233 of 234

Graphics, exponents, and equations will not display within the text file. A link to the PDF version of this section will be in this spot in the future.
                                CHAPTER XIII

                     REQUIREMENTS FOR PERIODS PROCESSING

1.  OVERVIEW.  Periods processing is a method of sequential operation of a
    classified AIS that provides the capability to process various levels of
    sensitivity of information at distinctly different times.  Periods
    processing provides the capability to either:  (a) have more than one
    user (sequentially) on a single-user Classified AIS with different
    levels of information or need-to-know; (b) use a Classified AIS at more
    than one classification level (sequentially); or (c) use a Classified
    AIS in more than one Protection Index.  The requirements of DOE 5639.6A
    and this Manual do not apply when processing in the unclassified mode.

2.  SANITIZATION AFTER USE.  If a Classified AIS is used for periods
    processing either by more than one user or for segregating information
    by classification level onto separate media, the Classified AIS Security
    Plan shall specify the sanitization procedures to be employed by each
    user before and after each session of use of the classified AIS.

3.  SANITIZATION BETWEEN PERIODS.  The classified AIS shall be sanitized of
    all information before transitioning from one period to the next (e.g.,
    whenever there will be a new user(s) who does not have security
    clearance or the need-to-know for data processed during the previous
    period, changing from one Protection Index to another).  These
    procedures shall be documented in the Classified AIS Security Plan and
    approved by the DAA.  Such procedures could include, among others,
    sanitizing nonvolatile storage, exchanging disks, and powering down the
    classified AIS and its peripherals.

4.  MEDIA FOR EACH PERIOD.  Classified AISs employed in periods processing
    shall have separate media for each period of processing, including
    copies of operating systems, utilities, and applications software.  For
    classified AIS operating at a Protection Index of zero, one, or two, the
    same media may be used for both periods if the media has been subjected
    to a process approved by the DAA, which proves that the media has not
    been contaminated by the addition of classified information.

5.  AUDIT.  Where there are multiple users of the classified AIS and where
    the classified AIS is not capable of automated logging, manual logging
    shall be done at the discretion of the DAA.  Audit trails are not
    required for single-user standalone classified AIS processing classified
    information.