclassified€but€sensitiveðð€or€Ïð ðsensitive.ðð€€The€meaning€however,€remains€the€same.€€The€majority€of€the€information€inÏCustoms€AIS€is€categorized€as€SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ€and€may€include,€but€is€not€limited€to,€information,€theÏimproper€use€or€disclosure€of€which€could€adversely€affect€the€ability€of€Customs€to€accomplishÏits€mission;€information€that€is€investigative€in€nature;€grand€jury€information€subject€to€the€FederalÏRules€of€Criminal€Procedure,€Rule€6(e),€Grand€Jury€Secrecy€of€Proceedings€and€Disclosure;Ïproprietary€information;€records€about€individuals€requiring€protection€under€the€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t      ' Ôñš%ññ›%ñ;Ïinformation€not€releasable€under€the€Freedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n     8= Ôñš%ññ›%ñ€Act;€and€information€which€couldÏbe€manipulated€for€personal€profit€or€to€hide€the€unauthorized€use€of€money,€equipment,€orÏprivileges.€€DHD.Ð    (#(#  Ðà0     àSee€also:òò€Confidential,€C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ,€Limited€Official€Use,€TCSECñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñ.óóÐ    …| (#(#  ÐÌòòSiteóóñ ›%ññš%ñÔ     S i t e       Ôñš%ññ›%ñÐ   	 =4   Ðà0     àUsually€a€single€physical€location,€but€it€may€be€one€or€more€AISs€that€are€the€responsibility€of€theÏDSO.€€The€system€may€be€a€stand„alone€AIS,€a€remote€siteñ ›%ññš%ñÔ     s i t e       Ôñš%ññ›%ñ€linked€to€a€network,€or€workstationsÏinterconnected€via€a€local€area€network€(LAN).Ð    (#(#  ÐÌòòSkipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñÐ   	 v   Ðà0     àA€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     1% Ôñš%ññ›%ñ€NSA€designed€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€algorithm€contained€in€the€Clipper€Chip.€€It€is€substantiallyÏstronger€than€DES€and€Intended€to€provide€a€Federally€mandated€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     1% Ôñš%ññ›%ñ€process€which€wouldÏenable€law€enforcement€agencies€to€monitor€and€wiretap€private€communications.€[MISSI]Ð    (#(#  Ðà0     àSee€also:€òòCapstone,€DES,€Fortezza,€Clipper,€RSA,€Skipjackóóñ ›%ññš%ñÔ!     S k i p j a c k      ! Ôñš%ññ›%ñ.Ð    ç!Þ# (#(#  ÐÌòòÔ&  Ž ÔStandard€Security€ProceduresóóÐ   	 Ÿ#–%   Ðà0     àStep„by„step€security€instructions€tailored€to€users€and€operators€of€AISs€that€process€sensitiveÏinformation.Ô'  ŽŸ#Fí  ÔÐ    (#(#  ÐÌòòStandalone€SystemóóÐ   	 'þ")   Ðà0     àA€single„user€AIS€not€connected€to€any€other€systems.Ð    (#(#  ÐÌòòÔ&  ’ ÔSymmetric€Encryptionóóñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñÐ   	 •)Œ%,   Ðà0     àSee:€òòConventional€Encryptionóóñ ›%ññš%ñÔ%     E n c r y p t i o n     1% Ôñš%ññ›%ñ.Ð    o*f&- (#(#  ÐÔ'  ’•)³î  ÔÌòòSystemóóÐ   	 ',(/   Ðà0     àSee:€€òòAutomated€Information€System,€AISóóÐ    -ø(0 (#(#  Ð‡òòSystem€High€Security€Modeóóñ ›%ññš%ñÔC  9   S y s t e m   H i g h   S e c u r i t y   M o d e     8C ÔÔ+  !   S e c u r i t y   M o d e     8+ Ôñš%ññ›%ñÐ   	 	      Ðà0     àA€mode€of€operation€wherein€all€users€having€access€to€the€AIS€possess€a€security€authorization,Ïbut€not€necessarily€a€need„to„know€for€all€data€handled€by€the€AIS.€[5200.28.STD,€1985]€Ð    (#(#  Ðà0     àSee€also:€òòDedicated€Security€Modeóóñ ›%ññš%ñÔ?  5   D e d i c a t e d   S e c u r i t y   M o d e     ? ÔÔ+  !   S e c u r i t y   M o d e     8+ Ôñš%ññ›%ñ.Ð    —Ž (#(#  Ðà0     àÐ    (#(#  ÐòòSystem€IntegrityóóÐ   	 OF   Ðà0     àThe€attribute€of€a€system€relating€to€the€successful€and€correct€operation€of€computing€resources.€Ð    (#(#  Ðà0     àSee€also:€òòIntegrityóó.Ð    
ú (#(#  ÐÌòòSystem€of€RecordsóóÐ   	 »²	   Ðà0     àA€group€of€any€records€under€the€control€of€the€Department€from€which€information€is€retrievedÏby€the€name€of€an€individual,€or€by€some€other€identifying€number,€symbol,€or€other€identifyingÏparticular€assigned€to€an€individual.€€[TD€25„04]€€See€also:€òòPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     Ö' Ôñš%ññ›%ñ€of€1974óóÐ    I@
 (#(#  ÐÌÌà0     àà@    $$* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡}  ‘   µ© ÔTóóÔ# †  µ©  } ‘§õ # ÔÔ# †  &ù´ &  µ©ˆõ # ÔˆÐ   	 ÛÒ   ÐÌÌòòTCSECóóñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñÐ   	 _V   Ðà0     àòòTrusted€Computer€System€Evaluation€Criteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ€(TCSECñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñ).€€DoD€5200.28„STD,€National€InstituteÐ   	 90   Ðof€Standards€and€Technology€(NIST),€Gaithersburg,€MD.,€1985.€€Establishes€uniform€securityÏrequirements,€administrative€controls,€and€technical€measures€to€protect€sensitive€informationÏprocessed€by€DoD€computer€systems.€It€provides€a€standard€for€security€features€in€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l     1% Ôñš%ññ›%ñÏproducts€and€gives€a€metric€for€evaluating€the€degree€of€trust€that€can€be€placed€in€computerÏsystems€for€the€securing€of€sensitive€information.€See€also:€òòC2ñ ›%ññš%ñÔ     C 2     e Ôñš%ññ›%ñ,€Orange€Bookóóñ ›%ññš%ñÔ'     O r a n g e   B o o k     ' Ôñš%ññ›%ñ.Ð    {r (#(#  ÐÌòòTest€ConditionóóÐ   	 3*   Ðà0     àA€statement€defining€a€constraint€that€must€be€satisfied€by€the€program€under€test.Ð    (#(#  ÐÌòòTest€DataóóÐ   	 Á¸   Ðà0     àThe€set€of€specific€objects€and€variables€that€must€be€used€to€demonstrate€that€a€program€producesÏa€set€of€given€outcomes.€€See€also:€òòDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryóóñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ,€òòTest€programóó.Ð    u l (#(#  ÐÌòòTest€PlanóóÐ   	 -"$!   Ðà0     àA€document€or€a€section€of€a€document€which€describes€the€test€conditions,€data,€and€coverage€ofÏa€particular€test€or€group€of€tests.Ð    (#(#  Ðà0     àSee€also:€òòDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryóóñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ,òò€Test€Conditionóó,€òòTest€Dataóó,€òòTest€procedure€(Script)óó.Ð    »$² $ (#(#  ÐÌòòTest€procedure€(Script)óóÐ   	 s&j"&   Ðà0     àA€set€of€steps€necessary€to€carry€out€one€or€a€group€of€tests.€€These€include€steps€for€testÏenvironment€initialization,€test€execution,€and€result€analysis.€€The€test€procedures€are€carried€outÏby€test€operators.Ð    (#(#  ÐÌòòTest€programóóÐ   	 µ*¬&+   Ðà0     àA€program€which€implements€the€test€conditions€when€initialized€with€the€test€data€and€whichÏcollects€the€results€produced€by€the€program€being€tested.Ð    (#(#  Ðà0     àSee€also:€òòDisasterñ ›%ññš%ñÔ!     D i s a s t e r      ! Ôñš%ññ›%ñ€Recoveryóóñ ›%ññš%ñÔ!     R e c o v e r y      ! Ôñš%ññ›%ñ,òò€Test€Conditionóó,€òòTest€Dataóó,€òòTest€procedure€(Script)óó.Ð    C-:). (#(#  Ð‡òòÔ&  h ÔTEMPESTóóñ ›%ññš%ñÔ     T E M P E S T      Ôñš%ññ›%ñÐ   	 	      Ðà0     àThe€study€and€control€of€spurious€electronic€signals€emitted€from€AIS€equipment.€€All€TEMPESTñ ›%ññš%ñÔ     T E M P E S T      Ôñš%ññ›%ñÏissues€should€be€directed€to€the€Treasury€Office€of€Information€Systems€Security.Ð    (#(#  Ðà0     à[5200.28„STD;€TD€P€71„10;€CIS€HB€4300„09]Ô'  h	  ÔÐ    (#(#  ÐÌòòTop€SecretóóÐ   	 KB   Ðà0     àA€high€DoD€security€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n      - Ôñš%ññ›%ñ.€€See€also:€òòCA„TOP€SECRETððóóÐ    %	 (#(#  ÐÌòòÔ&  „ ÔThreatóóÐ   	 Ý
Ô   Ðà0     àAn€event,€process,€activity€(act),€substance,€or€quality€of€being€perpetuated€by€one€or€more€threatÏagents,€which,€when€realized,€has€an€adverse€effect€on€organization€assets,€resulting€in€lossesÏattributed€to:Ð    (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDirect€lossÐ    E<
 `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝRelated€direct€lossÐ     `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDelays€or€denialsÐ    ùð `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDisclosure€of€sensitive€informationÐ    ÓÊ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝModification€of€programs€or€data€basesÐ    ­¤ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝIntangible,€i.e.,€good€will,€reputation,€etc.Ô'  „Ý
©  ÔÐ    ‡~ `	(#`	(#  ÐÌòòThreat€agentóóÐ   	 ;2   Ðà0     àAny€person€or€thing€which€acts,€or€has€the€power€to€act,€to€cause,€carry,€transmit,€or€support€aÏthreat.€€See€also:€òòThreatóó.Ð    ïæ (#(#  ÐÌòòTrapdooróóÐ   	 §ž   Ðà0     àA€secret€undocumented€entry€point€into€a€computer€program,€used€to€grant€access€without€normalÏmethods€of€access€authentication.€€See€also:òò€Malicious€Codeóóñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e     - Ôñš%ññ›%ñ.Ð    [R (#(#  ÐÌòòTreasury€Enforcement€Communications€System€(TECS)óóÐ   	 
   Ðà0     àAn€automated€enforcement€and€inspection€support€system€built€to€aid€Customs€and€other€FederalÏagencies.Ð    (#(#  ÐÌòòTrojan€Horseóóñ ›%ññš%ñÔ)     T r o j a n   H o r s e     &) Ôñš%ññ›%ñÐ   	 {r   Ðà0     àA€computer€program€with€an€apparently€or€actually€useful€function€that€contains€additionalÏ(hidden)€functions€that€surreptitiously€exploit€the€legitimate€authorizations€of€the€invoking€processÏto€the€detriment€of€security.€€See€also:€òòMalicious€Codeóóñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e      - Ôñš%ññ›%ñ.Ð    	! " (#(#  ÐÌòòTrusted€Computer€Baseñ ›%ññš%ñÔ;  1   T r u s t e d   C o m p u t e r   B a s e     Ö; Ôñš%ññ›%ñ€(TCBñ ›%ññš%ñÔ     T C B      Ôñš%ññ›%ñ)óóÐ   	 Á"¸$   Ðà0     àThe€totality€of€protection€mechanisms€within€a€computer€system,€including€hardware,€firmware,Ïand€software,€the€combination€of€which€is€responsible€for€enforcing€a€security€policy.€€A€TCBñ ›%ññš%ñÔ     T C B      Ôñš%ññ›%ñÏconsists€of€one€or€more€components€that€together€enforce€a€security€policy€over€a€product€orÏsystem.€€See€also:€òòC2ñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ,€TCSECñ ›%ññš%ñÔ     T C S E C     Ö Ôñš%ññ›%ñ,€Orange€Bookóóñ ›%ññš%ñÔ'     O r a n g e   B o o k     ' Ôñš%ññ›%ñ.Ð    )& "( (#(#  ÐÌòòÔ&  h ÔTrusted€Computing€SystemóóÐ   	 á'Ø#*   Ðà0     àA€computer€and€operating€system€that€employs€sufficient€hardware€and€software€integrity€measuresÏto€allow€its€use€for€simultaneously€processing€a€range€of€sensitive€information€and€can€be€verifiedÏto€implement€a€given€security€policy.Ô'  há'G  ÔÐ    (#(#  Ðâ
    
 âÐ   	 I+@'.   ÐòòÔ&  F Ôâ
    
 âTrusted€ProductóóÐ   	 	      Ðà0     àA€product€that€has€been€evaluated€by€the€National€Computer€Security€Center€(NCSC)€andÏapproved€by€the€National€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y     NA Ôñš%ññ›%ñ€(NSA)€for€inclusion€in€the€Evaluated€Products€Listñ ›%ññš%ñÔ?  5   E v a l u a t e d   P r o d u c t s   L i s t      ? Ôñš%ññ›%ñÏ(EPLñ ›%ññš%ñÔ     E P L     a Ôñš%ññ›%ñ).€€See€also:€òòEvaluated€Products€Listñ ›%ññš%ñÔ?  5   E v a l u a t e d   P r o d u c t s   L i s t      ? Ôñš%ññ›%ñ€(EPLñ ›%ññš%ñÔ     E P L      Ôñš%ññ›%ñ)óóÐ    —Ž (#(#  ÐÔ'  F	Å  ÔÌÌÔ&   	 Ôà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡~  ‘   µ© ÔUóóÔ# †  µ©  ~ ‘Î # ÔÔ# †  &ù´ &  µ©¯ # ÔˆÐ   	 )	    ÐÌÌòòUPS€(Uninterruptible€Power€Supply)óóÐ   	 ­¤		   Ðà0     àA€system€of€electrical€components€to€provide€a€buffer€between€utility€power,€or€other€powerÏsource,€and€a€load€that€requires€uninterrupted,€precise€power.€€This€often€includes€a€trickle„chargeÏbattery€system€which€permits€a€continued€supply€of€electrical€power€during€brief€interruptionÏ(blackouts,€brownouts,€surges,€electrical€noise,€etc.)€of€normal€power€sources.Ð    (#(#  ÐÔ'   	)	z  ÔÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡  ‘   µ© ÔVÔ# †  µ©   ‘z # ÔÔ# †  &ù´ &  µ©[ # ÔóóˆÐ   	 £š   ÐÌÌòòVaccineóóÐ   	 '   Ðà0     àAny€software€designed€to€prevent€the€introduction€of€a€computer€virusñ ›%ññš%ñÔ     v i r u s     Ö Ôñš%ññ›%ñ€to€a€system.Ð    (#(#  Ðà0     àSee€also:€òòBacteriaóóñ ›%ññš%ñÔ!     B a c t e r i a      ! Ôñš%ññ›%ñ,€òòMalicious€Codeóóñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e     - Ôñš%ññ›%ñ.Ð    ÛÒ (#(#  ÐÌòòVerificationóóÐ   	 “Š   Ðà0     àThe€process€of€comparing€two€levels€of€system€specifications€for€proper€correspondence.Ð    (#(#  ÐÌòòVital€Recordsóóñ ›%ññš%ñÔ+  !   V i t a l   R e c o r d s     Ö+ Ôñš%ññ›%ñÐ   	 !   Ðà0     àRecords€designated€by€Category€I€agencies€and€departments€as€necessary€to€accomplish€assignedÏessential€functions€during€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y      # Ôñš%ññ›%ñ€situations.€€These€records,€identified€as€vital€recordsñ ›%ññš%ñÔ+  !   v i t a l   r e c o r d s     S+ Ôñš%ññ›%ñ,€areÏgrouped€into€two€distinct€categories:€1)€emergencyñ ›%ññš%ñÔ#     e m e r g e n c y     d# Ôñš%ññ›%ñ€operating€records;€and€2)€rights€and€interestsÏrecords.€€(Reference:€TD€P€71„10,€V.1.III.1,€1992).Ð    (#(#  Ðà0     àSee€also:€òòEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y     d# Ôñš%ññ›%ñ€Operating€Records,€Rights€and€Interest€Records,€Category€Ióó.€Ð    c"Z (#(#  ÐÌòòVirusóóñ ›%ññš%ñÔ     V i r u s     Ö Ôñš%ññ›%ñÐ   	 $ !   Ðà0     àCode€imbedded€within€a€program€that€causes€a€copy€of€itself€to€be€inserted€in€one€or€more€otherÏprograms.€€In€addition€to€propagation€the€virusñ ›%ññš%ñÔ     v i r u s     Ö Ôñš%ññ›%ñ€usually€performs€some€unwanted€function.€€NoteÏthat€a€program€need€not€perform€malicious€actions€to€be€a€virusñ ›%ññš%ñÔ     v i r u s     Ö Ôñš%ññ›%ñ;€it€need€only€infect€otherÏprograms.€€See€also:€òòBacteriaóóñ ›%ññš%ñÔ!     B a c t e r i a      ! Ôñš%ññ›%ñ,€òòMalicious€Codeóóñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e     - Ôñš%ññ›%ñ.Ð    ƒ'z#% (#(#  ÐÌòòÔ&  h ÔVulnerabilityóóÐ   	 ;)2%'   Ðà0     àA€weakness,€or€finding€that€is€non„compliant,€non„adherence€to€a€requirement,€a€specification€orÏa€standard,€or€unprotected€area€of€an€otherwise€secure€system,€which€leaves€the€system€open€toÏâ
    
 âpotential€attack€or€other€problem.Ô'  h;)  ÔÐ    É+À'* (#(#  Ðà0     àà@    ÀÀ* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡€  ‘   µ© ÔWóóÔ# †  µ©  € ‘Â  # ÔÔ# †  &ù´ &  µ©£  # ÔˆÐ   	 	      Ðâ
    
 âÌÌòòWAN€(WideAreaNetwork)óóÐ   	 „   Ðà0     àA€network€of€LANs€which€provides€communication€services€over€a€geographic€area€larger€thanÏserved€by€a€LAN.Ð    (#(#  ÐÌòòWWWóóÐ   	 õì   Ðà0     àSee:€òòWorld€Wide€Webóóñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b      - Ôñš%ññ›%ñÐ    ÏÆ (#(#  ÐÌòòWorld€Wide€Webóóñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b      - Ôñš%ññ›%ñÐ   	 ‡~

   Ðà0     àAn€association€of€independent€information€data€bases€accessible€via€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñ.€€Often€called€theÏWEB,€WWW,€or€Wðð.Ð    (#(#  ÐÌòòWormóóñ ›%ññš%ñÔ     W o r m     e Ôñš%ññ›%ñÐ   	 ïæ   Ðà0     àA€computer€program€that€can€replicate€itself€and€send€copies€from€computer€to€computer€acrossÏnetwork€connections.€€Upon€arrival,€the€wormñ ›%ññš%ñÔ     w o r m     e Ôñš%ññ›%ñ€may€be€activated€to€replicate€and€propagate€again.€ÏIn€addition€to€propagation,€the€wormñ ›%ññš%ñÔ     w o r m     e Ôñš%ññ›%ñ€usually€performs€some€unwanted€function.Ð    (#(#  Ðà0     àSee€also:òò€Malicious€Codeóóñ ›%ññš%ñÔ-  #   M a l i c i o u s   C o d e      - Ôñš%ññ›%ñ.Ð    WN (#(#  ÐÌòòWriteóóÐ   	    Ðà0     àA€fundamental€operation€that€results€only€in€the€flow€of€information€from€a€subject€to€an€object.Ð    (#(#  ÐÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡  ‘   µ© ÔXóóÔ# †  µ©   ‘\' # ÔÔ# †  &ù´ &  µ©=' # ÔˆÐ   	 wn   ÐÌÌà@    nn" ì àNONE€AT€THIS€TIMEˆÌÌà0     àà@    * ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡‚  ‘   µ© ÔYóóÔ# †  µ©  ‚ ‘K( # ÔÔ# †  &ù´ &  µ©,( # ÔˆÐ   	 ¯ ¦   ÐÌà@    nn" ì àNONE€AT€THIS€TIMEˆÌÌÌà0     àà@    $$* ì(#(# àòòÔ ‡  µ©  & &ù´ ÔÔ ‡ƒ  ‘   µ© ÔZóóÔ# †  µ©  ƒ ‘:) # ÔÔ# †  &ù´ &  µ©) # ÔˆÐ   	 ç&Þ""   ÐÌà@    nn" ì àNONE€AT€THIS€TIMEˆÐ	   	 ‘*ˆ&$   ÐÑ      ÑØ       ØØ       Øñ›%ñÖ  €Ï  h é   Öñ›%ññ ›%ñÖ  € h é   Öñ›%ññ›%ñÖ €Ó  m é   Öñ›%ññ ›%ñÖ €
 m é   Öñ›%ñÑ €®   ¯  ÑÓ   ÓÔ ‡  °üª ° & &ù´ ÔÔ ‡  °„½ ° ° °üª ÔÔ
      ÔBIBLIOGRAPHYÔ     ÷*  ÔÔ# †  °üª ° ° °„½Ø* # ÔÔ# †  &ù´ & ° °üª¹* # ÔÐ   	 X      ÐÓ  ­*  ÓßA €& - )                 °° x         d  E°7¨ xA ßÐ   	 8à   ÐÌThe€following€laws,€regulations,€standards,€policies,€directives,€guidelines,€and€references€are€the€basisÏfor€the€U.S.€Customs€Service€AIS€Security€Policy€Manual,€HB€1400„05.ÌÌNote:€The€following€list€is€sorted€alphabetically€by€òòReference€IDóó.Ð   	 Gï   ÐÌòòReference€IDà0    `	 àóóà0    ¸`	(#`	(# àòòDocument€TitleóóÐ    û	£ ¸(#¸(#  ÐÌ[CHES94]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àWilliam€R.€Cheswick€and€Steven€M.€Bellovin.€€òòFirewallsñ ›%ññš%ñÔ#     F i r e w a l l s     )# Ôñš%ññ›%ñ€and€Internetñ ›%ññš%ñÔ!     I n t e r n e t      ! ÔÔ!     I n t e r n e t      ! Ôñš%ññ›%ñ€Securityóó.€Ð   	 ¯W	
   ÐAddison„Wesley,€Reading,€MA,€1994.Ð    (#(#  ÐÌ[COHEN]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòInformation€Technology€Management€Reform€Act€of€1996óó.€€Wash.,€DC.€AlsoÐ   	 =å   Ðknown€as€the€ð ðCohen€Bill.ððÐ    (#(#  ÐÌ[EO€12958]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àOffice€of€the€President,€òòClassifiedñ ›%ññš%ñÔ%     C l a s s i f i e d     1% Ôñš%ññ›%ñ€National€Security€Informationóó.€€EO12958,Ð   	 Ës   ÐWash.,€DC,€April€17,€1995,€(Revoked€EO€12356,€04/06/82).Ð    (#(#  ÐÌ[FIPS€P€39]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòGlossary€for€Computer€Security€Termsóó.€€U.S.€Department€of€Commerce,€NationalÐ   	 Y   ÐTechnical€Information€Service€(NTIS),€FIPS€PUB€39,€Springfield,€VA.,Ï02/15/76.Ð    (#(#  ÐÌ[GAO94285]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòInformation€Superhighway:€Issues€Affecting€Developmentóó.€€GAO€Report.Ð   	 Ái   ÐGAO/RCED„94„285.Ð    (#(#  ÐÌ[GAO9523]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòInformation€Superhighway:€An€Overview€of€Technology€Challengesóó.€€GAOÐ   	 O÷   ÐReport.€GAO/AIMD„95„23Ð    (#(#  ÐÌ[MISSI]à0    `	 àà0    ¸`	(#`	(# àòòMISSIñ ›%ññš%ñÔ     M I S S I     i Ôñš%ññ›%ñ€Phase€1óó.€€NSA,€Ft.€George€G.€Meade,€MD.,€1994.Ð    Ý… ¸(#¸(#  ÐÌ[NCSC„TG„003]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòA€Guide€to€Understanding€Discretionary€Access€Controlñ ›%ññš%ñÔI  ?   D i s c r e t i o n a r y   A c c e s s   C o n t r o l      I Ôñš%ññ›%ñ€in€Trusted€Systemsóó.€Ð   	 ‘9   ÐNCSC,€NCSC„TG„003,€Ver.€1,€NSA,€Ft.€George€G.€Meade,€MD.,ÏSeptember€1987.Ð    (#(#  ÐÌ[NCSC-TG-005]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòTrusted€Network€Interpretationóó.€€NCSC,€NCSC-TG-005,€Ver.€1,€NSA,€Ft.Ð   	 ù ¡#   ÐGeorge€G.€Meade,€MD.,€July€1987.€€aka.€Red€Bookñ ›%ññš%ñÔ!     R e d   B o o k     a! Ôñš%ññ›%ñ.Ð    (#(#  ÐÌ[NCSC„TG„006]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòA€Guide€to€Understanding€Configuration€Managementñ ›%ññš%ñÔA  7   C o n f i g u r a t i o n   M a n a g e m e n t     oA Ôñš%ññ›%ñ€in€Trusted€Systemsóó.€Ð   	 ‡#/!&   ÐNCSC,€NCSC„TG„006,€Ver.€1,€NSA,€Ft.€George€G.€Meade,€MD.,ÏMarch€1988.Ð    (#(#  ÐÌ[NCSC„TG„025]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòData€Remanenceñ ›%ññš%ñÔ#     R e m a n e n c e     o# Ôñš%ññ›%ñ€in€Automated€Information€Systemsóó.€€NCSC,€NCSC„TG„025,Ð   	 ï&—$*   ÐVer.€2,€NSA,€Ft.€George€G.€Meade,€MD.,€September€1991.Ð    (#(#  ÐÌ[NCSC„TG„027]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòA€Guide€to€Understanding€Information€Systems€Security€Officer€ResponsibilitiesÐ   	 })%'-   Ðfor€AISóó.€€NCSC,€NCSC„TG„027,€Ver.€1,€NSA,€Ft.€George€G.€Meade,Ð   	 W*ÿ'.   ÐMD.,€May€1992.Ð    (#(#  Ðâ
    
 âÐ    ,³)0 É  ÐÔ&  Ž Ôâ
    
 â[NCSC-TG-029]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòIntroduction€to€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     8+ Ôñš%ññ›%ñ€and€Accreditationóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     8+ Ôñš%ññ›%ñ.€€NCSC,€NCSC-TG-029,€Ver.€1,Ð   	 	      ÐNSA,€Ft.€George€G.€Meade,€MD.,€January€1994.Ð    (#(#  ÐÔ'  Ž	q:  ÔÌ[NCSC€TR€79„91]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòIntegrity€in€Automated€Information€Systemsóó.€€NCSC,€NCSC€C€TR€79„91,€NSA,Ð   	 —Ž   ÐFt.€George€G.€Meade,€MD.,€September€1991.Ð    (#(#  ÐÌ[NTISSP€200]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòNational€Policy€on€Controlled€Access€Protectionóó.€€The€White€House.€€NationalÐ   	 %	   ÐTelecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s      5 Ôñš%ññ›%ñ€and€Information€Systems€Security€Committee.Ï07/15/87.Ð    (#(#  ÐÌ[NIST€500„172]à0    ¸ àà0    ¸(#¸(# àà     ¸ àTodd,€Mary€Anne,€and€Constance€Guitan,€òòComputer€Security€Trainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñÐ   	 „
   ÐGuidelinesóó.€€NIST,€SP€500„172,€Gaithersburg,€MD.,€11/89.Ð    g^	 (#(#  ÐÌ[OMB€A„123]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòManagement€Accountability€and€Controlóó.€Cir.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3      Ôñš%ññ›%ñ,€Revised,€Wash.,€DC,€JuneÐ   	    Ð21,1995.Ð    (#(#  ÐÌ[OMB€A„130]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòManagement€of€Federal€Information€Resourcesóó.€€OMB€Cir.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0      Ôñš%ññ›%ñ,€Wash.,€DC,Ð   	 ©    Ð1985,€1993,€1994,€1996.Ð    (#(#  ÐÌ[OMB€A„130ñ ›%ññš%ñÔ     A „ 1 3 0       Ôñš%ññ›%ñ,AIII]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòSecurity€of€Federal€Automated€Information€Resourcesóó.€€OMB€Cir.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0       Ôñš%ññ›%ñ,Ð   	 7.   ÐAppendix€III.,€Wash.,€DC,€02/08/96.Ð    (#(#  ÐÌ[OTA„TCT„606]à0    ¸ àòòà0    ¸(#¸(# àà     ¸ àInformation€Security€and€Privacy€in€Network€Environmentsóó.€€U.S.€Congress.€Ð   	 Å¼   ÐOffice€of€Technical€Assistance.€€OTA„TCT„606.€€Wash.,€DC:€GPO,ÏSeptember€1994.Ð    (#(#  ÐÌ[PL€100„235]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòComputer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     Ö; Ôñš%ññ›%ñ€of€1987óó.€€40€USC€759,€101€STAT€1724.€€PL€100„235,Ð   	 -$   ÐWash.,€DC,€€01/08/88.à0    p(#(# àÐ    þ p(#p(#  ÐÌ[TD€ETHICS]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.€Treasury€Department.€€òòStandards€of€Ethical€Conduct€for€Employees€of€theÐ   	 »²   ÐExecutive€Branchóó.€€Wash.,€DC,€02/03/93.Ð    •Œ (#(#  ÐÌ[TD€INTERNET]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Treasury€Department.€Treasury€Directive.€€òòMANAGING€THE€INTERNETñ ›%ññš%ñÔ!     I N T E R N E T     e! ÔÔ!     I N T E R N E T     e! Ôñš%ññ›%ñÐ   	 I@    ÐACCESS:€Operating€Policy€for€Bureau€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     t5 Ôñš%ññ›%ñ€ManagersÏand€Information€Resources€Management€Officials€within€the€DepartmentÏof€the€Treasuryóó.€4/28/95.Ð    ×!Î# (#(#  ÐÌ[TD€P€25„04]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.€Treasury€Department.€€òòPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     t' Ôñš%ññ›%ñ€Handbookóó.€€TD€P€25„04,€Wash.,€DC,Ð   	 ‹#‚%   Ð04/91.Ð    (#(#  ÐÌ[TD€P€25„05]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.€Treasury€Department.€€òòFreedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n     = Ôñš%ññ›%ñ€Act€Handbookóó.€€TD€P€25„Ð   	 &"(   Ð05,€Wash.,€DC,€06/93.Ð    (#(#  ÐÌ[TD€84„01]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.Treasury€Department.€€òòInformation€Systems€Development€Life€Cycleñ ›%ññš%ñÔM  C   S y s t e m s   D e v e l o p m e n t   L i f e   C y c l e      M Ôñš%ññ›%ñÐ   	 §(ž$+   ÐManualóó.€€TD€84„01,€Wash.,€DC,€07/94.Ð    )x%, (#(#  ÐÌ[TD€87„01]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.Treasury€Department.€€òòInformation€Systems€Standards€Programóó.€€TD€87„01,Ð   	 5+,'.   ÐWash.,€DC,€08/23/89.Ð    (#(#  ÐÌ[TD€P€71„10]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.€Treasury€Department.€€òòSecurity€Manualóó.€€TD€P€71„10,€Wash.,€DC,€12/93.Ð    Ã-º)1 (#(#  Ð‡Ô&  ´ Ô[TD€85-03]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.€Treasury€Department.€€òòRisk€Assessmentñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t     Ö/ Ôñš%ññ›%ñ€Guidelinesóó,€Volumes€I€&€II.€€TDÐ   	 	      Ð85-03,€Wash.,€DC,€June€1990.Ô'  ´	ñL  ÔÐ    (#(#  ÐÌ[USCS€PPP]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòPeople,€Processes€and€Partnerships:€A€Report€on€theÐ   	 —Ž   ÐCustoms€Service€for€the€21st€Centuryóó,€Wash.,€DC,€September1994.Ð    qh (#(#  ÐÌ[USCS€96PLAN]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€òòAnnual€Plan€Fiscal€Year€1996.óó.€Wash.,€DC,€10/95.Ð    %	 (#(#  ÐÌ[USCS€IRMPLAN]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€òòStrategic€IRMñ ›%ññš%ñÔ     I R M     e Ôñš%ññ›%ñ€Planñ ›%ññš%ñÔ5  +   S t r a t e g i c   I R M   P l a n      5 Ôñš%ññ›%ñ€for€Fiscal€Years€1998„2002.óó€Wash.,Ð   	 Ù
Ð   ÐDC,€04/96.Ð    (#(#  ÐÌÔ&  Ž Ô[USCS€1400-03]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòSafeguarding€Classifiedñ ›%ññš%ñÔ%     C l a s s i f i e d     M% Ôñš%ññ›%ñ€Information€Handbookóó.€€USCSÐ   	 g^	   ÐHB€1400-03,€Wash.,€DC,€02/91.Ð    (#(#  ÐÔ'  Žg Q  ÔÌ[USCS€1460-010]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòAccess€Requirements€for€Customs€Automated€InformationÐ   	 õì   ÐSystemsóó.€€USCS€Directive€1460-010,€Wash.,€DC,€09/11/92.Ð    ÏÆ (#(#  Ð€Ì[USCS€4300„09]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòCommunications€Security€(COMSECñ ›%ññš%ñÔ     C O M S E C     e Ôñš%ññ›%ñ)€Handbookóó.€€USCSÐ   	 ƒz   ÐHB€4300„09,€Wash.,€DC,€12/92.€(Supersedes/rescinds€USCS€DirectivesÏ4350„01,€4350-02,€and€4350„03,€also€Handbook€dated€1/90).Ð    (#(#  ÐÌ[USCS€51000„05]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòConduct€and€Employee€Responsibilitiesóó.€€USCS€ManualÐ   	 ëâ   ÐTransmittal€51000„05,€Wash.,DC,€12/29/77.Ð    (#(#  ÐÌ[USCS€5500„04]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòSystems€Development€Life€Cycleñ ›%ññš%ñÔM  C   S y s t e m s   D e v e l o p m e n t   L i f e   C y c l e      M Ôñš%ññ›%ñ€Handbookóó.€€Office€ofÐ   	 yp   ÐInformation€Management,€Springfield,€VA.,€1995.Ð    (#(#  ÐÌ[USCS€5500„05]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòAutomated€Information€Systems€Services€Handbookóó.€Ð   	 þ   ÐOffice€of€Information€and€Technology,€Springfield,€VA.,€œñœ%ñ11/ñœ%ññ %ñNovember,›€19ñ%ñ95.›Ð    (#(#  ÐÌ[USCS€5500„07]à0    ¸ àà0    ¸(#¸(# àà     ¸ àU.S.€Customs€Service.€€òòIllegal€Use€of€ADP€and€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     L5 Ôñš%ññ›%ñ€Systemsóó.€Ð   	 •Œ   ÐUSCS€Directive€5500„07,€Wash.,€DC,€02/22/89.Ð    (#(#  ÐÌ[5€USC€552]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòFreedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n      = Ôñš%ññ›%ñ€and€Reform€Actóó€(FOIAñ ›%ññš%ñÔ     F O I A     m Ôñš%ññ›%ñ).€€5€USC€552.€€Wash.,€DC,€Ð   	 # !   ÐAugust€13,€1987.Ð    (#(#  ÐÌ[5€USC€552a„74]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     f' Ôñš%ññ›%ñ€of€1974óó.€€5€USC€552a,€Wash.,€DC,€12/31/74.Ð    ±"¨$ (#(#  ÐÌ[5€USC€552a„87]à0    ¸ àà0    ¸(#¸(# àà     ¸ àòòPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     f' Ôñš%ññ›%ñ€of€1974,€As€Amendedóó.€€5€USC€552a,€PL€93„579,€€Wash.,€DC,Ð   	 e$\ &   Ð07/14/87Ð    (#(#  ÐÌ[18€USC€1030]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àòòComputer€Fraud€and€Abuse€Act€of€1986óó.€€18€USC€1030,€€PL€99„474,€Wash.,€DC,Ð   	 ó&ê")   Ð10/16/86.Ð    (#(#  ÐÌ[5200.28„STD]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àDepartment€of€Defense.€€òòTrusted€Computer€System€Evaluation€Criteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ€(TCSECñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñ).€Ð   	 )x%,   ÐDoD€5200.28„STD,€NIST,€Gaithersburg,€MD.,€aka.€Orange€Bookñ ›%ññš%ñÔ'     O r a n g e   B o o k     t' Ôñš%ññ›%ñ,€1985.Ð    (#(#  ÐÌ[WACK]à0    `	 àà0    ¸`	(#`	(# àà0    ¸(#¸(# àà     ¸ àWack,€John€P.€and€Lisa€J.€Carnahan.€€òòKeeping€Your€Siteñ ›%ññš%ñÔ     S i t e       Ôñš%ññ›%ñ€Comfortably€Secure:€AnÐ   	 ,(/   ÐIntroduction€to€Internetñ ›%ññš%ñÔ!     I n t e r n e t     k! ÔÔ!     I n t e r n e t     k! Ôñš%ññ›%ñ€Firewallsóóñ ›%ññš%ñÔ#     F i r e w a l l s      # Ôñš%ññ›%ñ.€€NIST,€SP€800„10,€Gaithersburg,€MD,Ð   	 é,à(0   ÐDecember€œ1994.ñž%ñÐ	    Ã-º)1 (#(#  Ðñž%ñ›œñž%ñÌñž%ñ›œñž%ññž%ññ  %ññŸ%ñÔ ‡  &ù´ & & &ù´ ÔñŸ%ññ %ññŸ%ñÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ªª ì à(This€Page€Intentionally€Left€Blank)ˆÌñŸ%ññ  %ññŸ%ñÔ# †  &ù´ & & &ù´a # ÔñŸ%ññž%ñÌñž%ññ %ñ›Ð	   	 -$   ÐÔ ‡  °üª ° & &ù´ ÔÔ ‡"  °„½ ° ° °üª ÔÓ   ÓÔ
     ÔòòSelected€ReadingsóóÔ# †  °üª ° °" °„½
b # ÔÔ# †  &ù´ & ° °üªëa # ÔÔ    5b  ÔÐ   	 	      ÐßA €& - )                 °° x         d dE°è¨ xA ßÐ   	 éà   ÐÓ  )b  ÓÌEditor€Note:€The€following€list€is€sorted€alphabetically€by€author,€title,€or€department.€€Reference:€GPOÏManual€of€Style.€March€1984.€DHD.ÌÌà0     àà     ° àòòA€Guide€to€Understanding€Identification€and€Authentication€in€Trusted€Systemsóó.€€NCSC,€NCSC„TG„017,Ð   	 ø	ï   ÐVer.€1,€NSA,€Ft.€George€G.€Meade,€MD.,€September€1992.Ð    (#(#  ÐÌà0     àà     ° àòòA€Guide€to€Understanding€Object€Reuseñ ›%ññš%ñÔ)     O b j e c t   R e u s e      ) ÔÔ     R e u s e     R Ôñš%ññ›%ñ€in€Trusted€Systemsóó.€€NCSC,€NCSC„TG„018,€Ver.€1,€NSA,€Ft.Ð   	 †}	   ÐGeorge€G.€Meade,€MD.,€July€1992.Ð    (#(#  ÐÌà0     àà     ° àòòA€Guide€to€Understanding€Security€Testingñ ›%ññš%ñÔ     T e s t i n g     u Ôñš%ññ›%ñ€and€Test€Documentation€in€Trusted€Systemsóó.€€NCSC,Ð   	    ÐNCSC-TG-023,€Ver.€1,€NSA,€Ft.€George€G.€Meade,€MD.,€July€1993.Ð    (#(#  ÐÌà0     àà     ° àòòA€Guide€to€Understanding€Trusted€Distributionñ ›%ññš%ñÔ)     D i s t r i b u t i o n      ) Ôñš%ññ›%ñ€in€Trusted€Systemsóó.€€NCSC,€NCSC„TG„008,€Ver.1,€NSA,Ð   	 ¢™   ÐFt.€George€G.€Meade,€MD.,€December€1988.Ð    (#(#  ÐÌà0     àà     ° àòòA€Guide€to€Understanding€Trusted€Recoveryñ ›%ññš%ñÔ!     R e c o v e r y     o! Ôñš%ññ›%ñ€in€Trusted€Systemsóó.€€NCSC,€NCSC„TG„022,€Ver.€1,€NSA,Ð   	 0'   ÐFt.€George€G.€Meade,€MD.,€December€1991.Ð    (#(#  ÐÌà0     àà     ° àòòA€Guide€to€Writing€the€Security€Features€User's€Guide€for€Trusted€Systemsóó.€€NCSC,€NCSC„TG„026,€Ver.Ð   	 ¾µ   Ð1,€NSA,€Ft.€George€G.€Meade,€MD.,€September€1991.Ð    (#(#  ÐÌà0     àà     ° àòòAn€Introduction€to€Computer€Security:€The€NIST€Handbookóóñ ›%ññš%ñÔ+  !   N I S T   H a n d b o o k      + Ôñš%ññ›%ñ.€€NIST€SP€800„12,€Gaithersburg,€MD.,Ð   	 LC   ÐMarch€€1995.€Ð    (#(#  ÐÌà0     àà     ° àòòAssessing€Controlled€Access€Protectionóó.€€NCSC,€NCSC„TG„028,€Ver.€1,€NSA,€Ft.€George€G.€Meade,Ð   	 ÚÑ   ÐMD.,€May€1992.Ð    (#(#  ÐÌà0     àà     ° àòòBomb€Threats€and€Physical€Securityñ ›%ññš%ñÔ3  )   P h y s i c a l   S e c u r i t y     ë3 Ôñš%ññ›%ñ€Planningóó.€€U.S.€Treasury€Department,€Bureau€of€Alcohol,€Tobacco,Ð   	 h_   Ðand€Firearms,€ATF€Publication€7550.2,€Wash.,€DC,€07/87.Ð    (#(#  ÐÌà0     àà     ° àòòComputer€Matching€and€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     r' Ôñš%ññ›%ñ€of€1974óó.€€PL€100„503,€Wash.,€DC,€1974.Ð    ö í! (#(#  ÐÌà0     àà     ° àòòComputer€Matching€and€Privacy€Protection€Act€of€1988óó.€€PL€100„503,€Wash.,€DC.,€12/1988.Ð    ª"¡# (#(#  ÐÌà0     àà     ° àòòComputer€Matching€and€Privacy€Protection€Amendments€of€1990óó.€€PL€101„508,€Wash.,€DC,€11/05/90.Ð    ^$U % (#(#  ÐÌà0     àà     ° àòòComputer€Viruses:€Prevention,€Detection,€and€Treatmentóó.€€NCSC,€C1€TR€„001,€NSA,€Ft.€George€G.Ð   	 &	"'   ÐMeade,€MD.,€March€1990.Ð    (#(#  ÐÌà0     àà     ° àòòCounterfeit€Access€Device€and€Computer€Fraud€and€Abuse€Act€of€1984óó.€€PL€98„473,€Chapter€XXI€„Ð   	  (—$*   ÐAccess€Devices€and€Computers,€18€USC€2101€and€2102a,€Chapter€47,€Wash.,€DC€10/12/84.Ð    (#(#  ÐÌà0     àà     ° àDepartment€of€Defense.€€òòPasswordñ ›%ññš%ñÔ!     P a s s w o r d     t! Ôñš%ññ›%ñ€Management€Guidelinesóó.€€CSC-STD-002-85,€NSA,€Ft.€George€G.Ð   	 .+%'-   ÐMeade,€MD.,€04/12/85.Ð    (#(#  Ðâ
    
