219 of 234
First Highlight
Graphics, exponents, and equations will not display within the text file. A link to the PDF version of this section will be in this spot in the future.
CHAPTER II
CERTIFICATION AND ACCREDITATION
1. OVERVIEW. In making the decision to accredit, the Designated
Accrediting Authority (DAA) shall consider the security protections of
the classified AIS as documented in the Classified AIS Security Plan,
the results of the certification tests, the certification by the
Classified AIS Security Site Manager (CSSM), and any risk of operating
the classified AIS.
a. Certification. Certification provides documentation stating that
the classified AIS and its environment comply with requirements of
the DOE Classified AIS Security Program (DOE 5639.6A and this
Manual), as specified in the approved Classified AIS Security Plan.
The CSSM certifies the classified AIS and provides a report of the
results of the certification tests to the DAA to aid in the
accreditation decision.
b. Accreditation. Accreditation is the written formal management
decision to approve and authorize an organization to operate a
classified AIS to process, store, transfer, or provide access to
classified information. Accreditation remains in effect for 3
years, unless there are modifications to the classified AIS that
impact its security, that impact the security aspects of its
environment, or that change the security requirements.
2. CLASSIFIED AIS APPROVAL AND ACCREDITATION PROCESS. All requests for
approval and recommendations related to the accreditation of a
Classified AIS shall proceed through the accreditation channels (see
Figure II-1).
a. Preparation of the Classified AIS Security Plan. To begin the
accreditation process, the responsible Classified AIS Security
Officer (CSSO) shall develop the Classified AIS Security Plan (see
Chapter V) to define the manner in which the classified AIS and its
information shall be protected.
b. CSSM Review of the Classified AIS Security Plan. The completed
Classified AIS Security Plan shall be reviewed by the CSSM and, if
it is acceptable, forwarded to the Classified AIS Security
Operations Manager (CSOM) for approval by the DAA.
c. Approval of the Classified AIS Security Plan. The CSOM shall
review the Classified AIS Security Plan within 30 days of receipt
and, if acceptable, approve the plan. If the CSOM is not the DAA,
the CSOM shall forward the plan, if acceptable, to the DAA. When
the plan is approved, the written approval shall be forwarded
through the accreditation chain for retention by the CSSM and the
CSSO. Review of Classified AIS Security Plans by the DAA shall be
completed or refused within 30 days of receipt. For a Classified
AIS located within a Sensitive Compartmented Information Facility,
see page II-6, paragraph 6f.
d. Security Performance Test Plan Approval. Following approval of the
Classified AIS Security Plan, the CSSO with the assistance of the
CSSM shall develop a plan for testing the security features of the
Classified AIS. The test plan is forwarded through the
accreditation chain to the DAA for approval or returned for
recommended revision. The test plan may be submitted for
concurrent approval with the approval request for the Classified
AIS Security Plan.
e. Certification Security Performance Testing. After the Classified
AIS Security Plan and the security performance test plan are
approved and the classified AIS implementation is complete,
certification testing shall be performed under the direction of the
CSSM. The CSSM shall evaluate and certify the implementation of
the security features for the classified AIS and verify that the
classified AIS operates in accordance with the approved Classified
AIS Security Plan. A summary of the certification test results and
the certification shall be forwarded through accreditation channels
to the DAA. Classified information shall not be introduced into
the AIS until the accreditation has been accomplished and
documented by the DAA.
f. Independent Validation and Verification Support. For classified
AISs with a Protection Index of two or greater, the cognizant CSSM
shall forward a request for Independent Validation and Verification
of the classified AIS design and support for the certification
testing. The request shall be forwarded through the accreditation
chain to the CSPM and shall provide for funding.
g. Accreditation. The DAA shall review the certification and test
result summary and formally issue a written accreditation accepting
the risk of operating the classified AIS and authorizing its use to
process classified information as documented in the Classified AIS
Security Plan. The written accreditation shall be returned through
the accreditation chain for retention by the CSSM and the CSSO.
Accreditation shall be completed or refused within 30 days of
receipt of the certification by the DAA.
h. Accreditation of Similar Classified AISs. Where two or more
similar classified AISs are to be operated in the same operational
environment (i.e., the Security Requirements Specifications are the
same and the physical security requirements are similar), a
Classified AIS Security Plan may be written and approved by the
DAA, to cover all such Classified AISs (generally Personal
Computers and standalone workstations). Each such Classified AIS
Security Plan shall contain the information described in Chapter V.
The Classified AIS Security Plan for these classified AISs shall
specify the information required for each certification for a
Classified AIS to be accredited under this procedure. The DAA
shall accredit the first Classified AIS under the plan. All the
other individual classified AISs to be operated under such a
Classified AIS Security Plan shall be tested by the CSSO and
certified by the CSSM as meeting the conditions of the accredited
Classified AIS Security Plan. This certification, in effect,
accredits the individual classified AISs to operate under the
Classified AIS Security Plan. A copy of each certification report
shall be retained with the approved copy of the Classified AIS
Security Plan.
