C2 CONTROLLED ACCESS PROTECTION
TABLE OF CONTENTS
3535-000
Page
Chapter 7 –
General Information
1 Purpose 2
2 Cancellation 2
3 References 2
4 Scope 3
5 Abbreviations 3
3535-001
Part I – USDA’s
C2 Level of Trust
1 Background 1
2 Policy 3
3 Procedures 5
4 Responsibilities 11
3535-002
Part 2 – Patch
Management and System Updates
1 Background 1
2 Policy 2
3 Procedures 3
4 Responsibilities 6
U.S. DEPARTMENT OF
AGRICULTURE
WASHINGTON, D.C. 20250
DEPARTMENTAL
MANUAL
|
Number: 3535-000 |
|
SUBJECT: CS Controlled Access Protection |
DATE: May 11 2005 |
|
OPI: Office of the Chief Information Officer, Cyber Security |
||
GENERAL INFORMATION
1 PURPOSE
This
Departmental Manual chapter establishes the policy and procedures for the use
of C2 Controlled Access Protection
for
all USDA computing devices. USDA has
established a Level of Trust with procedures for hardening these systems.
Part 1 defines the established USDA Level of Trust for securing these
systems. Part 2 establishes formal
patch management policy and procedures for use on all operating systems and
applications in USDA.
2 CANCELLATION
This
Departmental Manual will be in effect until superseded.
3 REFERENCES
DOD
5200.28-STD Department of Defense Trusted Computer System
Evaluation
Criteria;
NIST Special Publication 500-170, Management Guide to the Protection of Information;
NIST Special Publication 500-174, Guide for Selecting Automated
Risk Analysis Tools;
4 SCOPE
This
manual applies to all USDA agencies, programs, teams, organizations,
appointees, employees, and other activities.
5 ABBREVIATIONS
CC -
Common Criteria
CIO -
Chief Information Officer
CS -
Cyber Security
C2 -
Controlled Access Protection (C2)
DAA - Designated Accrediting
Authority
DAC - Discretionary Access Control
FOUO - For Official Use Only
GSS - General Support Systems
ISSPM - Information Systems Security
Program Manager
IBM - International Business
Machines
IRM - Information Resources
Management
IT
- Information
Technology
LOUO - Limited Official Use Only
NIST - National Institute of
Standards and Technology
OCIO - Office of the Chief Information
Officer
OMB - Office of Management and Budget
PIN - Personal Identification
Number
SA - System Administrator
SA/D - Systems/Applications Developer
SBU - Sensitive But Unclassified
TCSEC - Trusted Computer System Evaluation
Criteria
USB - Universal Serial Bus
USDA - United States Department of
Agriculture