 âÐ   	 â,Ù(/   ÐÔ&  ´ Ôâ
    
 âà0     àà     ° àDepartment€of€Defense.€€òòSecurity€Requirements€for€Automated€Information€Systems€(AISs)óó.€€DoDÐ   	 	      ÐDirective€5200.28,€DOD,€Wash.,€DC,€March€1988.Ô'  ´	Žp  ÔÐ    (#(#  ÐÌÔ&  B Ôà0     àà     ° àDepartment€of€Defense.€€òòTechnical€Rational€Behind€CSC„STD„003„85:€COMPUTER€SECURITYÐ   	 —Ž   ÐREQUIREMENTS€„„€Guidance€for€Applying€the€DoD€Trusted€Computer€System€EvaluationÏCriteriañ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ€in€Specific€Environmentsóó.€€CSC-STD„003„85,€NSA,€Ft.€George€G.€Meade,€MD.,€JuneÐ   	 KB   Ð1985.Ð    (#(#  ÐÔ'  B—Œq  ÔÌòòà0     àà     ° àDisclosure€of€Confidential€Information€Generally.€Trade€Secrets€Actóó.€€18€USC€1905,€PL€102-660,€Wash.,Ð   	 Ù
Ð   ÐDC,€Amended€10/28/92.Ð    (#(#  ÐÌà0     àà     ° àòòElectronic€Communications€Privacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     t' Ôñš%ññ›%ñ€of€1986óó.€€18€USC€2510€et€seq.,€PL€99„508,€Wash.,€DC,Ð   	 g^	   Ð10/21/86.Ð    (#(#  ÐÌòòà0     àà     ° àEscrowed€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n      % Ôñš%ññ›%ñ€Standardóó.€€U.S.€Department€of€Commerce,€National€Technical€Information€ServiceÐ   	 õì   Ð(NTIS),€€FIPS€PUB€185,€Springfield,€VA.Ð    (#(#  ÐÌà0     àà     ° àEverhart,€Kathie,€ed.,€òòComputer€Security€Trainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€&€Awarenessñ ›%ññš%ñÔ#     A w a r e n e s s      # Ôñš%ññ›%ñ€Course€Compendiumóó.€€NIST,€NISTIRÐ   	 ƒz   Ð5495,€Gaithersburg,€MD.,€September€1994.€Ð    (#(#  ÐÌà0     àà     ° àòòExecutive€Guide€to€ADP€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     t' Ôñš%ññ›%ñ€Planningóó.€€NIST,€SP€500„85,€Gaithersburg,€MD.,€1985.Ð     (#(#  ÐÌòòà0     àà     ° àFBI€ADPT€Security€Policyóó.€€Department€of€Justiceñ ›%ññš%ñÔ;  1   D e p a r t m e n t   o f   J u s t i c e      ; Ôñš%ññ›%ñ,€Federal€Bureau€of€Investigationñ ›%ññš%ñÔO  E   F e d e r a l   B u r e a u   o f   I n v e s t i g a t i o n     nO Ôñš%ññ›%ñ,€Information€SystemsÐ   	 Å¼   ÐSecurity€Unit,€National€Security€Division,€Wash.,€DC,€April€29,€1994.Ð    (#(#  ÐÌà0     àà     ° àòòFederal€Computer€Systems€Security€Trainingóóñ ›%ññš%ñÔ!     T r a i n i n g     r! Ôñš%ññ›%ñ.€€HR€145-6,€Section€5,€House€of€Representatives,€Wash.,Ð   	 SJ   ÐDCÐ    (#(#  ÐÌòòà0     àà     ° àFederal€Information€Resources€Management€Regulation€(FIRMR)óó.€€40€CFR€201€et€seq.,€Wash.,€DC.Ð    áØ (#(#  ÐÌà0     àà     ° àòòFederal€Managers€Financial€Integrity€Act€of€1982óó.€€(FMFIAñ ›%ññš%ñÔ     F M F I A       Ôñš%ññ›%ñ)€€PL€97„255,€H.R.€1526,€31€USC€1105,Ð   	 •Œ   Ð1113,€3512,€Wash.,€DC,€September€1982.Ð    (#(#  ÐÌà0     àà     ° àòòFinancial€Management€Systemsóó.€€OMB€Cir.€A„127ñ ›%ññš%ñÔ     A „ 1 2 7       Ôñš%ññ›%ñ€(Revised),€Transmittal€MemorandumNo.1,€Wash.,Ð   	 # !   ÐDC,€07/23/93.Ð    (#(#  ÐÌà0     àà     ° àòòGlossary€of€Computer€Security€Terminologyóó.€€National€Security€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     N5 Ôñš%ññ›%ñ€and€InformationÐ   	 ±"¨$   ÐSystems€Security€Committee€(NSTISSC),€Published€by€NIST€as€NISTIR€4659.€€Available€fromÏNTIS€as€PB92„112259,€1992.Ð    (#(#  ÐÌà0     àà     ° àòòGuidelines€for€ADP€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     t' Ôñš%ññ›%ñ€Planningóó.€€U.S.€Department€of€Commerce,€National€TechnicalÐ   	 &"(   ÐInformation€Service€(NTIS),€FIPS€PUB€87,€Springfield,€VA.,€03/81.Ð    (#(#  ÐÌà0     àà     ° àòòGuidance€for€Preparation€of€Security€Plans€for€Federal€Systems€that€Contain€Sensitive€Informationóó.€€OMBÐ   	 §(ž$+   ÐBulletin€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     e Ôñš%ññ›%ñ,€Wash.,€DC,€07/09/90.Ð    (#(#  ÐÌà0     àà     ° àòòGuidelines€for€Writing€Trusted€Facilityñ ›%ññš%ñÔ!     F a c i l i t y     y! Ôñš%ññ›%ñ€Manualsóó.€€NCSC,€NCSC-TG-016,€Ver.1,€NSA,€Ft.€George€G.Ð   	 5+,'.   ÐMeade,€MD.,€October€1992.Ð    (#(#  Ðâ
    
 âÐ   	 é,à(0   ÐòòÔ&  Ž Ôâ
    
 âà0     àà     ° àInformation€Technology€Installation€Securityóó.€€GSA.€€Office€of€Technical€Assistance.€€Wash.,€DC:€GPO,Ð   	 	      ÐDecember€1988.Ð    (#(#  ÐÔ'  Ž	ú  ÔÌÔ&  Ž Ôà0     àà     ° àòòIntegrity€„€Oriented€Control€Objectives:€Proposed€Revisions€to€the€Trusted€Computer€System€EvaluationÐ   	 —Ž   ÐCriteriañ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ€(TCSECñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñ),€DoD€5200.28„STDóó.€€NCSC,€NCSC€C€TR€€111„91,€NSA,€Ft.€George€G.Ð   	 qh   ÐMeade,€MD.,€October€1991.Ô'  Ž—Þ‚  ÔÐ    (#(#  ÐÌòòà0     àà     ° àIssue€Update€On€Information€Security€and€Privacy€in€Network€Environmentsóó.€€U.S.€Congress.€€Office€ofÐ   	 ÿ	ö   ÐTechnical€Assistance.€€OTA„BP„ITC„147.€€Wash.,€DC:€GPO,€June€1995.Ð    (#(#  ÐÌà0     àà     ° àòòManagement€Accountability€and€Controlóó.€€OMB€Cir.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3       Ôñš%ññ›%ñ.€€Wash.,€DC,€June€21,€1995.Ð    „
 (#(#  ÐÌà0     àà     ° àOffice€of€the€President,€òòNational€Security€Informationóó.€€32€CFR€Part€2001,€Directive€No.€1,€NationalÐ   	 A8
   ÐSecurity€Council,€Information€Security€Oversightñ ›%ññš%ñÔ#     O v e r s i g h t     p# Ôñš%ññ›%ñ€Office,€Wash.,€DC,€June€1982.Ð    (#(#  ÐÌà0     àà     ° àOffice€of€the€President,€òòNational€Security€Information:€Standard€Formsóó.€€32€CFR€Part€2003,€NationalÐ   	 ÏÆ   ÐSecurity€Council,€Information€Security€Oversightñ ›%ññš%ñÔ#     O v e r s i g h t     p# Ôñš%ññ›%ñ€Office,€Wash.,€DC,€March€1987.Ð    (#(#  ÐÌòòà0     àà     ° àThe€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     v? Ôñš%ññ›%ñ€of€1980óó.€€As€amended.€€44€USC€350,€et€seq.,€€PL€96„511.€Wash.,€DC,Ð   	 ]T   Ð12/11/80.Ð    (#(#  ÐÌà0     àà     ° àòòThe€Paperwork€Reduction€Reauthorization€Act€of€1986óó.€€44€USC€3506,€PL€99„500€Title€VIII.€Wash.,€DC.Ð    ëâ (#(#  ÐÌà0     àà     ° àòòPasswordñ ›%ññš%ñÔ!     P a s s w o r d     R! Ôñš%ññ›%ñ€Usageóó.€€U.S.€Department€of€Commerce,€National€Technical€Information€Service€(NTIS),€FIPSÐ   	 Ÿ–   ÐPUB€112,€Springfield,€VA.,€May€1985.Ð    (#(#  ÐÌà0     àà     ° àòòPeople,€Processes€and€Partnerships:€A€Report€on€the€Customs€Service€for€the€21st€Centuryóó.€€U.S.€CustomsÐ   	 -$   ÐService,€Wash.,€DC,€September€1994.Ð    (#(#  ÐÌà0     àà     ° àòòPerformance€of€Commercialñ ›%ññš%ñÔ%     C o m m e r c i a l     d% Ôñš%ññ›%ñ€Activitiesóó.€€OMB€Cir.€A„76€(Revised),€Transmittal€Memorandum€#13,€Wash.,Ð   	 »²   ÐDC,€03/02/94.Ð    (#(#  ÐÌà0     àà     ° àòòPersonnel€Suitabilityóó.€€Federal€Personnel€Manual€(FPM)€Instruction€311,€Chapter€31,€Wash.,€DC,Ð   	 I@    Ð01/06/84.Ð    (#(#  ÐÌà0     àà     ° àòòPolicy€and€Procedures€Manual€for€Guidance€of€Federal€Agencies€„Title€2,€Accountingóó.€€GovernmentÐ   	 ×!Î#   ÐAccounting€Office,€Wash.,€DC,€August€1987.Ð    (#(#  ÐÌà0     àà     ° àòòPublic€Key€Encryptionóóñ ›%ññš%ñÔ%     E n c r y p t i o n     d% Ôñš%ññ›%ñ.€€NIST,€SP€800-2,€Gaithersburg,€MD.Ð    e$\ & (#(#  ÐÌà0     àà     ° àòòRequirements€for€a€Shared€Federal€Computer€Back„up€Facilityóóñ ›%ññš%ñÔ!     F a c i l i t y      ! Ôñš%ññ›%ñ.€€Office€of€Technical€Assistance,€FallsÐ   	 &"(   ÐChurch,€VA.,€May€1991.Ð    (#(#  ÐÌà0     àà     ° àRuder,€Brian,€and€J.D.€Madden,€òòAn€Analysis€of€Computer€Security€Safeguards€for€Detection€andÐ   	 §(ž$+   ÐPrevention€of€Intentional€Computer€Misuseóó.€€NIST,€SP€500„25,€Gaithersburg,€MD.Ð    )x%, (#(#  ÐÌà0     àà     ° àRuthberg,€Zella€G.€and€William€Nugent,€òòOverview€of€Computer€Security€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     ^+ Ôñš%ññ›%ñ€and€Accreditationóóñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     ^+ Ôñš%ññ›%ñ.€Ð   	 5+,'.   ÐNIST,€SP€500„109,€Gaithersburg,€MD.,€April€1984.Ð    (#(#  Ðâ
    
 âÐ   	 é,à(0   ÐÔ&  ´ Ôâ
    
 âà0     àà     ° àòòSmart€Card€Technology:€New€Methods€for€Computer€Access€Controlóó.€€NIST,€SP€500„157,€Gaithersburg,Ð   	 	      ÐMD.Ô'  ´	“  ÔÐ    (#(#  ÐÌÔ&  ´ Ôà0     àà     ° àòòTrainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€Requirement€for€the€Computer€Security€Actóóñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t      ; Ôñš%ññ›%ñ.€€Office€of€Personnel€Managementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t     8M Ôñš%ññ›%ñ€(OPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñ),€5CFRÐ   	 —Ž   ÐPART€930,€Federal€Register€Vol.€56,€No.€233,€Wash.,€DC,€12/04/91.Ô'  ´—ß“  ÔÐ    (#(#  ÐÌà0     àà     ° àòòTrusted€Database€Management€System€Interpretation€(TDI)€of€the€Trusted€Computer€System€EvaluationÐ   	 %	   ÐCriteriaóóñ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     g Ôñš%ññ›%ñ.€€NCSC,€€NCSC-TG-021,€Ver.€1,€NSA,€Ft.€George€G.€Meade,€MD.,€April€1991.Ð    ÿ	ö (#(#  ÐÌà0     àà     ° àòòTrusted€Network€Interpretation€Environments€Guidelineóó.€€NCSC,€€NCSC-TG-011,€Ver.€2,€NSA,€Ft.Ð   	 ³ª	   ÐGeorge€G.€Meade,€MD.,€August€1990.Ð    (#(#  ÐÌà0     àà     ° àòòTrusted€Product€Evaluations:€A€Guide€for€Vendorsóó.€€NCSC,€€NCSC-TG-002,€Ver.€1,€NSA,€Ft.€GeorgeÐ   	 A8
   ÐG.€Meade,€MD.,€June€1990.Ð    (#(#  ÐÌà0     àà     ° àòòTurning€Multiple€Evaluation€Products€into€Trusted€Systemsóó.€€NCSC,€TR€„003,€NSA,€Ft.€George€G.Ð   	 ÏÆ   ÐMeade,€MD.,€July€1994.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòAbbreviations€and€Acronymsóó.€€Wash.,€DC,€04/92.Ð    ]T (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòDistributionñ ›%ññš%ñÔ)     D i s t r i b u t i o n     Ù) Ôñš%ññ›%ñ,€Submission€and€Processing€of€Background€Investigation€(BI)€Formsóó.€Ð   	    ÐUSCS€Directive€099„51332„004,€Wash.,€DC,€03/08/92.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòFive€Year€Planóó.€€Wash.,€DC,€12/91.Ð    Ÿ– (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòInformation€Systems€Plan€for€Fiscal€Years€1997€„€2001óó.€€Wash.,DC,€April€1995.Ð    SJ (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòPersonnel€Security€Requirements€for€ADP€and€Data€Communications€ContractÐ   	 þ   ÐEmployeesóó.€€USCS€Directive€1400„12,€Wash.,€DC,€11/02/88.Ð    áØ (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòPhysical€Securityñ ›%ññš%ñÔ3  )   P h y s i c a l   S e c u r i t y     
3 Ôñš%ññ›%ñ€Handbookóó.€€USCS€HB€1400„02,€Wash.,€DC,€08/89.Ð    •Œ (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòProhibition€of€Unauthorized€Use€of€Electronic€Mailóó.€€USCS€Directive€1460„008,Ð   	 I@    ÐWash.,€DC,€11/25/91.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòRestriction€of€Access€to€Production€Data€on€the€Customs€Computeróó.€€USCSÐ   	 ×!Î#   ÐInformation€Notice€92„030,€Wash.,€DC,€06/30/92.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòService€Level€Agreementóó.€€Office€of€Information€Management,€Springfield,VA.,Ð   	 e$\ &   Ð09/30/92.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòTable€of€Offenses€and€Penaltiesóó.€€USCS€Directive€51751„01,€Wash.,€DC,Ð   	 ó&ê")   Ð01/09/90.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòUnauthorized€Release€of€Official€Informationóó.€€Commissionerñ ›%ññš%ñÔ)     C o m m i s s i o n e r     i) Ôñš%ññ›%ñ€Memorandum,Ð   	 )x%,   ÐWash.,€DC,€07/08/91.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Customs€Service.€€òòUse€of€Computer€Virusñ ›%ññš%ñÔ     V i r u s     i Ôñš%ññ›%ñ€Protection€Softwareóó.€€USCS€Directive€1400„26,€Wash.,Ð   	 ,(/   ÐDC,€05/01/91.Ð    (#(#  ÐÐ   	 Ã-º)1   Ðà0     àà     ° àU.S.€Customs€Service.€€òòUse€of€Personally„Ownedñ ›%ññš%ñÔ1  '   P e r s o n a l l y „ O w n e d     v1 Ôñš%ññ›%ñ€Computers€and€Software€for€Classifiedñ ›%ññš%ñÔ%     C l a s s i f i e d     w% Ôñš%ññ›%ñ€and€SensitiveÐ   	 	      ÐWorkóó.€€USCS€Directive€1460-011,€Wash.,€DC,€03/25/93.Ð    ãÚ  (#(#  ÐÌÔ&  ´ Ôà0     àà     ° àU.S.€Treasury€Department.€€òòAcquisitionñ ›%ññš%ñÔ'     A c q u i s i t i o n     n' Ôñš%ññ›%ñ€of€Federal€Information€Processing€Resourcesóó.€€TD83-01,€Wash.,Ð   	 —Ž   ÐDC,€12/03/91.Ô'  ´—¦¤  ÔÐ    (#(#  ÐÌÔ&  ´ Ôà0     àà     ° àU.S.€Treasury€Department.€€òòDisclosure€of€Recordsóó.€€31€CFR€Part€1,€Subpart€A€„€Freedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n     = Ôñš%ññ›%ñÐ   	 %	   Ðand€Reform€Act€(FOIAñ ›%ññš%ñÔ     F O I A     m Ôñš%ññ›%ñ).€€PL€99„570.€€Wash.,€DC,€August€13,€1987.Ô'  ´%	½¥  ÔÐ    (#(#  ÐÌà0     àà     ° àU.S.€Treasury€Department.€€òòElectronic€Funds€and€Securities€Transfer€Policy.€€Message€Authentication€andÐ   	 ³ª	   ÐEnhanced€Securityóó.€€TD€16„02,€Wash.,€DC,€12/21/92.Ð    „
 (#(#  ÐÌÔ&  ´ Ôà0     àà     ° àU.S.€Treasury€Department.€€òòInformation€Systems€Planningóó.€€TD€81„06,€Wash.,€DC,€PL€99„570.€Ð   	 A8
   Ð08/20/86.Ô'  ´A4¨  ÔÐ    (#(#  ÐÌà0     àà     ° àU.S.€Treasury€Department.€€òòNational€Security€Informationóó.€Treasury€Directive.€€31€CFR€Part€2,€Wash.,Ð   	 ÏÆ   ÐDC,€2/22/89.Ð    (#(#  ÐÌà0     àà     ° àU.S.€Treasury€Department.€€òòResponsibilities€for€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     o5 Ôñš%ññ›%ñ€and€Information€Systems€Securityóó.€Ð   	 ]T   ÐTD85„09,€€Wash.,€DC,€09/25/90.Ð    (#(#  ÐÌà0     àà     ° àòòViability€Study€for€a€Shared€Federal€Computer€Back„up€Facilityóóñ ›%ññš%ñÔ!     F a c i l i t y     i! Ôñš%ññ›%ñ.€€Office€of€Technical€Assistance,€FallsÐ   	 ëâ   ÐChurch,€VA.,€November€1990.Ð    (#(#  ÐÌà0     àà     ° àWack,€John€P.,€òòEstablishing€Computer€Security€Incident€Responseñ ›%ññš%ñÔW  M   C o m p u t e r   S e c u r i t y   I n c i d e n t   R e s p o n s e     ÖW Ôñš%ññ›%ñ€Capabilityñ ›%ññš%ñÔI  ?   I n c i d e n t   R e s p o n s e   C a p a b i l i t y     pI Ôñš%ññ›%ñ€(CSIRCñ ›%ññš%ñÔ     C S I R C     t Ôñš%ññ›%ñ)óó.€€NIST,€SP€800„3,Ð   	 yp   ÐGaithersburg,€MD.,€1991.Ð    (#(#  ÐÌà0     àà     ° àWack,€John€P.€and€Stanley€A.€€Kutzban,€òòComputer€Virusñ ›%ññš%ñÔ     V i r u s     t Ôñš%ññ›%ñ€Attacksóó.€€Computer€Systems€Laboratory€(CSL)Ð   	 þ   ÐBulletin,€NIST€Special,€Gaithersburg,€MD,€August€1990.Ð	    áØ (#(#  ÐÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ªª ì à(This€Page€Intentionally€Left€Blank)ˆÌÐ	   	 SJ   ÐÑ    . Ññ›%ñÖ  €ˆ  Ï é   Öñ›%ññ ›%ñÖ  € Ï é   Öñ›%ññ›%ñÖ €Š  Ó é   Öñ›%ññ ›%ñÖ € Ó é   Öñ›%ñØ       ØÑ €÷   ®  ÑÓ   ÓÔ ‡  °üª ° & &ù´ ÔÔ ‡…  °„½ ° ° °üª ÔÔ
      ÔAPPENDIX€AÐ   	 X      ÐòòAbbreviations€and€AcronymsÔ     °  ÔÔ# †  °üª ° °… °„½ä¯ # ÔÔ# †  &ù´ & ° °üªÅ¯ # ÔóóÐ   	 8à   ÐßA €& - )                 °° x         dßE°¨ xA ßÐ   	 À   ÐÓ  ¹¯  ÓÌAAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAccrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     2# Ôñš%ññ›%ñÐ    ™A ¸(#¸(#  ÐACSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAutomated€Commercialñ ›%ññš%ñÔ%     C o m m e r c i a l     8% Ôñš%ññ›%ñ€SystemÐ    s ¸(#¸(#  ÐADPà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAutomatic€Data€ProcessingÐ    M	õ ¸(#¸(#  ÐAESà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAutomated€Export€SystemÐ    '
Ï ¸(#¸(#  ÐAISà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAutomated€Information€SystemsÐ    © ¸(#¸(#  ÐAISSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAIS€Security€DivisionÐ    Ûƒ		 ¸(#¸(#  ÐASà0     àà0    `	(#(# àà0    ¸`	(#`	(# àAdministrative€SystemsÐ    µ]

 ¸(#¸(#  ÐBIà0     àà0    `	(#(# àà0    ¸`	(#`	(# àBackground€InvestigationÐ    7 ¸(#¸(#  ÐCD„ROMà0    `	 àà0    ¸`	(#`	(# àCompact€Disk„Read€Only€MemoryÐ    i ¸(#¸(#  ÐCFRà0     àà0    `	(#(# àà0    ¸`	(#`	(# àCode€of€Federal€RegulationsÐ    Cë ¸(#¸(#  ÐCISà0     àà0    `	(#(# àà0    ¸`	(#`	(# àCustoms€Issuance€SystemÐ    Å ¸(#¸(#  ÐCICSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àCustomerInformationControlSystemÐ    ÷Ÿ ¸(#¸(#  ÐCOMSECñ ›%ññš%ñÔ     C O M S E C     a Ôñš%ññ›%ñà0    `	 àà0    ¸`	(#`	(# àComputer€SecurityÐ    Ñy ¸(#¸(#  ÐCOTSñ ›%ññš%ñÔ     C O T S       Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àCommercialñ ›%ññš%ñÔ%     C o m m e r c i a l     8% Ôñš%ññ›%ñ„Off„The„Shelf€SoftwareÐ    «S ¸(#¸(#  ÐCMà0     àà0    `	(#(# àà0    ¸`	(#`	(# àConfiguration€Managementñ ›%ññš%ñÔA  7   C o n f i g u r a t i o n   M a n a g e m e n t     ZA Ôñš%ññ›%ñÐ    …- ¸(#¸(#  ÐCMDà0     àà0    `	(#(# àà0    ¸`	(#`	(# àCommunications€Management€DivisionÐ    _ ¸(#¸(#  ÐCSCà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDoD€Computer€Security€Center€(now€NCSC)Ð    9á ¸(#¸(#  ÐDAAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDesignated€Accrediting€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     o# Ôñš%ññ›%ñÐ    » ¸(#¸(#  ÐDACà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDiscretionary€Access€Controlñ ›%ññš%ñÔI  ?   D i s c r e t i o n a r y   A c c e s s   C o n t r o l     ÖI Ôñš%ññ›%ñÐ    í• ¸(#¸(#  ÐDESà0     àà0    `	(#(# àà0    ¸`	(#`	(# àData€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     i% Ôñš%ññ›%ñ€Standardñ ›%ññš%ñÔA  7   D a t a   E n c r y p t i o n   S t a n d a r d     oA Ôñš%ññ›%ñÐ    Ço ¸(#¸(#  ÐDODà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDepartment€of€Defense€(DoD)Ð    ¡I ¸(#¸(#  ÐDODDà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDepartment€of€Defense€DirectiveÐ    {# ¸(#¸(#  ÐDSAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDigital€Signature€AlgorithmÐ    Uý ¸(#¸(#  ÐDSOà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDesignated€Security€OfficerÐ    /× ¸(#¸(#  ÐDSSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àDigital€Signature€StandardÐ    	± ¸(#¸(#  ÐEOà0     àà0    `	(#(# àà0    ¸`	(#`	(# àExecutive€Orderñ ›%ññš%ñÔ/  %   E x e c u t i v e   O r d e r     t/ Ôñš%ññ›%ñÐ    ã‹ ¸(#¸(#  ÐFBIà0     àà0    `	(#(# àà0    ¸`	(#`	(# àFederal€Bureau€of€Investigationñ ›%ññš%ñÔ[  Q   F B I       F e d e r a l   B u r e a u   o f   I n v e s t i g a t i o n     1[ ÔÔO  E   F e d e r a l   B u r e a u   o f   I n v e s t i g a t i o n     tO Ôñš%ññ›%ñÐ    ½e ¸(#¸(#  ÐFEDSIMà0    `	 àà0    ¸`	(#`	(# àFederal€Systems€Integration€and€Management€CenterÐ    —? ¸(#¸(#  ÐFIPS€PUBà0    `	 àà0    ¸`	(#`	(# àFederal€Information€Processing€Standards€PublicationÐ    q  ¸(#¸(#  ÐFOIAñ ›%ññš%ñÔ     F O I A     l Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àFreedom€of€Informationñ ›%ññš%ñÔ=  3   F r e e d o m   o f   I n f o r m a t i o n     i= Ôñš%ññ›%ñ€ActÐ    K ó! ¸(#¸(#  ÐGAOà0     àà0    `	(#(# àà0    ¸`	(#`	(# àU.S.€General€Accounting€Officeñ ›%ññš%ñÔC  9   G e n e r a l   A c c o u n t i n g   O f f i c e     tC Ôñš%ññ›%ñÐ    %!Í" ¸(#¸(#  ÐGPOà0     àà0    `	(#(# àà0    ¸`	(#`	(# àU.S.€Government€Printing€OfficeÐ    ÿ!§# ¸(#¸(#  ÐGSAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àU.S.€General€Services€AdministrationÐ    Ù" $ ¸(#¸(#  ÐHRà0     àà0    `	(#(# àà0    ¸`	(#`	(# àHouse€of€Representatives€ReportÐ    ³#[!% ¸(#¸(#  ÐHBà0     àà0    `	(#(# àà0    ¸`	(#`	(# àHandbookÐ    $5"& ¸(#¸(#  ÐIBMððà0     àà0    `	(#(# àà0    ¸`	(#`	(# àInternational€Business€MachinesÐ    g%#' ¸(#¸(#  ÐIRMñ ›%ññš%ñÔ     I R M     a Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àInformation€Resources€ManagementÐ    A&é#( ¸(#¸(#  ÐIRSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àInternal€Revenue€ServiceÐ    'Ã$) ¸(#¸(#  ÐLANà0     àà0    `	(#(# àà0    ¸`	(#`	(# àLocal€Area€NetworkÐ    õ'%* ¸(#¸(#  ÐLOUà0     àà0    `	(#(# àà0    ¸`	(#`	(# àLimited€Official€UseÐ    Ï(w&+ ¸(#¸(#  ÐMOUñ ›%ññš%ñÔ     M O U     a Ôñš%ññ›%ñ€à0     àà0    `	(#(# àà0    ¸`	(#`	(# àMemorandum€of€UnderstandingÐ    ©)Q', ¸(#¸(#  ÐMISSIñ ›%ññš%ñÔ     M I S S I       Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àMultilevel€Information€System€Security€InitiativeÐ    ƒ*+(- ¸(#¸(#  ÐNBSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Bureau€of€Standards€(now€NIST)Ð    ]+). ¸(#¸(#  ÐNCICà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Crime€Information€CenterÐ    7,ß)/ ¸(#¸(#  ÐNCSCà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Computer€Security€CenterÐ#    -¹*0 ¸(#¸(# # ÐNITF€à0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Information€Infrastructureñ ›%ññš%ñÔW  M   N a t i o n a l   I n f o r m a t i o n   I n f r a s t r u c t u r e     W Ôñš%ññ›%ñ€Task€ForceÐ    	    ¸(#¸(#  ÐNISTà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Institute€of€Standards€and€TechnologyÐ    ãÚ  ¸(#¸(#  ÐNSAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y     sA Ôñš%ññ›%ñÐ    ½´ ¸(#¸(#  ÐNSDà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Security€DirectiveÐ    —Ž ¸(#¸(#  ÐNSDDà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Security€Decision€DirectiveÐ    qh ¸(#¸(#  ÐNTISà0     àà0    `	(#(# àà0    ¸`	(#`	(# àNational€Technical€Information€ServiceÐ    KB ¸(#¸(#  ÐNSTISSà0    `	 àà0    ¸`	(#`	(# àNational€Security€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     e5 Ôñš%ññ›%ñ€and€Information€Systems€Security€Ð    %	 ¸(#¸(#  ÐOITà0     àà0    `	(#(# àà0    ¸`	(#`	(# àOffice€of€Information€and€TechnologyÐ    ÿ	ö ¸(#¸(#  ÐOMBà0     àà0    `	(#(# àà0    ¸`	(#`	(# àOffice€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     rO Ôñš%ññ›%ñÐ    Ù
Ð ¸(#¸(#  ÐOPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àOffice€of€Personnel€Managementñ ›%ññš%ñÔY  O   O P M       O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t      Y ÔÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t     mM Ôñš%ññ›%ñÐ    ³ª	 ¸(#¸(#  ÐOPSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àSystems€Operations€DivisionÐ    „
 ¸(#¸(#  ÐORRà0     àà0    `	(#(# àà0    ¸`	(#`	(# àOffice€of€Regulations€and€RulingsÐ    g^	 ¸(#¸(#  ÐOTAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àOffice€of€Technical€AssistanceÐ    A8
 ¸(#¸(#  ÐPAà0     àà0    `	(#(# àà0    ¸`	(#`	(# àPrivacy€Actñ ›%ññš%ñÔ'     P r i v a c y   A c t     s' Ôñš%ññ›%ñÐ     ¸(#¸(#  ÐPAAñ ›%ññš%ñÔ     P A A     c Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àPrincipal€Accrediting€Authorityñ ›%ññš%ñÔO  E   P r i n c i p a l   A c c r e d i t i n g   A u t h o r i t y     eO ÔÔ#     A u t h o r i t y     c# Ôñš%ññ›%ñÐ    õì ¸(#¸(#  ÐPBXñ ›%ññš%ñÔ     P B X     r Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àPrivate€Branch€Exchangeñ ›%ññš%ñÔ?  5   P r i v a t e   B r a n c h   E x c h a n g e     h? Ôñš%ññ›%ñÐ    ÏÆ ¸(#¸(#  ÐPCà0     àà0    `	(#(# àà0    ¸`	(#`	(# àPersonal€ComputerÐ    ©  ¸(#¸(#  ÐPLà0     àà0    `	(#(# àà0    ¸`	(#`	(# àPublic€LawÐ    ƒz ¸(#¸(#  ÐRAMà0     àà0    `	(#(# àà0    ¸`	(#`	(# àRandom€Access€MemoryÐ    ]T ¸(#¸(#  ÐROMà0     àà0    `	(#(# àà0    ¸`	(#`	(# àRead€Only€MemoryÐ    7. ¸(#¸(#  ÐR/Wà0     àà0    `	(#(# àà0    ¸`	(#`	(# àRead/WriteÐ     ¸(#¸(#  ÐSBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     iE Ôñš%ññ›%ñÐ    ëâ ¸(#¸(#  ÐSDLCñ ›%ññš%ñÔ     S D L C     i Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àSystems€Development€Life€Cycleñ ›%ññš%ñÔM  C   S y s t e m s   D e v e l o p m e n t   L i f e   C y c l e      M Ôñš%ññ›%ñÐ    Å¼ ¸(#¸(#  ÐSFUGñ ›%ññš%ñÔ     S F U G     s Ôñš%ññ›%ñà     àà    `	 àà0    ¸ àSecurity€Features€Userððs€Guideñ ›%ññš%ñÔM  C   S e c u r i t y   F e a t u r e s   U s e r s   G u i d e      M Ôñš%ññ›%ñÐ    Ÿ– ¸(#¸(#  ÐSPà0     àà0    `	(#(# àà0    ¸`	(#`	(# àSpecial€PublicationÐ    yp ¸(#¸(#  ÐSPDñ ›%ññš%ñÔ     S P D     i Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àSecurity€Programs€Divisionñ ›%ññš%ñÔQ  G   S P D       S e c u r i t y   P r o g r a m s   D i v i s i o n     nQ ÔÔE  ;   S e c u r i t y   P r o g r a m s   D i v i s i o n     sE Ôñš%ññ›%ñÐ    SJ ¸(#¸(#  ÐTCBñ ›%ññš%ñÔ     T C B     i Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àTrusted€Computer€Baseñ ›%ññš%ñÔ;  1   T r u s t e d   C o m p u t e r   B a s e     i; Ôñš%ññ›%ñÐ    -$ ¸(#¸(#  ÐTCSECñ ›%ññš%ñÔ     T C S E C       Ôñš%ññ›%ñà0    `	 àà0    ¸`	(#`	(# àDoD€Trusted€Computer€System€Evaluation€Criteriañ ›%ññš%ñÔg  ]   T r u s t e d   C o m p u t e r   S y s t e m   E v a l u a t i o n   C r i t e r i a     1g Ôñš%ññ›%ñ€(the€Orange€Bookñ ›%ññš%ñÔ'     O r a n g e   B o o k     t' Ôñš%ññ›%ñ)Ð    þ ¸(#¸(#  ÐTECSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àTreasury€Enforcement€Communication€SystemsÐ    áØ ¸(#¸(#  ÐTDà0     àà0    `	(#(# àà0    ¸`	(#`	(# àTreasury€DirectiveÐ    »² ¸(#¸(#  ÐTFMñ ›%ññš%ñÔ     T F M     e Ôñš%ññ›%ñà0     àà0    `	(#(# àà0    ¸`	(#`	(# àTrusted€Facilityñ ›%ññš%ñÔ!     F a c i l i t y     c! Ôñš%ññ›%ñ€Manualñ ›%ññš%ñÔ?  5   T r u s t e d   F a c i l i t y   M a n u a l     v? Ôñš%ññ›%ñÐ    •Œ ¸(#¸(#  ÐUPSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àUninterruptible€Power€SupplyÐ    of ¸(#¸(#  ÐUSCà0     àà0    `	(#(# àà0    ¸`	(#`	(# àUnited€States€CodeÐ    I@  ¸(#¸(#  ÐUSCSà0     àà0    `	(#(# àà0    ¸`	(#`	(# àU.S.€Customs€ServiceÐ    # ! ¸(#¸(#  ÐWANà0     àà0    `	(#(# àà0    ¸`	(#`	(# àWide€Area€NetworkÐ    ý ô" ¸(#¸(#  ÐWWWà0     àà0    `	(#(# àà0    ¸`	(#`	(# àWorld€Wide€Webñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b      - Ôñš%ññ›%ñÐ    ×!Î# ¸(#¸(#  ÐÐ	   	 ±"¨$   ÐÑ    t Ññ›%ñÖ  €  ˆ é   Öñ›%ññ ›%ñÖ  € ˆ é   Öñ›%ññ›%ñÖ €  Š é   Öñ›%ññ ›%ñÖ € Š é   Öñ›%ñØ       ØÑ €ø   ÷  ÑÓ   ÓÔ ‡  °üª ° & &ù´ ÔÔ ‡‹  °„½ ° ° °üª ÔÔ
      ÔAPPENDIX€BÐ   	 X      ÐòòGood€Security€PracticesÔ     ÿâ  ÔóóÔ# †  °üª ° °‹ °„½àâ # ÔÔ# †  &ù´ & ° °üªÁâ # Ôñ ›%ññš%ñÔ5  +   S e c u r i t y   P r a c t i c e s      5 Ôñš%ññ›%ñÐ   	 8à   ÐßA €& - )                 °° x         d  E°¨ xA ßÓ  µâ  ÓÐ   	 À   ÐÌòòÔ ‡  X6v X & &ù´ ÔB.1à0     àGeneral€Computer€Care€and€HandlingÔ# †  &ù´ & X X6vgä # Ôóó.Ð    ™A (#(#  ÐÌThe€owners€or€operators€guides€for€computers€and€components€specify€special€precautions,€care,€andÏhandling€procedures€that€can€help€avoid€system€failures€and€data€loss.ÌÌThe€following€are€general€guidelines€and€recommendations:ÌÌ1.à0     àPlug€each€power€cable€into€a€grounded€(3„hole)€outlet.€€Use€a€good€quality€electrical€surgeÐ   	 ¥M   Ðprotector,€power€filter€system,€or€uninterruptible€power€supply€to€protect€the€computer€systemÏfrom€electrical€variations€which€can€cause€failures.Ð    (#(#  ÐÌ2.à0     àDo€not€connect€or€disconnect€computer€system€components€with€the€system€turned€on,€unless€theÐ   	 µ   Ðsystem€and€components€are€specifically€designed€for€that€purpose.Ð    (#(#  ÐÌ3.à0     àElectrostatic€discharge€(EDS)€can€cause€computer€component€failures.€€Take€precautions€toÐ   	 ›C   Ðdischarge€yourself€before€touching€the€computer€or€attached€components.€€If€you€must€work€insideÏthe€computer,€wear€proper€EDS€grounding€equipment€(e.g.,€wrist€straps,€etc.)€and€frequently€touchÏthe€unpainted€metal€chassis€periodically€to€neutralize€static€buildup.Ð    (#(#  ÐÌ4.à0     àKeep€strong€magnetic€fields€away€from€the€computer€components€and€magnetic€recording€mediaÐ   	 Ý…   Ð(e.g.,€diskettes,€tapes,€etc.).€€If€audio€speakers€are€used€with€the€system,€ensure€that€they€areÏdesigned€with€proper€magnetic€shielding.€Ð    (#(#  ÐÌ5.à0     àDo€not€touch€the€surfaces€of€magnetic€recording€media€(e.g.,€diskettes,€tapes,€etc.)€or€goldÐ   	 Eí   Ðelectrical€connectors€(circuit€card€contacts€or€connectors).€€Body€oils€will€contaminate€theseÏsurfaces€and€can€result€in€component€failures.Ð    (#(#  ÐÌ7.à0     àProtect€computer€equipment€and€recording€media€(e.g.€portableñ ›%ññš%ñÔ!     p o r t a b l e     Ö! Ôñš%ññ›%ñ€PCS,€diskettes,€CDS,€etc.)€fromÐ   	 ­U   Ðadverse€environmentalñ ›%ññš%ñÔ+  !   e n v i r o n m e n t a l     S+ Ôñš%ññ›%ñ€conditions€(e.g.,€extremes€of€temperature€and€humidity,€corrosive€gases,Ïliquids,€dust,€or€other€contaminants).Ð    (#(#  ÐÌ6.à0     àComputer€components€do€fail.€€Make€appropriate€back„ups€of€all€critical€data€and€store€in€a€secureÐ   	 "½#   Ðarea,€preferably€separate€from€the€same€area€where€the€computer€is€kept.€Ð    (#(#  ÐÌòòÔ ‡  X6v X & &ù´ ÔB.2à0     àGeneral€Security€PracticesÔ# †  &ù´ & X X6vAî # Ôñ ›%ññš%ñÔ5  +   S e c u r i t y   P r a c t i c e s      5 Ôñš%ññ›%ñÐ    £$K"& (#(#  ÐóóÌ1.à0     àControl€physical€access€to€computer€systems€and€limit€access€to€only€authorized€persons.Ð    m&$( (#(#  ÐÌ2.à0     àPosition€computer€displays€such€that€they€may€not€be€viewed€by€unauthorized€persons€(e.g.,Ð   	 !(É%*   Ðthrough€windows,€doors,€open€work€areas,€etc.).Ð    (#(#  Ðâ
    