3. CLASSIFIED AIS SECURITY PLANS. A Classified AIS Security Plan shall be
developed by the CSSO following the subject headings shown in Chapter V.
The Classified AIS Security Plan shall provide a basis for determining
that the classified AIS correctly implements the Classified AIS Security
Program.
a. Security Plan Contents. The Classified AIS Security Plan shall
describe the classified AIS, its interconnections, and the security
protections and countermeasures. It shall document the manner in
which the requirements of this Manual are to be met for the
classified AIS. The requirements to be met for the protection of
the classified AIS shall be based on the Protection Index and the
classification levels and categories of the information to be
processed.
b. Security Plan Approval. Prior to certification of the classified
AIS by the CSSM, each Classified AIS Security Plan shall be
reviewed and approved by the cognizant DAA.
4. SECURITY PERFORMANCE TESTING. Certification security performance
testing and ongoing security performance testing provide assurance that
the classified AIS is operating in accordance with the approved
Classified AIS Security Plan. The certification test results, when
satisfactory, provide the DAA with supporting documentation for the
accreditation of the classified AIS.
a. Certification Security Performance Test Plans. The CSSO, with the
assistance and approval of the CSSM, shall develop the
certification security performance test plan to assure that the
classified AIS has been implemented and is operating in accordance
with the Classified AIS Security Plan. The certification security
performance test plan shall be approved by the DAA. If the
security features of the classified AIS, as specified in the
Classified AIS Security Plan, are expected to restrict user access,
for example, these features shall be tested to ensure that they are
implementing the specified security requirements.
b. Certification Security Performance Test Performance.
(1) CSSO Specified Testing. For classified AIS with a Protection
Index of zero or one, the CSSO shall assure that the specified
tests are performed.
(2) Independent Validation and Verification Team Testing. For
classified AISs with a Protection Index of two or greater, an
Independent Validation and Verification team, in coordination
with the CSSM and CSSO, shall assist in the design phase for
the AIS, assist in determining and developing the
certification test requirements, assist in the testing, and
evaluate the security of the classified AIS.
(a) The CSPM shall appoint and be responsible for the
direction of the Independent Validation and Verification
team.
(b) The Independent Validation and Verification team shall be
funded by the site.
(c) The CSSO shall assure that the specified tests are
performed.
(3) Independent Validation and Verification Team Planning. The
CSSM shall plan for three to six-person weeks of effort by the
Independent Validation and Verification Team during the
preliminary design phase for the AIS. From this effort the
Team will develop a management plan and cost requirement
estimate to prescope the Team efforts during the design phase
and the test plan review and the performance of the tests.
The management plan and cost requirement estimate shall be
approved by the CSSM, CSOM, DAA, and the CSPM prior to
proceeding with the AIS implementation.
c. Ongoing Security Performance Testing. Ongoing security performance
testing of the classified AIS shall be conducted on a regular basis
to ensure that the security features continue to function as stated
in the Classified AIS Security Plan. The plan for ongoing security
performance testing shall be described in the Certification
Security Performance Test Plan. The ongoing security performance
tests may include all or parts of the certification security
performance test plan depending on the level of risk associated
with the classified AIS and the decision of the DAA.
d. Vulnerabilities. Should any vulnerabilities or failures be
revealed during the certification security performance tests or the
ongoing security performance tests, the CSSM shall ensure that
necessary actions are taken to eliminate or minimize their impact.
Any modifications, changes, or additions to the security measures
of the classified AIS shall be included in a revised Classified AIS
Security Plan (or a list of changes, if the DAA concurs), and the
plan shall be submitted for approval as revised. The classified
AIS shall be retested as modified before the certification process
is completed.
e. Documentation. The results of certification tests and an analysis
of the results shall be documented.
f. Additional Tests. Following receipt of the certification
documentation from the CSSM, the DAA may designate additional tests
that shall be performed prior to meeting accreditation
requirements.
5. CERTIFICATION. The CSSM shall evaluate the implementation of the
classified AIS and the results of the certification tests to verify that
the classified AIS has been implemented as described in the Classified
AIS Security Plan and that the specified security controls are in place
and operating properly.
a. Certification Statement. After successful completion of
certification testing, the CSSM shall issue a written certification
statement that assures the DAA that all requirements have been met
and that the classified AIS is ready for accreditation.
b. Certification Report. The CSSM shall compile a certification
report as supporting evidence for the certification statement.
This report shall be forwarded through the accreditation chain.
The report shall, at a minimum, be composed of the test plan, an
analysis of the certification test results, the certification
statement, and, at the discretion of the DAA, the approved
Classified AIS Security Plan.