 âÐ    Õ)}', '  ÐÔ&  B Ôâ
    
 â3.à0     àDo€not€allow€computer€access€by€unauthorized€persons:Ð    	    (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝLogoff€active€host€or€LAN€connections€whenever€the€terminal€sessions€are€unattended.Ð    ãÚ  `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝPower€off€computer€equipment€when€not€in€use.Ð    ½´ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSecure€unattended€terminal€areas€(lock€the€doors).Ð    —Ž `	(#`	(#  ÐÔ'  B	„ð  ÔÌÔ&  Ž Ô4.à0     àIdentify€the€level€of€sensitivity€of€the€data€stored,€processed,€or€used€in€the€computer€andÐ   	 KB   Ðimplement€appropriate€security€measures.Ð    (#(#  ÐÔ'  ŽKÝò  ÔÌ5.à0     àFor€systems€which€use€logon€IDs€and/or€passwordñ ›%ññš%ñÔ!     p a s s w o r d     ! Ôñš%ññ›%ñ€access€controls,€ensure€that€chosen€IDs€and/orÐ   	 Ù
Ð   Ðpasswords€conform€to€the€requirements€of€the€specific€control€system€where€they€are€used.Ð    (#(#  ÐÌà0     àNote:€Passwords€are€a€commonly€used€but€easily€compromised€access€control€method.€€AutomatedÏcomputer€penetration€programs€can€quickly€determine€common€words,€names,€or€characterÏcombinations€used€for€logon€IDs€and/or€passwords.€€It€is€therefore€prudent€to€make€the€ID€and/orÏpasswordñ ›%ññš%ñÔ!     p a s s w o r d     ! Ôñš%ññ›%ñ€as€complex€as€appropriate.à0    À(#(# àÐ    õì À(#À(#  ÐÌà0     à(a)à0    `	(#(# àChange€default€passwords€as€soon€as€practical.€€Do€not€allow€security€access€controls€toÐ   	 ©    Ðbe€operational€using€manufacturer€or€vendorñ ›%ññš%ñÔ     v e n d o r       Ôñš%ññ›%ñ€supplied€passwords.Ð    `	(#`	(#  ÐÌà0     à(b)à0    `	(#(# àKeep€logon€IDs€confidential.€Divulge€IDs€only€on€a€need„to„know€basis.Ð    7. `	(#`	(#  ÐÌà0     à(c)à0    `	(#(# àDO€NOT€SHARE€PASSWORDS.€€If€a€passwordñ ›%ññš%ñÔ!     p a s s w o r d     ! Ôñš%ññ›%ñ€must€be€divulged,€change€it€as€soon€asÐ   	 ëâ   Ðpossible.Ð    `	(#`	(#  Ð€à0     àÐ    Ÿ– (#(#  Ðà0     à(d)à0    `	(#(# àGenerally€do€not€write€down€passwords.€€If€it€is€necessary€to€write€them€down,€store€themÐ   	 yp   Ðin€a€secure€area.€Ð    `	(#`	(#  ÐÌà0     à(e)à0    `	(#(# àChange€passwords€at€least€every€90€days€(30€days€is€recommended)€or€any€time€they€haveÐ   	 þ   Ðbeen,€or€are€suspected€to€have€been,€compromised.Ð    `	(#`	(#  ÐÌà0     à(f)à0    `	(#(# àDo€not€include€passwords€in€programs,€scripts,€or€other€files€where€they€can€beÐ   	 •Œ   Ðcompromised.Ð    `	(#`	(#  ÐÌà0     à(g)à0    `	(#(# àRecommended€passwordñ ›%ññš%ñÔ!     p a s s w o r d     ! Ôñš%ññ›%ñ€patterns€are:Ð    # ! `	(#`	(#  Ðà0     àà0    `	(#(# à„€6€to€8€alphanumeric€characters,€with€at€least€one€of€each€type€(e.g.,€PQT1FYX).Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€no€sequentially€repeated€characters€(e.g.,€11,€aa,€etc.).Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€no€names,€birthdays,€commonly€used€identifiers€(e.g.,€Social€Security€#,€etc.).Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€no€ascending€or€descending€digits€(e.g.,€1234,€abcd,€etc.).Ð    `	(#`	(#  ÐÌ6.à0     àProtect€access€control€devices€from€loss€or€unauthorized€access€(e.g.,€lock€keys,€smart€cards,Ð   	 ?%6!'   ÐFortezza€cards,€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n      % Ôñš%ññ›%ñ€cards/keys,€security€codes,€etc.).Ð    (#(#  ÐÌà0     àNote:€Loss€or€compromise€of€encryptions€codes€or€devices€(e.g.,€Fortezza€cards,€etc.)€may€requireÏthe€replacement€of€codes€and/or€devices€at€both€sending€and€receiving€locations.€€This€can€severelyÏimpact€data€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     Ö) Ôñš%ññ›%ñ.€€òòProtect€all€encryptions€codes€or€devices.óóÐ    )x%, (#(#  ÐÌÔ&  Ž Ô7.à0     àEnsure€proper€control€and€disposal€of€printer€ribbons,€laser€printer€cartridges,€recording€mediaÐ   	 9+0'.   Ð(e.g.,€diskettes,€CDS,€tapes,€etc.),€printouts,€and€other€information€storage€devices€which€containÏsensitive€data.Ô'  Ž9+Š   ÔÐ    (#(#  Ðà0     àÐ    Ç-¾)1 (#(#  ÐÔ&  ^	 Ô8.à0     àUse€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     3 Ôñš%ññ›%ñ€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     3 Ôñš%ññ›%ñ€to€protect€against€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     s- Ôñš%ññ›%ñ:Ð    	    (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝUse€a€quality€virusñ ›%ññš%ñÔ     v i r u s     1 Ôñš%ññ›%ñ€scanner€and/or€behavioral€detection€program.Ð    ãÚ  `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝVirusñ ›%ññš%ñÔ     V i r u s     1 Ôñš%ññ›%ñ€scanners€only€detect€virusñ ›%ññš%ñÔ     v i r u s     1 Ôñš%ññ›%ñ€code€patterns€identified€in€the€particular€scanner.Ð    ½´ ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝVirusñ ›%ññš%ñÔ     V i r u s     1 Ôñš%ññ›%ñ€behavioral€detection€programs€detect€code€pattern€changes€which€are€similarÐ   	 —Ž   Ðto€those€identified€in€the€detection€program.Ð    ¸(#¸(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝVirusñ ›%ññš%ñÔ     V i r u s     1 Ôñš%ññ›%ñ€scanners€and€behavioral€detection€programs€must€be€current€(not€more€than€90„180Ð   	 KB   Ðdays€old)€to€be€effective.€€New€virusñ ›%ññš%ñÔ     v i r u s     1 Ôñš%ññ›%ñ€programs€are€being€created€every€month.Ð    `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAny€recorded€media€whose€content€is€unknown€or€has€not€been€scanned€for€knownÐ   	 ÿ	ö   Ðviruses,€may€be€a€source€of€malicious€codeñ ›%ññš%ñÔ-  #   m a l i c i o u s   c o d e     S- Ôñš%ññ›%ñ€contamination.€€Even€new€programs€fromÏestablished€manufacturers€and€vendors€have€been€sources€of€such€contamination.Ð    `	(#`	(#  ÐÔ'  ^		á  ÔÌ9.à0     àInformation€stored€or€processed€by€computers,€related€equipment,€and€programs€can€be€damagedÐ   	 g^	   Ðin€numerous€ways€and€from€various€causes.€€It€is€important€that€all€data€which€is€consideredÏessential€(e.g.,€programs,€data€files,€etc.)€be€available€and€capable€of€being€restored€to€the€AISÏenvironment,€should€the€original€become€unusable.€€Back„up€files€should€be€created€and€maintainedÏas€appropriate.€€Security€controlsñ ›%ññš%ñÔ3  )   S e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€for€the€back„up€files€must€be€commensurate€with€the€sensitivityÏand€criticality€of€the€data.Ð    (#(#  ÐÌòòÔ ‡  X6v X & &ù´ ÔB.3à0     àGood€Security€Practicesñ ›%ññš%ñÔ5  +   S e c u r i t y   P r a c t i c e s      5 Ôñš%ññ›%ñ€for€PBXñ ›%ññš%ñÔ     P B X     , Ôñš%ññ›%ñ€and€Voiceñ ›%ññš%ñÔ     V o i c e     : Ôñš%ññ›%ñ€Mail€SystemsÔ# †  &ù´ & X X6vâ # ÔóóÐ    ]T (#(#  ÐÌDial„in€access€to€sensitive€AIS€can€be€a€serious€security€exposure€if€appropriate€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€are€notÏoperational.€€Most€Private€Branch€Exchangeñ ›%ññš%ñÔ?  5   P r i v a t e   B r a n c h   E x c h a n g e     Ö? Ôñš%ññ›%ñ€and€Voiceñ ›%ññš%ñÔ     V o i c e       Ôñš%ññ›%ñ€mail€systems€have€security€features€which€can€deterÏor€prevent€unauthorized€access.€€It€is€important€that€these€features€be€activated€and€enforced.€€TheÏfollowing€recommendations€are€excerpts€provided€by€American€Telephone€and€Telegraph€(ATT)€to€theÏU.S.€Treasury€Office€of€Telecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     n5 Ôñš%ññ›%ñ€Management.ÌÌòòÔ ‡  X6v X & &ù´ ÔB.3.1à0     àPBXñ ›%ññš%ñÔ     P B X     , Ôñš%ññ›%ñ€SecurityÔ# †  &ù´ & X X6v # ÔóóÐ    C: (#(#  ÐÌ1.à0     àKeep€PBXñ ›%ññš%ñÔ     P B X     , Ôñš%ññ›%ñ€attendant€console€rooms,€telephone€wiring€closets,€telephone€equipment€rooms,€andÐ   	    ÐLocal€Exchange€Company€(LOC)€demarcation€rooms€locked€and€secured.Ð    (#(#  ÐÌ2.à0     àRequest€positive€identification€from€all€service€equipment€vendors€and€technicians.Ð    ›’ (#(#  ÐÌ3.à0     àEnsure€that€any€remote€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e     ' Ôñš%ññ›%ñ€line€phone€number€is€unpublished,€preferably€not€in€the€sameÐ   	 O F!   Ðnumbers€groups,€and€not€recorded€on€jacks,€wallfield,€distributionñ ›%ññš%ñÔ)     d i s t r i b u t i o n     Ö) Ôñš%ññ›%ñ€frame,€etc.Ð    (#(#  ÐÌ4.à0     àSecure€any€reportsñ ›%ññš%ñÔ     r e p o r t s     i Ôñš%ññ›%ñ,€documentation,€or€other€information€files€which€may€reveal€the€trunk€accessÐ   	 Ý"Ô$   Ðcodes€or€passwords.Ð    (#(#  ÐÌ5.à0     àChange€all€default€passwords€immediately€after€installation.Ð    k%b!' (#(#  ÐÌ6.à0     àChoose€passwords€that€are€difficult,€but€easy€to€remember,€and€contain€as€many€alphaÐ   	 '#)   Ðcharacters/digits€as€possible,€preferably€seven€or€more.Ð    (#(#  ÐÌ7.à0     àDeactivate€unused€€codes€and€features.Ð    ­)¤%, (#(#  ÐÌ8.à0     àAllow€only€three€attempts€to€enter€a€valid€access€code.Ð    a+X'. (#(#  ÐÌ9.à0     àHave€the€PBXñ ›%ññš%ñÔ     P B X     t Ôñš%ññ›%ñ€wait€four€or€five€rings€before€answering€the€remote€access€line.Ð    -)0 (#(#  Ð‡10.à0     àRestrict€calling€privileges€to€individual€employees.Ð    	    (#(#  ÐÌ11.à0     àBlock€area€codes€where€business€is€not€done,€especially€900,€700,€and€976.Ð    ½´ (#(#  ÐÌ12.à0     àUse€the€maximum€authorization€and€Remote€Access€barrier€code€length.Ð    qh (#(#  ÐÌ13.à0     àUse€security€devices€on€all€ports.Ð    %	 (#(#  ÐÌòòÔ ‡  X6v X & &ù´ ÔB.3.2à0     àVoiceñ ›%ññš%ñÔ     V o i c e     : Ôñš%ññ›%ñ€MailÔ# †  &ù´ & X X6vº # ÔÐ    Ù
Ð (#(#  ÐóóÌ1.à0     àDonððt€allow€outgoing€calls€from€a€mailbox.Ð    £š
 (#(#  ÐÌ2.à0     àSet€a€minimum€number€of€digits€allowed€for€all€passwords€(preferably€five€or€more).Ð    WN
 (#(#  ÐÌ3.à0     àRequire€€a€minimum€passwordñ ›%ññš%ñÔ!     p a s s w o r d     ! Ôñš%ññ›%ñ€length€to€be€one€digit€longer€than€extension€length.Ð     (#(#  ÐÌ4.à0     àBlock€access€to€long€distance€trunks€or€local€lines.Ð    ¿¶ (#(#  ÐÌ5.à0     àRequire€users€to€frequently€change€passwords.Ð    sj (#(#  ÐÌ6.à0     àLimit€login€attempts€to€three€or€less.Ð    ' (#(#  ÐÌ7.à0     àToll€restrict€lines€between€the€voiceñ ›%ññš%ñÔ     v o i c e     d Ôñš%ññ›%ñ€mail€system€and€PBXñ ›%ññš%ñÔ     P B X       Ôñš%ññ›%ñ.Ð    ÛÒ (#(#  ÐÌ8.à0     àMonitor€voiceñ ›%ññš%ñÔ     v o i c e     d Ôñš%ññ›%ñ€mail€system€reportsñ ›%ññš%ñÔ     r e p o r t s       Ôñš%ññ›%ñ€daily.Ð    † (#(#  ÐÌ9.à0     àDelete€all€unused€voiceñ ›%ññš%ñÔ     v o i c e       Ôñš%ññ›%ñ€mailboxes.Ð    C: (#(#  ÐÌ10.à0     àIf€outcalling€is€used,€restrict€the€port€to€only€those€numbers€needed€using€the€Automatic€RouteÐ   	 ÷î   ÐSelection€partitioning.Ð	    ÑÈ (#(#  ÐÑ    h Ññ›%ñÖ  €‡   é   Öñ›%ññ ›%ñÖ  €  é   Öñ›%ññ›%ñÖ €’   é   Öñ›%ññ ›%ñÖ €  é   Öñ›%ñØ       ØÑ €È   ø  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡†  °„½ ° ° °üª ÔÓ   ÓÔ
      ÔAPPENDIX€CÐ   	 X      ÐòòControlled€Access€Protection€(C2ñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ)€OutlineóóÔ     ®  ÔÔ# †  °üª ° °† °„½ƒ # ÔÔ# †  &ù´ & ° °üªd # ÔÐ   	 8à   ÐßA €& - )                 °° x         d dE°¨ xA ßÐ   	 À   ÐÓ  ¢  ÓÌThe€òòNational€Policy€on€Controlled€Access€Protectionóó,€issued€by€the€White€House,€NationalÐ   	 ™A   ÐTelecommunicationsñ ›%ññš%ñÔ5  +   T e l e c o m m u n i c a t i o n s     Ö5 Ôñš%ññ›%ñ€and€Information€Systems€Security€Committee,€07/15/87,€directed€that€by€July€15,Ï1992€Federal€agencies€must€provide€automated€Controlled€Access€Protection€(C2ñ ›%ññš%ñÔ     C 2     c Ôñš%ññ›%ñ€level)€for€all€sensitiveÏor€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     1% Ôñš%ññ›%ñ€information€processed€or€maintained€by€AIS,€when€all€users€do€not€have€the€sameÏauthorization€to€use€the€sensitive€information.€€[NTISSP€200]ÌÌThis€outline€highlights€òòTreasury€Security€Manualóó,€TD€P€71„10,€Chapter€VI.4.B.1.€on€òòControlled€AccessÐ   	 µ]

   ÐProtectionóó€(C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ€level€functionality),€for€AIS€and€networksñ ›%ññš%ñÔ!     n e t w o r k s     ! Ôñš%ññ›%ñ€processing€Sensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d      E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ)Ð   	 “;   ÐInformation.€€Exemptionñ ›%ññš%ñÔ#     E x e m p t i o n     # Ôñš%ññ›%ñ€to€these€requirements€require€a€formal€Risk€Assessmentñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t     1/ Ôñš%ññ›%ñ€and€approvals.ÌÌòòÔ ‡  X6v X & &ù´ ÔFunctional€RequirementsÔ# †  &ù´ & X X6vG& # ÔóóÐ   	 %Í   ÐÌ1.à0     àòòControlled€Access€Protection€(C2ñ ›%ññš%ñÔ     C 2     Ö Ôñš%ññ›%ñ)€must€provide€for€the€following:óóÐ    ï— (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAuthentication.Ð    Íu `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝIntegrity.Ð    §O `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝConfidentialityñ ›%ññš%ñÔ/  %   C o n f i d e n t i a l i t y     ÿ/ Ôñš%ññ›%ñ.Ð    ) `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAccess€Control.Ð    [ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝNonrepudiation.Ð    5Ý `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAvailabilityñ ›%ññš%ñÔ)     A v a i l a b i l i t y     ÿ) Ôñš%ññ›%ñ.Ð    · `	(#`	(#  ÐÌ2.à0     àòòProtection€is€accomplished€through:óóÐ    Ãk (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAccountability€(user€identification/authentication).Ð    ¡I `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAuditñ ›%ññš%ñÔ     A u d i t     1 Ôñš%ññ›%ñ€trail€for€relevant€events.Ð    {# `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝControl€of€access€requests.Ð    Uý `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAutomatic€clearingñ ›%ññš%ñÔ!     c l e a r i n g     ! Ôñš%ññ›%ñ€of€residual€datañ ›%ññš%ñÔ+  !   r e s i d u a l   d a t a     ÿ+ Ôñš%ññ›%ñ.Ð    /× `	(#`	(#  ÐÌ3.à0     àòòProtection€is€required€for:óóÐ    ã‹ (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝMainframe€systemsÐ    Ái `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝNetworksñ ›%ññš%ñÔ!     N e t w o r k s     ! Ôñš%ññ›%ñ€running:Ð    ›C  `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝUNIX.Ð    u ! ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝMultitasking€multiuser€Operating€Systems.Ð    O!÷" ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝDial„upñ ›%ññš%ñÔ     D i a l „ u p       Ôñš%ññ›%ñ€access€to€networksñ ›%ññš%ñÔ!     n e t w o r k s     ! Ôñš%ññ›%ñ.Ð    )"Ñ# ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝNetworked€DOS€systemsÐ    #« $ ¸(#¸(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝStandalone€Microprocessors.Ð    Ý#…!% `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝIf€SBUñ ›%ññš%ñÔ     S B U     6 Ôñš%ññ›%ñ€is€shared€among€systems€then€interim€DAC€required.Ð    ·$_"& ¸(#¸(#  ÐÌÔ&  F Ô4.à0     àòòC2ñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ€level€requirements€include:óóÐ    k&$( (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝIdentification€based€on€User€ID.Ð    I'ñ$) `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAuthentication€based€on€Passwordñ ›%ññš%ñÔ!     P a s s w o r d     ! Ôñš%ññ›%ñ.Ð    #(Ë%* `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAuditñ ›%ññš%ñÔ     A u d i t     1 Ôñš%ññ›%ñ€based€on€an€auditñ ›%ññš%ñÔ     a u d i t     1 Ôñš%ññ›%ñ€trail€that€includes:Ð    ý(¥&+ `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝRecords€for€all€events€must€include:Ô'  Fk&£2  ÔÐ    ×)', ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝDate/time.Ð    ±*Y(- (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝUser€ID.Ð    ‹+3). (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝEvent€type.Ð    e,*/ (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝSuccess/failure.Ð#    ?-ç*0 (#(#w # Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝEvent€records€must€be€created€and€maintained,€including:Ð    	    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝLogon/logoff:Ð    ãÚ  (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝOrigin€of€request€(e.g.,€terminal€ID).Ð    ½´ h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝPasswordñ ›%ññš%ñÔ!     P a s s w o r d     ! Ôñš%ññ›%ñ€change:Ð    —Ž (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝOrigin€of€request€(e.g.,€terminal€ID).Ð    qh h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝFile€related€events:Ð    KB (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝName,€create,€delete,€open,€close.Ð    %	 h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝProgram€initiation.Ð    ÿ	ö (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝActions€by:Ð    Ù
Ð (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝSystem€operators.Ð    ³ª	 h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝAdministrators.Ð    „
 h(#h(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àÝ
 ƒ0  þaÿ Ýð"ðà0    h(#(# àÝ     ÝSecurity€officers.Ð    g^	 h(#h(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝData€access€must€be€protected€from€modification€by:Ð    A8
 ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝLimited€Read€access.Ð     (#(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝReportsñ ›%ññš%ñÔ     R e p o r t s       Ôñš%ññ›%ñ€must€be:Ð    õì ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝSelective€by€user€ID.Ð    ÏÆ (#(#  ÐÌ5.à0     àòòDiscretionary€Access€Controlñ ›%ññš%ñÔI  ?   D i s c r e t i o n a r y   A c c e s s   C o n t r o l     VI Ôñš%ññ›%ñ€(DAC)€Requirements€Summaryóó:Ð    ƒz (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDefine/control€access€for:Ð    aX `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝUsers.Ð    ;2 ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝResources€(e.g.,€files€and€programs).Ð     ¸(#¸(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝData€access€authorization:Ð    ïæ `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝUser€specifies€access€to€data€the€own.Ð    ÉÀ ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝUnauthorized€access€denied.Ð    £š ¸(#¸(#  ÐÌ6.à0     àòòData€Remanenceñ ›%ññš%ñÔ#     R e m a n e n c e     :# Ôñš%ññ›%ñ€Security€Requirements€Summaryóó:Ð    WN (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝMagnetic€media€may€require€clearingñ ›%ññš%ñÔ!     c l e a r i n g     ! Ôñš%ññ›%ñ.Ð    5, `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝBased€on€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     ÿ+ Ôñš%ññ›%ñ.Ð     ¸(#¸(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝObject€Reuseñ ›%ññš%ñÔ)     O b j e c t   R e u s e     ÿ) ÔÔ     R e u s e     R Ôñš%ññ›%ñ:Ð    éà `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝClearingñ ›%ññš%ñÔ!     C l e a r i n g     ! Ôñš%ññ›%ñ,€purging€of€data€remanenceñ ›%ññš%ñÔ#     r e m a n e n c e      # Ôñš%ññ›%ñ.Ð    Ãº ¸(#¸(#  ÐÌ7.à0     àòòTestingñ ›%ññš%ñÔ     T e s t i n g       Ôñš%ññ›%ñ€Requirement:óóÐ    wn (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAssurance€testingñ ›%ññš%ñÔ     t e s t i n g     , Ôñš%ññ›%ñ€of€C2ñ ›%ññš%ñÔ     C 2     i Ôñš%ññ›%ñ€features€must€be€formally€conducted.Ð    UL  `	(#`	(#  ÐÌ8.à0     àòòDocumentation€Requirements€Summary:óóÐ    	! " (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSecurity€Features€User's€Guide.Ð    ç!Þ# `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝTrusted€Facilityñ ›%ññš%ñÔ!     F a c i l i t y     c! Ôñš%ññ›%ñ€Manualñ ›%ññš%ñÔ?  5   T r u s t e d   F a c i l i t y   M a n u a l     ? Ôñš%ññ›%ñ.Ð    Á"¸$ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝTest€Documentation.Ð    ›#’% `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDesign€Documentation.Ð    u$l & `	(#`	(#  ÐÌ9.à0     àòòSecurity€Products€Analysis€must€include:óóÐ    )& "( (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDocumented€review€of€product€requirements/recommendations:Ð    'þ") `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝState€areas€of€compliance.Ð    á'Ø#* ¸(#¸(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝIdentify€areas€of€noncompliance,€including:Ð    »(²$+ ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝCorrective€actions.Ð    •)Œ%, (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝFormal€exceptions.Ð    o*f&- (#(#  Ðâ
    
 âÐ   	 I+@'.   ÐÔ&  Ô Ôâ
    
 â10.à0     àòòNetwork€Security€Requirements:óóÐ    	    (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝLocal€Area€Network€Security€(To€Be€Developed)Ð    çÞ  `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝThis€section€of€the€Treasury€Security€Manual€is€not€available.Ð    Á¸ ¸(#¸(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝDial„upñ ›%ññš%ñÔ     D i a l „ u p     , Ôñš%ññ›%ñ€Access€Control.Ð    ›’ `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝExplicit€ID,€authentication,€and€auditñ ›%ññš%ñÔ     a u d i t     1 Ôñš%ññ›%ñ€trail.Ð    ul ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸(#¸(# àÝ     ÝIf€encrypted,€then€must€comply€with€TD€P€71„10,€VI.3.A.Ð    OF (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝWhen€SBUñ ›%ññš%ñÔ     S B U     6 Ôñš%ññ›%ñ€data€is€transmitted€using€NSA€Type€II€encryptionñ ›%ññš%ñÔ%     e n c r y p t i o n     ÿ% Ôñš%ññ›%ñ:Ð    )	  `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝIt€must€use€the€Data€Encryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     i% Ôñš%ññ›%ñ€Standardñ ›%ññš%ñÔA  7   D a t a   E n c r y p t i o n   S t a n d a r d     NA Ôñš%ññ›%ñ€(DES).Ô'  Ô	)R  ÔÐ    
ú ¸(#¸(#  ÐÌà0     àNote:€à0    `	(#(# àEncryptionñ ›%ññš%ñÔ%     E n c r y p t i o n     i% Ôñš%ññ›%ñ€is€not€mandatory,€but€can€be€a€cost„effective€risk„management€consideration.Ð	    ·®	 `	(#`	(#  ÐÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ªª ì à(This€Page€Intentionally€Left€Blank)ˆÐ	   	 yp   ÐÑ      Ññ›%ñÖ  €•  ‡ é   Öñ›%ññ ›%ñÖ  €  ‡ é   Öñ›%ññ›%ñÖ €—  ’ é   Öñ›%ññ ›%ñÖ €# ’ é   Öñ›%ñØ       ØÑ €É   È  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡”  °„½ ° ° °üª ÔÓ   ÓÔ
      ÔAPPENDIX€DÐ   	 X      ÐòòSecurity€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n      + Ôñš%ññ›%ñ€FormatÔ     jZ  ÔÔ# †  °üª ° °” °„½?Z # ÔÔ# †  &ù´ & ° °üª Z # ÔóóÐ   	 8à   ÐßA €& - )                 °° x         d  E°¨ xA ßÐ   	 À   ÐÓ  ^Z  ÓÌòòÔ ‡  X6v X & &ù´ ÔSecurity€Planñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n      + Ôñš%ññ›%ñ€ElementsÔ# †  &ù´ & X X6vÅ[ # ÔóóÐ   	 ™A   ÐÌThere€is€no€fixed€format€for€a€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ,€however€the€plan€should€include€the€following€basic€elements.ÌÌ1.à0     àSystem€IdentificationÐ    ¿ (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝResponsible€OrganizationÐ    ñ™		 `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSystem€Name/TitleÐ    Ës

 `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSystem€CategoryÐ    ¥M `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSystem€Operational€StatusÐ    ' `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝGeneral€Description/PurposeÐ    Y `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSystem€Environment€and€Special€ConsiderationsÐ    3Û `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝInformation€Contact(s)Ð    µ `	(#`	(#  ÐÌ2.à0     àInformation€Sensitivity€type:Ð    Ái (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝPublic/UnclassifiedÐ    ›C `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d      E Ôñš%ññ›%ñÐ    u `	(#`	(#  Ðà0     àà0    `	(#(# àÝ
 ƒ0  þaÿ Ýð"ðà0    ¸`	(#`	(# àÝ     ÝSeveral€categoriesÐ    O÷ ¸(#¸(#  Ðà0     àÐ    (#(#  Ð3.à0     àSecurity€Measures€taken:Ð    « (#(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝPhysical€controlÐ    Ý… `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝHardware€controlÐ    ·_ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝSoftware€controlsÐ    ‘9 `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAdministrative€controlsÐ    k `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝAccess€ControlÐ    Eí `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝData€protectionÐ    Ç `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝCommunication€protectionÐ    ù¡ `	(#`	(#  Ðà0     àÝ
 ƒ0  þaÿ Ýð"ðà0    `	(#(# àÝ     ÝEtc.Ð	#    Ó{ `	(#`	(#w # ÐThe€following€model€is€from€the€Customs€Systems€Development€Life€Cycleñ ›%ññš%ñÔM  C   S y s t e m s   D e v e l o p m e n t   L i f e   C y c l e     M Ôñš%ññ›%ñ€manual,€CIS€HB€5500„04,Ï1996,€and€is€an€acceptable€format€guideline.ÌÌà@    xx$ ì àòòòòSECURITY€PLANóóñ ›%ññš%ñÔ+  !   S E C U R I T Y   P L A N     K+ Ôñš%ññ›%ñˆÐ   	 —Ž   ÐóóÌProject€Name:à    `	 àà    ¸ àà     àà    h àà    À àProject€Number:Ð   	 wn   ÐÌDate€Prepared:€__/__/__€€€Date€Updated:€€__/__/__€€€Date€Presented€__/__/__€€€Date€Approved€__/__/__ÌÓ]  I ° ° Ü  p Ø	 @ ¨  x à H °  € è P ¸   ˆ ð X  À! (#°   œX] ÓÌòòÓ   3ó      ÓINITIATION€PHASEóóÐ   	 ßÖ	   ÐÌòò1.à    Ü àSystem€Identificationóó€„€This€section€contains€basic€identifying€information€about€the€system.Ð   	 }t	   ÐÌà    Ü àA.à     àResponsible€OrganizationÐ   	    ÐÌà    Ü àB.à     àSystem€Name/TitleÐ   	 ¼³   ÐÌà    Ü àC.à     àSystem€Category€„€State€whether€it€is€a€Major€applicationñ ›%ññš%ñÔ3  )   M a j o r   a p p l i c a t i o n     &3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ,€General€support€systemñ ›%ññš%ñÔ=  3   G e n e r a l   s u p p o r t   s y s t e m      = Ôñš%ññ›%ñ,€etc.Ð   	 ZQ   ÐÌà    Ü àD.à0     àSystem€Operational€Status€„€State€whether€it€is€Operational,€Under€development,€Undergoing€aÐ   	 øï   Ðmajor€modification€or€a€significant€security€changeÐ    (#(#  ÐÌà    Ü àE.à     àGeneral€Description/PurposeÐ   	 e\   ÐÌà    Ü àF.à     àSystem€Environment€and€Special€ConsiderationsÐ   	 ú   ÐÌà    Ü àG.à     àInformation€Contact(s)Ð   	 ¡˜   ÐÌòòDEFINITION€STAGEóóÐ   	 ?6   ÐÌòò2.à0    Ü àSensitivity€of€Informationóó€„€Identify€the€types€of€information€to€be€processed.€€For€each€type€ofÐ   	 ÝÔ   Ðinformation,€identify€the€following:Ð    Ü(#Ü(#  ÐÌà    Ü àA.à     àApplicable€Laws€or€RegulationsÐ   	 MD!   ÐÌà    Ü àB.à     àWhether€the€integrity€protection€requirement€is€low,€medium,€or€highÐ   	 ë â#   ÐÌà    Ü àC.à     àWhether€the€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     ) Ôñš%ññ›%ñ€protection€required€is€low,€medium,€or€highÐ   	 ‰"€%   ÐÌà    Ü àD.à     àWhether€the€confidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y     / Ôñš%ññ›%ñ€protection€required€is€low,€medium,€or€highÐ   	 '$ '   ÐÌòòDEFINITION€STAGEóóÐ   	 Å%¼!)   ÐÌòò3.à0    Ü àSystem€Security€Measuresóó€„€This€section€should€describe€the€control€measures€(in€place€or€planned)Ð   	 c'Z#+   Ðthat€are€intended€to€meet€the€protection€requirements€of€the€system.€€The€types€of€control€measuresÏshould€be€consistent€with€the€need€for€protection€of€the€system€described€in€the€previous€section.Ð    Ü(#Ü(#  ÐÌà    Ü àA.à     àRisk€Assessmentñ ›%ññš%ñÔ/  %   R i s k   A s s e s s m e n t     1/ Ôñš%ññ›%ñ€and€ManagementÐ   	 ¢*™&/   ÐÌà    Ü àB.à     àApplicable€GuidanceÐ   	 @,7(1   ÐÐ   	 -)2   ÐÔ&  m Ôà    Ü àC.à0     àSecurity€Control€Measures€„€For€each€control€measure€(categories€1„6€below),€specify€whether€itÐ   	 	      Ðis€ñ ›%ñinplaceñ›%ññ›%ñin€placeñ›%ñ,€planned,€not€applicable€with€"Security€Control€Measures€„€Describe€the€ControlÏMeasures"Ô'  m	&s  ÔÐ    (#(#  ÐÌà    Ü àà     à1.à    p àManagement€Controls€„€Overall€management€controls€of€the€system.Ð   	 E<   ÐÌà    Ü àà     àà    p àa.à    Ø	 àAssignment€of€Security€ResponsibilityÐ   	 ãÚ   Ðà    Ü àà     àà    p àb.à    Ø	 àRisk€Analysisñ ›%ññš%ñÔ+  !   R i s k   A n a l y s i s     6+ Ôñš%ññ›%ñÐ   	 ²	©   Ðà    Ü àà     àà    p àc.à    Ø	 àPersonnel€ScreeningÐ   	 
x   ÐÌà    Ü àà     à2.à0    p àAcquisitionñ ›%ññš%ñÔ'     A c q u i s i t i o n      ' Ôñš%ññ›%ñ/Development/Installation/Implementation€Controls€„€Procedures€to€assureÐ   	 
   Ðprotection€is€built€into€the€system,€especially€during€system€development.Ð    p(#p(#  ÐÌà    Ü àà     àà    p àa.à    Ø	 àAcquisitionñ ›%ññš%ñÔ'     A c q u i s i t i o n      ' Ôñš%ññ›%ñ/Security€SpecificationsÐ   	 Œƒ
   Ðà    Ü àà     àà    p àb.à    Ø	 àConfiguration€Managementñ ›%ññš%ñÔA  7   C o n f i g u r a t i o n   M a n a g e m e n t      A Ôñš%ññ›%ñÐ   	 [R   Ðà    Ü àà     àà    p àc.à    Ø	 àQuality€AssuranceÐ   	 *!   Ðà    Ü àà     àà    p àd.à    Ø	 àDesign€Review€and€Testingñ ›%ññš%ñÔ     T e s t i n g     t Ôñš%ññ›%ñÐ   	 ùð   Ðà    Ü àà     àà    p àe.à    Ø	 àAccreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     a+ Ôñš%ññ›%ñ/Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     a+ Ôñš%ññ›%ñÐ   	 È¿   ÐÌà    Ü àà     à3.à0    p àOperational€Controls€„€Day„to„day€procedures€and€mechanisms€to€protect€systems€when€theyÐ   	 f]   Ðbecome€operational.Ð    p(#p(#  ÐÌà    Ü àà     àà    p àa.à    Ø	 àPhysical€and€Environmentalñ ›%ññš%ñÔ+  !   E n v i r o n m e n t a l     a+ Ôñš%ññ›%ñ€ProtectionÐ   	 ÓÊ   Ðà    Ü àà     àà    p àb.à    Ø	 àProduction,€I/O€ControlsÐ   	 ¢™   Ðà    Ü àà     àà    p àc.à    Ø	 àEmergencyñ ›%ññš%ñÔ#     E m e r g e n c y     a# Ôñš%ññ›%ñ,€Back„up,€and€Contingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€PlanningÐ   	 qh   Ðà    Ü àà     àà    p àd.à    Ø	 àAuditñ ›%ññš%ñÔ     A u d i t     e Ôñš%ññ›%ñ€and€Variance€DetectionÐ   	 @7   Ðà    Ü àà     àà    p àe.à0    Ø	 àHardware€and€System€Software€Maintenanceñ ›%ññš%ñÔ'     M a i n t e n a n c e      ' Ôñš%ññ›%ñ€ControlsÐ     Ø	(#Ø	(#  Ðà    Ü àà     àà    p àf.à    Ø	 àDocumentationÐ   	 ÞÕ   Ðà    Ü àà     àà    p àg.à    Ø	 àConfiguration€Managementñ ›%ññš%ñÔA  7   C o n f i g u r a t i o n   M a n a g e m e n t      A Ôñš%ññ›%ñÐ   	 ­¤   Ðà    Ü àà     àà    p àh.à    Ø	 àSecurity€AdministrationÐ   	 |s   Ðà    Ü àà     àà    p ài.à    Ø	 àDatabase€AdministrationÐ   	 KB   ÐÌà    Ü àà     à4.à0    p àSecurity€Awarenessñ ›%ññš%ñÔ#     A w a r e n e s s     o# Ôñš%ññ›%ñ€and€Trainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€„€Security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     o# Ôñš%ññ›%ñ€and€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€of€users,€technical€staff,Ð   	 éà    Ðand€managers€concerning€the€system.Ð    p(#p(#  ÐÌà    Ü àà     àà    p àa.à    Ø	 àSecurity€Awarenessñ ›%ññš%ñÔ#     A w a r e n e s s      # Ôñš%ññ›%ñ€and€Trainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€MeasuresÐ   	 V M#   ÐÌà    Ü àà     à5.à0    p àTechnical€Controls€„€Hardware€and€software€controls€used€to€provide€automated€and/orÐ   	 ô!ë%   Ðfacilitate€manual€protections.Ð    p(#p(#  ÐÌà    Ü àà     àà    p àa.à    Ø	 àUser€Identification€and€AuthenticationÐ   	 a$X (   Ðà    Ü àà     àà    p àb.à    Ø	 àAuthorization/Access€ControlsÐ   	 0%'!)   Ðà    Ü àà     àà    p àc.à    Ø	 àIntegrity/Validation€ControlsÐ   	 ÿ%ö!*   Ðà    Ü àà     àà    p àd.à    Ø	 àAuditñ ›%ññš%ñÔ     A u d i t     g Ôñš%ññ›%ñ€TrailsÐ   	 Î&Å"+   Ðà    Ü àà     àà    p àe.à    Ø	 àConfidentialityñ ›%ññš%ñÔ/  %   C o n f i d e n t i a l i t y     / Ôñš%ññ›%ñ€ControlsÐ   	 '”#,   ÐÌà    Ü àà     à6.à0    p àControls€Over€the€Security€of€Applications€(including€controls€provided€by€Support€Systems)€„Ð    ;)2%. p(#p(#  Ðà0    Ü àà0    Ü(#Ü(# àà0    p(#(# àThe€security€of€each€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€that€processes€on€a€support€system€affects€the€security€of€allÏothers€processing€there.€€The€manager€of€the€support€system€should€understand€the€risk€thatÏeach€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€represents€to€the€system.Ð    p(#p(#  Ðâ
    
 âÐ   	 w,n(2   ÐòòÓ      3ó   ÓÔ&  ¸ Ôâ
    
 â4.à0    Ü àAdditional€Commentsóó€„€This€final€section€is€intended€to€provide€an€opportunity€to€include€additionalÐ   	 	      Ðcomments€about€the€security€of€the€subject€system€and€any€perceived€need€for€guidance€or€standards.Ô'  ¸	tˆ  ÔÐ	    çÞ  Ü(#Ü(#  ÐÓ$  
 ° °§X° °‚, p“h$ ÓÑ      Ññ›%ñÖ  €š  • é   Öñ›%ññ ›%ñÖ  €& • é   Öñ›%ññ›%ñÖ €¡  — é   Öñ›%ññ ›%ñÖ €) — é   Öñ›%ñØ       ØÑ €Ê   É  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡™  °„½ ° ° °üª ÔÓ   ÓÔ
      ÔAPPENDIX€EÐ   	 X      ÐòòComputer€Security€TrainingÔ     ÀŠ  ÔóóÔ# †  °üª ° °™ °„½•Š # ÔÔ# †  &ù´ & ° °üªvŠ # Ôñ ›%ññš%ñÔ!     T r a i n i n g     &! Ôñš%ññ›%ñÐ   	 8à   ÐßA €& - )                 °° x         d dE°¨ xA ßÐ   	 À   ÐÓ  ´Š  ÓÌÓC €	S                  ÿÿ        $   #
                 C ÓÔ2  ÿÿ                  ÔÚ    Ú1Ú
   
 ÚÔ3
   
 Ô.à0     àòòINTRODUCTIONóóÐ    ™A (#(#  ÐÌThe€Office€of€Personnel€Managementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t     ÖM Ôñš%ññ›%ñ€(OPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñ)€has€issued€trainingñ ›%ññš%ñÔ!     t r a i n i n g     P! Ôñš%ññ›%ñ€regulations€which€implement€theÏComputer€€Security€Act€of€1987€by€prescribing€the€general€procedures,€scope,€and€manner€of€securityÏtrainingñ ›%ññš%ñÔ!     t r a i n i n g     P! Ôñš%ññ›%ñ€to€be€provided€to€Federal€civilian€employees.ÌÌÔ2  ÿÿ                  ÔÚ    Ú2Ú
   
 ÚÔ3
   
 Ô.à0     àòòAUTHORITYóóñ ›%ññš%ñÔ#     A U T H O R I T Y     8# Ôñš%ññ›%ñÐ    ¹a

 (#(#  ÐÌThe€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t      ; Ôñš%ññ›%ñ€of€1987,€PL€100-235,€was€enacted€to€improve€the€security€and€privacy€ofÏsensitive€information€in€Federal€computer€systems.€€As€one€way€of€meeting€that€goal,€the€law€requires€thatÏeach€agency€shall€provide€for€theòò€mandatory€periodic€trainingóóñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€in€computer€security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€andÐ   	 %Í   Ðaccepted€computer€practices€of€all€employees€who€are€involved€with€the€management,€use,€or€operationÏof€each€computer€system€within€or€under€the€supervision€of€the€agency.ÌÌThe€National€Institute€of€Standards€and€Technology€(NIST)€Special€Publication€No.€500„172,.€òòComputerÐ   	 ‘9   ÐSecurity€Trainingñ ›%ññš%ñÔ!     T r a i n i n g     ! Ôñš%ññ›%ñ€Guidelinesóó,€11/89,€sets€the€specific€òòguidelinesóó€for€development€and€implementation€ofÐ   	 m   Ðrequired€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€and€reporting.ÌÌÔ2  ÿÿ                  ÔÚ    Ú3Ú
   
 ÚÔ3
   
 Ô.à0     àòòORGANIZATION€RESPONSIBILITIESóóÐ    ÿ§ (#(#  Ðà0     à(Reference:€TD€P€71„10,€VI.8.A,€1992).Ð    (#(#  ÐÌà0     à€òòDirectorñ ›%ññš%ñÔ!     D i r e c t o r      ! Ôñš%ññ›%ñ,€Office€of€Security€(DOS)óó:€U.S.€TreasuryÐ    ‘9 (#(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àManage€trainingñ ›%ññš%ñÔ!     t r a i n i n g     ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€programs.Ð    o ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àCoordinate€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€programs.Ð    Iñ ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àReview€agency€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€programs€for€compliance.Ð    #Ë ¸(#¸(#  ÐÌà0     àòòDeputy€Assistant€Secretary,€Information€Systems€(DASIS):óó€U.S.€TreasuryÐ    × (#(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àDevelop€and€review€trainingñ ›%ññš%ñÔ!     t r a i n i n g     ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€guidelines.Ð    µ] ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àReview€agency€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     # Ôñš%ññ›%ñ€programs€for€compliance.Ð    7  ¸(#¸(#  ÐÌòòà0     àHeads€of€Bureausóó:Ð    C!ë" (#(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àDevelop,€fund,€and€implement€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     :# Ôñš%ññ›%ñ€program.Ð    !"É# ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àEnsure€contractors€are€trained€(required€contract€provisions).Ð    û"£ $ ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àAppoint€bureau€official€as€liaison€to€annually€(July€31)€report€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€andÐ   	 Õ#}!%   Ðawarenessñ ›%ññš%ñÔ#     a w a r e n e s s     :# Ôñš%ññ›%ñ€program€status€to€DOS€(Treasury).Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àAnnually€develop,€maintain,€and€update€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     :# Ôñš%ññ›%ñ€program.Ð    ‰%1#' ¸(#¸(#  Ðà0     àà0    `	(#(# à„à0    ¸`	(#`	(# àAnnually€report€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€status€and€plans€summary€to€DOS.Ð    c&$( ¸(#¸(#  Ðâ
    
 âÐ    ='å$) É  ÐÔ&  ´ Ôâ
    
 âÔ2  ÿÿ                  ÔÚ    Ú4Ú
   
 ÚÔ3
   
 Ô.à0     àòòAWARENESSñ ›%ññš%ñÔ#     A W A R E N E S S     8# Ôñš%ññ›%ñ€TRAININGñ ›%ññš%ñÔ!     T R A I N I N G     ×! Ôñš%ññ›%ñ€BASIC€REQUIREMENTSóóÐ    	    (#(#  Ðà0     àòòComputer€Security€Trainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€Guidelinesóó,€11/89.€[NIST€500„172]Ð    çÞ  (#(#  ÐÌÔ2  ÿÿ                ÔÚ    Ú4Ú
   
 Ú.Ú   Ú1Ú
   
 ÚÔ3
   
 Ô.à0     àòòObjectives:óóÐ    ” (#(#  Ðà0     àà0    `	(#(# àa.à0    ¸`	(#`	(# àUnderstand€the€value€of€information.Ð    {r ¸(#¸(#  Ðà0     àà0    `	(#(# àb.à0    ¸`	(#`	(# àAwarenessñ ›%ññš%ñÔ#     A w a r e n e s s     :# Ôñš%ññ›%ñ€of€vulnerabilities,€risks,€and€threats€to€AIS.Ð    UL ¸(#¸(#  Ðà0     àà0    `	(#(# àc.à0    ¸`	(#`	(# àUnderstanding€to€enable€personnel€to€apply€Federal,€Treasury,€and€BureauÐ   	 /	&   ÐINFOSEC/COMSECñ ›%ññš%ñÔ     C O M S E C     s Ôñš%ññ›%ñ€policies,€practices,€and€procedures.Ð    ¸(#¸(#  ÐÔ'  ´	šŸ  ÔÌÔ2  ÿÿ               ÔÚ    Ú4Ú
   
 Ú.Ú   Ú2Ú
   
 ÚÔ3
   
 Ô.à0     àòòProcedures:óóÐ    ½´	 (#(#  Ðà0     àà0    `	(#(# àa.à0    ¸`	(#`	(# àNew€personnel€within€5„days€of€appointment.Ð    ›’
 ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Orientation€on€specific€responsibilities.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Managers,€users,€or€operators€using€SBUñ ›%ññš%ñÔ     S B U      Ôñš%ññ›%ñ€data,€within€60„days.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àb.à0    ¸`	(#`	(# àTrainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€update€whenever€AIS€INFOSEC/COMSECñ ›%ññš%ñÔ     C O M S E C       Ôñš%ññ›%ñ€environment€changes.Ð    )  ¸(#¸(#  Ðà0     àà0    `	(#(# àc.à0    ¸`	(#`	(# àThreat€briefing€and€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     :# Ôñš%ññ›%ñ€refresher.€€All€personnel.ñ›%ñ×  ƒ         ×ñ›%ññ ›%ñ×  ƒ,        ×ñ›%ñÝ
 ƒ/  ÿÿ ÝòòÚ    Ú1Ú
   
 ÚóóÝ     Ý×
   
 ×Ð    ú ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àExamples€of€trainingñ ›%ññš%ñÔ!     t r a i n i n g     '! Ôñš%ññ›%ñ:€€e„Mail,€newsletter,€memoranda,€trainingñ ›%ññš%ñÔ!     t r a i n i n g     '! Ôñš%ññ›%ñ€diskettes,€videos.Ð    ¸(#¸(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú4Ú
   
 Ú.Ú   Ú3Ú
   
 ÚÔ3
   
 Ô.€€òòContent/Audience:óóÐ   	 ‘ˆ   Ðà0     àà0    `	(#(# àa.à0    ¸`	(#`	(# àMinimum€content/subject€matter:Ð    of ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Security€basics,€security€planning€and€management.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€May€use€in„house€or€commercialñ ›%ññš%ñÔ%     c o m m e r c i a l     1% Ôñš%ññ›%ñ€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àb.à0    ¸`	(#`	(# àMust€include€bureau€and€contractor€personnel€for€each€content€area:Ð    ýô ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€executives,€operations,€programming€staff,€and€users.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àc.à0    ¸`	(#`	(# àTrainingñ ›%ññš%ñÔ!     T r a i n i n g      ! Ôñš%ññ›%ñ€level€for€each€specific€target€audience€category,€based€on€individualÐ   	 ±¨   Ðresponsibilities,€should€include:Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s      # Ôñš%ññ›%ñ,€policy,€implementation,€and€performance.Ð    ¸(#¸(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú4Ú
   
 Ú.Ú   Ú4Ú
   
 ÚÔ3
   
 Ô.à0     àòòReporting:óóÐ     (#(#  Ðà0     àà0    `	(#(# àa.à0    ¸`	(#`	(# àBureau€Head€reportsñ ›%ññš%ñÔ     r e p o r t s     , Ôñš%ññ›%ñ€to€DOS€by€07/31€annually.Ð    ÷î ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Name,€phone,€address€of€agency€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€liaison.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àb.à0    ¸`	(#`	(# àPrior€12€month€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€summary.Ð    «¢ ¸(#¸(#  Ðà0     àà0    `	(#(# àc.à0    ¸`	(#`	(# àProjected€course€of€study€for€next€fiscal€year.Ð    …| ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Approximate€number€of€jobs€(billets)€involved.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Areas€of€study.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Audience€type€(e.g.,€technical,€management,€etc.).Ð    ¸(#¸(#  ÐÌÔ2  ÿÿ                 ÔÚ    Ú5Ú
   
 ÚÔ3
   
 Ô.à0     àòòCOMPUTER€SECURITY€BASICS€TOPICAL€OUTLINEóóÐ    Ç"¾$ (#(#  ÐÌÔ2  ÿÿ                ÔÚ    Ú5Ú
   
 Ú.Ú   Ú1Ú
   
 ÚÔ3
   
 Ô.à0     àòòThreats€and€VulnerabilitiesóóÐ    $v & (#(#  Ðà0     àà0    `	(#(# à„€Definitions€of€termsÐ    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Major€threats:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Unauthorized,€accidental,€or€intentional;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€disclosure;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€modification;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€destruction;€andÐ    Ÿ)–%, ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€delay.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# à„€Impact€areas.Ð    `	(#`	(#  Ðà0     à€à0    `	(#(# à„€Computer€abuse€examples.Ð    ½´ `	(#`	(#  Ðà0     àà0    `	(#(# à„€Vulnerability€examples.Ð    `	(#`	(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú5Ú
   
 Ú.Ú   Ú2Ú
   
 ÚÔ3
   
 Ô.à0     àòòOrganizational€responsibilitiesóóÐ    KB (#(#  Ðà0     àà0    `	(#(# à„€Policy€makers.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Senior€management.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€End€users,€programmers,€or€Functional€managers.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Data€Processing€organization.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Information€Resources€Management,€Security,€and€Auditñ ›%ññš%ñÔ     A u d i t     Ö Ôñš%ññ›%ñ€functions.Ð    `	(#`	(#  ÐÌÔ&    ÔÔ2  ÿÿ               ÔÚ    Ú5Ú
   
 Ú.Ú   Ú3Ú
   
 ÚÔ3
   
 Ô.à0     àòòRisk€managementñ ›%ññš%ñÔ/  %   R i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ€basic€conceptsóóÐ    E<
 (#(#  Ðà0     àà0    `	(#(# à„€Threat€and€vulnerability€assessment.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Cost/benefit€analysis.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Cost„effective€controls.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Efficiency/effectiveness€of€controls.Ð    `	(#`	(#  ÐÔ'   E¯º  ÔÌÔ2  ÿÿ               ÔÚ    Ú5Ú
   
 Ú.Ú   Ú4Ú
   
 ÚÔ3
   
 Ô.à0     àòòPolicy€for€protecting€informationóóÐ    e\ (#(#  Ðà0     àà0    `	(#(# à„€Agency€computer€security€policy.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Employee/contractor€accountability€for€information€resources.Ð    `	(#`	(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú5Ú
   
 Ú.Ú   Ú5Ú
   
 ÚÔ3
   
 Ô.à0     àòòGood€security€practicesóóñ ›%ññš%ñÔ5  +   s e c u r i t y   p r a c t i c e s      5 Ôñš%ññ›%ñÐ    ÑÈ (#(#  Ðà0     àà0    `	(#(# à„€Physical/electronic€protection€of:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€physical€areas€(spaces);Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€equipment;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€passwords;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€data€files;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€against€viruses,€worms,€etc.;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€back„up€of€data€files;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€storage€of€magnetic€media;€andÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€reporting€security€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     1% Ôñš%ññ›%ñ.Ð    ¸(#¸(#  ÐÌÔ&  f	 ÔÔ2  ÿÿ                 ÔÚ    Ú6Ú
   
 ÚÔ3
   
 Ô.à0     àòòBASIC€LEVEL:€COMPUTER€SECURITY€AWARENESSñ ›%ññš%ñÔ#     A W A R E N E S S     :# Ôñš%ññ›%ñ€TRAININGóóñ ›%ññš%ñÔ!     T R A I N I N G     ×! Ôñš%ññ›%ñÐ    3 *! (#(#  ÐÌÔ2  ÿÿ                ÔÚ    Ú6Ú
   
 Ú.Ú   Ú1Ú
   
 ÚÔ3
   
 Ô.à0     àòòThreats€and€VulnerabilitiesóóÐ    ë!â# (#(#  Ðà0     àà0    `	(#(# à„€Definitions€of€terms.Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Sources€of€threats:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€External:Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€Things€outside€the€computer€systems,Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€facilities,Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€environment,Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€physical€controls,€andÐ    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€physical€emergencies,€etc.Ô'  f	3 Ã  ÔÐ    (#(#  Ðà0     àà0    `	(#(# à„€Supervisor€Mode:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Things€inside€the€computer€systems:Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€hardware,Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€firmware,€andÐ    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€operating€software.Ð    -ø(0 (#(#  Ðà0     àà0    `	(#(# à„€User€Mode:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Things€users€interface€to€the€computer€systems:Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ€software,Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€user€software,Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€utility€software,€andÐ    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à„€communications,€etc.Ð    (#(#  Ðà0     àà0    `	(#(# à„€Object€of€Threats:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Operating€System€and€Subsystem€Integrity,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Accounting€mechanisms,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€User€validation,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Priority€and€process€scheduling,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Integrity€of€code,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Memory€access€control,€andÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Continuity€of€operationsñ ›%ññš%ñÔA  7   C o n t i n u i t y   o f   o p e r a t i o n s     ÖA Ôñš%ññ›%ñ.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# à„€Data€Set€Access€Control:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Read,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Write,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Execute,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Append,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Delete,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Restrict€access€to€specific€programs,€andÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Control€of€offline€files€(tape,€disk,€etc.).Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# à„€Major€threats:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Unauthorized,€accidental,€or€intentional,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€disclosure,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€modification,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€destruction,€andÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€delay.Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# à„€Impact€areas:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Computer€abuse€examples,€andÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Vulnerability€examples.Ð    ¸(#¸(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú6Ú
   
 Ú.Ú   Ú2Ú
   
 ÚÔ3
   
 Ô.à0     àòòOrganizational€responsibilitiesóóÐ    I@  (#(#  Ðà0     àà0    `	(#(# à„€Policy€makers:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€Senior€management;Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# à„€End€users,€programmers,€or€Functional€managers;Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Data€Processing€organization;€andÐ    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Information€Resources€Management,€Security,€and€Auditñ ›%ññš%ñÔ     A u d i t     Ö Ôñš%ññ›%ñ€functions.Ð    `	(#`	(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú6Ú
   
 Ú.Ú   Ú3Ú
   
 ÚÔ3
   
 Ô.à0     àòòRisk€managementñ ›%ññš%ñÔ/  %   R i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ€basic€conceptsóóÐ    C%:!' (#(#  Ðà0     àà0    `	(#(# à„€Threat€and€vulnerability€assessment,Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Cost/benefit€analysis,Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Cost„effective€controls,€andÐ    `	(#`	(#  Ðà0     àà0    `	(#(# à„€efficiency/effectiveness€of€controls.Ð    `	(#`	(#  ÐÌÔ2  ÿÿ               ÔÚ    Ú6Ú
   
 Ú.Ú   Ú4Ú
   
 ÚÔ3
   
 Ô.à0     àòòPolicy€for€protecting€informationóóÐ    c*Z&- (#(#  Ðà0     àà0    `	(#(# à„€Agency€computer€security€policy,Ð    `	(#`	(#  Ðà0     àà0    `	(#(# à„€Employee/contractor€accountability€for€information€resources.Ð    `	(#`	(#  Ðâ
    
 âÐ   	 õ,ì(0   ÐÔ&  ˆ Ôâ
    
 âÔ2  ÿÿ               ÔÚ    Ú6Ú
   
 Ú.Ú   Ú5Ú
   
 ÚÔ3
   
 Ô.à0     àòòGood€security€practicesóóñ ›%ññš%ñÔ5  +   s e c u r i t y   p r a c t i c e s      5 Ôñš%ññ›%ñÐ    	    (#(#  Ðà0     àà0    `	(#(# à„€Physical/electronic€protection€of:Ð    `	(#`	(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€areas,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€equipment,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€passwords,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€data€files,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€against€viruses,€worms,€etc.,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€back„up€of€data€files,Ð    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€storage€of€magnetic€media,€andÐ    ¸(#¸(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# à„€reporting€security€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     1% Ôñš%ññ›%ñ.Ô'  ˆ	Ý  ÔÐ    ¸(#¸(#  ÐÐ	   	 ‘ˆ
   ÐÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ªª ì à(This€Page€Intentionally€Left€Blank)ˆÐ	   	 yp   ÐÑ    l Ññ›%ñÖ  €¤  š é   Öñ›%ññ ›%ñÖ  €- š é   Öñ›%ññ›%ñÖ €¦  ¡ é   Öñ›%ññ ›%ñÖ €0 ¡ é   Öñ›%ñØ       ØÑ €Ë   Ê  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡£  °„½ ° ° °üª ÔÓ   ÓÔ
      ÔAPPENDIX€FÐ   	 X      ÐòòSecurity€Requirements€MethodologyÔ     ã  ÔÔ# †  °üª ° °£ °„½ôâ # ÔÔ# †  &ù´ & ° °üªÕâ # ÔÐ   	 8à   ÐßA €& - )                 °° x         d? E°¨ xA ßÐ   	 À   ÐóóÓ  ã  ÓÌòòSECURITY€POLICYóóÐ   	 ™A   Ð[TD€P€71„10;€USCS€96PLAN]ÌÌThe€U.S.€Treasury€Department€designates€Customs€as€a€Category€I€agency€whose€essential€functions€areÏuninterruptible€and€critical€to€the€continuity€of€the€Federal€government.ÌÌCustoms€mission€includes:Ìà0     à(a)à0    `	(#(# àEnsure€that€all€goods€and€persons€entering€or€exiting€the€United€States€do€so€in€complianceÐ   	 7   Ðwith€all€the€United€States€laws€and€regulation.Ð    `	(#`	(#  Ðà0     à(b)à0    `	(#(# àProtect€the€public€against€violationsñ ›%ññš%ñÔ%     v i o l a t i o n s     :% Ôñš%ññ›%ñ€which€threaten€the€national€economy€and€health€andÐ   	 Cë   Ðsafety.Ð    `	(#`	(#  Ðà0     à(c)à0    `	(#(# àBe€the€national€resource€for€information€on€goods€and€persons€crossing€our€borders.Ð    ÷Ÿ `	(#`	(#  ÐÌThese€activities€provide€active€enforcement€of€U.S.€laws,€including€the€control€and€generation€of€significantÏfinancial€revenue€to€the€U.S.€Treasury.ÌÌCustoms€general€support€AISs€and€major€AIS€applications€that€create,€collect,€communicate,€compute,Ïdisseminate,€store,€and/or€control€data€which€includes€law€enforcement,€personal,€financial,€andÏcounternarcotics€information€are€assigned€the€security€category€of€Sensitive€But€Unclassifiedñ ›%ññš%ñÔE  ;   S e n s i t i v e   B u t   U n c l a s s i f i e d     E Ôñš%ññ›%ñ€(SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñ).€€SBUñ ›%ññš%ñÔ     S B U     t Ôñš%ññ›%ñÏinformation€must€be€protected€in€a€manner€functionally€equivalent€to€the€DoD€classificationñ ›%ññš%ñÔ-  #   c l a s s i f i c a t i o n     c- Ôñš%ññ›%ñ€level€of€C2ñ ›%ññš%ñÔ     C 2     s Ôñš%ññ›%ñ.ÌÌòòOPERATIONAL€SECURITY€POLICYóóÐ   	 {#   ÐÌCustoms€operational€security€policy€specifies€the€critical€aspects€of€Customs€AISs€and€the€manner€in€whichÏregulatory€policy€is€to€be€satisfied.€€It€includes€the€tradeoff€decisions€made€between€various€securityÏsafeguards€and€involves€the€functional€allocation€of€the€various€security„related€tasks€to€the€elements€of€theÏAISs.€€The€tradeoffs€of€cost,€performance,€and€risk€help€determine€how€security€will€be€built€andÏimplemented.€€ÌÌòòANALYSIS€AND€DESIGN€OF€AISóóÐ   	 K ó!   ÐÌThe€analysis€of€existing€AISs€and€the€design€of€evolving€or€new€ones€generally€proceeds€from€theÏregulating€policy(ies)€to€the€mechanisms€implementing€compliance€to€those€policies.€€There€are€many€waysÏto€satisfy€security€requirements€and€policy€is€frequently€subject€to€change€to€accommodate€changes€inÏtechnology,€environment,€political€and€organization€structure,€and€regulations€of€various€kinds.€€It€isÏâ
    
 âtherefore€important€that€any€analysis€or€design€consider€current€requirements.Ð    g%#' O  ÐòòÔ&  „ Ôâ
    
 âINTERFACE€POLICYóóÐ   	 	      ÐÌThe€exchange€of€between€AISs€is€based€on€explicit€interface€policy€and€can€be€thought€of€as€anÏaugmentation€of€importing€and€exporting€of€data.€€Such€exchange€must€consider€that:€1)€the€data€sent€mustÏcontinue€to€be€protected€at€the€owner€assigned€level€of€control,€and€2)€the€data€received€must€continue€toÏbe€protected€at€the€owner€assigned€level€of€control.ÌÌIn€most€cases,€Customs€data€must€be€controlled€at€security€functional€level€equivalent€to€C2ñ ›%ññš%ñÔ     C 2       Ôñš%ññ›%ñ.€€It€is€theÏresponsibility€of€the€sending€AIS€to€assure€that€any€virtual€communications€channels,€and/or€receiving€AIS,Ïprovide€appropriate€protection€controls.Ô'  „	 ï  ÔÌÌòòTRUSTED€COMPUTER€BASEñ ›%ññš%ñÔ;  1   T R U S T E D   C O M P U T E R   B A S E     Ö; Ôñš%ññ›%ñ€(TCBñ ›%ññš%ñÔ     T C B      Ôñš%ññ›%ñ)€POLICYóóÐ   	 g^	   ÐÌThe€Trusted€Computer€Baseñ ›%ññš%ñÔ;  1   T r u s t e d   C o m p u t e r   B a s e     1; Ôñš%ññ›%ñ€(TCBñ ›%ññš%ñÔ     T C B     e Ôñš%ññ›%ñ)€concept€provides€a€sound€method€of€AIS€security€evaluation.€ÌEvaluations€of€mechanisms€which€are€shared€by€TCBs€must€be€done€individually€to€ensure€consistency€withÏinterface€policy€and€discretionary€access€controls€(DAC).€€Each€TCBñ ›%ññš%ñÔ     T C B     e Ôñš%ññ›%ñ€must€provide€for€a€securityÏadministrator€and€generate€relevant€auditñ ›%ññš%ñÔ     a u d i t       Ôñš%ññ›%ñ€records.ÌÌNetworked€TCBs€must€be€reviewed€to€consider€the€implications€of€failure€on€one€of€the€component€TCBsÏfrom€the€standpoint€of€its€impact€to€all€of€the€interconnecting€entities.€€A€means€to€cooperatively€shut€downÏand€recover€in€a€secure€manner€must€exist.ÌÌòòRISK€MANAGEMENTñ ›%ññš%ñÔ/  %   R I S K   M A N A G E M E N T     B/ Ôñš%ññ›%ñ€POLICYóóÐ   	 Å¼   ÐÌA€TCBñ ›%ññš%ñÔ     T C B      Ôñš%ññ›%ñ€which€has€not€been€assured€to€comply€with€the€security€considerations€should€be€considered€andÏtreated€as€a€risk.€€A€small€part€of€the€risk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t     / Ôñš%ññ›%ñ€process€is€the€risk€assessmentñ ›%ññš%ñÔ/  %   r i s k   a s s e s s m e n t     / Ôñš%ññ›%ñ€procedure.€ÏConsidering€the€results€of€risk€assessmentñ ›%ññš%ñÔ/  %   r i s k   a s s e s s m e n t     / Ôñš%ññ›%ñ,€the€risk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t     / Ôñš%ññ›%ñ€may€require€an€iteration€of€operationalÏpolicy€to€ensure€compliance€to€regulatory€policy.ÌÌPropagated€risk€results€from€the€risk€level€of€one€AIS€cascading€to€another€interconnected€AIS.€€TheÏinherent€risk€of€one€AIS€may€increase€the€exposed€risk€of€another€AIS€when€interconnection€does€not€limitÏrelated€risks.€€It€is€possible€that€interconnections€of€AISs€can€result€in€a€combined€contributed€risk€greaterÏthan€that€solely€contributed€by€any€single€AIS.€€The€four€risk€factors€(risk€index,€exposed€risk,€contributedÏrisk,€and€solely€contributed€risk)€must€be€considered€when€evaluating€an€AIS.€€[TD€85„03]ÌÌIn€many€situations€the€security€goals€can€be€achieved€without€redesign€of€existing€AISs,€also€evolving€andÏnew€systems€can€generally€add€more€function€and€capability€while€realizing€security€goals.€€The€riskÏmanagementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t     / Ôñš%ññ›%ñ€approach€is€also€a€major€step€towards€achieving€the€security€recommended€for€networkedÏAISs.Ð	   	 e$\ &   ÐÑ    m Ññ›%ñÖ  €©  ¤ é   Öñ›%ññ ›%ñÖ  €5 ¤ é   Öñ›%ññ›%ñÖ €«  ¦ é    Öñ›%ññ ›%ñÖ €8 ¦ é    Öñ›%ñØ       ØÑ €Ì   Ë  ÑÔ ‡  °üª ° & &ù´ ÔÔ ‡¨  °„½ ° ° °üª ÔÓ   ÓÔ
      ÔAPPENDIX€GÐ   	 X      ÐòòOMB€CircularsÔ     €ý  ÔÔ# †  °üª ° °¨ °„½Uý # ÔÔ# †  &ù´ & ° °üª6ý # ÔÐ   	 8à   ÐßA €& - )                 °° x         d? E°¨ xA ßÐ   	 À   ÐóóÓ  tý  ÓÌòòÓ   ÓÔ
     ÔOMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     Ö Ôñš%ññ›%ñ,€Introduction€&€CommentsÔ    ¡þ  ÔóóÐ   	 ™A   ÐÌòòOFFICE€OF€MANAGEMENT€AND€BUDGETóóñ ›%ññš%ñÔO  E   O F F I C E   O F   M A N A G E M E N T   A N D   B U D G E T     	O Ôñš%ññ›%ñÐ   	 M	õ   ÐÌòòManagement€Accountability€and€ControlóóÐ   	 ©   ÐÓ  •þ  ÓÌòòAGENCYóó:€€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t      O Ôñš%ññ›%ñÐ   	 µ]

   ÐÌòòACTIONóó:€€òòFinal€Revision€of€OMB€Circular€No.€A„123óóñ ›%ññš%ñÔ     A „ 1 2 3     Ö Ôñš%ññ›%ñÐ   	 m   Ð„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ÌÌòòSUMMARYóó:€€This€Notice€revises€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     @O Ôñš%ññ›%ñ€(OMB)€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3      Ôñš%ññ›%ñ,Ð   	 ÿ§   Ð"Management€Accountability€and€Control."€€The€Circular,€which€was€previously€titled€"Internal€ControlÏSystems,"€òòimplements€the€Federal€Managers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t     Šc Ôñš%ññ›%ñ€of€1982€(FMFIAñ ›%ññš%ñÔ     F M F I A     Ö Ôñš%ññ›%ñ).óóÐ   	 ·_   ÐÌòòFOR€FURTHER€INFORMATION€CONTACTóó:€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t      O Ôñš%ññ›%ñ,€Office€of€FederalÐ   	 o   ÐFinancial€Management,€Management€Integrity€Branch,€Room€6025,€New€Executive€Office€Building,ÏWashington,€D.C.€20503,€€telephone€(202)€395„6911€and€faxñ ›%ññš%ñÔ     f a x      Ôñš%ññ›%ñ€(202)€395„3952.€€For€a€copy€of€the€revisedÏCircular,€contact€Office€of€Administration,€Publications€Office,€Room€2200,€New€Executive€OfficeÏBuilding,€Washington,€D.C.€€20503,€or€telephone€(202)€395„7332.ÌÌòòELECTRONIC€ACCESSóó:€€This€Circular€is€also€accessible€on€the€U.S.€Department€of€Commerce'sÐ   	 7   ÐFedWorld€Network€under€the€OMB€Library€of€Files.Ìð ðà0     àThe€Telnet€address€for€FedWorld€via€Internetñ ›%ññš%ñÔ!     I n t e r n e t     ! ÔÔ!     I n t e r n e t     ! Ôñš%ññ›%ñ€is€"fedworld.gov".Ð    Gï (#(#  Ðð ðà0     àThe€World€Wide€Webñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b     - Ôñš%ññ›%ñ€address€is€"http://www.fedworld.gov/ftp.htm#omb".Ð    !É (#(#  Ðð ðà0     àFor€file€transfer€protocol€(FTP)€access,€the€address€isÐ   	 û£   Ð"ftp://fwux.fedworld.gov/pub/omb/omb.htm".€€Ð    (#(#  ÐThe€telephone€number€for€the€FedWorld€help€desk€is€(703)€487-4608.ÌÌòòSUPPLEMENTARY€INFORMATION:óóÐ   	 c !   ÐÌòòA.€€BackgroundóóÐ   	 "¿#   ÐÌà     àCircular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     Ö Ôñš%ññ›%ñ€was€last€issued€on€August€4,€1986.òò€€On€March€13,€1995€the€Office€ofÐ   	 Ë#s!%   ÐManagement€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     	O Ôñš%ññ›%ñ€requested€public€comments€on€a€revised€version€of€the€Circular€(60€FRÏ13484)óó.Ð   	 ƒ%+#'   ÐÌà     àòòThe€revision€announced€here€alters€requirements€for€executive€agencies€on€evaluatingÐ   	 ;'ã$)   Ðmanagement€controls,€consistent€with€recommendations€made€by€the€National€Performance€Review.óó€Ð   	 (½%*   ÐThe€Circular€now€integrates€many€policy€issuances€on€management€control€into€a€single€document,€andÏprovides€a€framework€for€integrating€management€control€assessments€with€other€work€now€beingÏperformed€by€agency€managers,€auditors€and€evaluators.Ìâ
    
 âÐ    +)). y  ÐÔ&   Ôâ
    
 âà     àThe€Circular€emphasizes€that€management€controls€should€benefit€rather€than€encumberÏmanagement,€and€should€make€sense€for€each€agency's€operating€structure€and€environment.€€By€givingÏagencies€the€discretion€to€determine€which€tools€to€use€in€arriving€at€the€annual€assurance€statement€to€theÏPresident€and€the€Congress,€the€Circular€represents€an€important€step€toward€a€streamlined€managementÏcontrol€program€that€incorporates€the€reinvention€principles€of€this€Administration.ÌÔ'  	a  ÔòòÌÔ&  Ô ÔB.€€Analysis€of€CommentsóóÐ   	 %	   ÐÌà     àòòThirty„three€responses€were€received€from€23€Federal€agencies€and€the€American€InstituteÐ   	 Ù
Ð   Ðof€Certified€Public€Accountants€(AICPA)óó.€€Of€the€33€responses,€14€simply€agreed€with€the€proposedÐ   	 ³ª	   Ðrevision€and€made€no€comments€on€the€document,€although€some€had€minor€comments€on€a€proposal€byÏthe€Chief€Financial€Officers'€Council€to€streamline€reporting.€€Almost€all€of€the€remaining€19€responsesÏwere€also€in€favor€of€the€revision,€but€made€some€specific€suggestions.ÌÔ'  Ô%	{  ÔÌà     àA€summary€of€the€transmittal€memorandum€and€the€five€sections€of€the€Circular€follows.€€EachÏsection€indicates€which€comments€were€accepted€and€which€were€not€accepted.ÌÌà     àòòòòTransmittal€Memorandumóó.óó€€This€memorandum,€signed€by€the€OMB€Directorñ ›%ññš%ñÔ!     D i r e c t o r     ! Ôñš%ññ›%ñ,€summarizes€theÐ   	 ‡~   Ðpurpose,€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     # Ôñš%ññ›%ñ,€and€policy€reflected€in€the€Circular,€the€actions€required,€and€related€administrativeÏinformation.€€Four€agencies€€made€comments€relating€to€the€memorandum.ÌÌà     àòòComments€Accepted:óó€€The€statement€describing€management€accountability€is€now€repeated€inÐ   	 óê   ÐSection€I€of€the€Circular.€€The€definition€of€management€controls€(which€appears€in€both€the€memorandumÏand€Section€II)€has€been€amended€to€state€that€controls€should€ensure€reliable€"and€timely"€information.€ÏThe€requirement€that€agencies€report€annually€on€management€controls€is€now€explicitly€stated€in€theÏmemorandum.€€In€addition,€OMB€has€added€instructions€on€accessing€the€Circular€electronically.ÌÌà     àòòComment€Not€Accepted:óó€€One€agency€suggested€that€performance€appraisals€be€used€to€holdÐ   	    Ðmanagers€accountable€for€management€control€responsibilities.€€OMB€supports€this€concept€but€prefers€thatÏthe€specific€content€of€appraisals€be€left€to€each€agency.Ìà     àÌà     àòòòòSection€I.€Introductionóóóó.€€This€section€describes€a€framework€for€agency€management€controlÐ   	 {r   Ðprograms€that€integrates€management€control€activities€with€other€management€requirements€and€policies,Ïsuch€as€the€òòGovernment€Performance€and€Results€Actñ ›%ññš%ñÔ]  S   G o v e r n m e n t   P e r f o r m a n c e   a n d   R e s u l t s   A c t      ] Ôñš%ññ›%ñ€(GPRA),€the€Chief€Financial€Officers€(CFOs)Ð   	 3 *!   ÐActñ ›%ññš%ñÔW  M   C h i e f   F i n a n c i a l   O f f i c e r s   ( C F O s )   A c t     W Ôñš%ññ›%ñ,€the€Inspector€Generalñ ›%ññš%ñÔ3  )   I n s p e c t o r   G e n e r a l      3 Ôñš%ññ›%ñ€(IGñ ›%ññš%ñÔ     I G     e Ôñš%ññ›%ñ)€Act,óó€and€other€congressional€and€Executive€Branch€requirements.€€TheÐ   	 !"   Ðfoundation€of€this€policy€is€that€management€control€activities€are€not€stand„alone€management€practices,Ïbut€rather€are€woven€into€the€day„to„day€operational€responsibilities€of€agency€managers.ÌÌà     àAgencies€are€encouraged€to€plan€for€how€the€requirements€of€the€Circular€will€be€implemented.€ÏAgencies€are€also€encouraged€to€establish€senior€level€management€councils€to€address€managementÏaccountability€and€related€issues€within€the€broad€context€of€agency€operations.ÌÌà     àòòComments€Accepted:óó€€At€the€suggestion€of€three€agencies,€the€language€illustrating€how€controlsÐ   	 å'Ü#*   Ðcan€be€integrated€into€the€overall€management€process€has€been€clarified.€€The€text€now€indicates€moreÏclearly€that€the€examples€used€to€make€this€point€are€in€fact€examples,€not€new€Circular€requirements.€ÏBecause€the€Act€encompasses€agency€operations,€as€well€as€program€and€administrative€areas,€appropriateÏlanguage€has€been€included€in€the€Circular.€€In€addition,€the€Circular€states€that€òò24€agencies€are€coveredÐ   	 O+F'.   Ðby€the€CFOs€Actóó,€which€reflects€the€legislation€last€year€that€made€the€Social€Security€Administration€anÐ   	 -,$(/   Ðindependent€agency€from€the€Department€of€Health€and€Human€Services.Ð   	 -)0   Ð‡Ô&  D Ôà     àòòComments€Not€Accepted:óó€€Two€agencies€questioned€elimination€of€the€Management€Control€Plan.€Ð   	 	      ÐThe€importance€of€planning€has€not€been€diminished€in€the€new€Circular,€but€òòOMB€will€no€longer€dictateÐ   	 åÜ    Ðthe€scope€and€content€of€an€agency's€planning€documentóó.€€An€agency€may€choose,€for€example,€to€meetÐ   	 ¿¶   Ðthe€Circular's€planning€requirement€by€addressing€management€controls€in€a€broader€strategic€plan€forÏagency€management.€€Ô'  D	š  ÔÌÌà     àòòòòSection€II.€Establishing€Management€Controlsóóóó.€€This€section€defines€management€controls,€andÐ   	 '	   Ðrequires€agency€managers€to€develop€and€implement€appropriate€management€controls.€€Included€in€thisÏsection€are€general€and€specific€management€control€standards,€drawn€in€large€part€from€the€standardsÏissued€by€the€General€Accounting€Officeñ ›%ññš%ñÔC  9   G e n e r a l   A c c o u n t i n g   O f f i c e     :C Ôñš%ññ›%ñ€(GAO).€€By€including€these€standards€in€the€Circular,€OMB€isÏcontinuing€its€efforts€to€integrate€various€management€control€policies€into€a€single€document€to€make€itÏeasier€for€Federal€managers€to€implement€good€management€controls.ÌÌà     àòòComments€Accepted:óó€€Four€agencies€questioned€whether€the€definition€of€internal€controlsñ ›%ññš%ñÔ3  )   i n t e r n a l   c o n t r o l s     &3 Ôñš%ññ›%ñ€as€aÐ   	 !   Ðsubset€of€management€controls€should€be€limited€to€conditions€"that€could€have€a€material€effect€on€[theÏentity's]€financial€statements."€€One€agency€pointed€out€that€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ€in€internal€controlsñ ›%ññš%ñÔ3  )   i n t e r n a l   c o n t r o l s     3 Ôñš%ññ›%ñ€related€toÏevents€that€have€less€than€a€major€impact€on€financial€statements,€like€security€weaknesses€or€conflict€ofÏinterest€problems,€could€be€reportable€under€the€Integrity€Act.€€OMB€agrees€and€has€deleted€the€restrictiveÏphrase.ÌÌà     àIn€response€to€one€agency's€comment,€language€on€developing€management€controls€has€beenÏexpanded€to€emphasize€that€controls€must€be€developed€as€programs€are€initially€implemented,€as€well€asÏreengineered.€€At€another€agency's€suggestion,€a€statement€has€been€included€on€the€value€of€drawing€onÏthe€expertise€of€the€CFOñ ›%ññš%ñÔ     C F O     n Ôñš%ññ›%ñ€and€IGñ ›%ññš%ñÔ     I G       Ôñš%ññ›%ñ€as€controls€are€developed.ÌÌà     àResponding€to€two€agencies'€comments€on€the€standards€for€management€controls,€the€standardÏon€compliance€with€law€has€been€expanded€to€included€compliance€with€regulations,€and€the€standard€onÏdelegation€of€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     )# Ôñš%ññ›%ñ€now€clearly€states€that€managers€should€ensure€that€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     )# Ôñš%ññ›%ñ,€responsibility€andÏaccountability€are€defined€and€delegated.ÌÌà     àòòComments€Not€Accepted:óó€€The€AICPA€recommended€that€the€Circular€adopt€the€framework€andÐ   	 ”   Ðdefinitions€of€internal€controlsñ ›%ññš%ñÔ3  )   i n t e r n a l   c o n t r o l s     3 Ôñš%ññ›%ñ€developed€by€the€Committee€of€Sponsoring€Organizations€of€the€TreadwayÏCommission€(the€COSO€framework).€€OMB€has€carefully€reviewed€the€COSO€approach€and€feels€confidentÏthat€the€Circular€incorporates€virtually€all€of€the€concepts€underlying€the€COSO€framework.€€It€is€critical,Ïhowever,€for€the€Circular€to€present€these€concepts€in€language€that€is€meaningful€to€Federal€programÏmanagers€as€well€as€financial€managers.€€Therefore,€OMB€has€decided€to€retain€the€Circular's€broaderÏterminology.ÌÌà     àOne€agency€questioned€OMB's€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     n# Ôñš%ññ›%ñ€to€(i)€include€management€control€standards€in€theÏCircular€and€(ii)€modify€the€language€of€GAO's€Standards€for€Internal€Control.€€OMB€has€included€GAOÏin€discussions€about€the€Circular's€revision€since€the€beginning€of€the€effort,€and€has€provided€GAO€withÏthe€opportunity€to€comment€on€numerous€drafts€of€the€document.€€GAO€has€not€objected€to€inclusion€ofÏthe€standards€in€the€Circular,€nor€has€GAO€questioned€the€document's€specific€language.€€OMB€believesÏthat€the€Circular€accurately€incorporates€the€GAO€standards,€and€appropriately€updates€the€language€toÏreflect€developments€in€this€area€since€GAO€issued€its€standards€in€1983.ÌÌà     àTwo€agencies€recommended€more€flexibility€in€the€standard€relating€to€separation€of€dutiesñ ›%ññš%ñÔ9  /   s e p a r a t i o n   o f   d u t i e s     Ö9 Ôñš%ññ›%ñ,€arguingÏthat€the€principle€may€be€overly€rigid€in€an€era€of€downsizing.€€One€agency€described€the€difficulty€ofÏapplying€this€standard€in€small€field€offices,€and€suggested€that€alternative€controls€based€on€advancedÏtechnology,€such€as€systems€access€controls€and€automated€auditñ ›%ññš%ñÔ     a u d i t     i Ôñš%ññ›%ñ€trails,€may€be€appropriate.€€While€OMBÐ   	 Í-Ä)1   Ðbelieves€that€separation€of€dutiesñ ›%ññš%ñÔ9  /   s e p a r a t i o n   o f   d u t i e s     Ö9 Ôñš%ññ›%ñ€is€a€key€management€control€standard,€it€recognizes€the€validity€of€theseÏexamples.€€The€standard€has€not€been€modified€because€appropriate€flexibility€is€already€provided;€theÏlanguage€states€that€key€duties€"should"€be€separated€among€individuals.ÌÌà     àOne€agency€questioned€whether€the€Circular€adequately€emphasizes€the€concept€of€reasonableÏassurance.€€OMB€recognizes€the€importance€of€this€concept,€and€believes€that€its€inclusion€as€one€of€theÏgeneral€management€control€standards€is€sufficient.ÌÌà     àòòòòSection€III.€Assessing€and€Improving€Management€Controlsóóóó.€€This€section€states€that€agencyÐ   	 Ù
Ð   Ðmanagers€should€continuously€monitor€and€improve€the€effectiveness€of€management€controls.€€ThisÏcontinuous€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g     Ö% Ôñš%ññ›%ñ,€and€other€periodic€evaluations,€should€provide€the€basis€for€the€agency€head'sÏannual€assessment€of€and€report€on€management€controls.€€Agencies€are€encouraged€to€use€a€variety€ofÏinformation€sources€to€arrive€at€the€annual€assurance€statement€to€the€President€and€the€Congress.€€SeveralÏexamples€of€sources€of€information€are€included€in€this€section.€€The€role€of€the€agency's€seniorÏmanagement€council€in€making€recommendations€on€the€annual€assurance€statement€and€on€whichÏdeficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ€in€management€controls€should€be€considered€material€is€also€addressed.ÌÌà     àòòComments€Accepted:óó€€OMB€recognizes€the€need€to€clarify€how€the€term€"òòmaterial€weaknessóóñ ›%ññš%ñÔ3  )   m a t e r i a l   w e a k n e s s     &3 Ôñš%ññ›%ñ"€asÐ   	 ‡~   Ðused€in€the€Circular€differs€from€the€same€term€as€used€by€Federal€auditors.€€This€issue€was€raised€by€oneÏagency€in€its€written€comments,€and€by€other€parties€in€discussions€of€earlier€drafts.€€òòThe€Circular€nowÐ   	 ?6   Ðrecognizes€that€Federal€auditors€are€required€to€identify€and€report€weaknesses€that,€in€their€opinion,Ïpose€a€risk€or€threat€to€the€internal€control€systems€of€an€entity€(such€as€a€program€or€operation)€evenÏif€the€management€of€that€entity€would€not€report€the€weakness€outside€the€agency.óóÐ   	 ÑÈ   ÐÌà     àòòComments€Not€Accepted:óó€€Two€agencies€found€the€Circular's€requirements€on€assessing€andÐ   	 …|   Ðdocumenting€the€sufficiency€of€management€controls€to€be€inadequate,€and€suggested€that€the€CircularÏprovide€more€specific€guidance€in€these€areas.€€In€keeping€with€the€philosophy€behind€the€Circular,€OMBÏprefers€to€give€agencies€the€latitude€to€expand€upon€the€Circular's€requirements€in€these€areas,€if€theyÏbelieve€it€is€necessary,€rather€than€to€impose€uniform€criteria€for€determining,€for€example,€what€shouldÏbe€reported€as€a€material€weaknessñ ›%ññš%ñÔ3  )   m a t e r i a l   w e a k n e s s     3 Ôñš%ññ›%ñ.Ìà     àAlong€those€lines,€òòOMB€has€chosen€not€to€adopt€the€definitions€used€by€Federal€auditors€ofÐ   	 £š   Ða€reportable€condition€and€material€weaknessñ ›%ññš%ñÔ3  )   m a t e r i a l   w e a k n e s s      3 Ôñš%ññ›%ñ,€as€advocated€by€one€agency€and€the€AICPAóó.€€ThoseÐ   	 x   Ðdefinitions€are€weighted€heavily€toward€technical,€financially„oriented€terms€that€are€probably€notÏmeaningful€to€Federal€program€managers.€€They€also€focus€on€financial€statements€as€the€primary€end„¼product€of€an€internal€control€structure.€€While€financial€statements€are€important€tools€for€the€agency€headÏin€arriving€at€an€assurance€statement€on€management€controls,€they€are€not€the€only€source€of€informationÏfor€making€this€determination.€€Therefore,€it€is€important€that€the€Circular€use€language€that€accuratelyÏreflects€the€broad€nature€of€agency€management€controls.ÌÌÔ&  B Ôà     àTwo€agencies€felt€that€the€Circular€should€require€that€agencies€test€their€management€controls.€ÏOMB€agrees€that€testingñ ›%ññš%ñÔ     t e s t i n g     w Ôñš%ññ›%ñ€is€an€important€method€for€determining€whether€controls€actually€work,€andÏencourages€agencies€to€use€some€form€of€testingñ ›%ññš%ñÔ     t e s t i n g     w Ôñš%ññ›%ñ.€€Because€testingñ ›%ññš%ñÔ     t e s t i n g     w Ôñš%ññ›%ñ€is€already€implicit€in€several€of€theÏinformation€sources€to€be€used€to€assess€controls,€and€is€less€feasible€for€other€information€sources,€it€isÏnot€included€as€a€blanket€requirement.Ô'  BU%B  ÔÌâ
    