6. DETERMINATION OF DESIGNATED ACCREDITING AUTHORITY. The determination of
the DAA shall be based on the factors described below. The DAA and the
certifying official (the CSSM) shall not be the same person. For all
classified AISs, the DAA shall be a DOE employee. The DAA shall review
the certification report of the classified AIS (including the results of
the certification testing) and, if acceptable, shall formally accredit,
in writing, the classified AIS to process classified information.
a. Classified AISs Operated Under the Jurisdiction of More Than One
Operations Office. For classified AISs to be operated under the
jurisdiction of more than one Operations Office (including the
Rocky Flats Office), the CSPM shall designate the DAA. The
selected DAA shall ensure the identification of security officials
to be responsible for the implementation of the Classified AIS
Security Plan at each DOE site.
b. Classified AISs for Which the DAA Cannot be Determined. For
classified AISs for which the DAA cannot be determined, the CSPM
shall designate the DAA.
c. Classified AISs Operated With a Protection Index of Zero, One, Two,
Three, or Four. For classified AISs (including non-Sensitive
Compartmented Information collateral intelligence AISs operated
under the cognizance of a single Operations Office, or the Rocky
Flats Office, that are not located within a Sensitive Compartmented
Information Facility) that are to be operated with a Protection
Index of zero, one, or two, the Operations Office Classified AIS
Security Operations Manager (CSOM) shall be the DAA. Classified
AISs that are to be operated with a Protection Index of three or
four are to be accredited by a senior management official,
designated by the Operations Office Manager (or the Manager, Rocky
Flats Office) as the DAA, in coordination with the CSPM.
d. Classified AIS Operated With a Protection Index of Five. For
classified AISs (including non-Sensitive Compartmented Information
collateral intelligence AISs that are not located within a
Sensitive Compartmented Information Facility) that are to be
operated with a Protection Index of five, the Operations Office
Manager, or the Manager, Rocky Flats Office, in coordination with
the Classified AIS Security Program Manager (CSPM), shall be the
DAA.
e. Classified AISs Operated by the Headquarters. For Classified AISs
(including non-Sensitive Compartmented Information collateral
intelligence AISs that are not located within a Sensitive
Compartmented Information Facility) operated by:
(1) Heads of Headquarters Elements,
(2) Headquarters contractor organizations, and
(3) Organizations reporting to the Headquarters.
(a) With a Protection Index of zero, one, or two, the
Headquarters Operations Division, Office of Safeguards
and Security, CSOM shall be the DAA.
(b) With a Protection Index of three or four, the Director of
Headquarters Operations Division, Office of Safeguards
and Security, shall designate a senior management
official, of the Headquarters Operations Division, to be
the DAA, in coordination with the CSPM.
(c) With a Protection Index of five, the Director,
Headquarters Operations Division, Office of Safeguards
and Security, shall be the DAA, in coordination with the
CSPM.
f. Intelligence Information. For classified AISs that process
intelligence information and are located in a Sensitive
Compartmented Information Facility, the cognizant CSOM and CSPM
shall review the Classified AIS Security Plan and the certification
of the classified AIS and, if acceptable, direct it to the Office
of Intelligence, Office of Nonproliferation and National Security,
CSSO, with a recommendation that the Classified AIS Security Plan
and the certification be forwarded for approval or accreditation to
the Director, Office of Intelligence, Office of Nonproliferation
and National Security, DAA.
g. Director of Naval Reactors Program. For classified AIS networks
that are solely under the jurisdiction of the Director of Naval
Reactors Program and whose external components extend into the
jurisdiction of different Naval Reactor Offices, the Director of
Naval Reactors Program shall designate one of the Naval Reactor
Office senior managers to be the DAA. Notification of the
accreditation of a classified AIS with a Protection Index of two or
greater shall be furnished to the CSPM.
7. PROVISIONAL ACCREDITATION. A DAA may grant provisional accreditation
(temporary authority to operate) of a Classified AIS to meet documented
programmatic requirements or to permit a major conversion of the
classified AIS. This provisional accreditation may be granted for up to
180 days. DAA-approved protection measures shall be in place and
functioning during the period of provisional accreditation. A copy of
the provisional accreditation documents shall be forwarded to the CSPM.
8. REACCREDITATION. Following the intent of OMB Circular A-130,
"Management of Federal Information Resources," each classified AIS shall
be reaccredited by the DAA every 3 years at a minimum. Reaccreditation
shall also occur if there are to be modifications to a Classified AIS
that impact its security, if the security aspects of its environment
change, or if the applicable security requirements change.
a. Updated Classified AIS Security Plan. The CSSO shall prepare an
update to the Classified AIS Security Plan and forward it to the
CSSM.
b. Review of the Classified AIS Security Plan. The updated Classified
AIS Security Plan shall be reviewed by the CSSM and, if it is
acceptable, approved and forwarded to the CSOM.
c. Continuation of Reaccreditation Process. From this point, the
reaccreditation process should follow the certification and
accreditation procedures as specified above. In those cases where
there have been no security related changes to the accredited
classified AIS, the DAA may elect to accept a report of ongoing
security performance testing in lieu of the certification security
performance testing as sufficient for reaccreditation.
**** DATABASE NOTE:
ATTACHMENT OF FIGURE II-1 - CLASSIFIED AIS SECURITY ACCREDITATION
FLOWCHART (PAGE II-9 AND II-10) IS NOT INCLUDED IN DATABASE, DUE
TO ITS FORMAT.
Top of Document