 âÐ   	 —)Ž%,   ÐÔ&  B Ôâ
    
 âà     àThree€agencies€commented€on€the€composition€of€an€agency's€senior€management€council;€two€feltÏthat€the€Circular€should€be€more€specific€in€discussing€membership,€while€one€found€this€section€tooÏprescriptive.€€OMB€believes€that€the€current€language€adequately€addresses€the€importance€of€includingÏboth€line€and€staff€management€and€involving€the€IGñ ›%ññš%ñÔ     I G     Ö Ôñš%ññ›%ñ,€without€infringing€on€the€agency's€ability€toÏdetermine€the€council's€membership.Ô'  B	¹D  ÔÌÌÔ&  l Ôà     àòòòòSection€IV.€€Correcting€Management€Control€Deficienciesóóóóñ ›%ññš%ñÔ)     D e f i c i e n c i e s     &) Ôñš%ññ›%ñ.€€This€section€states€that€agencyÐ   	 %	   Ðmanagement€is€responsible€for€taking€timely€and€effective€action€to€correct€management€controlÏdeficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ.€€Correcting€these€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ€is€an€integral€part€of€management's€responsibilities€and€mustÏbe€considered€a€priority€by€the€agency.Ô'  l%	ÊF  ÔÌÌà     àThe€only€comment€received€on€this€section€reflected€a€misunderstanding€of€the€Circular'sÏrequirements€on€corrective€action€plans.€€Plans€must€be€developed,€tracked,€and€reported€for€all€materialÏweaknesses€(weaknesses€included€in€the€Integrity€Act€report).€€For€weaknesses€that€are€not€included€in€theÏreport,€plans€should€be€developed€and€tracked€at€a€level€deemed€appropriate€by€the€agency.ÌÌà     àòòòòSection€V.€€Reporting€on€Management€Controlsóóóó.€€This€section€describes€the€required€componentsÐ   	 ­¤   Ðof€the€agency's€annual€Integrity€Act€report€and€its€distributionñ ›%ññš%ñÔ)     d i s t r i b u t i o n     ) Ôñš%ññ›%ñ€to€the€President€and€the€Congress.€ThisÏsection€also€describes€an€initiative€to€streamline€reporting€by€consolidating€Integrity€Act€information€withÏother€performance„related€reporting€into€a€broader€"Accountability€Report"€to€be€issued€annually€by€theÏagency€head.€€Lastly,€this€section€presents€Integrity€Act€requirements€as€they€pertain€to€governmentÏcorporations€pursuant€to€the€CFOs€Act.ÌÌà     àòòComments€Accepted:óó€€òòAt€the€suggestion€of€two€commenters,€agencies€are€now€encouraged€to€makeÐ   	 §ž   Ðtheir€Integrity€Act€reportsñ ›%ññš%ñÔ     r e p o r t s     Ö Ôñš%ññ›%ñ€available€electronicallyóó.€€The€reference€to€a€House€committee€has€been€changedÐ   	 ƒz   Ðto€reflect€the€nomenclature€of€the€104th€Congress.ÌÌà     àThis€section€also€describes€an€new€approach€towards€financial€management€reporting€that€couldÏhelp€integrate€management€initiatives.€€This€approach€is€being€pilot„tested€by€several€agencies€for€FY€1995.€ÏFurther€information€on€the€implications€of€this€initiative€for€other€agencies€will€be€issued€by€OMB€afterÏthe€pilot€reportsñ ›%ññš%ñÔ     r e p o r t s     Ö Ôñš%ññ›%ñ€have€been€evaluated.ÌÌà     àòòComments€Not€Accepted:óó€€One€agency€questioned€the€wisdom€of€permitting€agencies€to€provideÐ   	 SJ    Ða€qualified€statement€of€assurance.€€OMB€expects€agencies€to€provide€the€most€direct€possible€statementÏof€assurance.€€The€option€of€a€qualified€statement€recognizes€that€in€some€cases,€the€most€accurateÏstatement€of€assurance€is€one€that€is€qualified€by€exceptions€that€are€explicitly€noted.ÌÌà     àThe€same€agency€suggested€new€language€in€the€reporting€section€to€recognize€that€the€CircularÏbroadens€the€scope€of€internal€control€accountability€beyond€the€requirements€of€the€Integrity€Act.€€OMBÏdisagrees€with€the€premise€that€the€link€between€management€controls€and€program€performance€is€a€newÏone.€€While€the€Integrity€Act€uses€financially€oriented€terminology,€the€Act€"clearly€encompasses€programÏand€administrative€areas,€as€well€as€the€more€traditional€accounting€and€financial€management€areas"Ï(House€Report€98„937,€"First„Year€Implementation€of€the€Federal€Managers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t     Íc Ôñš%ññ›%ñ,"ÏCommittee€on€Government€Operations,€August€2,€1984,€p.€1).Ìâ
    
 âÐ   	 )„%,   ÐÔ&  ü Ôâ
    
 âà     àòòòòGeneral€Issuesóó.óó€€Some€comments€were€not€limited€to€specific€sections€of€the€Circular.Ð   	 	      ÐÌà     àòòComments€Accepted:óó€€In€response€to€one€agency's€suggestion,€òòthe€acronym€"FMFIAñ ›%ññš%ñÔ     F M F I A      Ôñš%ññ›%ñ"€has€beenÐ   	 Á¸   Ðreplaced€throughout€the€Circular€by€the€term€"Integrity€Act"€to€better€emphasize€the€purpose€and€scopeÏof€the€law.óó€€OMB€has€also€modified€the€term€"should"€in€several€instances€where€specific€agency€actionÐ   	 wn   Ðis€required.ÌÔ'  ü	2U  ÔÌà     àòòComments€Not€Accepted:óó€€Two€agencies€proposed€that€the€Circular€broaden€the€linkage€betweenÐ   	 
ü   Ðmanagement€controls€and€other€management€initiatives,€particularly€performance€measurement€andÏimplementation€of€GPRA.€€OMB€encourages€agencies€to€integrate€their€efforts€to€evaluate€managementÏcontrols€and€program€performance,€but€is€not€prepared€at€this€time€to€include€policy€guidance€onÏperformance€measurement€in€this€Circular.ÌÌà     àOne€agency€proposed€inclusion€of€language€describing€the€applicability€of€the€Circular€toÏdiscretionary€policy€matters,€as€had€been€done€in€the€1986€version.€€OMB€does€not€believe€that€thisÏlanguage€is€necessary€because€it€is€clearñ ›%ññš%ñÔ     c l e a r      Ôñš%ññ›%ñ€that€the€President€and€agency€head€have€full€discretion€overÏpolicymaking€functions,€including€determining€and€interpreting€policy,€determining€program€need,€makingÏresource€allocation€decisions,€and€pursuing€rulemaking.ÌÌà     àTwo€agencies€suggested€that€the€Circular€specifically€address€OMB's€High€Risk€Program.€€OMBÏhas€chosen€not€to€do€so€because€implementation€of€the€management€control€program€outlined€in€theÏCircular€will€likely€eliminate€the€need€for€separate€tracking€of€high€risk€areas.€€If€agencies€report€their€mostÏserious€management€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ€to€the€President€and€the€Congress€as€envisioned€by€the€Circular,€theÏIntegrity€Act€reportsñ ›%ññš%ñÔ     r e p o r t s     i Ôñš%ññ›%ñ€will€essentially€reflect€the€highest€risk€areas€in€government,€and€a€separate€High€RiskÏProgram€may€no€longer€be€necessary.ÌÌ(Signed)ÌJohn€B.€Arthur,ÌAssociate€Directorñ ›%ññš%ñÔ!     D i r e c t o r     e! Ôñš%ññ›%ñ€for€AdministrationÐ	   	 éà   ÐòòÓ   ÓÔ
     ÔCircular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     Ö Ôñš%ññ›%ñ,€€RevisedÔ    Œ^  ÔÐ   	 	      ÐJune€21,€1995óóÐ   	 ãÚ    ÐÓ  €^  ÓÌTO€THE€HEADS€OF€EXECUTIVE€DEPARTMENTS€AND€ESTABLISHMENTSÌÌFROM:à0    `	 àAlice€M.€RivlinÐ    KB `	(#`	(#  Ðà0     àà0    `	(#(# àDirectorñ ›%ññš%ñÔ!     D i r e c t o r      ! Ôñš%ññ›%ñÐ    `	(#`	(#  ÐÌSUBJECT:à    `	 àòòManagement€Accountability€and€ControlÐ   	 Ù
Ð   ÐóóÌ1.à     àòòPurpose€and€Authorityóóñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ.€€As€Federal€employees€develop€and€implement€strategies€for€reengineeringÐ   	 ‘ˆ
   Ðagency€programs€and€operations,€they€should€design€management€structures€that€help€ensure€accountabilityÏfor€results,€and€include€appropriate,€cost„effective€controls.€€This€Circular€provides€guidance€to€FederalÏmanagers€on€improving€the€accountability€and€effectiveness€of€Federal€programs€and€operations€byÏestablishing,€assessing,€correcting,€and€reporting€on€management€controls.ÌÌà     àThe€Circular€is€issued€under€the€authorityñ ›%ññš%ñÔ#     a u t h o r i t y      # Ôñš%ññ›%ñ€of€the€òòFederal€Managers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t     c Ôñš%ññ›%ñ€ofÐ   	 ­¤   Ð1982€as€codified€in€31€U.S.C.€3512óóñ ›%ññš%ñÔ-  #   3 1   U . S . C .   3 5 1 2     - Ôñš%ññ›%ñ.Ð   	 ‹‚   ÐÌà     àòòThe€Circular€replaces€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     Ö Ôñš%ññ›%ñ,€"Internal€Control€Systems,"€revised,€dated€AugustÐ   	 C:   Ð4,€1986,€and€OMB's€1982€"Internal€Controlsñ ›%ññš%ñÔ3  )   I n t e r n a l   C o n t r o l s      3 Ôñš%ññ›%ñ€Guidelines"€and€associated€"Questions€and€Answers"Ïdocument,€which€are€hereby€rescinded.óóÐ   	 ÷î   ÐÌ2.à     àòòPolicyóó.€€Management€accountability€is€the€expectation€that€managers€are€responsible€for€the€qualityÐ   	 «¢   Ðand€timeliness€of€program€performance,€increasing€productivity,€controlling€costs€and€mitigating€adverseÏaspects€of€agency€operations,€and€assuring€that€programs€are€managed€with€integrity€and€in€complianceÏwith€applicable€law.ÌÌà     àManagement€controls€are€the€organization,€policies,€and€procedures€used€to€reasonably€ensure€thatÏ(i)€programs€achieve€their€intended€results;€(ii)€resources€are€used€consistent€with€agency€mission;€(iii)Ïprograms€and€resources€are€protected€from€waste,€fraud,€and€mismanagement;€(iv)€laws€and€regulationsÏare€followed;€and€(v)€reliable€and€timely€information€is€obtained,€maintained,€reported€and€used€forÏdecision€making.€ÌÌ3.à     àòòActions€Requiredóó.€€Agencies€and€individual€Federal€managers€must€take€systematic€and€proactiveÐ   	 	! "   Ðmeasures€to€(i)€develop€and€implement€appropriate,€cost„effective€management€controls€for€results„orientedÏmanagement;€(ii)€assess€the€adequacy€of€management€controls€in€Federal€programs€and€operations;€(iii)Ïidentify€needed€improvements;€(iv)€take€corresponding€corrective€action;€and€(v)€report€annually€onÏmanagement€controls.ÌÌ4.à0     àòòòòEffective€Dateóó.€€This€Circular€is€effective€upon€issuance.Ð    %&"( (#(#  ÐóóÌ5.à     àòòInquiriesóó.€€Further€information€concerning€this€Circular€may€be€obtained€from€the€ManagementÐ   	 Ý'Ô#*   ÐIntegrity€Branch,€Office€of€Federal€Financial€Management,€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t     	O Ôñš%ññ›%ñ,ÏWashington,€DC€20503,€202/395„6911.ÌÌ6.à     àòòCopiesóó.€€Copies€of€this€Circular€may€be€obtained€by€telephoning€the€Executive€Office€of€theÐ   	 E+<'.   ÐPresident,€Publication€Services,€at€202/395„7332.Ìâ
    
 âÐ   	 ù,ð(0   ÐÔ&  ú Ôâ
    
 â7.à     àòòElectronic€Accessóó.€€This€document€is€also€accessible€on€the€U.S.€Department€of€Commerce'sÐ   	 	      ÐòòFedWorldóó€Network€under€the€OMB€Library€of€Files.Ð   	 ãÚ    Ðð ðà0     àThe€Telnet€address€for€FedWorld€via€Internetñ ›%ññš%ñÔ!     I n t e r n e t     ! ÔÔ!     I n t e r n e t     ! Ôñš%ññ›%ñ€is€"fedworld.gov".Ð    Á¸ (#(#  Ðð ðà0     àThe€World€Wide€Webñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b     :- Ôñš%ññ›%ñ€address€is€"http://www.fedworld.gov/ftp.htm#omb".Ð    ›’ (#(#  Ðð ðà0     àFor€file€transfer€protocol€(FTP)€access,€the€address€isÐ   	 ul   Ð"ftp://fwux.fedworld.gov/pub/omb/omb.htm".€€Ð    (#(#  ÐThe€telephone€number€for€the€FedWorld€help€desk€is€703/487-4608.Ô'  ú	«m  ÔÌÌÌAttachmentÐ	   	 ·®	   Ðà€    ÒÒA (# àAttachmentˆÌÌà@    ››" ì àòòI.€€INTRODUCTIONóóˆÐ   	 ½´   ÐÌThe€proper€stewardship€of€Federal€resources€is€a€fundamental€responsibility€of€agency€managers€and€staff.€ÏFederal€employees€must€ensure€that€government€resources€are€used€efficiently€and€effectively€to€achieveÏintended€program€results.€€Resources€must€be€used€consistent€with€agency€mission,€in€compliance€with€lawÏand€regulation,€and€with€minimal€potential€for€waste,€fraud,€and€mismanagement.ÌÌTo€support€results„oriented€management,€the€òòGovernment€Performance€and€Results€Actóóñ ›%ññš%ñÔ]  S   G o v e r n m e n t   P e r f o r m a n c e   a n d   R e s u l t s   A c t     ] Ôñš%ññ›%ñ€(GPRA,€P.L.Ð   	 ³ª	   Ð103„62)€requires€agencies€to€develop€strategic€plans,€set€performance€goals,€and€report€annually€on€actualÏperformance€compared€to€goals.€€As€the€Federal€government€implements€this€legislation,€these€plans€andÏgoals€should€be€integrated€into€(i)€the€budget€process,€(ii)€the€operational€management€of€agencies€andÏprograms,€and€(iii)€accountability€reporting€to€the€public€on€performance€results,€and€on€the€integrity,Ïefficiency,€and€effectiveness€with€which€they€are€achieved.ÌÌManagement€accountability€is€the€expectation€that€managers€are€responsible€for€the€quality€and€timelinessÏof€program€performance,€increasing€productivity,€controlling€costs€and€mitigating€adverse€aspects€ofÏagency€operations,€and€assuring€that€programs€are€managed€with€integrity€and€in€compliance€withÏapplicable€law.ÌÌManagement€controls€„„€organization,€policies,€and€procedures€„„€are€tools€to€help€program€and€financialÏmanagers€achieve€results€and€safeguard€the€integrity€of€their€programs.€€This€Circular€provides€guidanceÏon€using€the€range€of€tools€at€the€disposal€of€agency€managers€to€achieve€desired€program€results€and€meetÏthe€requirements€of€the€Federal€Managers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t      c Ôñš%ññ›%ñ€(FMFIAñ ›%ññš%ñÔ     F M F I A       Ôñš%ññ›%ñ,€referred€to€as€the€Integrity€ActÏthroughout€this€document).ÌÌòòFrameworkóó.€€The€importance€of€management€controls€is€addressed,€both€explicitly€and€implicitly,€in€manyÐ   	    Ðstatutes€and€executive€documents.€€òòThe€Federal€Managers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t     Šc Ôñš%ññ›%ñ€óó(P.L.€97„255)Ð   	 åÜ   Ðestablishes€specific€requirements€with€regard€to€management€controls.€€The€agency€head€must€establishÏcontrols€that€reasonably€ensure€that:€€(i)€obligations€and€costs€comply€with€applicable€law;€(ii)€assets€areÏsafeguarded€against€waste,€loss,€unauthorized€use€or€misappropriation;€and€(iii)€revenues€and€expendituresÏare€properly€recorded€and€accounted€for.€31€U.S.C.€3512ñ ›%ññš%ñÔ-  #   3 1   U . S . C .   3 5 1 2     - Ôñš%ññ›%ñ(c)(1).€€In€addition,€the€agency€head€annuallyÏmust€evaluate€and€report€on€the€control€and€financial€systems€that€protect€the€integrity€of€Federal€programs.€Ï31€U.S.C.€3512ñ ›%ññš%ñÔ-  #   3 1   U . S . C .   3 5 1 2     - Ôñš%ññ›%ñ(d)(2).€€The€Act€encompasses€program,€operational,€and€administrative€areas€as€well€asÏaccounting€and€financial€management.€ÌÌInstead€of€considering€controls€as€an€isolated€management€tool,€agencies€should€integrate€their€efforts€toÏmeet€the€requirements€of€the€Integrity€Act€with€other€efforts€to€improve€effectiveness€and€accountability.€ÏThus,€management€controls€should€be€an€integral€part€of€the€entire€cycle€of€planning,€budgeting,Ïmanagement,€accounting,€and€auditing.€€They€should€support€the€effectiveness€and€the€integrity€of€everyÏstep€of€the€process€and€provide€continual€feedback€to€management.ÌÌFor€instance,€good€management€controls€can€assure€that€performance€measures€€are€complete€and€accurate.€ÏAs€another€example,€the€management€control€standard€of€organization€would€align€staff€and€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     5# Ôñš%ññ›%ñ€withÏthe€program€responsibilities€to€be€carried€out,€improving€both€effectiveness€and€accountability.€€Similarly,Ïaccountability€for€resources€could€be€improved€by€more€closely€aligning€budget€accounts€with€programsÏand€charging€them€with€all€significant€resources€used€to€produce€the€program's€outputs€and€outcomes.€Ìâ
    
 âÐ   	 ñ,è(0   ÐÔ&  ú Ôâ
    
 âMeeting€the€requirements€of€the€òòChief€Financial€Officers€Act€óó(P.L.€101„576,€as€amended)€should€helpÐ   	 	      Ðagencies€both€establish€and€evaluate€management€controls.€€The€Act€requires€the€preparation€and€auditñ ›%ññš%ñÔ     a u d i t      Ôñš%ññ›%ñ€ofÏfinancial€statements€for€24€Federal€agencies.€€31€U.S.C.€901(b),€3515.€€In€this€process,€auditors€report€onÏinternal€controlsñ ›%ññš%ñÔ3  )   i n t e r n a l   c o n t r o l s     &3 Ôñš%ññ›%ñ€and€compliance€with€laws€and€regulations.€€Therefore,€the€agencies€covered€by€the€ActÏhave€a€clearñ ›%ññš%ñÔ     c l e a r     l Ôñš%ññ›%ñ€opportunity€both€to€improve€controls€over€their€financial€activities,€and€to€evaluate€the€controlsÏthat€are€in€place.ÌÔ'  ú	P‚  ÔÌThe€òòInspector€Generalñ ›%ññš%ñÔ3  )   I n s p e c t o r   G e n e r a l     3 Ôñš%ññ›%ñ€Act€óó(P.L.€95„452,€as€amended)€provides€for€independent€reviews€of€agencyÐ   	 
ú   Ðprograms€and€operations.€€Offices€of€Inspectors€General€(OIGs)€and€other€external€auditñ ›%ññš%ñÔ     a u d i t      Ôñš%ññ›%ñ€organizationsÏfrequently€cite€specific€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ€in€management€controls€and€recommend€opportunities€forÏimprovements.€€Agency€managers,€who€are€required€by€the€Act€to€follow€up€on€auditñ ›%ññš%ñÔ     a u d i t       Ôñš%ññ›%ñ€recommendations,Ïshould€use€these€reviews€to€identify€and€correct€problems€resulting€from€inadequate,€excessive,€or€poorlyÏdesigned€controls,€and€to€build€appropriate€controls€into€new€programs.ÌÌFederal€managers€must€carefully€consider€the€appropriate€balance€of€controls€in€their€programs€andÏoperations.€€Fulfilling€requirements€to€eliminate€regulations€(òò"Elimination€of€One„Half€of€ExecutiveÐ   	 ×Î   ÐBranch€Internal€Regulationsóó,"€Executive€Orderñ ›%ññš%ñÔ/  %   E x e c u t i v e   O r d e r     / Ôñš%ññ›%ñ€12861)€should€reinforce€to€agency€managers€that€tooÐ   	 µ¬   Ðmany€controls€can€result€in€inefficient€and€ineffective€government,€and€therefore€that€they€must€ensure€anÏappropriate€balance€between€too€many€controls€and€too€few€controls.€€Managers€should€benefit€fromÏcontrols,€not€be€encumbered€by€them.€€ÌòòAgency€Implementationóó.€€Appropriate€management€controls€should€be€integrated€into€each€systemÐ   	 !   Ðestablished€by€agency€management€to€direct€and€guide€its€operations.€A€separate€management€controlÏprocess€need€not€be€instituted,€particularly€if€its€sole€purpose€is€to€satisfy€the€Integrity€Act's€reportingÏrequirements.ÌÌAgencies€need€to€plan€for€how€the€requirements€of€this€Circular€will€be€implemented.€€Developing€aÏwritten€strategy€for€internal€agency€use€may€help€ensure€that€appropriate€action€is€taken€throughout€the€yearÏto€meet€the€objectives€of€the€Integrity€Act.€€The€absence€of€such€a€strategy€may€itself€be€a€seriousÏmanagement€control€deficiency.ÌÌIdentifying€and€implementing€the€specific€procedures€necessary€to€ensure€good€management€controls,€andÏdetermining€how€to€evaluate€the€effectiveness€of€those€controls,€is€left€to€the€discretion€of€the€agency€head.€ÏHowever,€agencies€should€implement€and€evaluate€controls€without€creating€unnecessary€processes,Ïconsistent€with€recommendations€made€by€the€National€Performance€Review.ÌÌThe€President's€Management€Council,€composed€of€the€major€agencies'€chief€operating€officers,€has€beenÏestablished€to€foster€governmentwide€management€changes€("Implementing€Management€Reform€in€theÏExecutive€Branch,"€October€1,€1993).€€Many€agencies€are€establishing€their€own€senior€managementÏcouncil,€often€chaired€by€the€agency's€chief€operating€officer,€to€address€management€accountability€andÏrelated€issues€within€the€broader€context€of€agency€operations.€€Relevant€issues€for€such€a€council€includeÏensuring€the€agency's€commitment€to€an€appropriate€system€of€management€controls;€recommending€toÏthe€agency€head€which€control€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ù) Ôñš%ññ›%ñ€are€sufficiently€serious€to€report€in€the€annual€Integrity€ActÏreport;€and€providing€input€for€the€level€and€priority€of€resource€needs€to€correct€these€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ù) Ôñš%ññ›%ñ.€€(SeeÏalso€Section€III€of€this€Circular.)ÌÌà@    ·· ì àòòII.€€ESTABLISHING€MANAGEMENT€CONTROLSˆÐ   	 k*b&-   ÐóóòòÌDefinition€of€Management€Controlsóó.€€Management€controls€are€the€organization,€policies,€and€proceduresÐ   	 ,(/   Ðused€by€agencies€to€reasonably€ensure€that€(i)€programs€achieve€their€intended€results;€(ii)€resources€areÏused€consistent€with€agency€mission;€(iii)€programs€and€resources€are€protected€from€waste,€fraud,€andÐ   	 Ó-Ê)1   Ðmismanagement;€(iv)€laws€and€regulations€are€followed;€and€(v)€reliable€and€timely€information€is€obtained,Ïmaintained,€reported€and€used€for€decision€making.ÌÌManagement€controls,€in€the€broadest€sense,€include€the€plan€of€organization,€methods€and€proceduresÏadopted€by€management€to€ensure€that€its€goals€are€met.€€Management€controls€include€processes€forÏplanning,€organizing,€directing,€and€controlling€program€operations.€€A€subset€of€management€controls€areÏthe€internal€controlsñ ›%ññš%ñÔ3  )   i n t e r n a l   c o n t r o l s      3 Ôñš%ññ›%ñ€used€to€assure€that€there€is€prevention€or€timely€detection€of€unauthorized€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     r' Ôñš%ññ›%ñ,Ïuse,€or€disposition€of€the€entity's€assets.ÌòòÌDeveloping€Management€Controlsóó.€€As€Federal€employees€develop€and€execute€strategies€for€implementingÐ   	 ³ª	   Ðor€reengineering€agency€programs€and€operations,€they€should€design€management€structures€that€helpÏensure€accountability€for€results.€€As€part€of€this€process,€agencies€and€individual€Federal€managers€mustÏtake€systematic€and€proactive€measures€to€develop€and€implement€appropriate,€cost„effective€managementÏcontrols.€€The€expertise€of€the€agency€CFOñ ›%ññš%ñÔ     C F O     s Ôñš%ññ›%ñ€and€IGñ ›%ññš%ñÔ     I G       Ôñš%ññ›%ñ€can€be€valuable€in€developing€appropriate€controls.€ÌÌManagement€controls€guarantee€neither€the€success€of€agency€programs,€nor€the€absence€of€waste,€fraud,Ïand€mismanagement,€but€they€are€a€means€of€managing€the€risk€associated€with€Federal€programs€andÏoperations.€€To€help€ensure€that€controls€are€appropriate€and€cost„effective,€agencies€should€consider€theÏextent€and€cost€of€controls€relative€to€the€importance€and€risk€associated€with€a€given€program.ÌÌòòStandardsóó.€€Agency€managers€shall€incorporate€basic€management€controls€in€the€strategies,€plans,Ð   	    Ðguidance€and€procedures€that€govern€their€programs€and€operations.€€Controls€shall€be€consistent€with€theÏfollowing€standards,€which€are€drawn€in€large€part€from€the€"Standards€for€Internal€Control€in€the€FederalÏGovernment,"€issued€by€the€General€Accounting€Officeñ ›%ññš%ñÔC  9   G e n e r a l   A c c o u n t i n g   O f f i c e     ÖC Ôñš%ññ›%ñ€(GAO).ÌÌGeneral€management€control€standards€are:Ìð ðà0     àòòCompliance€With€Lawóó.€€All€program€operations,€obligations€and€costs€must€comply€withÐ   	 -$   Ðapplicable€law€and€regulation.€€Resources€should€be€efficiently€and€effectively€allocated€for€dulyÏauthorized€purposes.Ð    (#(#  ÐÌð ðà0     àòòReasonable€Assurance€and€Safeguardsóó.€€Management€controls€must€provide€reasonable€assuranceÐ   	 ™   Ðthat€assets€are€safeguarded€against€waste,€loss,€unauthorized€use,€and€misappropriation.€ÏManagement€controls€developed€for€agency€programs€should€be€logical,€applicable,€reasonablyÏcomplete,€and€effective€and€efficient€in€accomplishing€management€objectives.Ð    (#(#  ÐÌð ðà0     àòòIntegrity,€Competence,€and€Attitudeóó.€€Managers€and€employees€must€have€personal€integrity€andÐ   	 ß!Ö#   Ðare€obligated€to€support€the€ethics€programs€in€their€agencies.€€The€spirit€of€the€Standards€ofÏEthical€Conduct€requires€that€they€develop€and€implement€effective€management€controls€andÏmaintain€a€level€of€competence€that€allows€them€to€accomplish€their€assigned€duties.€€EffectiveÏcommunication€within€and€between€offices€should€be€encouraged.Ð    (#(#  ÐÌÔ&  Ô ÔSpecific€management€control€standards€are:ÌÌð ðà0     àòòDelegation€of€Authorityñ ›%ññš%ñÔ#     A u t h o r i t y     :# Ôñš%ññ›%ñ€and€Organizationóó.€€Managers€should€ensure€that€appropriate€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     # Ôñš%ññ›%ñ,Ð   	 ³(ª$+   Ðresponsibility€and€accountability€are€defined€and€delegated€to€accomplish€the€mission€of€theÏorganization,€and€that€an€appropriate€organizational€structure€is€established€to€effectively€carry€outÏprogram€responsibilities.€€To€the€extent€possible,€controls€and€related€decision„making€authorityñ ›%ññš%ñÔ#     a u t h o r i t y     # Ôñš%ññ›%ñÏshould€be€in€the€hands€of€line€managers€and€staff.€Ð    (#(#  Ðâ
    
 âÔ'  Ôÿ&¢  ÔÐ   	 ù,ð(0   Ðð ðà0     àòòSeparation€of€Dutiesñ ›%ññš%ñÔ9  /   S e p a r a t i o n   o f   D u t i e s     -9 Ôñš%ññ›%ñ€and€Supervisionóó.€€Key€duties€and€responsibilities€in€authorizing,€processing,Ð   	 	      Ðâ
    
 ârecording,€and€reviewing€official€agency€transactions€should€be€separated€among€individuals.€ÏManagers€should€exercise€appropriate€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     # Ôñš%ññ›%ñ€to€ensure€individuals€do€not€exceed€or€abuse€theirÏassigned€authorities.Ð    (#(#  ÐÌð ðà0     àòòAccess€to€and€Accountability€for€Resourcesóó.€€Access€to€resources€and€records€should€be€limitedÐ   	 OF   Ðto€authorized€individuals,€and€accountability€for€the€custody€and€use€of€resources€should€beÏassigned€and€maintained.Ð    (#(#  ÐÌð ðà0     àòòRecording€and€Documentationóó.€€Transactions€should€be€promptly€recorded,€properly€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     Ö% Ôñš%ññ›%ñÐ   	 »²	   Ðand€accounted€for€in€order€to€prepare€timely€accounts€and€reliable€financial€and€other€reportsñ ›%ññš%ñÔ     r e p o r t s     d Ôñš%ññ›%ñ.€€TheÏdocumentation€for€transactions,€management€controls,€and€other€significant€events€must€be€clearñ ›%ññš%ñÔ     c l e a r       Ôñš%ññ›%ñÏand€readily€available€for€examination.Ð    (#(#  ÐÌð ðà0     àòòResolution€of€Auditñ ›%ññš%ñÔ     A u d i t     Ö Ôñš%ññ›%ñ€Findings€and€Other€Deficienciesóóñ ›%ññš%ñÔ)     D e f i c i e n c i e s     &) Ôñš%ññ›%ñ.€€Managers€should€promptly€evaluate€andÐ   	 ø   Ðdetermine€proper€actions€in€response€to€known€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ) Ôñš%ññ›%ñ,€reported€auditñ ›%ññš%ñÔ     a u d i t     n Ôñš%ññ›%ñ€and€other€findings,€andÏrelated€recommendations.€€Managers€should€complete,€within€established€timeframes,€all€actionsÏthat€correct€or€otherwise€resolve€the€appropriate€matters€brought€to€management's€attention.Ð    (#(#  ÐÌOther€policy€documents€may€describe€additional€specific€standards€for€particular€functional€or€programÏactivities.€€For€example,€OMB€Circular€No.€A„127ñ ›%ññš%ñÔ     A „ 1 2 7     n Ôñš%ññ›%ñ,€"Financial€Management€Systems,"€describesÏgovernment„wide€requirements€for€financial€systems.€€The€Federal€Acquisitionñ ›%ññš%ñÔ'     A c q u i s i t i o n      ' Ôñš%ññ›%ñ€Regulations€defineÏrequirements€for€agency€procurement€activities.ÌÌà@    		 ì àòòIII.€€ASSESSING€AND€IMPROVING€MANAGEMENT€CONTROLS€óóˆÐ   	 ‰€   ÐÌAgency€managers€should€continuously€monitor€and€improve€the€effectiveness€of€management€controlsÏassociated€with€their€programs.€€This€continuous€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g     1% Ôñš%ññ›%ñ,€and€other€periodic€evaluations,€should€provideÏthe€basis€for€the€agency€head's€annual€assessment€of€and€report€on€management€controls,€as€required€byÏthe€Integrity€Act.€€Agency€management€should€determine€the€appropriate€level€of€documentation€neededÏto€support€this€assessment.ÌÌòòSources€of€Informationóó.€€The€agency€head's€assessment€of€management€controls€can€be€performed€usingÐ   	 YP    Ða€variety€of€information€sources.€€Management€has€primary€responsibility€for€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g      % Ôñš%ññ›%ñ€and€assessingÏcontrols,€and€should€use€other€sources€as€a€supplement€to€„„€not€a€replacement€for€„„€its€own€judgment.€ÏSources€of€information€include:ÌÌð ðà0     àManagement€knowledge€gained€from€the€daily€operation€of€agency€programs€and€systems.Ð    ›#’% (#(#  ÐÌð ðà0     àManagement€reviews€conducted€(i)€expressly€for€the€purpose€of€assessing€management€controls,Ð   	 O%F!'   Ðor€(ii)€for€other€purposes€with€an€assessment€of€management€controls€as€a€by„product€of€theÏreview.Ð    (#(#  ÐÌð ðà0     àIGñ ›%ññš%ñÔ     I G     t Ôñš%ññ›%ñ€and€GAO€reportsñ ›%ññš%ñÔ     r e p o r t s     g Ôñš%ññ›%ñ,€including€audits,€inspections,€reviews,€investigations,€outcome€of€hotlineÐ   	 ·(®$+   Ðcomplaints,€or€other€products.Ð    (#(#  ÐÌð ðà0     àProgram€evaluations.Ð    E+<'. (#(#  ÐÌð ðà0     àAudits€of€financial€statements€conducted€pursuant€to€the€Chief€Financial€Officers€Act,€as€amended,Ð   	 ù,ð(0   Ðincluding:€€information€revealed€in€preparing€the€financial€statements;€the€auditor's€reportsñ ›%ññš%ñÔ     r e p o r t s     g Ôñš%ññ›%ñ€on€theÐ   	 Ó-Ê)1   Ðfinancial€statements,€internal€controlsñ ›%ññš%ñÔ3  )   i n t e r n a l   c o n t r o l s     73 Ôñš%ññ›%ñ,€and€compliance€with€laws€and€regulations;€and€any€otherÏmaterials€prepared€relating€to€the€statements.Ð    (#(#  ÐÌð ðà0     àReviews€of€financial€systems€which€consider€whether€the€requirements€of€OMB€Circular€No.€A„Ð   	 —Ž   Ð127€are€being€met.Ð    (#(#  ÐÌð ðà0     àReviews€of€systems€and€applications€conducted€pursuant€to€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     Ö; Ôñš%ññ›%ñ€of€1987€(40Ð   	 %	   ÐU.S.C.€759€note)€and€OMB€Circular€No.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     r Ôñš%ññ›%ñ,€"Management€of€Federal€InformationÏResources."€Ð    (#(#  ÐÌð ðà0     àAnnual€performance€plans€and€reportsñ ›%ññš%ñÔ     r e p o r t s     S Ôñš%ññ›%ñ€pursuant€to€the€Government€Performance€and€Results€Actñ ›%ññš%ñÔ]  S   G o v e r n m e n t   P e r f o r m a n c e   a n d   R e s u l t s   A c t     Ö] Ôñš%ññ›%ñ.Ð    „
 (#(#  ÐÌð ðà0     àReportsñ ›%ññš%ñÔ     R e p o r t s     t Ôñš%ññ›%ñ€and€other€information€provided€by€the€Congressional€committees€of€jurisdiction.Ð    A8
 (#(#  ÐÌð ðà0     àOther€reviews€or€reportsñ ›%ññš%ñÔ     r e p o r t s     t Ôñš%ññ›%ñ€relating€to€agency€operations,€e.g.€for€the€Department€of€Health€andÐ   	 õì   ÐHuman€Services,€quality€control€reviews€of€the€Medicaid€and€Aid€to€Families€with€DependentÏChildren€programs.Ð    (#(#  ÐÌUse€of€a€source€of€information€should€take€into€consideration€whether€the€process€included€an€evaluationÏof€management€controls.€€Agency€management€should€avoid€duplicating€reviews€which€assess€managementÏcontrols,€and€should€coordinate€their€efforts€with€other€evaluations€to€the€extent€practicable.ÌÌIf€a€Federal€manager€determines€that€there€is€insufficient€information€available€upon€which€to€base€anÏassessment€of€management€controls,€then€appropriate€reviews€should€be€conducted€which€will€provide€suchÏa€basis.ÌÌòòIdentification€of€Deficienciesóóñ ›%ññš%ñÔ)     D e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ.€€Agency€managers€and€employees€should€identify€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€in€managementÐ   	 -$   Ðcontrols€from€the€sources€of€information€described€above.€€A€deficiency€should€be€reported€if€it€is€or€shouldÏbe€of€interest€to€the€next€level€of€management.€€Agency€employees€and€managers€generally€reportÏdeficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€to€the€next€supervisory€level,€which€allows€the€chain€of€command€structure€to€determine€theÏrelative€importance€of€each€deficiency.ÌÌÔ&  ¢ ÔA€deficiency€that€the€agency€head€determines€to€be€significant€enough€to€be€reported€outside€the€agencyÏ(i.e.€included€in€the€annual€Integrity€Act€report€to€the€President€and€the€Congress)€shall€be€considered€aÏ"material€weaknessñ ›%ññš%ñÔ3  )   m a t e r i a l   w e a k n e s s     P3 Ôñš%ññ›%ñ."ñ›%ñ×  ƒ         ×ñ›%ññ ›%ñ×  ƒ;        ×ñ›%ñÝ
 ƒ/  ÿÿ ÝòòÚ    Ú2Ú
   
 ÚóóÝ     Ý×
   
 ×€€This€designation€requires€a€judgment€by€agency€managers€as€to€the€relative€risk€andÐ   	 ý ô"   Ðsignificance€of€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     1) Ôñš%ññ›%ñ.€€Agencies€may€wish€to€use€a€different€term€to€describe€less€significantÏdeficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     1) Ôñš%ññ›%ñ,€which€are€reported€only€internally€in€an€agency.€€In€identifying€and€assessing€the€relativeÏimportance€of€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     1) Ôñš%ññ›%ñ,€particular€attention€should€be€paid€to€the€views€of€the€agency's€IGñ ›%ññš%ñÔ     I G     c Ôñš%ññ›%ñ.ÌÔ'  ¢IÂ  ÔÌAgencies€should€carefully€consider€whether€systemic€problems€exist€that€adversely€affect€managementÏcontrols€across€organizational€or€program€lines.€€The€Chief€Financial€Officer,€the€Senior€ProcurementÏExecutive,€the€Senior€IRMñ ›%ññš%ñÔ     I R M     i Ôñš%ññ›%ñ€Official,€and€the€managers€of€other€functional€offices€should€be€involved€inÐ   	 ó&ê")   Ðidentifying€and€ensuring€correction€of€systemic€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     1) Ôñš%ññ›%ñ€relating€to€their€respective€functions.ÌÌAgency€managers€and€staff€should€be€encouraged€to€identify€and€report€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     1) Ôñš%ññ›%ñ,€as€this€reflectsÏpositively€on€the€agency's€commitment€to€recognizing€and€addressing€management€problems.€€Failing€toÏreport€a€known€deficiency€would€reflect€adversely€on€the€agency.ÌÌòòRole€of€A€Senior€Management€Councilóó.€€Many€agencies€have€found€that€a€senior€management€council€isÐ   	 %	   Ða€useful€forum€for€assessing€and€monitoringñ ›%ññš%ñÔ%     m o n i t o r i n g      % Ôñš%ññ›%ñ€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€in€management€controls.€€The€membership€of€suchÏcouncils€generally€includes€both€line€and€staff€management;€consideration€should€be€given€to€involving€theÏIGñ ›%ññš%ñÔ     I G     c Ôñš%ññ›%ñ.€€Such€councils€generally€recommend€to€the€agency€head€which€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€are€deemed€to€be€materialÏto€the€agency€as€a€whole,€and€should€therefore€be€included€in€the€annual€Integrity€Act€report€to€theÏPresident€and€the€Congress.€€(Such€a€council€need€not€be€exclusively€devoted€to€management€controlÏissues.)€€This€process€will€help€identify€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€that€although€minor€individually,€may€constitute€aÏmaterial€weaknessñ ›%ññš%ñÔ3  )   m a t e r i a l   w e a k n e s s     j3 Ôñš%ññ›%ñ€in€the€aggregate.€€Such€a€council€may€also€be€useful€in€determining€when€sufficientÏaction€has€been€taken€to€declare€that€a€deficiency€has€been€corrected.ÌÌà@    Z	Z	 ì àòòIV.€€CORRECTING€MANAGEMENT€CONTROL€DEFICIENCIESóóñ ›%ññš%ñÔ)     D E F I C I E N C I E S     &) Ôñš%ññ›%ñˆÐ   	 ©    ÐòòÌóóAgency€managers€are€responsible€for€taking€timely€and€effective€action€to€correct€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ù) Ôñš%ññ›%ñ€identifiedÐ   	 ]T   Ðby€the€variety€of€sources€discussed€in€Section€III.€€Correcting€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€is€an€integral€part€of€managementÏaccountability€and€must€be€considered€a€priority€by€the€agency.ÌÌThe€extent€to€which€corrective€actions€are€tracked€by€the€agency€should€be€commensurate€with€the€severityÏof€the€deficiency.€€Corrective€action€plans€should€be€developed€for€all€material€weaknesses,€and€progressÏagainst€plans€should€be€periodically€assessed€and€reported€to€agency€management.€€Management€shouldÏtrack€progress€to€ensure€timely€and€effective€results.€€For€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     Ö) Ôñš%ññ›%ñ€that€are€not€included€in€the€IntegrityÏAct€report,€corrective€action€plans€should€be€developed€and€tracked€internally€at€the€appropriate€level.ÌÌÔ&  B ÔA€determination€that€a€deficiency€has€been€corrected€should€be€made€only€when€sufficient€correctiveÏactions€have€been€taken€and€the€desired€results€achieved.€€This€determination€should€be€in€writing,€andÏalong€with€other€appropriate€documentation,€should€be€available€for€review€by€appropriate€officials.€€(SeeÏalso€role€of€senior€management€council€in€Section€III.)ÌÔ'  Bá/Ó  ÔÌAs€managers€consider€IGñ ›%ññš%ñÔ     I G       Ôñš%ññ›%ñ€and€GAO€auditñ ›%ññš%ñÔ     a u d i t       Ôñš%ññ›%ñ€reportsñ ›%ññš%ñÔ     r e p o r t s       Ôñš%ññ›%ñ€in€identifying€and€correcting€management€controlÏdeficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     %) Ôñš%ññ›%ñ,€they€must€be€mindful€of€the€statutory€requirements€for€auditñ ›%ññš%ñÔ     a u d i t     n Ôñš%ññ›%ñ€ñ ›%ñfollowupñ›%ññ›%ñfollow„upñ›%ñ€included€in€the€IGñ ›%ññš%ñÔ     I G     t Ôñš%ññ›%ñ€Act,Ïas€amended.€€Under€this€law,€management€has€a€responsibility€to€complete€action,€in€a€timely€manner,€onÏauditñ ›%ññš%ñÔ     a u d i t     n Ôñš%ññ›%ñ€recommendations€on€which€agreement€with€the€IGñ ›%ññš%ñÔ     I G     t Ôñš%ññ›%ñ€has€been€reached.€5€U.S.C.€Appendix€3.€Ï(Management€must€make€a€decision€regarding€IGñ ›%ññš%ñÔ     I G     t Ôñš%ññ›%ñ€auditñ ›%ññš%ñÔ     a u d i t     n Ôñš%ññ›%ñ€recommendations€within€a€six€month€period€andÏimplementation€of€management's€decision€should€be€completed€within€one€year€to€the€extent€practicable.)€ÏAgency€managers€and€the€IGñ ›%ññš%ñÔ     I G     t Ôñš%ññ›%ñ€share€responsibility€for€ensuring€that€IGñ ›%ññš%ñÔ     I G     t Ôñš%ññ›%ñ€Act€requirements€are€met.ÌÌà@    …… ì àòòV.€€REPORTING€ON€MANAGEMENT€CONTROLS€óóˆÐ   	 ó&ê")   ÐÌòòReporting€Pursuant€to€Section€2óó.€€31€U.S.C.€3512ñ ›%ññš%ñÔ-  #   3 1   U . S . C .   3 5 1 2      - Ôñš%ññ›%ñ(d)(2)€(commonly€referred€to€as€Section€2€of€the€IntegrityÐ   	 §(ž$+   ÐAct)€requires€that€annually€by€December€31,€the€head€of€each€executive€agency€submit€to€the€President€andÏthe€Congress€(i)€a€statement€on€whether€there€is€reasonable€assurance€that€the€agency's€controls€areÏachieving€their€intended€objectives;€and€(ii)€a€report€on€material€weaknesses€in€the€agency's€controls.€€OMBÏmay€provide€guidance€on€the€composition€of€the€annual€report.ÌÌñ “%ññ’%ñÔ&  „ Ôñ’%ññ“%ñð ðà0     àòòStatement€of€Assuranceóó.€€The€statement€on€reasonable€assurance€represents€the€agency€head'sÐ   	 Ã-º)1   Ðinformed€judgment€as€to€the€overall€adequacy€and€effectiveness€of€management€controls€within€theÏagency.€€The€statement€must€take€one€of€the€following€forms:€€statement€of€assurance;€qualifiedÏstatement€of€assurance,€considering€the€exceptions€explicitly€noted;€or€statement€of€no€assurance.Ð    (#(#  Ðà0     àIn€deciding€on€the€type€of€assurance€to€provide,€the€agency€head€should€consider€information€fromÏthe€sources€described€in€Section€III€of€this€Circular,€with€input€from€senior€program€andÏadministrative€officials€and€the€IGñ ›%ññš%ñÔ     I G     . Ôñš%ññ›%ñ.€€The€agency€head€must€describe€the€analytical€basis€for€the€typeÏof€assurance€being€provided,€and€the€extent€to€which€agency€activities€were€assessed.€TheÏstatement€of€assurance€must€be€signed€by€the€agency€head.Ð    (#(#  Ðñ “%ññ’%ñÔ'  „	Ò9  Ôñ’%ññ“%ñÌð ðà0     àòòReport€on€Material€Weaknessesóó.€€The€Integrity€Act€report€must€include€agency€plans€to€correct€theÐ   	 ³ª	   Ðmaterial€weaknesses€and€progress€against€those€plans.Ð    (#(#  ÐÌòòReporting€Pursuant€to€Section€4óó.€€31€U.S.C.€3512ñ ›%ññš%ñÔ-  #   3 1   U . S . C .   3 5 1 2     :- Ôñš%ññ›%ñ(d)(2)(B)€(commonly€referred€to€as€Section€4€of€theÐ   	 A8
   ÐIntegrity€Act)€requires€an€annual€statement€on€whether€the€agency's€financial€management€systems€conformÏwith€government„wide€requirements.€€Theseòò€financial€systems€requirements€are€presented€in€OMBÐ   	 õì   ÐCircular€No.€A„127ñ ›%ññš%ñÔ     A „ 1 2 7     Ö Ôñš%ññ›%ñ,€"Financial€Management€Systems,"€section€7óó.€€If€the€agency€does€not€conform€withÐ   	 ÓÊ   Ðfinancial€systems€requirements,€the€statement€must€discuss€the€agency's€plans€for€bringing€its€systems€intoÏcompliance.ÌÌIf€the€agency€head€judges€a€deficiency€in€financial€management€systems€and/or€operations€to€be€materialÏwhen€weighed€against€other€agency€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     ,) Ôñš%ññ›%ñ,€the€issue€must€be€included€in€the€annual€Integrity€ActÏreport€in€the€same€manner€as€other€material€weaknesses.ÌÌòòÔ&  Ð ÔDistributionñ ›%ññš%ñÔ)     D i s t r i b u t i o n     ,) Ôñš%ññ›%ñ€of€Integrity€Act€Reportóó.€€The€assurance€statements€and€information€related€to€both€SectionsÐ   	 §ž   Ð2€and€4€should€be€provided€in€a€single€Integrity€Act€report.€€Copies€of€the€report€are€to€be€transmitted€toÏthe€President;€the€President€of€the€Senate;€the€Speaker€of€the€House€of€Representatives;€the€Directorñ ›%ññš%ñÔ!     D i r e c t o r     ! Ôñš%ññ›%ñ€ofÏOMB;€and€the€Chairpersons€and€Ranking€Members€of€the€Senate€Committee€on€Governmental€Affairs,€theÏHouse€Committee€on€Government€Reform€and€Oversightñ ›%ññš%ñÔ#     O v e r s i g h t     )# Ôñš%ññ›%ñ,€and€the€relevant€authorizing€and€appropriationsÏcommittees€and€subcommittees.€€In€addition,€10€copies€of€the€report€are€to€be€provided€to€OMB's€OfficeÏof€Federal€Financial€Management,€Management€Integrity€Branch.€€Agencies€are€also€encouraged€to€makeÏtheir€reportsñ ›%ññš%ñÔ     r e p o r t s       Ôñš%ññ›%ñ€available€electronically.Ô'  Ð§7å  ÔÌÌòòÔ&  ª ÔStreamlined€Reportingóó.€€The€Government€Management€Reform€Act€(GMRA)€of€1994€(P.L.€103„356)Ð   	 QH    Ðpermits€OMB€for€fiscal€years€1995€through€1997€to€consolidate€or€adjust€the€frequency€and€due€dates€ofÏcertain€statutory€financial€management€reportsñ ›%ññš%ñÔ     r e p o r t s       Ôñš%ññ›%ñ€after€consultation€with€the€Congress.€€GMRA€prompted€theÏCFOñ ›%ññš%ñÔ     C F O     t Ôñš%ññ›%ñ€Council€to€recommend€to€OMB€a€new€approach€towards€financial€management€reporting€which€couldÏhelp€integrate€management€initiatives.€€This€proposal€is€being€pilot„tested€by€several€agencies€for€FY€1995.€ÏFurther€information€on€the€implications€of€this€initiative€for€other€agencies€will€be€issued€by€OMB€afterÏthe€pilot€reportsñ ›%ññš%ñÔ     r e p o r t s     Ö Ôñš%ññ›%ñ€have€been€evaluated.€€In€the€meantime,€the€reporting€requirements€outlined€in€this€CircularÏremain€valid€except€for€those€agencies€identified€as€pilots€by€OMB.ÌÔ'  ªQEé  ÔÌUnder€the€CFOñ ›%ññš%ñÔ     C F O     t Ôñš%ññ›%ñ€Council€approach,€agencies€would€consolidate€Integrity€Act€information€with€otherÏperformance„related€reporting€into€a€broader€"Accountability€Report"€to€be€issued€annually€by€the€agencyÏhead.€This€report€would€be€issued€as€soon€as€possible€after€the€end€of€the€fiscal€year,€but€no€later€thanÏMarch€31€for€agencies€producing€audited€financial€statements€and€December€31€for€all€other€agencies.€€TheÏproposed€"Accountability€Report"€would€integrate€the€following€information:€€the€Integrity€Act€report,Ïmanagement's€Report€on€Final€Action€as€required€by€the€IGñ ›%ññš%ñÔ     I G       Ôñš%ññ›%ñ€Act,€the€CFOs€Act€Annual€Report€(includingÏaudited€financial€statements),€Civil€Monetary€Penalty€and€Prompt€Payment€Act€reportsñ ›%ññš%ñÔ     r e p o r t s     Ö Ôñš%ññ›%ñ,€and€availableÏinformation€on€agency€performance€compared€to€its€stated€goals€and€objectives,€in€preparation€forÏimplementation€of€the€GPRA.Ð   	 Ë-Â)1   Ð‡òòGovernment€Corporationsóó.€€Section€306€of€the€òòChief€Financial€Officers€Actóó€established€a€reportingÐ   	 	      Ðrequirement€related€to€management€controls€for€corporations€covered€by€the€òòGovernment€CorporationÐ   	 çÞ    Ðand€Control€Actñ ›%ññš%ñÔ]  S   G o v e r n m e n t   C o r p o r a t i o n   a n d   C o n t r o l   A c t      ] Ôñš%ññ›%ñ.€€31€U.S.C.€9106ñ ›%ññš%ñÔ-  #   3 1   U . S . C .   9 1 0 6     - Ôñš%ññ›%ñ.óó€€These€corporations€must€submit€an€annual€management€report€to€theÐ   	 Å¼   ÐCongress€not€later€than€180€days€after€the€end€of€the€corporation's€fiscal€year.€€This€report€must€include,Ïamong€other€items,€a€statement€on€control€systems€by€the€head€of€the€management€of€the€corporationÏconsistent€with€the€requirements€of€the€Integrity€Act.ÌÌÔ&  h ÔThe€corporation€is€required€to€provide€the€President,€the€Directorñ ›%ññš%ñÔ!     D i r e c t o r     ! Ôñš%ññ›%ñ€of€OMB,€and€the€Comptroller€GeneralÏa€copy€of€the€management€report€when€it€is€submitted€to€Congress.ÌÌÔ'  h
:ô  ÔÌòòà@    99 ì àÔ
     ÔOMB€Circular€No.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     Ö Ôñš%ññ›%ñ,€Appendix€III,€€RevisedÔ    Nõ  ÔóóˆÐ   	 sj	   ÐÌà@    nn ì àòòòòEXECUTIVE€OFFICE€OF€THE€PRESIDENTóóóóˆÐ   	 '   Ðà@    ææ ì àOFFICE€OF€MANAGEMENT€AND€BUDGETñ ›%ññš%ñÔO  E   O F F I C E   O F   M A N A G E M E N T   A N D   B U D G E T     O Ôñš%ññ›%ñˆÌà@    ll ì àòòWASHINGTON,€D.C.€20503óóˆÐ   	 þ   ÐÌà@    \\" ì àFebruary€8,€1996ˆÌÌà€      / (# àCIRCULAR€NO.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     Ö Ôñš%ññ›%ñ,€€RevisedˆÌà€    &&- (# à(Transmittal€Memorandum€No.€3)ˆÌÌMEMORANDUM€FOR€HEADS€OF€EXECUTIVE€DEPARTMENTS€AND€ESTABLISHMENTSÌÌSUBJECT:€€Management€of€Federal€Information€ResourcesÌÌà     àCircular€No.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     Ö Ôñš%ññ›%ñ€provides€uniform€government-wide€information€resources€management€policiesÏas€required€by€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     ? Ôñš%ññ›%ñ€of€1980,€as€amended€by€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     ? Ôñš%ññ›%ñ€ofÏ1995,€44€U.S.C.€Chapter€35.€€This€Transmittal€Memorandum€contains€updated€guidance€on€the€"SecurityÏof€Federal€Automated€Information€Systems,"€Appendix€III€and€makes€minor€technical€revisions€to€theÏCircular€to€reflect€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     ? Ôñš%ññ›%ñ€of€1995€(P.L.€104-13).Ìñ ”%ñÌñ”%ñÌÌà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# à(Signed)Ð    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àAlice€M.€RivlinÐ    (#(#  Ðà0     àà0    `	(#(# àà0    ¸`	(#`	(# àà0    ¸(#¸(# àDirectorñ ›%ññš%ñÔ!     D i r e c t o r      ! Ôñš%ññ›%ñÐ    (#(#  Ðñ •%ñÌñ•%ñAttachmentÌÌÌÓ  
 ° °§ ° °§X ÓFebruary€8,€1996ÌÌòòAppendix€III€to€OMB€Circular€No.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     Ö Ôñš%ññ›%ñ€-€Security€of€Federal€Automated€Information€ResourcesóóÐ   	 ý&ô")   ÐÌòòA.à0    Ð àRequirements.óóÐ    ±(¨$+ Ð(#Ð(#  ÐÌ1.à0    Ð àòòPurposeóóÐ    e*\&- Ð(#Ð(#  ÐÌThis€Appendix€establishes€a€minimum€set€of€controls€to€be€included€in€Federal€automated€informationÏsecurity€programs;€assigns€Federal€agency€responsibilities€for€the€security€of€automated€information;€andÏlinks€agency€automated€information€security€programs€and€agency€management€control€systems€establishedÐ   	 Í-Ä)1   Ðin€accordance€with€OMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3       Ôñš%ññ›%ñ.€€The€Appendix€revises€procedures€formerly€contained€inÏAppendix€III€to€OMB€Circular€No.€A„130ñ ›%ññš%ñÔ     A „ 1 3 0       Ôñš%ññ›%ñ€(50€FR€52730;€December€24,€1985),€and€incorporatesÏrequirements€of€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     Ö; Ôñš%ññ›%ñ€of€1987€(P.L.€100-235)€and€responsibilities€assigned€inÏapplicable€national€security€directives.ÌÌ2.à0    Ð àòòDefinitionsóóÐ    KB Ð(#Ð(#  ÐÌThe€term:ÌÌà0    Ð àa.€€"adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     c3 Ôñš%ññ›%ñ"€means€security€commensurate€with€the€risk€and€magnitude€of€the€harm€resultingÏfrom€the€loss,€misuse,€or€unauthorized€access€to€or€modification€of€information.€€This€includes€assuringÏthat€systems€and€applications€used€by€the€agency€operate€effectively€and€provide€appropriateÏconfidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y      / Ôñš%ññ›%ñ,€integrity,€and€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     y) Ôñš%ññ›%ñ,€through€the€use€of€cost-effective€management,€personnel,Ïoperational,€and€technical€controls.Ð    Ð(#Ð(#  ÐÌà0    Ð àb.€€"applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ"€means€the€use€of€information€resources€(information€and€information€technology)€toÏsatisfy€a€specific€set€of€user€requirements.Ð    Ð(#Ð(#  ÐÌà0    Ð àc.€€"general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ"€or€"system"€means€an€interconnected€set€of€information€resources€underÏthe€same€direct€management€control€which€shares€common€functionality.€€A€system€normally€includesÏhardware,€software,€information,€data,€applications,€communications,€and€people.€€A€system€can€be,Ïfor€example,€a€local€area€network€(LAN)€including€smart€terminals€that€supports€a€branch€office,€anÏagency-wide€backbone,€a€communications€network,€a€departmental€data€processing€center€includingÏits€operating€system€and€utilities,€a€tactical€radio€network,€or€a€shared€information€processing€serviceÏorganization€(IPSO).Ð    Ð(#Ð(#  ÐÌà0    Ð àd.€€"major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     
3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ"€means€an€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€that€requires€special€attention€to€security€due€to€the€riskÏand€magnitude€of€the€harm€resulting€from€the€loss,€misuse,€or€unauthorized€access€to€or€modificationÏof€the€information€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.€€Note:€€All€Federal€applications€require€some€level€of€protection.€ÏCertain€applications,€because€of€the€information€in€them,€however,€require€special€managementÏoversightñ ›%ññš%ñÔ#     o v e r s i g h t      # Ôñš%ññ›%ñ€and€should€be€treated€as€major.€€Adequate€securityñ ›%ññš%ñÔ3  )   A d e q u a t e   s e c u r i t y     ý3 Ôñš%ññ›%ñ€for€other€applications€should€be€providedÏby€security€of€the€systems€in€which€they€operate.Ð    Ð(#Ð(#  ÐÌ3.à    Ð àòòAutomated€Information€Security€Programsóó.€€Agencies€shall€implement€and€maintain€a€program€toÐ   	 # !   Ðassure€that€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     ý3 Ôñš%ññ›%ñ€is€provided€for€all€agency€information€collected,€processed,€transmitted,Ïstored,€or€disseminated€in€general€support€systems€and€major€applications.ÌÌEach€agency's€program€shall€implement€policies,€standards€and€procedures€which€are€consistent€withÏgovernment-wide€policies,€standards,€and€procedures€issued€by€the€Office€of€Management€and€Budgetñ ›%ññš%ñÔO  E   O f f i c e   o f   M a n a g e m e n t   a n d   B u d g e t      O Ôñš%ññ›%ñ,€theÏDepartment€of€Commerce,€the€General€Services€Administration€and€the€Office€of€Personnel€Managementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t      M Ôñš%ññ›%ñÏ(OPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñ).€€Different€or€more€stringent€requirements€for€securing€national€security€information€should€beÏincorporated€into€agency€programs€as€required€by€appropriate€national€security€directives.€€At€a€minimum,Ïagency€programs€shall€include€the€following€controls€in€their€general€support€systems€and€majorÏapplications:ÌÌà0    Ð àa.€€Controls€for€general€support€systems.Ð    Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àAssign€Responsibility€for€Security.€€Assign€responsibility€for€security€in€each€system€to€anÐ   	 ,(/   Ðindividual€knowledgeable€in€the€information€technology€used€in€the€system€and€in€providing€Ïsecurity€for€such€technology.Ð    Ã-º)1 ð(#ð(#  Ð‡à0    Ð àà0    ðÐ(#Ð(# à2)à     àòòSystem€Security€Planóóñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     X+ Ôñš%ññ›%ñ.€€Plan€for€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     3 Ôñš%ññ›%ñ€of€each€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ€as€part€of€theÐ   	 	      Ðorganization's€information€resources€management€(IRMñ ›%ññš%ñÔ     I R M     a Ôñš%ññ›%ñ)€planning€process.€€The€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ€shallÏbe€consistent€with€guidance€issued€by€the€National€Institute€of€Standards€and€Technology€(NIST).€ÏIndependent€advice€and€comment€on€the€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ€shall€be€solicited€prior€to€the€plan'sÏimplementation.€€A€summary€of€the€security€plans€shall€be€incorporated€into€the€strategic€IRMñ ›%ññš%ñÔ     I R M     e Ôñš%ññ›%ñ€planñ ›%ññš%ñÔ5  +   s t r a t e g i c   I R M   p l a n     e5 Ôñš%ññ›%ñÏrequired€by€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     Ö? Ôñš%ññ›%ñ€(44€U.S.C.€Chapter€35)€and€Section€8(b)€of€this€circular.ÏSecurity€plans€shall€include:Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àa)à    0	 àòòRules€of€the€Systemóóñ ›%ññš%ñÔ7  -   R u l e s   o f   t h e   S y s t e m     c7 Ôñš%ññ›%ñ.€€Establish€a€set€of€rules€of€behaviorñ ›%ññš%ñÔ3  )   r u l e s   o f   b e h a v i o r      3 Ôñš%ññ›%ñ€concerning€use€of,€security€in,€andÐ   	 Ù
Ð   Ðthe€acceptable€level€of€risk€for,€the€system.€€The€rules€shall€be€based€on€the€needs€of€theÏvarious€users€of€the€system.€€The€security€required€by€the€rules€shall€be€only€as€stringent€as€Ïnecessary€to€provide€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y      3 Ôñš%ññ›%ñ€for€information€in€the€system.€€Such€rules€shall€clearlyÏdelineate€responsibilities€and€expected€behavior€of€all€individuals€with€access€to€the€system.€ÏThey€shall€also€include€appropriate€limits€on€interconnections€to€other€systems€and€shall€defineÏservice€provision€and€restoration€priorities.€€Finally,€they€shall€be€clearñ ›%ññš%ñÔ     c l e a r     e Ôñš%ññ›%ñ€about€the€consequencesÏof€behavior€not€consistent€with€the€rules.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àb)à    0	 àòòTrainingóóñ ›%ññš%ñÔ!     T r a i n i n g     e! Ôñš%ññ›%ñ.€€Ensure€that€all€individuals€are€appropriately€trained€in€how€to€fulfill€theirÐ   	 ƒz   Ðsecurity€responsibilities€before€allowing€them€access€to€the€system.€€Such€trainingñ ›%ññš%ñÔ!     t r a i n i n g     e! Ôñš%ññ›%ñ€shall€assureÏthat€employees€are€versed€in€the€rules€of€the€systemñ ›%ññš%ñÔ7  -   r u l e s   o f   t h e   s y s t e m     c7 Ôñš%ññ›%ñ,€be€consistent€with€guidance€issued€byÏNIST€and€OPMñ ›%ññš%ñÔ     O P M       Ôñš%ññ›%ñ,€and€apprise€them€about€available€assistance€and€technical€security€productsÏand€techniques.€€Behavior€consistent€with€the€rules€of€the€systemñ ›%ññš%ñÔ7  -   r u l e s   o f   t h e   s y s t e m     c7 Ôñš%ññ›%ñ€and€periodic€refresher€trainingñ ›%ññš%ñÔ!     t r a i n i n g     h! Ôñš%ññ›%ñÏshall€be€required€for€continued€access€to€the€system.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àc)à    0	 àòòPersonnel€Controlsóó.€€Screen€individuals€who€are€authorized€to€bypass€significant€technicalÐ   	 yp   Ðand€operational€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€of€the€system€commensurate€with€the€risk€and€magnitude€ofÏharm€they€could€cause.€€Such€screening€shall€occur€prior€to€an€individual€being€authorized€toÏbypass€controls€and€periodically€thereafter.Ð    (#(#  ÐÌà0    Ð àÔ&   Ôà0    ðÐ(#Ð(# àà0    ð(#ð(# àd)à    0	 àòòIncident€Response€Capabilityóóñ ›%ññš%ñÔI  ?   I n c i d e n t   R e s p o n s e   C a p a b i l i t y      I Ôñš%ññ›%ñ.€€Ensure€that€there€is€a€capability€to€provide€help€to€usersÐ   	 »²   Ðwhen€a€security€incident€occurs€in€the€system€and€to€share€information€concerning€commonÏvulnerabilities€and€threats.€€This€capability€shall€share€information€with€other€organizations,Ïconsistent€with€NIST€coordination,€and€should€assist€the€agency€in€pursuing€appropriate€legalÏaction,€consistent€with€Department€of€Justiceñ ›%ññš%ñÔ;  1   D e p a r t m e n t   o f   J u s t i c e     i; Ôñš%ññ›%ñ€guidance.Ð    (#(#  ÐÔ'  »j!  ÔÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àe)à    0	 àòòContinuity€of€Supportóóñ ›%ññš%ñÔ;  1   C o n t i n u i t y   o f   S u p p o r t     i; Ôñš%ññ›%ñ.€€Establish€and€periodically€test€the€capability€to€continue€providingÐ   	 ×!Î#   Ðservice€within€a€system€based€upon€the€needs€and€priorities€of€the€participants€of€the€system.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àf)à    0	 àòòTechnical€Securityóó.€€Ensure€that€cost-effective€security€products€and€techniques€areÐ   	 e$\ &   Ðappropriately€used€within€the€system.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àg)à    0	 àòòSystem€Interconnectionóó.€€Obtain€written€management€authorization,€based€upon€theÐ   	 ó&ê")   Ðacceptance€of€risk€to€the€system,€prior€to€connecting€with€other€systems.€€Where€connectionÏis€authorized,€controls€shall€be€established€which€are€consistent€with€the€rules€of€the€systemñ ›%ññš%ñÔ7  -   r u l e s   o f   t h e   s y s t e m     
7 Ôñš%ññ›%ñ€andÏin€accordance€with€guidance€from€NIST.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à3)à     àòòReview€of€Security€Controlsóóñ ›%ññš%ñÔ3  )   S e c u r i t y   C o n t r o l s      3 Ôñš%ññ›%ñ.€€Review€the€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€in€each€system€when€significantÐ   	 5+,'.   Ðmodifications€are€made€to€the€system,€but€at€least€every€three€years.€€The€scope€and€frequency€ofÏthe€review€should€be€commensurate€with€the€acceptable€level€of€risk€for€the€system.€€DependingÏon€the€potential€risk€and€magnitude€of€harm€that€could€occur,€consider€identifying€a€deficiencyÐ   	 Ã-º)1   Ðpursuant€to€OMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3       Ôñš%ññ›%ñ,€"Management€Accountability€and€Control"€and€the€FederalÏManagers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t      c Ôñš%ññ›%ñ€(FMFIAñ ›%ññš%ñÔ     F M F I A       Ôñš%ññ›%ñ),€if€there€is€no€assignment€of€security€responsibility,Ïno€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ,€or€no€authorization€to€process€for€a€system.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à4)à     àòòAuthorize€Processingóó.€€Ensure€that€a€management€official€authorizes€in€writing€the€use€of€eachÐ   	 qh   Ðgeneral€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     8= Ôñš%ññ›%ñ€based€on€implementation€of€its€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ€before€beginning€or€Ïsignificantly€changing€processing€in€the€system.€€Use€of€the€system€shall€be€re-authorized€at€leastÏevery€three€years.Ð    ð(#ð(#  ÐÌà0    Ð àb.à    ð àControls€for€Major€Applications.Ð    ³ª	 Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àòòAssign€Responsibility€for€Securityóó.€€Assign€responsibility€for€security€of€each€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     t3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñÐ   	 g^	   Ðto€a€management€official€knowledgeable€in€the€nature€of€the€information€and€process€€supportedÏby€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€and€in€the€management,€personnel,€operational,€and€technical€controls€used€toÏprotect€it.€€This€official€shall€assure€that€effective€security€products€and€techniques€are€appropriatelyÏused€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€and€shall€be€contacted€when€a€security€incident€occurs€concerning€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à2)à     àòòApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñ€Security€Planóóñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n      + Ôñš%ññ›%ñ.€€Plan€for€the€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     
3 Ôñš%ññ›%ñ€each€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     
3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ,€taking€intoÐ   	 ]T   Ðaccount€the€security€of€all€systems€in€which€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€will€operate.€€The€plan€shall€beÏconsistent€with€guidance€issued€by€NIST.€€Advice€and€comment€on€the€plan€shall€be€solicited€fromÏthe€official€responsible€for€security€in€the€primary€system€in€which€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€will€operate€priorÏto€the€plan's€implementation.€€A€summary€of€the€security€plans€shall€be€incorporated€into€theÏstrategic€IRMñ ›%ññš%ñÔ     I R M     e Ôñš%ññ›%ñ€planñ ›%ññš%ñÔ5  +   s t r a t e g i c   I R M   p l a n     G5 Ôñš%ññ›%ñ€required€by€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     Ö? Ôñš%ññ›%ñ.€€Applicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     u' Ôñš%ññ›%ñ€security€plans€shallÏinclude:Ð    ð(#ð(#  ÐÌÔ&   Ôà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àa)à    0	 àòòApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     u' Ôñš%ññ›%ñ€Rulesóó.€€Establish€a€set€of€rules€concerning€use€of€and€behavior€within€theÐ   	 -$   Ðapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     u' Ôñš%ññ›%ñ.€€The€rules€shall€be€as€stringent€as€necessary€to€provide€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y      3 Ôñš%ññ›%ñ€for€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€and€the€information€in€it.€€Such€rules€shall€clearly€delineate€responsibilities€andÏexpected€behavior€of€all€individuals€with€access€to€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ.€€In€addition,€the€rules€shallÏbe€clearñ ›%ññš%ñÔ     c l e a r     t Ôñš%ññ›%ñ€about€the€consequences€of€behavior€not€consistent€with€the€rules.Ð    (#(#  ÐÔ'  -q8  ÔÌÔ&  ö Ôà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àb)à    0	 àòòSpecialized€Trainingóóñ ›%ññš%ñÔ!     T r a i n i n g     n! Ôñš%ññ›%ñ.€€Before€allowing€individuals€access€to€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ,€ensure€that€allÐ   	 I@    Ðindividuals€receive€specialized€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€focused€on€their€responsibilities€and€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñÏrules.€€This€may€be€in€addition€to€the€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€required€for€access€to€a€system.€€Such€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñÏmay€vary€from€a€notification€at€the€time€of€access€(e.g.,€for€members€of€the€public€using€anÏinformation€retrieval€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ)€to€formal€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€(e.g.,€for€an€employee€that€works€with€aÏhigh-risk€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ).Ð    (#(#  ÐÔ'  öI*<  ÔÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àc)à    0	 àòòPersonnel€Securityóó.€€Incorporate€controls€such€as€separation€of€dutiesñ ›%ññš%ñÔ9  /   s e p a r a t i o n   o f   d u t i e s     t9 Ôñš%ññ›%ñ,€least€privilegeñ ›%ññš%ñÔ/  %   l e a s t   p r i v i l e g e     i/ Ôñš%ññ›%ñ€andÐ   	 ?%6!'   Ðindividual€accountabilityñ ›%ññš%ñÔC  9   i n d i v i d u a l   a c c o u n t a b i l i t y     ÖC Ôñš%ññ›%ñ€into€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     c' Ôñš%ññ›%ñ€and€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     c' Ôñš%ññ›%ñ€rules€as€appropriate.€€In€casesÏwhere€such€controls€cannot€adequately€protect€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     c' Ôñš%ññ›%ñ€or€information€in€it,€screen€Ïindividuals€commensurate€with€the€risk€and€magnitude€of€the€harm€they€could€cause.€€SuchÏscreening€shall€be€done€prior€to€the€individuals'€being€authorized€to€access€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     c' Ôñš%ññ›%ñ€andÏperiodically€thereafter.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àd)à    0	 àòòContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y     c' Ôñš%ññ›%ñ€Planningóó.€€Establish€and€periodically€test€the€capability€to€perform€the€agencyÐ   	 5+,'.   Ðfunction€supported€by€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     c' Ôñš%ññ›%ñ€in€the€event€of€failure€of€its€automated€support.Ð    (#(#  Ðâ
    
 âÐ   	 é,à(0   Ðñ–%ñÔ&  ´ Ôâ
    
 âñ–%ñà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àe)à    0	 àòòTechnical€Controlsóó.€€Ensure€that€appropriate€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€are€specified,€designed€into,Ð   	 	      Ðtested,€and€accepted€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€in€accordance€with€appropriate€guidance€issuedñ–%ñÔ'  ´	’F  Ôñ–%ñ€by€NIST.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àf)à    0	 àòòInformation€Sharingóóñ ›%ññš%ñÔ7  -   I n f o r m a t i o n   S h a r i n g      7 Ôñš%ññ›%ñ.€€Ensure€that€information€shared€from€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     h' Ôñš%ññ›%ñ€is€protectedÐ   	 —Ž   Ðappropriately,€comparable€to€the€protection€provided€when€information€is€within€the€Ïapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     h' Ôñš%ññ›%ñ.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àg)à    0	 àòòPublic€Accessñ ›%ññš%ñÔ+  !   P u b l i c   A c c e s s     r+ Ôñš%ññ›%ñ€Controlsóó.€€Where€an€agency's€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€promotes€or€permits€public€accessñ ›%ññš%ñÔ+  !   p u b l i c   a c c e s s     r+ Ôñš%ññ›%ñ,Ð   	 ÿ	ö   Ðadditional€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€shall€be€added€to€protect€the€integrity€of€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€and€theÏconfidence€the€public€has€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ.€€Such€controls€shall€include€segregating€Ïinformation€made€directly€accessible€to€the€public€from€official€agency€records.Ð    (#(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à3)à     àòòReview€of€Applicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     r' Ôñš%ññ›%ñ€Controlsóó.€€Perform€an€independent€review€or€auditñ ›%ññš%ñÔ     a u d i t     t Ôñš%ññ›%ñ€of€the€securityÐ   	 A8
   Ðcontrolsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€in€each€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€at€least€every€three€years.€€Consider€identifying€a€deficiency€pursuantÏto€OMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     t Ôñš%ññ›%ñ,€"Management€Accountability€and€Control"€and€the€FederalÏManagers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t     Šc Ôñš%ññ›%ñ€if€there€is€no€assignment€of€responsibility€for€security,€noÏsecurity€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     s+ Ôñš%ññ›%ñ,€or€no€authorization€to€process€for€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à4)à     àòòAuthorize€Processingóó.€€Ensure€that€a€management€official€authorizes€in€writing€use€of€theÐ   	 ]T   Ðapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€by€confirming€that€its€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     s+ Ôñš%ññ›%ñ€as€implemented€adequately€secures€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.€ÏResults€of€the€most€recent€review€or€auditñ ›%ññš%ñÔ     a u d i t     t Ôñš%ññ›%ñ€of€controls€shall€be€a€factor€in€managementÏauthorizations.€€The€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€must€be€authorized€prior€to€operating€and€re„authorized€at€leastÏevery€three€years€thereafter.€€Management€authorization€implies€accepting€the€risk€of€each€systemÏused€by€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌ4.à    Ð àòòAssignment€of€ResponsibilitiesóóÐ   	 SJ   ÐÌà0    Ð àa.à    ð àòòDepartment€of€Commerceóó.€€The€Secretary€of€Commerce€shall:Ð    þ Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àDevelop€and€issue€appropriate€standards€and€guidance€for€the€security€of€sensitive€informationÐ   	 »²   Ðin€Federal€computer€systems.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à2)à     àReview€and€update€guidelines€for€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€in€computer€security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s      # Ôñš%ññ›%ñ€and€acceptedÐ   	 I@    Ðcomputer€security€practice,€with€assistance€from€OPMñ ›%ññš%ñÔ     O P M     n Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à3)à     àProvide€agencies€guidance€for€security€planning€to€assist€in€their€development€of€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñÐ   	 ×!Î#   Ðand€system€security€plans.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à4)à     àProvide€guidance€and€assistance,€as€appropriate,€to€agencies€concerning€cost-effective€controlsÐ   	 e$\ &   Ðwhen€interconnecting€with€other€systems.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à5)à     àCoordinate€agency€incident€response€activities€to€promote€sharing€of€incident€responseÐ   	 ó&ê")   Ðinformation€and€related€vulnerabilities.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à6)à     àEvaluate€new€information€technologies€to€assess€their€security€vulnerabilities,€with€technicalÐ   	 )x%,   Ðassistance€from€the€Department€of€Defense,€and€apprise€Federal€agencies€of€such€vulnerabilitiesÏas€€soon€as€they€are€known.Ð    ð(#ð(#  Ðâ
    
 âÐ   	 ,(/   Ðñ—%ñÔ&  h Ôâ
    
 âñ—%ñà0    Ð àb.à    ð àòòDepartment€of€Defenseóó.€€The€Secretary€of€Defense€shall:Ð    	    Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àProvide€appropriate€technical€advice€and€assistance€(including€work€products)€to€theÐ   	 ½´   ÐDepartment€of€Commerce.ñ—%ñÔ'  h	¯\  Ôñ—%ñÐ    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à2)à     àAssist€the€Department€of€Commerce€in€evaluating€the€vulnerabilities€of€emerging€informationÐ   	 KB   Ðtechnologies.Ð    ð(#ð(#  ÐÌà0    Ð àc.à    ð àòòDepartment€of€Justiceóóñ ›%ññš%ñÔ;  1   D e p a r t m e n t   o f   J u s t i c e      ; Ôñš%ññ›%ñ.€€The€Attorney€General€shall:Ð    Ù
Ð Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àProvide€appropriate€guidance€to€agencies€on€legal€remedies€regarding€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     e5 Ôñš%ññ›%ñ€andÐ   	 „
   Ðways€to€report€and€work€with€law€enforcement€concerning€such€incidents.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à2)à     àPursue€appropriate€legal€actions€when€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     e5 Ôñš%ññ›%ñ€occur.Ð     ð(#ð(#  ÐÌÔ&  B Ôà0    Ð àd.à    ð àòòGeneral€Services€Administrationóó.€€The€Administrator€of€General€Services€shall:Ð    ÏÆ Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àProvide€guidance€to€agencies€on€addressing€security€considerations€when€acquiring€automatedÐ   	 ƒz   Ðdata€processing€equipment€(as€defined€in€section€111(a)(2)€of€the€Federal€Property€andÏAdministrative€Services€Act€of€1949,€as€amended).Ô'  BÏÅa  ÔÐ    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à2)à     àFacilitate€the€development€of€contract€vehicles€for€agencies€to€use€in€the€acquisitionñ ›%ññš%ñÔ'     a c q u i s i t i o n     d' Ôñš%ññ›%ñ€ofÐ   	 ëâ   Ðcost-effective€security€products€and€services€(e.g.,€back-upñ ›%ññš%ñÔ     b a c k - u p     o Ôñš%ññ›%ñ€services).Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àÔ&  ´ Ô3)à     àProvide€appropriate€security€services€to€meet€the€needs€of€Federal€agencies€to€the€extent€thatÐ   	 yp   Ðsuch€services€are€cost-effective.Ô'  ´y9e  ÔÐ    ð(#ð(#  ÐÌà0    Ð àe.à    ð àòòOffice€of€Personnel€Managementóóñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t     8M Ôñš%ññ›%ñ.€€The€Directorñ ›%ññš%ñÔ!     D i r e c t o r     P! Ôñš%ññ›%ñ€of€the€Office€of€Personnel€Managementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t     8M Ôñš%ññ›%ñ€shall:Ð    þ Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àAssure€that€its€regulations€concerning€computer€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     P! Ôñš%ññ›%ñ€for€Federal€civilian€employeesÐ   	 »²   Ðare€effective.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à2)à     àAssist€the€Department€of€Commerce€in€updating€and€maintaining€guidelines€for€trainingñ ›%ññš%ñÔ!     t r a i n i n g     P! Ôñš%ññ›%ñ€inÐ   	 I@    Ðcomputer€security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     e# Ôñš%ññ›%ñ€and€accepted€computer€security€practice.Ð    ð(#ð(#  ÐÌà0    Ð àf.à    ð àòòSecurity€Policy€Boardóó.€€The€Security€Policy€Board€shall€coordinate€the€activities€of€the€FederalÐ   	 ×!Î#   Ðgovernment€regarding€the€security€of€information€technology€that€processes€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     r% Ôñš%ññ›%ñ€information€inÏaccordance€with€applicable€national€security€directives;Ð    Ð(#Ð(#  ÐÌ5.à    Ð àòòCorrection€of€Deficienciesñ ›%ññš%ñÔ)     D e f i c i e n c i e s     o) Ôñš%ññ›%ñ€and€Reportsóóñ ›%ññš%ñÔ     R e p o r t s     i Ôñš%ññ›%ñÐ   	 ?%6!'   ÐÌà0    Ð àa.à    ð àòòCorrection€of€Deficienciesóóñ ›%ññš%ñÔ)     D e f i c i e n c i e s     o) Ôñš%ññ›%ñ.€€Agencies€shall€correct€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     o) Ôñš%ññ›%ñ€which€are€identified€through€theÐ   	 ó&ê")   Ðreviews€of€security€for€systems€and€major€applications€described€above.Ð    Ð(#Ð(#  ÐÌà0    Ð àb.à    ð àòòReportsñ ›%ññš%ñÔ     R e p o r t s     i Ôñš%ññ›%ñ€on€Deficienciesóóñ ›%ññš%ñÔ)     D e f i c i e n c i e s     o) Ôñš%ññ›%ñ.€€In€accordance€with€OMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     n Ôñš%ññ›%ñ,€"ManagementÐ   	 )x%,   ÐAccountability€and€Control",€if€a€deficiency€in€controls€is€judged€by€the€agency€head€to€be€materialÏwhen€weighed€against€other€agency€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     o) Ôñš%ññ›%ñ,€it€shall€be€included€in€the€annual€FMFIAñ ›%ññš%ñÔ     F M F I A     n Ôñš%ññ›%ñ€report.€€LessÏsignificant€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     o) Ôñš%ññ›%ñ€shall€be€reported€and€progress€on€corrective€actions€tracked€at€the€appropriateÏagency€level.Ð    Ð(#Ð(#  ÐÐ   	 Ã-º)1   Ðà0    Ð àc.à    ð àòòSummaries€of€Security€Plansóó.€€Agencies€shall€include€a€summary€of€their€system€security€plans€andÐ   	 	      Ðmajor€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€plans€in€the€strategic€plan€required€by€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     "? Ôñš%ññ›%ñ€(44€U.S.C.Ï3506).Ð    Ð(#Ð(#  ÐÌòòB.à    Ð àDescriptive€Information.óóÐ   	 qh   ÐÌThe€following€descriptive€language€is€explanatory.€€It€is€included€to€assist€in€understanding€theÏrequirements€of€the€Appendix.ÌÌThe€Appendix€re-orients€the€Federal€computer€security€program€to€better€respond€to€a€rapidly€changingÏtechnological€environment.€€It€establishes€government-wide€responsibilities€for€Federal€computer€securityÏand€requires€Federal€agencies€to€adopt€a€minimum€set€of€management€controls.€€These€managementÏcontrols€are€directed€at€individual€information€technology€users€in€order€to€reflect€the€distributed€natureÏof€today's€technology.ÌÌFor€security€to€be€most€effective,€the€controls€must€be€part€of€day-to-day€operations.€€This€is€bestÏaccomplished€by€planning€for€security€not€as€a€separate€activity,€but€as€an€integral€part€of€overall€planning.ÌÌ"Adequate€securityñ ›%ññš%ñÔ3  )   A d e q u a t e   s e c u r i t y     
3 Ôñš%ññ›%ñ"€is€defined€as€"security€commensurate€with€the€risk€and€magnitude€of€harm€resultingÏfrom€the€loss,€misuse,€or€unauthorized€access€to€or€modification€of€information."€€This€definition€explicitlyÏemphasizes€the€risk-based€policy€for€cost-effective€security€established€by€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     ; Ôñš%ññ›%ñ.ÌÌThe€Appendix€no€longer€requires€the€preparation€of€formal€risk€analyses.€€In€the€past,€substantial€resourcesÏhave€been€expended€doing€complex€analyses€of€specific€risks€to€systems,€with€limited€tangible€benefit€inÏterms€of€improved€security€for€the€systems.€€Rather€than€continue€to€try€to€precisely€measure€risk,€securityÏefforts€are€better€served€by€generally€assessing€risks€and€taking€actions€to€manage€them.€€While€formal€riskÏanalyses€need€not€be€performed,€the€need€to€determine€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     c3 Ôñš%ññ›%ñ€will€require€that€a€risk-basedÏapproach€be€used.€€This€risk€assessmentñ ›%ññš%ñÔ/  %   r i s k   a s s e s s m e n t      / Ôñš%ññ›%ñ€approach€should€include€a€consideration€of€the€major€factors€inÏrisk€managementñ ›%ññš%ñÔ/  %   r i s k   m a n a g e m e n t      / Ôñš%ññ›%ñ:€the€value€of€the€system€or€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     n' Ôñš%ññ›%ñ,€threats,€vulnerabilities,€and€the€effectiveness€ofÏcurrent€or€proposed€safeguards.€€Additional€guidance€on€effective€risk€assessmentñ ›%ññš%ñÔ/  %   r i s k   a s s e s s m e n t      / Ôñš%ññ›%ñ€is€available€in€"AnÏIntroduction€to€Computer€Security:€€The€NIST€Handbookñ ›%ññš%ñÔ+  !   N I S T   H a n d b o o k      + Ôñš%ññ›%ñ"€(March€16,€1995).ÌÌòòDiscussion€of€the€Appendix's€Major€Provisionsóó.€€The€following€discussion€is€provided€to€aid€reviewers€inÐ   	 I@    Ðunderstanding€the€changes€in€emphasis€in€the€Appendix.ÌÌòòAutomated€Information€Security€Programsóó.€€Agencies€are€required€to€establish€controls€to€assure€adequateÐ   	 ×!Î#   Ðsecurityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     c3 Ôñš%ññ›%ñ€for€all€information€processed,€transmitted,€or€stored€in€Federal€automated€information€systems.€ÏThis€Appendix€emphasizes€management€controls€affecting€individual€users€of€information€technology.€ÏTechnical€and€operational€controls€support€management€controls.€To€be€effective,€all€must€interrelate.€€ForÏexample,€authentication€of€individual€users€is€an€important€management€control,€for€which€passwordñ ›%ññš%ñÔ!     p a s s w o r d     e! Ôñš%ññ›%ñÏprotection€is€a€technical€control.€€However,€passwordñ ›%ññš%ñÔ!     p a s s w o r d     e! Ôñš%ññ›%ñ€protection€will€only€be€effective€if€both€a€strongÏtechnology€is€employed,€and€it€is€managed€to€assure€that€it€is€used€correctly.ÌÌFour€controls€are€set€forth:€assigning€responsibility€for€security,€security€planning,€periodic€review€ofÏsecurity€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     c3 Ôñš%ññ›%ñ,€and€management€authorization.€€The€Appendix€requires€that€these€management€controlsÏbe€applied€in€two€areas€of€management€responsibility:€one€for€general€support€systems€and€one€for€majorÏapplications.ÌÌThe€terms€"general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     8= Ôñš%ññ›%ñ"€and€"major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     t3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ"€were€used€in€OMB€Bulletins€Nos.€88-16ñ ›%ññš%ñÔ     8 8 - 1 6     t Ôñš%ññ›%ñ€andÏ90-08ñ ›%ññš%ñÔ     9 0 - 0 8       Ôñš%ññ›%ñ.€€A€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ€is€"an€interconnected€set€of€information€resources€under€the€same€directÐ   	 Ã-º)1   Ðmanagement€control€which€shares€common€functionality."€€Such€a€system€can€be,€for€example,€a€local€areaÏnetwork€(LAN)€including€smart€terminals€that€supports€a€branch€office,€an€agency-wide€backbone,€aÏcommunications€network,€a€departmental€data€processing€center€including€its€operating€system€and€utilities,Ïa€tactical€radio€network,€or€a€shared€information€processing€service€organization.€€Normally,€the€purposeÏof€a€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ€is€to€provide€processing€or€communications€support.ÌÌA€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     t3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€is€a€use€of€information€and€information€technology€to€satisfy€a€specific€set€of€userÏrequirements€that€requires€special€management€attention€to€security€due€to€the€risk€and€magnitude€of€harmÏresulting€from€the€loss,€misuse€or€unauthorized€access€to€or€modification€of€the€information€in€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ.€€All€applications€require€some€level€of€security,€and€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     t3 Ôñš%ññ›%ñ€for€most€of€them€shouldÏbe€provided€by€security€of€the€general€support€systems€in€which€they€operate.€€However,€certainÏapplications,€because€of€the€nature€of€the€information€in€them,€require€special€management€oversightñ ›%ññš%ñÔ#     o v e r s i g h t     c# Ôñš%ññ›%ñ€andÏshould€be€treated€as€major.€€Agencies€are€expected€to€exercise€management€judgement€in€determiningÏwhich€of€their€applications€are€major.ÌÌThe€focus€of€OMB€Bulletins€Nos.€88-16ñ ›%ññš%ñÔ     8 8 - 1 6     h Ôñš%ññ›%ñ€and€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     h Ôñš%ññ›%ñ€was€on€identifying€and€securing€both€general€supportÏsystems€and€applications€which€contained€sensitive€information.€€The€Appendix€requires€the€establishmentÏof€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     t3 Ôñš%ññ›%ñ€in€all€general€support€systems,€under€the€presumption€that€all€contain€some€sensitiveÏinformation,€and€focuses€extra€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     t3 Ôñš%ññ›%ñ€on€a€limited€number€of€particularly€high-risk€or€majorÏapplications.ÌÌa.à    Ð àòòGeneral€Support€Systemsóó.€€The€following€controls€are€required€in€all€general€support€systems:Ð   	 ëâ   ÐÌà0    Ð à1)à    ð àòòAssign€Responsibility€for€Securityóó.€€For€each€system,€an€individual€should€be€a€focal€point€forÐ   	 Ÿ–   Ðassuring€there€is€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     t3 Ôñš%ññ›%ñ€within€the€system,€including€ways€to€prevent,€detect,€and€recoverÏfrom€security€problems.€€That€responsibility€should€be€assigned€in€writing€to€an€individual€trained€inÏthe€technology€used€in€the€system€and€in€providing€security€for€such€technology,€including€theÏmanagement€of€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     t3 Ôñš%ññ›%ñ€such€as€user€identification€and€authentication.Ð    Ð(#Ð(#  ÐÌà0    Ð à2)à    ð àòòSecurity€Planóóñ ›%ññš%ñÔ+  !   S e c u r i t y   P l a n     l+ Ôñš%ññ›%ñ.€€The€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t      ; Ôñš%ññ›%ñ€requires€that€security€plans€be€developed€for€all€FederalÐ   	 »²   Ðcomputer€systems€that€contain€sensitive€information.€€Given€the€expansion€of€distributed€processingÏsince€passage€of€the€Act,€the€presumption€in€the€Appendix€is€that€all€February€8,€1996€general€supportÏsystems€contain€some€sensitive€information€which€requires€protection€to€assure€its€integrity,€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     i) Ôñš%ññ›%ñ,Ïor€confidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y      / Ôñš%ññ›%ñ,€and€therefore€all€systems€require€security€plans.Ð    Ð(#Ð(#  ÐÌà0    Ð àPrevious€guidance€on€security€planning€was€contained€in€OMB€Bulletin€No.€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     n Ôñš%ññ›%ñ.€€This€AppendixÏsupersedes€OMB€Bulletin€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     n Ôñš%ññ›%ñ€and€expands€the€coverage€of€security€plans€from€Bulletin€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     n Ôñš%ññ›%ñ€toÏinclude€rules€of€individual€behavior€as€well€as€technical€security.€€Consistent€with€OMB€Bulletin€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     n Ôñš%ññ›%ñ,Ïthe€Appendix€directs€NIST€to€update€and€expand€security€planning€guidance€and€issue€it€as€a€FederalÏInformation€Processing€Standard€(FIPS).€€In€the€interim,€agencies€should€continue€to€use€the€AppendixÏof€OMB€Bulletin€No.€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     n Ôñš%ññ›%ñ€as€guidance€for€the€technical€portion€of€their€security€plans.Ð    Ð(#Ð(#  ÐÌà0    Ð àThe€Appendix€continues€the€requirement€that€independent€advice€and€comment€on€the€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n      + Ôñš%ññ›%ñ€forÏeach€system€be€sought.€€The€intent€of€this€requirement€is€to€improve€the€plans,€foster€communicationÏbetween€managers€of€different€systems,€and€promote€the€sharing€of€security€expertise.Ð    Ð(#Ð(#  ÐÌà0    Ð àThis€Appendix€also€continues€the€requirement€from€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t      ; Ôñš%ññ›%ñ€that€summaries€ofÏsecurity€plans€be€included€in€agency€strategic€information€resources€management€plans.€€OMB€willÏprovide€additional€guidance€about€the€contents€of€those€strategic€plans,€pursuant€to€the€PaperworkÏReduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     ,? Ôñš%ññ›%ñ€of€1995.Ð    Ã-º)1 Ð(#Ð(#  Ð‡à0    Ð àThe€following€specific€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     3 Ôñš%ññ›%ñ€should€be€included€in€the€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     l+ Ôñš%ññ›%ñ€for€a€general€supportÏsystemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ:Ð    Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àa)à     àòòRulesóó.€€An€important€new€requirement€for€security€plans€is€the€establishment€of€a€set€of€rulesÐ   	 —Ž   Ðof€behaviorñ ›%ññš%ñÔ3  )   r u l e s   o f   b e h a v i o r     3 Ôñš%ññ›%ñ€for€individual€users€of€each€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m      = Ôñš%ññ›%ñ.€€These€rules€should€clearlyÏdelineate€responsibilities€of€and€expectations€for€all€individuals€with€access€to€the€system.€€TheyÏshould€be€consistent€with€system-specific€policy€as€described€in€"An€Introduction€to€ComputerÏSecurity:€€The€NIST€Handbookñ ›%ññš%ñÔ+  !   N I S T   H a n d b o o k      + Ôñš%ññ›%ñ"€(March€16,€1995).€€In€addition,€they€should€state€the€consequencesÏof€non-compliance.€€The€rules€should€be€in€writing€and€will€form€the€basis€for€security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     o# Ôñš%ññ›%ñÏand€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àThe€development€of€rules€for€a€system€must€take€into€consideration€the€needs€of€all€parties€who€useÏthe€system.€€Rules€should€be€as€stringent€as€necessary€to€provide€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     t3 Ôñš%ññ›%ñ.€€Therefore,€theÏacceptable€level€of€risk€for€the€system€must€be€established€and€should€form€the€basis€forÏdetermining€the€rules.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àÔ&  Ð ÔRules€should€cover€such€matters€as€work€at€homeñ ›%ññš%ñÔ)     w o r k   a t   h o m e     i) Ôñš%ññ›%ñ,€dial-in€access,€connection€to€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t     m! ÔÔ!     I n t e r n e t     m! Ôñš%ññ›%ñ,€useÏof€copyrighted€works,€unofficial€use€of€government€equipment,€the€assignment€and€limitation€ofÏsystem€privileges,€and€individual€accountabilityñ ›%ññš%ñÔC  9   i n d i v i d u a l   a c c o u n t a b i l i t y     ÖC Ôñš%ññ›%ñ.€€Often€rules€should€reflect€technical€securityÏcontrolsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     b3 Ôñš%ññ›%ñ€in€the€system.€€For€example,€rules€regarding€passwordñ ›%ññš%ñÔ!     p a s s w o r d     o! Ôñš%ññ›%ñ€use€should€be€consistent€withÏtechnical€passwordñ ›%ññš%ñÔ!     p a s s w o r d     o! Ôñš%ññ›%ñ€features€in€the€system.€€Rules€may€be€enforced€through€administrative€sanctionsÏspecifically€related€to€the€system€(e.g.€loss€of€system€privileges)€or€through€more€general€sanctionsÏas€are€imposed€for€violating€other€rules€of€conduct.€€In€addition,€the€rules€should€specificallyÏaddress€restoration€of€service€as€a€concern€of€all€users€of€the€system.Ô'  Ð©´¢  ÔÐ    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àb)à     àòòTrainingóóñ ›%ññš%ñÔ!     T r a i n i n g     o! Ôñš%ññ›%ñ.€€The€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     t; Ôñš%ññ›%ñ€requires€Federal€agencies€to€provide€for€the€mandatoryÐ   	 SJ   Ðperiodic€trainingñ ›%ññš%ñÔ!     t r a i n i n g     e! Ôñš%ññ›%ñ€in€computer€security€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     c# Ôñš%ññ›%ñ€and€accepted€computer€security€practice€of€allÏemployees€who€are€involved€with€the€management,€use€or€operation€of€a€Federal€computer€systemÏwithin€or€under€the€supervision€of€the€Federal€agency.€€This€includes€contractors€as€well€asÏemployees€of€the€agency.€€Access€provided€to€members€of€the€public€should€be€constrained€byÏcontrols€in€the€applications€through€which€access€is€allowed,€and€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€should€be€within€theÏcontext€of€those€controls.€€The€Appendix€enforces€such€mandatory€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€by€requiring€itsÏcompletion€prior€to€granting€access€to€the€system.€€Each€new€user€of€a€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     y= Ôñš%ññ›%ñ€inÏsome€sense€introduces€a€risk€to€all€other€users.€Therefore,€each€user€should€be€versed€in€acceptableÏbehavior€--€the€rules€of€the€systemñ ›%ññš%ñÔ7  -   r u l e s   o f   t h e   s y s t e m     m7 Ôñš%ññ›%ñ€--€before€being€allowed€to€use€the€system.€€Trainingñ ›%ññš%ñÔ!     T r a i n i n g     h! Ôñš%ññ›%ñ€should€alsoÏinform€the€individual€how€to€get€help€in€the€event€of€difficulty€with€using€or€security€of€the€system.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àTrainingñ ›%ññš%ñÔ!     T r a i n i n g     h! Ôñš%ññ›%ñ€should€be€tailored€to€what€a€user€needs€to€know€to€use€the€system€securely,€given€theÏnature€of€that€use.€€Trainingñ ›%ññš%ñÔ!     T r a i n i n g     h! Ôñš%ññ›%ñ€may€be€presented€in€stages,€for€example€as€more€access€is€granted.€ÏIn€some€cases,€the€trainingñ ›%ññš%ñÔ!     t r a i n i n g     h! Ôñš%ññ›%ñ€should€be€in€the€form€of€classroom€instruction.€€In€other€cases,Ïinteractive€computer€sessions€or€well-written€and€understandable€brochures€may€be€sufficient,Ïdepending€on€the€risk€and€magnitude€of€harm.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àOver€time,€attention€to€security€tends€to€dissipate.€€In€addition,€changes€to€a€system€may€necessitateÏa€change€in€the€rules€or€user€procedures.€€Therefore,€individuals€should€periodically€have€refresherÏtrainingñ ›%ññš%ñÔ!     t r a i n i n g     Ö! Ôñš%ññ›%ñ€to€assure€that€they€continue€to€understand€and€abide€by€the€applicable€rules.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àTo€assist€agencies,€the€Appendix€requires€NIST,€with€assistance€from€the€Office€of€PersonnelÏManagementñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t     ÖM Ôñš%ññ›%ñ€(OPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñ),€to€update€its€existing€guidance.€€It€also€proposes€that€OPMñ ›%ññš%ñÔ     O P M     e Ôñš%ññ›%ñ€assure€that€itsÏrules€for€computer€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     P! Ôñš%ññ›%ñ€for€Federal€civilian€employees€are€effective.Ð    Ã-º)1 ð(#ð(#  Ð‡à0    Ð àà0    ðÐ(#Ð(# àc)à     àòòPersonnel€Controlsóó.€€It€has€long€been€recognized€that€the€greatest€harm€has€come€fromÐ   	 	      Ðauthorized€individuals€engaged€in€improper€activities,€whether€intentional€or€accidental.€€In€everyÏgeneral€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     = Ôñš%ññ›%ñ,€a€number€of€technical,€operational,€and€management€controls€are€used€toÏprevent€and€detect€harm.€€Such€controls€include€individual€accountabilityñ ›%ññš%ñÔC  9   i n d i v i d u a l   a c c o u n t a b i l i t y     8C Ôñš%ññ›%ñ,€"least€privilegeñ ›%ññš%ñÔ/  %   l e a s t   p r i v i l e g e     t/ Ôñš%ññ›%ñ,"€andÏseparation€of€dutiesñ ›%ññš%ñÔ9  /   s e p a r a t i o n   o f   d u t i e s     i9 Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àIndividual€accountabilityñ ›%ññš%ñÔC  9   I n d i v i d u a l   a c c o u n t a b i l i t y     8C Ôñš%ññ›%ñ€consists€of€holding€someone€responsible€for€his€or€her€actions.€€In€aÏgeneral€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     y= Ôñš%ññ›%ñ,€accountability€is€normally€accomplished€by€identifying€and€authenticatingÏusers€of€the€system€and€subsequently€tracing€actions€on€the€system€to€the€user€who€initiated€them.€ÏThis€may€be€done,€for€example,€by€looking€for€patterns€of€behavior€by€users.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àÔ&  Ž ÔLeast€privilegeñ ›%ññš%ñÔ/  %   L e a s t   p r i v i l e g e     y/ Ôñš%ññ›%ñ€is€the€practice€of€restricting€a€user's€access€(to€data€files,€to€processing€capability,Ïor€to€peripherals)€or€type€of€access€(read,€write,€execute,€delete)€to€the€minimum€necessary€toÏperform€his€or€her€job.Ô'  Žgº  ÔÐ    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àSeparation€of€dutiesñ ›%ññš%ñÔ9  /   S e p a r a t i o n   o f   d u t i e s      9 Ôñš%ññ›%ñ€is€the€practice€of€dividing€the€steps€in€a€critical€function€among€differentÏindividuals.€€For€example,€one€system€programmer€can€create€a€critical€piece€of€operating€systemÏcode,€while€another€authorizes€its€implementation.€€Such€a€control€keeps€a€single€individual€fromÏsubverting€a€critical€process.€€Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àNevertheless,€in€some€instances,€individuals€may€be€given€the€ability€to€bypass€some€significantÏtechnical€and€operational€controls€in€order€to€perform€system€administration€and€maintenanceñ ›%ññš%ñÔ'     m a i n t e n a n c e      ' Ôñš%ññ›%ñÏfunctions€(e.g.,€LAN€administrators€or€systems€programmers).Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àScreening€such€individuals€in€positions€of€trust€will€supplement€technical,€operational,€andÏmanagement€controls,€particularly€where€the€risk€and€magnitude€of€harm€is€high.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àd)à     àòòIncident€Response€Capabilityóóñ ›%ññš%ñÔI  ?   I n c i d e n t   R e s p o n s e   C a p a b i l i t y      I Ôñš%ññ›%ñ.€€Security€incidentsñ ›%ññš%ñÔ5  +   S e c u r i t y   i n c i d e n t s     p5 Ôñš%ññ›%ñ,€whether€caused€by€viruses,€hackers,€orÐ   	 þ   Ðsoftware€bugs,€are€becoming€more€common.€€When€faced€with€a€security€incident,€an€agencyÏshould€be€able€to€respond€in€a€manner€that€both€protects€its€own€information€and€helps€to€protectÏthe€information€of€others€who€might€be€affected€by€the€incident.€€To€address€this€concern,€agenciesÏshould€establish€formal€incident€response€mechanisms.€€Awarenessñ ›%ññš%ñÔ#     A w a r e n e s s     c# Ôñš%ññ›%ñ€and€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€for€individuals€withÏaccess€to€the€system€should€include€how€to€use€the€system's€incident€response€capabilityñ ›%ññš%ñÔI  ?   i n c i d e n t   r e s p o n s e   c a p a b i l i t y      I Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àTo€be€fully€effective,€incident€handling€must€also€include€sharing€information€concerning€commonÏvulnerabilities€and€threats€with€those€in€other€systems€and€other€agencies.€€The€Appendix€directsÏagencies€to€effectuate€such€sharing,€and€tasks€NIST€to€coordinate€those€agency€activitiesÏgovernment-wide.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àThe€Appendix€also€directs€the€Department€of€Justiceñ ›%ññš%ñÔ;  1   D e p a r t m e n t   o f   J u s t i c e     i; Ôñš%ññ›%ñ€to€provide€appropriate€guidance€on€pursuingÏlegal€remedies€in€the€case€of€serious€incidents.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àe)à     àòòContinuity€of€Supportóóñ ›%ññš%ñÔ;  1   C o n t i n u i t y   o f   S u p p o r t     i; Ôñš%ññ›%ñ.€€Inevitably,€there€will€be€service€interruptions.€€Agency€plans€shouldÐ   	 Í'Ä#*   Ðassure€that€there€is€an€ability€to€recover€and€provide€service€sufficient€to€meet€the€minimal€needsÏof€users€of€the€system.€€Manual€proceduresñ ›%ññš%ñÔ3  )   M a n u a l   p r o c e d u r e s     `3 Ôñš%ññ›%ñ€are€generally€NOT€a€viable€back-upñ ›%ññš%ñÔ     b a c k - u p     o Ôñš%ññ›%ñ€option.€€WhenÏautomated€support€is€not€available,€many€functions€of€the€organization€will€effectively€cease.€ÏTherefore,€it€is€important€to€take€cost-effective€steps€to€manage€any€disruption€of€service.€€Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àDecisions€on€the€level€of€service€needed€at€any€particular€time€and€on€priorities€in€serviceÏrestoration€should€be€made€in€consultation€with€the€users€of€the€system€and€incorporated€in€theÐ   	 Ã-º)1   Ðsystem€rules.€€Experience€has€shown€that€recoveryñ ›%ññš%ñÔ!     r e c o v e r y     c! Ôñš%ññ›%ñ€plans€that€are€periodically€tested€areÏsubstantially€more€viable€than€those€that€are€not.€€Moreover,€untested€plans€may€actually€create€aÏfalse€sense€of€security.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àf)à     àòòTechnical€Securityóó.€€Agencies€should€assure€that€each€system€appropriately€uses€effectiveÐ   	 qh   Ðsecurity€products€and€techniques,€consistent€with€standards€and€guidance€from€NIST.€€Often€suchÏtechniques€will€correspond€with€system€rules€of€behaviorñ ›%ññš%ñÔ3  )   r u l e s   o f   b e h a v i o r     `3 Ôñš%ññ›%ñ,€such€as€in€the€proper€use€of€passwordñ ›%ññš%ñÔ!     p a s s w o r d     e! Ôñš%ññ›%ñÏprotection.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àThe€Appendix€directs€NIST€to€continue€to€issue€computer€security€guidance€to€assist€agencies€inÏplanning€for€and€using€technical€security€products€and€techniques.€€Until€such€guidance€is€issued,Ïhowever,€the€planning€guidance€included€in€OMB€Bulletin€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     d Ôñš%ññ›%ñ€can€assist€in€determiningÏtechniques€for€effective€security€in€a€system€and€in€addressing€technical€controls€in€the€securityÏplanñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     o+ Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àg)à     àòòSystem€Interconnectionóó.€€In€order€for€a€community€to€effectively€manage€risk,€it€must€controlÐ   	 ÏÆ   Ðaccess€to€and€from€other€systems.€€The€degree€of€such€control€should€be€established€in€the€rulesÏof€the€systemñ ›%ññš%ñÔ7  -   r u l e s   o f   t h e   s y s t e m     
7 Ôñš%ññ›%ñ€and€all€participants€should€be€made€aware€of€any€limitations€on€outside€access.€ÏTechnical€controls€to€accomplish€this€should€be€put€in€place€in€accordance€with€guidance€issued€byÏNIST.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àThere€are€varying€degrees€of€how€connected€a€system€is.€€For€example,€some€systems€will€chooseÏto€isolate€themselves,€others€will€restrict€access€such€as€allowing€only€e-mail€connections€or€remoteÏaccess€only€with€sophisticated€authentication,€and€others€will€be€fully€open.€€The€managementÏdecision€to€interconnect€should€be€based€on€the€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     y) Ôñš%ññ›%ñ€and€use€of€technical€and€non-€technicalÏsafeguards€and€consistent€with€the€acceptable€level€of€risk€defined€in€the€system€rules.Ð    ð(#ð(#  ÐÌà0    Ð à3)à    ð àòòReview€of€Security€Controlsóóñ ›%ññš%ñÔ3  )   S e c u r i t y   C o n t r o l s      3 Ôñš%ññ›%ñ.€€The€security€of€a€system€will€degrade€over€time,€as€the€technologyÐ   	 þ   Ðevolves€and€as€people€and€procedures€change.€€Reviews€should€assure€that€management,€operational,Ïpersonnel,€and€technical€controls€are€functioning€effectively.€€Security€controlsñ ›%ññš%ñÔ3  )   S e c u r i t y   c o n t r o l s      3 Ôñš%ññ›%ñ€may€be€reviewed€byÏan€independent€auditñ ›%ññš%ñÔ     a u d i t       Ôñš%ññ›%ñ€or€a€self€review.€€The€type€and€rigor€of€review€or€auditñ ›%ññš%ñÔ     a u d i t       Ôñš%ññ›%ñ€should€be€commensurateÏwith€the€acceptable€level€of€risk€that€is€established€in€the€rules€for€the€system€and€the€likelihood€ofÏlearning€useful€information€to€improve€security.Ð    Ð(#Ð(#  ÐÌà0    Ð àTechnical€tools€such€as€virusñ ›%ññš%ñÔ     v i r u s       Ôñš%ññ›%ñ€scanners,€vulnerability€assessment€products€(which€look€for€knownÏsecurity€problems,€configuration€errors,€and€the€installation€of€the€latest€patches),€and€penetrationÏtestingñ ›%ññš%ñÔ     t e s t i n g     Ö Ôñš%ññ›%ñ€can€assist€in€the€on-going€review€of€different€facets€of€systems.€€However,€these€tools€are€noÏsubstitute€for€a€formal€management€review€at€least€every€three€years.€€Indeed,€for€some€high-riskÏsystems€with€rapidly€changing€technology,€three€years€will€be€too€long.Ð    Ð(#Ð(#  ÐÌà0    Ð àDepending€upon€the€risk€and€magnitude€of€harm€that€could€result,€weaknesses€identified€during€theÏreview€of€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     
3 Ôñš%ññ›%ñ€should€be€reported€as€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     o) Ôñš%ññ›%ñ€in€accordance€with€OMB€Circular€No.ÏA„123ñ ›%ññš%ñÔ     A „ 1 2 3       Ôñš%ññ›%ñ,€"Management€Accountability€and€Control"€and€the€Federal€Managers'€Financial€Integrity€Actñ ›%ññš%ñÔc  Y   F e d e r a l   M a n a g e r s '   F i n a n c i a l   I n t e g r i t y   A c t      c Ôñš%ññ›%ñ.€ÏIn€particular,€if€a€basic€management€control€such€as€assignment€of€responsibility,€a€workable€securityÏplanñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     s+ Ôñš%ññ›%ñ,€or€management€authorization€are€missing,€then€consideration€should€be€given€to€identifying€aÏdeficiency.€Ð    Ð(#Ð(#  Ðâ
    
 âÐ   	 5+,'.   Ðñ˜%ñÔ&  B Ôâ
    
 âñ˜%ñà0    Ð à4)à    ð àòòAuthorize€Processingóó.€€The€authorization€of€a€system€to€process€information,€granted€by€aÐ   	 	      Ðmanagement€official,€provides€an€important€quality€control€(some€agencies€refer€to€this€authorizationÏas€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     6+ Ôñš%ññ›%ñ).€€By€authorizing€processing€in€a€system,€a€manager€accepts€the€risk€associated€withÏit.€€Authorization€is€not€a€decision€that€should€be€made€by€the€security€staffñ ›%ññš%ñÔ-  #   s e c u r i t y   s t a f f     8- Ôñš%ññ›%ñ.€€Ð    Ð(#Ð(#  Ðñ˜%ñÔ'  B	$Ý  Ôñ˜%ñÌà0    Ð àÔ&  ì ÔBoth€the€security€official€and€the€authorizing€management€official€have€security€responsibilities.€€InÏgeneral,€the€security€official€is€closer€to€the€day-to-day€operation€of€the€system€and€will€direct€orÏperform€security€tasks.€€The€authorizing€official€will€normally€have€general€responsibility€for€theÏorganization€supported€by€the€system.Ð    Ð(#Ð(#  ÐÌà0    Ð àManagement€authorization€should€be€based€on€an€assessment€of€management,€operational,€and€technicalÏcontrols.€€Since€the€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     2+ Ôñš%ññ›%ñ€establishes€the€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     3 Ôñš%ññ›%ñ,€it€should€form€the€basis€for€theÏauthorization,€supplemented€by€more€specific€studies€as€needed.€€In€addition,€the€periodic€review€ofÏcontrols€should€also€contribute€to€future€authorizations.€€Some€agencies€perform€"certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     l+ Ôñš%ññ›%ñ€reviews"Ïof€their€systems€periodically.€€These€formal€technical€evaluations€lead€to€a€management€accreditationñ ›%ññš%ñÔ+  !   a c c r e d i t a t i o n     l+ Ôñš%ññ›%ñ,Ïor€"authorization€to€process."€€Such€certifications€(such€as€those€using€the€methodology€in€FIPS€PubÏ102€"Guideline€for€Computer€Security€Certificationñ ›%ññš%ñÔ+  !   C e r t i f i c a t i o n     l+ Ôñš%ññ›%ñ€and€Accreditationñ ›%ññš%ñÔ+  !   A c c r e d i t a t i o n     l+ Ôñš%ññ›%ñ")€can€provide€useful€informationÏto€assist€management€in€authorizing€a€system,€particularly€when€combined€with€a€review€of€the€broadÏbehavioral€controls€envisioned€in€the€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     l+ Ôñš%ññ›%ñ€required€by€the€Appendix.Ô'  ìK«ß  ÔÐ    Ð(#Ð(#  ÐÌà0    Ð àRe-authorization€should€occur€prior€to€a€significant€change€in€processing,€but€at€least€every€three€years.€ÏIt€should€be€done€more€often€where€there€is€a€high€risk€and€potential€magnitude€of€harm.Ð    Ð(#Ð(#  ÐÌb.à    Ð àòòControls€in€Major€Applicationsóó.€€Certain€applications€require€special€management€attention€due€to€theÐ   	 Ÿ–   Ðrisk€and€magnitude€of€harm€that€could€occur.€€For€such€applications,€the€controls€of€the€support€system(s)Ïin€which€they€operate€are€likely€to€be€insufficient.€€Therefore,€additional€controls€specific€to€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñÏare€required.€€Since€the€function€of€applications€is€the€direct€manipulation€and€use€of€information,€controlsÏfor€securing€applications€should€emphasize€protection€of€information€and€the€way€it€is€manipulated.ÌÌà0    Ð à1)à    ð àòòAssign€Responsibility€for€Securityóó.€€By€definition,€major€applications€are€high€risk€and€requireÐ   	 »²   Ðspecial€management€attention.€€Major€applications€usually€support€a€single€agency€function€and€oftenÏare€supported€by€more€than€one€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     Ö= Ôñš%ññ›%ñ.€€It€is€important,€therefore,€that€an€individualÏbe€assigned€responsibility€in€writing€to€assure€that€the€particular€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€has€adequate€securityñ ›%ññš%ñÔ3  )   a d e q u a t e   s e c u r i t y     t3 Ôñš%ññ›%ñ.€€ToÏbe€effective,€this€individual€should€be€knowledgeable€in€the€information€and€process€supported€by€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ€and€in€the€management,€personnel,€operational,€and€technical€controls€used€to€protect€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ.Ð    Ð(#Ð(#  ÐÌà0    Ð à2)à    ð àòòApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n     r' Ôñš%ññ›%ñ€Security€Plansóó.€€Security€for€each€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     t3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€should€be€addressed€by€a€securityÐ   	 ‹#‚%   Ðplanñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     o+ Ôñš%ññ›%ñ€specific€to€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.€€The€plan€should€include€controls€specific€to€protecting€information€andÏshould€be€developed€from€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€manager's€perspective.€€To€assist€in€assuring€its€viability,€theÏplan€should€be€provided€to€the€manager€of€the€primary€support€system€which€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€uses€forÏadvice€and€comment.€€This€recognizes€the€critical€dependence€of€the€security€of€major€applications€onÏthe€underlying€support€systems€they€use.€€Summaries€of€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€security€plans€should€be€includedÏin€strategic€information€resource€management€plans€in€accordance€with€this€Circular.Ð    Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àa)à     àòòApplicationñ ›%ññš%ñÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñ€Rulesóó.€€Rules€of€behaviorñ ›%ññš%ñÔ3  )   R u l e s   o f   b e h a v i o r     ²3 Ôñš%ññ›%ñ€should€be€established€which€delineate€the€responsibilitiesÐ   	 [*R&-   Ðand€expected€behavior€of€all€individuals€with€access€to€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     v' Ôñš%ññ›%ñ.€€The€rules€should€state€theÏconsequences€of€inconsistent€behavior.€€Often€the€rules€will€be€associated€with€technical€controlsÏimplemented€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     v' Ôñš%ññ›%ñ.€€Such€rules€should€include,€for€example,€limitations€on€changingÏdata,€searching€databases,€or€divulging€information.€€Ð    Ã-º)1 ð(#ð(#  Ð‡Ô&  B Ôà0    Ð àà0    ðÐ(#Ð(# àb)à     àòòSpecialized€Trainingóóñ ›%ññš%ñÔ!     T r a i n i n g     Ö! Ôñš%ññ›%ñ.€€Trainingñ ›%ññš%ñÔ!     T r a i n i n g     Ö! Ôñš%ññ›%ñ€is€required€for€all€individuals€given€access€to€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ,Ð   	 	      Ðincluding€members€of€the€public.€€It€should€vary€depending€on€the€type€of€access€allowed€and€theÏrisk€that€access€represents€to€the€security€of€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     ' Ôñš%ññ›%ñ€and€information€in€it.€€This€trainingñ ›%ññš%ñÔ!     t r a i n i n g     n! Ôñš%ññ›%ñ€willÏbe€in€addition€to€that€required€for€access€to€a€support€system.Ð    ð(#ð(#  ÐÔ'  B	ùõ  ÔÌà0    Ð àà0    ðÐ(#Ð(# àc)à     àòòPersonnel€Securityóó.€€For€most€major€applications,€management€controls€such€as€individualÐ   	 KB   Ðaccountabilityñ ›%ññš%ñÔC  9   i n d i v i d u a l   a c c o u n t a b i l i t y     8C Ôñš%ññ›%ñ€requirements,€separation€of€dutiesñ ›%ññš%ñÔ9  /   s e p a r a t i o n   o f   d u t i e s     i9 Ôñš%ññ›%ñ€enforced€by€access€controls,€or€limitations€on€theÏprocessing€privileges€of€individuals,€are€generally€more€cost-effective€personnel€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     s3 Ôñš%ññ›%ñÏthan€background€screening.€€Such€controls€should€be€implemented€as€both€technical€controls€andÏas€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€rules.€€For€example,€technical€controls€to€ensure€individual€accountabilityñ ›%ññš%ñÔC  9   i n d i v i d u a l   a c c o u n t a b i l i t y     ÙC Ôñš%ññ›%ñ,€such€asÏlooking€for€patterns€of€user€behavior,€are€most€effective€if€users€are€aware€that€there€is€such€aÏtechnical€control.€€If€adequate€auditñ ›%ññš%ñÔ     a u d i t     u Ôñš%ññ›%ñ€or€access€controls€(through€both€technical€and€non-technicalÏmethods)€cannot€be€established,€then€it€may€be€cost-effective€to€screen€personnel,€commensurateÏwith€the€risk€and€magnitude€of€harm€they€could€cause.€€The€change€in€emphasis€on€screening€inÏthe€Appendix€should€not€affect€background€screening€deemed€necessary€because€of€other€duties€thatÏan€individual€may€perform.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àd)à     àòòContingencyñ ›%ññš%ñÔ'     C o n t i n g e n c y      ' Ôñš%ññ›%ñ€Planningóó.€€Normally€the€Federal€mission€supported€by€a€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     
3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€isÐ   	 ƒz   Ðcritically€dependent€on€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ.€€Manual€processing€is€generally€NOT€a€viable€back-upñ ›%ññš%ñÔ     b a c k - u p     o Ôñš%ññ›%ñÏoption.€€Managers€should€plan€for€how€they€will€perform€their€mission€and/or€recover€from€the€lossÏof€existing€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€support,€whether€the€loss€is€due€to€the€inability€of€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€to€functionÏor€a€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m     8= Ôñš%ññ›%ñ€failure.€€Experience€has€demonstrated€that€testingñ ›%ññš%ñÔ     t e s t i n g     u Ôñš%ññ›%ñ€a€contingencyñ ›%ññš%ñÔ'     c o n t i n g e n c y     r' Ôñš%ññ›%ñ€planñ ›%ññš%ñÔ1  '   c o n t i n g e n c y   p l a n     s1 Ôñš%ññ›%ñÏsignificantly€improves€its€viability.€€Indeed,€untested€plans€or€plans€not€tested€for€a€long€period€ofÏtime€may€create€a€false€sense€of€ability€to€recover€in€a€timely€manner.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àe)à     àòòTechnical€Controlsóó.€€Technical€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     t3 Ôñš%ññ›%ñ,€for€example€tests€to€filter€invalid€entries,Ð   	 SJ   Ðshould€be€built€into€each€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     r' Ôñš%ññ›%ñ.€€Often€these€controls€will€correspond€with€the€rules€ofÏbehaviorñ ›%ññš%ñÔ3  )   r u l e s   o f   b e h a v i o r     t3 Ôñš%ññ›%ñ€for€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     v' Ôñš%ññ›%ñ.€€Under€the€previous€Appendix,€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     v' Ôñš%ññ›%ñ€security€was€focused€onÏthe€process€by€which€sensitive,€custom€applications€were€developed.€€While€that€process€is€notÏaddressed€in€detail€in€this€Appendix,€it€remains€an€effective€method€for€assuring€that€securityÏcontrolsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     
3 Ôñš%ññ›%ñ€are€built€into€applications.€€Additionally,€the€technical€security€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     
3 Ôñš%ññ›%ñ€defined€in€OMBÏBulletin€No.€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     y Ôñš%ññ›%ñ€will€continue,€until€that€guidance€is€replaced€by€NIST's€security€planningÏguidance.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àf)à     àòòInformation€Sharingóóñ ›%ññš%ñÔ7  -   I n f o r m a t i o n   S h a r i n g     
7 Ôñš%ññ›%ñ.€€Assure€that€information€which€is€shared€with€Federal€organizations,€StateÐ   	 ý ô"   Ðand€local€governments,€and€the€private€sector€is€appropriately€protected€comparable€to€theÏprotection€provided€when€the€information€is€within€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     Ö' Ôñš%ññ›%ñ.€€Controls€on€the€informationÏmay€stay€the€same€or€vary€when€the€information€is€shared€with€another€entity.€€For€example,€theÏprimary€user€of€the€information€may€require€a€high€level€of€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     %) Ôñš%ññ›%ñ€while€the€secondary€userÏdoes€not,€and€can€therefore€relax€some€of€the€controls€designed€to€maintain€the€availabilityñ ›%ññš%ñÔ)     a v a i l a b i l i t y     %) Ôñš%ññ›%ñ€of€theÏinformation.€€At€the€same€time,€however,€the€information€shared€may€require€a€level€ofÏconfidentialityñ ›%ññš%ñÔ/  %   c o n f i d e n t i a l i t y     / Ôñš%ññ›%ñ€that€should€be€extended€to€the€secondary€user.€€This€normally€requires€notificationÏand€agreement€to€protect€the€information€prior€to€its€being€shared.Ð    ð(#ð(#  ÐÌÔ&   Ôà0    Ð àà0    ðÐ(#Ð(# àg)à     àòòPublic€Accessñ ›%ññš%ñÔ+  !   P u b l i c   A c c e s s      + Ôñš%ññ›%ñ€Controlsóó.€€Permitting€public€accessñ ›%ññš%ñÔ+  !   p u b l i c   a c c e s s      + Ôñš%ññ›%ñ€to€a€Federal€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€is€an€importantÐ   	 )x%,   Ðmethod€of€improving€information€exchange€with€the€public.€€At€the€same€time,€it€introduces€risksÏto€the€Federal€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.€€To€mitigate€these€risks,€additional€controls€should€be€in€place€asÏappropriate.€€These€controls€are€in€addition€to€controls€such€as€"firewallsñ ›%ññš%ñÔ#     f i r e w a l l s      # Ôñš%ññ›%ñ"€that€are€put€in€place€forÏsecurity€of€the€general€support€systemñ ›%ññš%ñÔ=  3   g e n e r a l   s u p p o r t   s y s t e m      = Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÔ'  )R	  ÔÐ   	 Ã-º)1   Ðà0    Ð àà0    ðÐ(#Ð(# àIn€general,€it€is€more€difficult€to€apply€conventional€controls€to€public€accessñ ›%ñ›ñ›%ññ ›%ññš%ñÔ+  !   p u b l i c   a c c e s s     X+ Ôñš%ññ›%ñ€systems,€becauseÏmany€of€the€users€of€the€system€may€not€be€subject€to€individual€accountabilityñ ›%ññš%ñÔC  9   i n d i v i d u a l   a c c o u n t a b i l i t y     1C Ôñš%ññ›%ñ€policies.€€InÏaddition,€public€accessñ ›%ññš%ñÔ+  !   p u b l i c   a c c e s s     u+ Ôñš%ññ›%ñ€systems€may€be€a€target€for€mischief€because€of€their€higher€visibility€andÏpublished€access€methods.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àOfficial€records€need€to€be€protected€against€loss€or€alteration.€€Official€records€in€electronic€formÏare€particularly€susceptible€since€they€can€be€relatively€easy€to€change€or€destroy.€€Therefore,Ïofficial€records€should€be€segregated€from€information€made€directly€accessible€to€the€public.€ÏThere€are€different€ways€to€segregate€records.€€Some€agencies€and€organizations€are€creatingÏdedicated€information€dissemination€systems€(such€as€bulletin€boards€or€World€Wide€Webñ ›%ññš%ñÔ-  #   W o r l d   W i d e   W e b     n- Ôñš%ññ›%ñ€servers)Ïto€support€this€function.€€These€systems€can€be€on€the€outside€of€secure€gateways€which€protectÏinternal€agency€records€from€outside€access.€€Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# àIn€order€to€secure€applications€that€allow€direct€public€accessñ ›%ññš%ñÔ+  !   p u b l i c   a c c e s s      + Ôñš%ññ›%ñ,€conventional€techniques€such€as€leastÏprivilegeñ ›%ññš%ñÔ/  %   l e a s t   p r i v i l e g e     t/ Ôñš%ññ›%ñ€(limiting€the€processing€capability€as€well€as€access€to€data)€and€integrity€assurances€(suchÏas€checking€for€viruses,€clearly€labeling€the€age€of€data,€or€periodically€spot€checking€data)€shouldÏalso€be€used.€€Additional€guidance€on€securing€public€accessñ ›%ññš%ñÔ+  !   p u b l i c   a c c e s s      + Ôñš%ññ›%ñ€systems€is€available€from€NISTÏComputer€Systems€Laboratory€Bulletin€"Security€Issues€in€Public€Accessñ ›%ññš%ñÔ+  !   P u b l i c   A c c e s s      + Ôñš%ññ›%ñ€Systems"€(May,€1993).Ð    ð(#ð(#  ÐÌà0    Ð à3)à    ð àòòReview€of€Applicationñ ›%ññš%ñÔ'     A p p l i c a t i o n      ' Ôñš%ññ›%ñ€Controlsóó.€€At€least€every€three€years,€an€independent€review€or€auditñ ›%ññš%ñÔ     a u d i t     t Ôñš%ññ›%ñ€of€theÐ   	 7.   Ðsecurity€controlsñ ›%ññš%ñÔ3  )   s e c u r i t y   c o n t r o l s     b3 Ôñš%ññ›%ñ€for€each€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     b3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€should€be€performed.€€Because€of€the€higher€risk€involvedÏin€major€applications,€the€review€or€auditñ ›%ññš%ñÔ     a u d i t     t Ôñš%ññ›%ñ€should€be€independent€of€the€manager€responsible€for€theÏapplicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ.€€Such€reviews€should€verify€that€responsibility€for€the€security€of€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€has€beenÏassigned,€that€a€viable€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     o+ Ôñš%ññ›%ñ€for€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ€is€in€place,€and€that€a€manager€has€authorizedÏthe€processing€of€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.€€A€deficiency€in€any€of€these€controls€should€be€considered€aÏdeficiency€pursuant€to€the€Federal€Manager's€Financial€Integrity€Act€and€OMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     t Ôñš%ññ›%ñ,Ï"Management€Accountability€and€Control."Ð    Ð(#Ð(#  ÐÌà0    Ð àThe€review€envisioned€here€is€different€from€the€system€test€and€certificationñ ›%ññš%ñÔ+  !   c e r t i f i c a t i o n     o+ Ôñš%ññ›%ñ€process€required€in€theÏcurrent€Appendix.€€That€process,€however,€remains€useful€for€assuring€that€technical€security€featuresÏare€built€into€custom-developed€software€applications.€€While€the€controls€in€that€process€are€notÏspecifically€called€for€in€this€Appendix,€they€remain€in€Bulletin€No.€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     c Ôñš%ññ›%ñ,€and€are€recommended€inÏappropriate€circumstances€as€technical€controls.Ð    Ð(#Ð(#  ÐÌà0    Ð à4)à    ð àòòAuthorize€Processingóó.€€A€major€applicationñ ›%ññš%ñÔ3  )   m a j o r   a p p l i c a t i o n     b3 ÔÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€should€be€authorized€by€the€management€officialÐ   	 ý ô"   Ðresponsible€for€the€function€supported€by€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€at€least€every€three€years,€but€more€oftenÏwhere€the€risk€and€magnitude€of€harm€is€high.€€The€intent€of€this€requirement€is€to€assure€that€theÏsenior€official€whose€mission€will€be€adversely€affected€by€security€weaknesses€in€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñÏperiodically€assesses€and€accepts€the€risk€of€operating€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ.€€The€authorization€should€beÏbased€on€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n     t' Ôñš%ññ›%ñ€security€planñ ›%ññš%ñÔ+  !   s e c u r i t y   p l a n     o+ Ôñš%ññ›%ñ€and€any€review(s)€performed€on€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.€€It€should€alsoÏtake€into€account€the€risks€from€the€general€support€systems€used€by€the€applicationñ ›%ññš%ñÔ'     a p p l i c a t i o n      ' Ôñš%ññ›%ñ.Ð    Ð(#Ð(#  ÐÌÔ&  Ž Ô4.à    Ð àòòAssignment€of€Responsibilitiesóó.€€The€Appendix€assigns€government-wide€responsibilities€to€agenciesÐ   	 Í'Ä#*   Ðthat€are€consistent€with€their€missions€and€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     t; Ôñš%ññ›%ñ.ÌÔ'  ŽÍ'«'	  ÔÌà0    Ð àa.à    ð àòòDepartment€of€Commerceóó.€€The€Department€of€Commerce,€through€NIST,€is€assigned€theÐ   	 [*R&-   Ðfollowing€responsibilities€consistent€with€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     t; Ôñš%ññ›%ñ.Ð    Ð(#Ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à1)à     àDevelop€and€issue€security€standards€and€guidance.Ð    é,à(0 ð(#ð(#  ÐÐ   	 Ã-º)1   Ðà0    Ð àà0    ðÐ(#Ð(# à2)à     àReview€and€update,€with€assistance€from€OPMñ ›%ññš%ñÔ     O P M     " Ôñš%ññ›%ñ,€the€guidelines€for€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     Ö! Ôñš%ññ›%ñ€issued€inÐ   	 	      Ð1988€pursuant€to€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     ×; Ôñš%ññ›%ñ€to€assure€they€are€effective.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à3)à     àReplace€and€update€the€technical€planning€guidance€in€the€appendix€to€OMB€Bulletin€90-08ñ ›%ññš%ñÔ     9 0 - 0 8     r Ôñš%ññ›%ñ€Ð   	 —Ž   ÐThis€should€include€guidance€on€effective€risk-based€security€absent€a€formal€risk€analysisñ ›%ññš%ñÔ+  !   r i s k   a n a l y s i s     t+ Ôñš%ññ›%ñ.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à4)à     àProvide€agencies€with€guidance€and€assistance€concerning€effective€controls€for€systems€whenÐ   	 %	   Ðinterconnecting€with€other€systems,€including€the€Internetñ ›%ññš%ñÔ!     I n t e r n e t     s! ÔÔ!     I n t e r n e t     s! Ôñš%ññ›%ñ.€€Such€guidance€on,€for€example,Ïso-called€"firewallsñ ›%ññš%ñÔ#     f i r e w a l l s     i# Ôñš%ññ›%ñ"€is€becoming€widely€available€and€is€critical€to€agencies€as€they€consider€howÏto€interconnect€their€communications€capabilities.Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à5)à     àCoordinate€agency€incident€response€activities.€Coordination€of€agency€incident€responseÐ   	 g^	   Ðactivities€should€address€both€threats€and€vulnerabilities€as€well€as€improve€the€ability€of€theÏFederal€government€for€rapid€and€effective€cooperation€in€response€to€serious€security€breaches.€Ð    ð(#ð(#  ÐÌà0    Ð àà0    ðÐ(#Ð(# à6)à     àAssess€security€vulnerabilities€in€new€information€technologies€and€apprise€Federal€agenciesÐ   	 ÏÆ   Ðof€such€vulnerabilities.€€The€intent€of€this€new€requirement€is€to€help€agencies€understand€theÏsecurity€implications€of€technology€before€they€purchase€and€field€it.€€In€the€past,€there€have€beenÏtoo€many€instances€where€agencies€have€acquired€and€implemented€technology,€then€found€outÏabout€vulnerabilities€in€the€technology€and€had€to€retrofit€security€measures.€€This€activity€isÏintended€to€help€avoid€such€difficulties€in€the€future.Ð    ð(#ð(#  ÐÌà0    Ð àb.à    ð àòòDepartment€of€Defenseóó.€€The€Department,€through€the€National€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y     1A Ôñš%ññ›%ñ,€should€provideÐ   	 Å¼   Ðtechnical€advice€and€assistance€to€NIST,€including€work€products€such€as€technical€security€guidelines,Ïwhich€NIST€can€draw€upon€for€developing€standards€and€guidelines€for€protecting€sensitive€informationÏin€Federal€computers.Ð    Ð(#Ð(#  ÐÌà0    Ð àAlso,€the€Department,€through€the€National€Security€Agencyñ ›%ññš%ñÔA  7   N a t i o n a l   S e c u r i t y   A g e n c y     1A Ôñš%ññ›%ñ,€should€assist€NIST€in€evaluatingÏvulnerabilities€in€emerging€technologies.€€Such€vulnerabilities€may€present€a€risk€to€national€securityÏinformation€as€well€as€to€unclassified€information.Ð    Ð(#Ð(#  ÐÌà0    Ð àc.à    ð àòòDepartment€of€Justiceóóñ ›%ññš%ñÔ;  1   D e p a r t m e n t   o f   J u s t i c e     Ö; Ôñš%ññ›%ñ.€€The€Department€of€Justiceñ ›%ññš%ñÔ;  1   D e p a r t m e n t   o f   J u s t i c e     Ö; Ôñš%ññ›%ñ€should€provide€appropriate€guidance€to€FederalÐ   	 of   Ðagencies€on€legal€remedies€available€to€them€when€serious€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     e5 Ôñš%ññ›%ñ€occur.€€Such€guidanceÏshould€include€ways€to€report€incidents€and€cooperate€with€law€enforcement.Ð    Ð(#Ð(#  ÐÌà0    Ð àIn€addition,€the€Department€should€pursue€appropriate€legal€actions€on€behalf€of€the€FederalÏgovernment€when€serious€security€incidentsñ ›%ññš%ñÔ5  +   s e c u r i t y   i n c i d e n t s     e5 Ôñš%ññ›%ñ€occur.Ð    Ð(#Ð(#  ÐÌÔ&  h Ôà0    Ð àd.à    ð àòòGeneral€Services€Administrationóó.€€The€General€Services€Administration€should€provide€agenciesÐ   	 e$\ &   Ðguidance€for€addressing€security€considerations€when€acquiring€information€technology€products€orÏservices.€€This€continues€the€current€requirement.Ð    Ð(#Ð(#  ÐÔ'  he$‡:	  ÔÌà0    Ð àIn€addition,€where€cost-effective€to€do€so,€GSA€should€establish€government-wide€contract€vehicles€forÏagencies€to€use€to€acquire€certain€security€services.€€Such€vehicles€already€exist€for€providing€systemÏback-upñ ›%ññš%ñÔ     b a c k - u p     i Ôñš%ññ›%ñ€support€and€conducting€security€analyses.Ð    Ð(#Ð(#  ÐÌà0    Ð àGSA€should€also€provide€appropriate€security€services€to€assist€Federal€agencies€to€the€extent€thatÏprovision€of€such€services€is€cost-€effective.€€This€includes€providing,€in€conjunction€with€theÏDepartment€of€Defense€and€the€Department€of€Commerce,€appropriate€services€which€support€FederalÏuse€of€the€National€Information€Infrastructureñ ›%ññš%ñÔW  M   N a t i o n a l   I n f o r m a t i o n   I n f r a s t r u c t u r e     ÖW Ôñš%ññ›%ñ€(e.g.,€use€of€digital€signature€technology).Ð    Ã-º)1 Ð(#Ð(#  Ð‡à0    Ð àe.à    ð àòòOffice€of€Personnel€Managementóóñ ›%ññš%ñÔM  C   O f f i c e   o f   P e r s o n n e l   M a n a g e m e n t      M Ôñš%ññ›%ñ.€€In€accordance€with€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     a; Ôñš%ññ›%ñ,€OPMñ ›%ññš%ñÔ     O P M     t Ôñš%ññ›%ñ€shouldÐ   	 	      Ðreview€its€regulations€concerning€computer€security€trainingñ ›%ññš%ñÔ!     t r a i n i n g     e! Ôñš%ññ›%ñ€and€assure€that€they€are€effective.Ð    Ð(#Ð(#  ÐÌà0    Ð àIn€addition,€OPMñ ›%ññš%ñÔ     O P M     i Ôñš%ññ›%ñ€should€assist€the€Department€of€Commerce€in€the€review€and€update€of€its€computerÏsecurity€awarenessñ ›%ññš%ñÔ#     a w a r e n e s s     c# Ôñš%ññ›%ñ€and€trainingñ ›%ññš%ñÔ!     t r a i n i n g      ! Ôñš%ññ›%ñ€guidelines.€€OPMñ ›%ññš%ñÔ     O P M     i Ôñš%ññ›%ñ€worked€closely€with€NIST€in€developing€the€currentÏguidelines€and€should€work€with€NIST€in€revising€those€guidelines.Ð    Ð(#Ð(#  ÐÌà0    Ð àf.à    ð àòòSecurity€Policy€Boardóó.€€The€Security€Policy€Board€is€assigned€responsibility€for€national€securityÐ   	 ÿ	ö   Ðpolicy€coordination€in€accordance€with€the€appropriate€Presidential€directive.€€This€includes€policy€forÏthe€security€of€information€technology€used€to€process€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     u% Ôñš%ññ›%ñ€information.Ð    Ð(#Ð(#  ÐÌà0    Ð àCircular€A„130ñ ›%ññš%ñÔ     A „ 1 3 0     i Ôñš%ññ›%ñ€and€this€Appendix€do€not€apply€to€information€technology€that€supports€certain€criticalÏnational€security€missions,€as€defined€in€44€U.S.C.€3502(9)€and€10€U.S.C.€2315.€€Policy€andÏprocedural€requirements€for€the€security€of€national€security€systems€(telecommunicationsñ ›%ññš%ñÔ5  +   t e l e c o m m u n i c a t i o n s     t5 Ôñš%ññ›%ñ€andÏinformation€systems€that€contain€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     a% Ôñš%ññ›%ñ€information€or€that€support€those€critical€national€securityÏmissions€(44€U.S.C.€3502(9)€and€10€U.S.C.€2315))€is€assigned€to€the€Department€of€Defense€pursuantÏto€Presidential€directive.€€The€Circular€clarifies€that€information€classifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     a% Ôñš%ññ›%ñ€for€national€securityÏpurposes€should€also€be€handled€in€accordance€with€appropriate€national€security€directives.€€WhereÏclassifiedñ ›%ññš%ñÔ%     c l a s s i f i e d     a% Ôñš%ññ›%ñ€information€is€required€to€be€protected€by€more€stringent€security€requirements,€thoseÏrequirements€should€be€followed€rather€than€the€requirements€of€this€Appendix.Ð    Ð(#Ð(#  ÐÌ5.à    Ð àòòReportsóóñ ›%ññš%ñÔ     R e p o r t s     d Ôñš%ññ›%ñ.€€The€Appendix€requires€agencies€to€provide€two€reportsñ ›%ññš%ñÔ     r e p o r t s     d Ôñš%ññ›%ñ€to€OMB:Ð   	 ëâ   ÐÌThe€first€is€a€requirement€that€agencies€report€security€deficienciesñ ›%ññš%ñÔ)     d e f i c i e n c i e s     i) Ôñš%ññ›%ñ€and€material€weaknesses€within€theirÏFMFIAñ ›%ññš%ñÔ     F M F I A     n Ôñš%ññ›%ñ€reporting€mechanisms€as€defined€by€OMB€Circular€No.€A„123ñ ›%ññš%ñÔ     A „ 1 2 3     n Ôñš%ññ›%ñ,€"Management€Accountability€andÏControl,"€and€take€corrective€actions€in€accordance€with€that€directive.ÌÌThe€second,€defined€by€the€Computer€Security€Actñ ›%ññš%ñÔ;  1   C o m p u t e r   S e c u r i t y   A c t     a; Ôñš%ññ›%ñ,€requires€that€a€summary€of€agency€security€plans€beÏincluded€in€the€information€resources€management€plan€required€by€the€Paperwork€Reduction€Actñ ›%ññš%ñÔ?  5   P a p e r w o r k   R e d u c t i o n   A c t     e? Ôñš%ññ›%ñ.Ð	   	 áØ   ÐÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌà@    ªª ì à(This€Page€Intentionally€Left€Blank)ˆÐ	   	 yp   ÐÑ    i ÑØ     A  ØÖ  €²  © é !  ÖÖ €´  « é "  ÖØ     !  ØÑ €    Ì  ÑÓ   ÓÔ ‡  °üª ° & &ù´ ÔÔ ‡¶  °„½ ° ° °üª ÔÔ
      ÔINDEXÔ# †  °üª ° °¶ °„½N	 # ÔÔ# †  &ù´ & ° °üª~N	 # ÔÔ     ¼N	  ÔÐ   	 X      ÐßA €& - )                 °° x         dME°7¨ xA ßÐ   	 8à   ÐÓ  rN	  ÓÌÓ €   Óñ ›%ñœñ›%ññš%ñÓ     ÓÝ  ‚a  cÿ Ýà0    Ð àà0    ðÐ(#Ð(# àà     Ð àà     ° àÝ     Ý31€U.S.C.€3512à‚#    ªª7 (#. `	`	 ð(#ð(## àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„7,€G„9,€G„14,€G„15ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ¹a   Ð31€U.S.C.€9106à‚    °!°!G (#. `	`	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„16ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 “;   Ð88„16à‚    ÆÆA (#. \\  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„22,€G„23ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 m   Ð90„08à‚    44) (#. \\  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„6,€G„22,€G„23,€G„26,€G„28-G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Gï   ÐAccreditationà‚    ”
”
  (#. œœ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„6,€2„4,€2„6-2„9,€3„1,€3„2,€3„6-3„10,€3„12,€4„1,€4„2,€4„6,€4„9-4„11,€Glos„1,€Glos„2,ˆÐ   	 !	É   Ðà€    	 (# àGlos„5,€Glos„9,€Glos„18,€Glos„19,€Glos„21,€Bib„2,€Bib„7,€D„3,€G„27ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌAcquisitionà‚    $$ (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„4,€2„8,€2„10,€3„1,€3„2,€3„12,€Bib„9,€D„3,€G„11,€G„12,€G„21ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Õ
}	   ÐAdequate€Securityà‚    BB (#. 

  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1-1„3,€Glos„2,€Glos„15,€B„3,€G„17-G„19,€G„22-G„24,€G„27ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ¯W	
   ÐAIS€Ownerà‚    ll; (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„7,€3„1,€Glos„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ‰1
   ÐApplicationà‚     
 
  (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€1„3,€2„5,€2„6,€2„8,€3„4,€3„6,€3„7,€3„11,€3„12,€4„8,€4„12,€Glos„2,€Glos„3,€Glos„11,ˆÐ   	 c   Ðà€    XX  (# àGlos„15,€Glos„18,€Glos„19,€D„2-E„4,€G„17,€G„19,€G„20,€G„22,€G„23,€G„27-G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌApplication€Ownerà‚    4 (#. @
@
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„2,€Glos„3,€Glos„19ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ¿   ÐApprovalà‚    .. (#. ll  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4,€3„7-3„9,€3„12,€4„3,€4„12,€4„13,€Glos„1,€Glos„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ñ™   ÐAudità‚    ˜	˜	  (#. PP  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„8,€4„4,€4„7,€Glos„3,€C„1,€E„4,€F„2,€G„3,€G„10,€G„12,€G„14,€G„20,€G„26,€G„28,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ës   ÐAuthorityà‚    X	X	  (#. ~~  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„1-2„3,€2„5,€2„10-2„12,€3„1,€3„11,€4„10,€4„12,€Glos„1-Glos„3,€Glos„8,€Glos„9,€Glos„18,ˆÐ   	 ¥M   Ðà€    ææ! (# àGlos„19,€A„1,€A„2,€E„1-G„3,€G„7,€G„9,€G„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌAvailabilityà‚    >>  (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€3„4,€Glos„2,€Glos„4,€Glos„6-Glos„8,€B„2,€C„1,€D„2,€G„17,€G„23,€G„26,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Y   ÐAwarenessà‚    ôô  (#. ÚÚ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„2,€2„3,€3„1,€3„10,€3„11,€Bib„6,€D„3,€E„1-E„3,€G„20,€G„21,€G„24,€G„25,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 3Û   ÐA„123à‚    $$ (#. „„  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„2,€Bib„7,€G„1,€G„7,€G„17,€G„19-G„21,€G„26,€G„29,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 µ   ÐA„127à‚    ¼¼: (#. „„  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„6,€G„12,€G„15ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ç   ÐA„130à‚    .. (#. „„  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1,€3„10,€Glos„2,€Glos„12,€Glos„15,€Glos„20,€G„13,€G„16,€G„17,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ái   ÐBack„upà‚    òò5 (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„21,€G„25,€G„28,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ›C   ÐBacteriaà‚    ¼¼3 (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„4,€Glos„15,€Glos„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 u   ÐBusiness€Impact€Analysisà‚    4"4"H (#. "  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 O÷   ÐC2à‚    rr  (#. ŠŠ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„3,€2„6,€2„9,€2„10,€4„3,€4„4,€4„6,€4„7,€Glos„5,€Glos„7,€Glos„8,€Glos„10,€Glos„16,€Glos„17,ˆÐ   	 )Ñ   Ðà€    XX( (# àGlos„22-Glos„24,€C„1,€C„2,€F„1,€F„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌCertificationà‚    ’	’	  (#. VV  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„4,€2„7,€2„8,€3„1,€3„2,€3„6-3„8,€3„12,€4„6,€4„10,€4„11,€Glos„1,€Glos„5,€Glos„20,€Bib„2,ˆÐ   	 Ý…   Ðà€    **5 (# àBib„7,€D„3,€G„27,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌCFOà‚    88< (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„3,€G„11,€G„15ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ‘9   ÐChief€Financial€Officers€(CFOs)€Actà‚    ""H (#. bb-  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 k    ÐClassificationà‚    00 (#. žž  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€4„10,€4„11,€Glos„5-Glos„7,€Glos„15,€Glos„24,€F„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Eí!   ÐClassifiedà‚    Œ	Œ	  (#. ŒŒ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€1„6,€3„8,€4„3,€4„11,€5„1,€Glos„6,€Glos„7,€Glos„10,€Glos„15,€Glos„22,€Bib„1,€Bib„3,ˆÐ   	  Ç"   Ðà€    JJ/ (# àBib„9,€C„1,€G„12,€G„21,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌClearà‚    ŒŒ0 (#. HH  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€G„10,€G„12,€G„18,€G„19ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ó!{$   ÐClearingà‚    ff5 (#. 22  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„10,€Glos„6,€C„1,€C„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ­"U %   ÐCommercialà‚    LL  (#. DD  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€3„7,€4„6,€4„13,€Glos„2,€Glos„3,€Glos„6,€Glos„7,€Glos„23,€Bib„7,€A„1,€E„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ‡#/!&   ÐCommissionerà‚    ÒÒ- (#. ää  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€2„1,€2„3,€2„5,€2„6,€Bib„8ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 a$	"'   ÐComputer€Security€Actà‚    øø (#. rr  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„10,€Glos„5,€Glos„6,€Glos„19,€Glos„22,€Bib„2,€Bib„8,€E„1,€G„13,€G„17,ˆÐ   	 ;%ã"(   Ðà€    ^^7 (# àG„22-G„24,€G„29-G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌComputer€Security€Incident€Responseà‚    !!F (#. ¶¶-  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„9ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ï&—$*   ÐCOMSECà‚    üü) (#. ªª  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€4„14,€Glos„6,€Bib„3,€A„1,€E„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 É'q%+   ÐConfidentialityà‚    ®® (#. 		  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€Glos„2,€Glos„6,€Glos„7,€Glos„16,€C„1-D„3,€G„17,€G„23,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 £(K&,   ÐConfiguration€Managementà‚    LL& (#. ¶¶"  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„8,€3„9,€3„11,€4„6,€4„9,€Glos„7,€D„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 })%'-   ÐContingencyà‚     (#. ^^  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„4,€2„5,€2„7,€3„1,€Glos„7,€Glos„8,€Glos„10,€Bib„6,€D„3,€G„19,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 W*ÿ'.   ÐContingency€Planà‚    ÎÎ0 (#. Ü	Ü	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„11,€Glos„7,€Glos„10,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 1+Ù(/   ÐContinuity€of€Operationsà‚    ðð6 (#. ðð"  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4,€4„2,€Glos„7,€E„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ,³)0   ÐContinuity€of€Supportà‚    ÆÆA (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„18,€G„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 å,*1   ÐContracting€Officerà‚    Ø!Ø!G (#. h
h
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ    ¿-g+2 š  ÐCopyrightà‚    vv? (#. ¢¢  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„9,€Glos„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 	      ÐCOTRà‚    Ø!Ø!G (#. žž  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ãÚ    ÐCOTSà‚    ºº( (#. ††  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„7,€4„6,€4„13,€Glos„6,€Glos„7,€A„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ½´   ÐCSIRCà‚    * * A (#. ÄÄ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„7,€Bib„9ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 —Ž   ÐCustoms€Processà‚    Î Î C (#.  	 	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„6,€3„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 qh   ÐData€Baseà‚    ÒÒ@ (#.     àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€Glos„5ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 KB   ÐData€Encryption€Standardà‚    ""; (#. BB"  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„9,€A„1,€C„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 %	   ÐDedicated€Security€Modeà‚    ìì, (#. !  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„7,€3„8,€4„12,€Glos„9,€Glos„23ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ÿ	ö   ÐDeficienciesà‚    ¢¢ (#. FF  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„7,€3„9,€G„3-G„6,€G„10,€G„12-G„15,€G„21,€G„26,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ù
Ð   ÐDepartment€of€Justiceà‚    èè. (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„6,€G„18,€G„21,€G„25,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ³ª	   ÐDiagnosticà‚    Ø!Ø!G (#. ÌÌ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 „
   ÐDial„upà‚    bb8 (#. ââ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„5,€4„10,€C„1,€C„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 g^	   ÐDirectorà‚    ff (#. $$  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1,€2„3,€3„10,€4„13,€E„1,€G„2,€G„6,€G„7,€G„15,€G„16,€G„21ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 A8
   ÐDisasterà‚    °°  (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„4,€2„5,€3„1-3„4,€3„11,€4„2,€Glos„4,€Glos„7,€Glos„8,€Glos„10,€Glos„19,€Glos„23ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	    ÐDiscretionary€Access€Controlà‚    ŒŒ2 (#. RR&  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€Glos„8,€Glos„10,€C„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 õì   ÐDistributionà‚    ÌÌ
 (#. ,,  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€2„8,€Glos„14,€Glos„16,€Glos„21,€Bib„5,€Bib„8,€B„3,€G„5,€G„15ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ÏÆ   ÐEducationà‚    ¦¦8 (#. šš  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„2,€2„3,€3„1,€3„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ©    ÐEmergencyà‚    ŽŽ  (#. þþ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„7,€2„9,€3„2-3„4,€Glos„7,€Glos„10,€Glos„11,€Glos„19,€Glos„20,€Glos„25,€D„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ƒz   ÐEncryptionà‚        (#. èè  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„10-2„12,€4„4,€4„7,€Glos„5-Glos„9,€Glos„11,€Glos„12,€Glos„14,€Glos„16,€Glos„20,ˆÐ   	 ]T   Ðà€    èè- (# àGlos„22,€Bib„6,€Bib„7,€A„1-C„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌEnvironmentalà‚    þþ3 (#. úú  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„11,€4„1,€4„2,€B„1,€D„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	    ÐEPLà‚    ¸¸6 (#. üü  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„6,€Glos„11,€Glos„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ëâ   ÐEvaluated€Products€Listà‚    ¸¸6 (#. ¢¢!  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„6,€Glos„11,€Glos„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Å¼   ÐExecutive€Orderà‚    dd9 (#. €	€	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„21,€A„1,€G„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ÿ–   ÐExemptionà‚    P P B (#. ÖÖ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„10,€C„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 yp   ÐFacilityà‚    66  (#. ää  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€2„4,€2„8,€2„9,€3„4-3„6,€3„9,€3„12,€4„1,€4„2,€4„7,€Glos„19,€Bib„6,€Bib„7,€Bib„9ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 SJ   ÐFacsimileà‚    Ø!Ø!G (#. ||  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 -$   ÐFAXà‚    J J B (#. $$  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„13,€G„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 þ   ÐFederal€Bureau€of€Investigationà‚    ÜÜ< (#. êê)  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€Bib„6,€A„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 áØ   ÐFederal€Managers'€Financial€Integrity€Actà‚    ¤¤' (#. 

3  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„1,€G„5,€G„7,€G„9,€G„19,€G„20,€G„26ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 »²   ÐFirewallsà‚    ²²3 (#. dd  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„1,€Bib„3,€G„28,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 •Œ   ÐFMFIAà‚    ((% (#. îî  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„6,€G„1,€G„6,€G„9,€G„19,€G„21,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 of   ÐFOIAà‚    ÆÆ+ (#. ``  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€1„5,€4„9,€Bib„3,€Bib„9,€A„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 I@    ÐFreedom€of€Informationà‚    þþ (#. ¾¾   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€1„5,€4„9,€Glos„22,€Bib„2,€Bib„3,€Bib„9,€A„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 # !   ÐGeneral€Accounting€Officeà‚    ””= (#. ’’#  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñA„1,€G„3,€G„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ý ô"   ÐGeneral€Support€Systemà‚     (#. ÆÆ   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4,€3„10,€Glos„12,€D„2,€G„17-G„19,€G„22-G„25,€G„27,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ×!Î#   ÐGovernment€Corporation€and€Control€Actà‚    °!°!G (#. øø0  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„16ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ±"¨$   ÐGovernment€Performance€and€Results€Actà‚    ””= (#. 0  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„2,€G„9,€G„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ‹#‚%   ÐIGà‚    RR3 (#. pp  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„2,€G„3,€G„5,€G„11-G„15ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 e$\ &   ÐIncident€Response€Capabilityà‚    ¼¼: (#. 00&  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„9,€G„18,€G„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ?%6!'   ÐIndividual€Accountabilityà‚    / (#. #  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„19,€G„24,€G„25,€G„28,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 &"(   ÐInformation€Sharingà‚    ÆÆA (#. ”
”
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„20,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ó&ê")   ÐInspector€Generalà‚    " " B (#. â	â	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„2,€G„10ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Í'Ä#*   ÐInternal€Affairsà‚    hh> (#. 0	0	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„5,€2„7,€5„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 §(ž$+   ÐInternal€Controlsà‚    ÀÀ1 (#. ¦	¦	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„3,€G„7,€G„10,€G„11,€G„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 )x%,   ÐInternetà‚    hh (#. ðð  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€4„13,€Glos„14,€Glos„26,€Bib„1-Bib„3,€G„1,€G„8,€G„24,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 [*R&-   ÐIRMà‚    ÄÄ (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3-2„5,€3„9,€3„10,€3„12,€Bib„3,€A„1,€G„13,€G„18,€G„19ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 5+,'.   ÐLabelsà‚    Ø!Ø!G (#. šš  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ,(/   ÐLeast€Privilegeà‚    ¸¸- (#. 		  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€Glos„15,€G„19,€G„25,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 é,à(0   ÐLicenseà‚    r r B (#. ìì  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„9,€4„13ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ã-º)1   ÐLife„Cycleà‚    

 (#. ÎÎ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€2„8,€3„12,€4„6,€Glos„7,€Glos„10,€Glos„13,€Glos„20ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 	      ÐMaintenanceà‚    ªª (#. hh  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€2„8,€3„3,€3„11,€4„3,€4„9-Glos„11,€Glos„13,€G„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ãÚ    ÐMajor€Applicationà‚    ÖÖ
 (#. 

  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„5,€3„7,€Glos„2,€Glos„15,€D„2,€G„17,€G„19,€G„22,€G„23,€G„27-G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ½´   ÐMalicious€Codeà‚    ìì (#. L	L	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„9,€5„1,€Glos„4,€Glos„15,€Glos„24-Glos„26,€B„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 —Ž   ÐManual€proceduresà‚    °!°!G (#. N
N
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 qh   ÐMaterial€Weaknessà‚    88< (#. B
B
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„4,€G„13,€G„14ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 KB   ÐMISSIà‚    ÎÎ& (#. ’’  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4-Glos„6,€Glos„11,€Glos„12,€Glos„16ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 %	   ÐMonitoringà‚    ll2 (#. üü  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„5,€4„7,€G„4,€G„12,€G„14ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ÿ	ö   ÐMOUà‚    ÆÆ6 (#. bb  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„11,€4„10,€4„13,€A„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ù
Ð   ÐNational€Information€Infrastructureà‚    žž6 (#. þþ-  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„12,€4„13,€A„2,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ³ª	   ÐNational€Security€Agencyà‚    €€+ (#. 88"  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€Glos„16,€Glos„25,€A„2,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 „
   ÐNetworksà‚    ÀÀ  (#. ‚‚  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1,€2„1-3„3,€3„8,€4„4,€4„5,€4„12,€4„13,€5„1,€Glos„12,€Glos„16,€Glos„22,€C„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 g^	   ÐNIST€Handbookà‚    ¼¼: (#. €	€	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„5,€G„22,€G„24ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 A8
   ÐNon„Customsà‚    ´´. (#. ®®  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1,€4„3,€4„5,€4„11-4„13,€5„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	    ÐObject€Reuseà‚    bb (#. ŽŽ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€Glos„6,€Glos„7,€Glos„17,€Glos„19,€Bib„5,€C„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 õì   ÐOffice€of€Management€and€Budgetà‚    ÄÄ (#. ÈÈ)  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€1„1,€1„6,€3„5,€A„2,€G„1,€G„7,€G„16,€G„17ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ÏÆ   ÐOffice€of€Personnel€Managementà‚    RR (#. ZZ(  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€1„1,€Bib„8,€A„2,€E„1,€G„17,€G„21,€G„24,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ©    ÐOPMà‚    ¤¤ (#. BB  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„1,€Bib„8,€A„2,€E„1,€G„17,€G„18,€G„20,€G„24,€G„30,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ƒz   ÐOrange€Bookà‚    

 (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„10,€Glos„17,€Glos„23,€Glos„24,€Bib„3,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ]T   ÐOversightà‚    R
R
  (#. ˆˆ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€1„2-1„4,€2„2,€2„3,€2„5,€3„1,€3„11,€3„12,€Glos„15,€Bib„7,€G„12,€G„15,€G„17,€G„23ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 7.   ÐPAAà‚    ØØ (#.     àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„3,€2„5,€4„10,€4„12,€Glos„2,€Glos„8,€Glos„9,€Glos„18,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	    ÐPaperwork€Reduction€Actà‚    " (#. BB!  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„7,€G„16,€G„18,€G„19,€G„22,€G„23,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ëâ   ÐPasswordà‚    66 (#. vv  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€4„7,€Glos„18,€Bib„5,€Bib„7,€B„2,€B„4,€C„1,€C„2,€G„22,€G„24,€G„26ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Å¼   ÐPBXà‚    FF5 (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„14,€Glos„18,€A„2-B„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ÿ–   ÐPersonally„ownedà‚    7 (#. ä	ä	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„12,€Glos„18,€Bib„9ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 yp   ÐPhysical€Securityà‚    ––' (#. º	º	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„9,€3„4,€4„1,€Glos„18,€Bib„5,€Bib„8ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 SJ   ÐPortableà‚    \ \ B (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„10,€B„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 -$   ÐPrincipal€Accrediting€Authorityà‚    œœ! (#. ðð)  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„3,€2„5,€4„10,€4„12,€Glos„2,€Glos„18,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 þ   ÐPrivacy€Actà‚    â
â
  (#. ((  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€1„5,€2„6,€4„9,€5„1,€Glos„18,€Glos„21-Glos„23,€Bib„2,€Bib„3,€Bib„5,€Bib„6,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 áØ   ÐPrivate€Branch€Exchangeà‚    ÒÒ: (#. !  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„18,€A„2,€B„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 »²   ÐProcess€Ownerà‚    ææ% (#. 		  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„5,€3„1,€4„3,€Glos„2,€Glos„3,€Glos„19ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 •Œ   ÐPublic€Accessà‚    ÜÜ; (#. ÂÂ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„20,€G„28,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 of   ÐRecoveryà‚    „„  (#. xx  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„4,€2„5,€3„1-3„4,€3„11,€Glos„4,€Glos„7,€Glos„10,€Glos„19,€Glos„23,€Bib„5,€G„26ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 I@    ÐRed€Bookà‚    !!F (#. ””  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 # !   ÐRemanenceà‚    **' (#. 

  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„6,€Glos„17,€Glos„19,€Bib„1,€C„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ý ô"   ÐReportsà‚    òò% (#. ðð  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„3,€B„3-G„6,€G„12-G„15,€G„21,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ×!Î#   ÐResidual€Dataà‚    ,,4 (#. ÄÄ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€4„10,€Glos„17,€C„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ±"¨$   ÐResidual€Riskà‚    èè/ (#. ´´  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„4,€3„5,€3„9,€3„10,€Glos„19ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ‹#‚%   ÐReuseà‚    bb (#. pp  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€Glos„6,€Glos„7,€Glos„17,€Glos„19,€Bib„5,€C„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 e$\ &   ÐRisk€Analysisà‚    ìì (#. ²²  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„4-3„6,€4„1,€4„2,€4„4,€4„11,€Glos„4,€Glos„20,€C„2,€D„3,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ?%6!'   ÐRisk€Assessmentà‚    ºº) (#. 		  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„5,€Glos„20,€Bib„3,€C„1-F„2,€G„22ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 &"(   ÐRisk€Managementà‚       (#. ö	ö	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„1,€2„4,€3„1,€3„2,€3„4,€3„5,€Glos„20,€E„3,€E„4,€F„2,€G„22ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ó&ê")   ÐRules€of€Behaviorà‚    ff0 (#. ô	ô	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„11,€G„18,€G„24,€G„26-G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Í'Ä#*   ÐRules€of€the€Systemà‚    5 (#. €
€
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„10,€G„18,€G„24,€G„26ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 §(ž$+   ÐSBUà‚    ––  (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€3„8,€4„11,€4„12,€Glos„7,€Glos„15-Glos„17,€Glos„21,€Glos„22,€A„2,€C„1,€C„3,€E„2,€F„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 )x%,   ÐSDLCà‚    : (#. ŠŠ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€2„5-4„6,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 [*R&-   ÐSecurity€Controlsà‚    ØØ  (#. Ì	Ì	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€2„10,€4„1,€4„7,€4„9,€4„11,€Glos„10,€Glos„21,€B„3,€G„18,€G„20,€G„22-G„24,ˆÐ   	 5+,'.   Ðà€    üüB (# àG„26-G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌSecurity€Features€Userððs€Guideà‚    ¦ ¦ C (#. ØØ(  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 é,à(0   ÐSecurity€Incidentsà‚    DD' (#. ê	ê	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„5,€2„7,€2„9,€5„1,€G„21,€G„25,€G„30ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ã-º)1   ÐSecurity€Modeà‚    ÀÀ% (#. üü  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„7-3„9,€4„12,€Glos„1,€Glos„9,€Glos„23ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 	      ÐSecurity€Planà‚    J
J
  (#. ””  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„2,€2„5,€2„9,€3„2,€3„3,€3„9,€3„10,€4„4-4„9,€4„11,€D„1,€D„2,€G„18-G„20,€G„23,€G„24,ˆÐ   	 ãÚ    Ðà€    ÜÜ; (# àG„26,€G„27,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌSecurity€Practicesà‚    àà= (#. ê	ê	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„14,€B„1,€E„5ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 —Ž   ÐSecurity€Programs€Divisionà‚    ªª5 (#. ÈÈ$  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€2„4,€3„9,€4„1-A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 qh   ÐSecurity€Staffà‚    °!°!G (#. ªª  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„27ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 KB   ÐSensitive€But€Unclassifiedà‚    RR (#. JJ$  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€4„11,€4„12,€Glos„5,€Glos„15,€Glos„17,€Glos„21,€Glos„22,€A„2,€F„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 %	   ÐSeparation€of€Dutiesà‚    ÖÖ+ (#. ¨
¨
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñG„3,€G„4,€G„12,€G„19,€G„25,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ÿ	ö   ÐSFUGà‚    ¦ ¦ C (#. ŠŠ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ù
Ð   ÐSiteà‚     (#. ÈÈ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„8,€2„9,€3„4,€4„1,€4„9,€4„10,€Glos„22,€Bib„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ³ª	   ÐSkipjackà‚    || (#. ..  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„5,€Glos„6,€Glos„9,€Glos„10,€Glos„12,€Glos„20,€Glos„22ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 „
   ÐSPDà‚    &&) (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€2„4,€3„9,€3„10,€3„12,€4„1-A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 g^	   ÐSteering€Committeeà‚    ¦¦8 (#. |
|
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€2„3,€3„1,€3„11ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 A8
   ÐStrategic€IRM€Planà‚    ¼¼: (#. N
N
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñBib„3,€G„18,€G„19ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	    ÐSystem€High€Security€Modeà‚    zz< (#. ðð#  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„9,€Glos„23ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 õì   ÐSystems€Development€Life€Cycleà‚      : (#. pp(  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„5,€Bib„2,€Bib„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ÏÆ   ÐTCBà‚    ff? (#.   àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„24,€F„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ©    ÐTCSECà‚    ""  (#. òò  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„3-Glos„5,€Glos„7,€Glos„8,€Glos„10,€Glos„17,€Glos„19,€Glos„22-Glos„24,€Bib„3,€Bib„7,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ƒz   ÐTelecommunicationsà‚    44  (#. ²
²
  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€1„6,€4„3,€4„12-4„14,€Glos„1,€Glos„6,€Glos„16,€Bib„2,€Bib„3,€Bib„6,€Bib„9,ˆÐ   	 ]T   Ðà€    8 (# àA„2,€B„3,€C„1,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌTempestà‚    ¸¸6 (#. ((  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„6,€Glos„11,€Glos„24ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	    ÐTestingà‚    xx (#. ÖÖ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3,€3„1,€3„4,€3„7,€3„8,€4„6,€Bib„5,€C„2-G„4,€G„26,€G„28ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ëâ   ÐTFMà‚    ¦ ¦ C (#. 44  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Å¼   ÐTrade€Communityà‚     (#. 


  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€1„1,€1„2,€1„4,€2„11,€2„12,€4„3,€4„8,€Glos„3ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 Ÿ–   ÐTrainingà‚      (#. 00  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„4,€2„2,€2„3,€2„7,€2„10-2„12,€3„1,€3„10-3„12,€4„3,€Bib„2,€Bib„6,€Bib„8,€D„3,€E„1-E„3,€G„18-ˆÐ   	 yp   Ðà€    ) (# àG„21,€G„24,€G„25,€G„28,€G„30,€G„31ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌTrojan€Horseà‚    ¼¼3 (#. ˜˜  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„4,€Glos„15,€Glos„24ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 -$   ÐTrusted€Computer€Baseà‚    ff? (#. ˜˜  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„24,€F„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 þ   ÐTrusted€Computer€System€Evaluation€Criteriaà‚     (#. 5  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„3,€4„4,€Glos„10,€Glos„17,€Glos„19,€Glos„23,€Bib„3,ˆÐ   	 áØ   Ðà€    ..; (# àBib„6-Bib„8,€A„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÌTrusted€Facility€Manualà‚    4"4"H (#. ¼¼!  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„7ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 •Œ   ÐVendorà‚    RR> (#. ÞÞ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„5,€4„6,€B„2ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 of   ÐViolationsà‚    úú/ (#. ¨¨  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„2,€2„5,€5„1,€E„3,€E„5,€F„1ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 I@    ÐVirusà‚    ªª (#. LL  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ2„5,€2„7,€4„9,€5„1,€Glos„4,€Glos„15,€Glos„25,€Bib„8,€Bib„9,€B„3,€G„26ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 # !   ÐVital€Recordsà‚    ``2 (#. ²²  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„11,€Glos„20,€Glos„25ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ý ô"   ÐVoiceà‚    JJ4 (#. ff  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ1„3-4„4,€4„14,€B„3,€B„4ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ×!Î#   ÐWaiverà‚    JJ7 (#. ÒÒ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ3„10,€4„1,€4„3,€4„12ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ±"¨$   ÐWarning€Bannerà‚    Î Î C (#. €	€	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„4,€4„5ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ‹#‚%   ÐWork€at€Homeà‚    îîA (#. 		  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñ4„11,€G„24ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 e$\ &   ÐWorld€Wide€Webà‚    ""* (#. Ü	Ü	  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñIII,€Glos„26,€A„2,€G„1,€G„8,€G„29ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 ?%6!'   ÐWormà‚    ¼¼3 (#. ŠŠ  àñš%ññ ›%ññš%ñŠñš%ññ›%ññš%ñGlos„4,€Glos„15,€Glos„26ñš%ññ ›%ññš%ñ‹ñš%ññ›%ññš%ñˆÐ   	 &"(   ÐÝ ‚a  cÿËO	 €upd ÝÝ     ÝÓ	    ¿O	  Óñš%ññ š%ñœñš%ññ ›%ñ›ñ›%ñÐ	   	 ó&ê")   ÐÑ    i ÑØ       ØÖ  €­  ² é #  ÖØ       ØÔ
      ÔÔ ‡  °üª ° & &ù´ ÔÔ ‡¹  °„½ ° ° °üª ÔÓ   ÓÑ7 €N  ‘®N X X       dð I X X       dð 7 ÑÑ €     ÑReaderððs€Comment€FormÔ# †  °üª ° °¹ °„½3Â	 # ÔÔ# †  &ù´ & ° °üªÂ	 # ÔÔ     Â	  ÔÐ   	 X      ÐßA €& - )                 °° x         d  E°7¨ xA ßÐ   	 8à   ÐÓ  RÂ	  ÓÌTitle:à0    ð àà0    ð(#ð(# àòòAUTOMATED€INFORMATION€SYSTEMS€SECURITY€POLICY€MANUALóóÐ    ¹a (#(#  Ðà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àCIS€HB€ñ ›%ñœñ›%ñ1400„05Ð    (#(#  Ðà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àU.S.€Customs€ServiceÐ    (#(#  Ðà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àOffice€of€Information€and€TechnologyÐ    (#(#  Ðà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àAutomated€Information€Systems€Security€DivisionÐ    (#(#  Ðà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# à7681€Boston€Blvd.Ð    (#(#  Ðà0    Ð àà0    ðÐ(#Ð(# àà0    ð(#ð(# àSpringfield,€VA.€€22153Ð    (#(#  ÐÌAttention:à0     àMr.€Tom€Bovasso€or€AIS€Security€Administration.Ð    5
 (#(#  ÐÌÌDear€Reader:ÌÌYou€may€use€this€form€to€communicate€your€comments€about€this€publication,€its€organization,€or€subjectÏmatter€with€the€understanding€that€the€U.S.€Customs€Service€may€use€or€distribute€whatever€informationÏyou€supply€in€any€way€it€believes€appropriate€without€incurring€any€obligation€to€you.€€Thank€you€for€yourÏcooperation.