217 of 234
First Highlight
Graphics, exponents, and equations will not display within the text file. A link to the PDF version of this section will be in this spot in the future.
TABLE OF CONTENTS
CHAPTER I - CLASSIFIED AUTOMATED INFORMATION SYSTEMS SECURITY PROGRAM
MANAGEMENT
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
2. Protection Requirements and Countermeasures . . . . . . . . . . . . I-1
3. Protection Methodology . . . . . . . . . . . . . . . . . . . . . . I-1
4. Risk Management Concept of Operation . . . . . . . . . . . . . . . I-1
a. Risk Management . . . . . . . . . . . . . . . . . . . . . . . I-1
b. Residual Risk . . . . . . . . . . . . . . . . . . . . . . . . I-2
c. Site and Facility Risk Assessments . . . . . . . . . . . . . . I-2
d. Annual DOE Classified AIS Security Program Risk Assessment . . I-2
e. Threat Identification . . . . . . . . . . . . . . . . . . . . I-2
f. Vulnerability Identification . . . . . . . . . . . . . . . . . I-3
g. Risk Acceptance . . . . . . . . . . . . . . . . . . . . . . . I-3
5. Configuration Management Program . . . . . . . . . . . . . . . . . I-3
a. Baseline Requirements . . . . . . . . . . . . . . . . . . . . I-3
b. Hardware/Software Description . . . . . . . . . . . . . . . . I-4
(1) Hardware Type Description . . . . . . . . . . . . . . . . I-4
(2) Detailed Hardware/Software Description . . . . . . . . . I-4
(3) Hardware/Software Description Implementation . . . . . . I-4
c. Ongoing Security Performance Test Plans . . . . . . . . . . . I-5
d. Classified AIS Security Plans . . . . . . . . . . . . . . . . I-5
e. Media Resources . . . . . . . . . . . . . . . . . . . . . . . I-5
6. Software Protection . . . . . . . . . . . . . . . . . . . . . . . . I-5
a. Malicious Activities . . . . . . . . . . . . . . . . . . . . . I-5
b. Public Domain Software . . . . . . . . . . . . . . . . . . . . I-5
c. Personally Owned Software . . . . . . . . . . . . . . . . . . I-5
d. Proprietary Software . . . . . . . . . . . . . . . . . . . . . I-5
e. Custom Software Developed by DOE or Covered Contractors . . . I-5
7. Security-Relevant Software Modifications . . . . . . . . . . . . . I-6
8. Classified AIS Acquisition Specifications . . . . . . . . . . . . . I-6
9. Continuity of Operations Planning . . . . . . . . . . . . . . . . . I-6
a. Mission Essential Applications . . . . . . . . . . . . . . . . I-7
b. Mission Essential Resources . . . . . . . . . . . . . . . . . I-7
c. Response . . . . . . . . . . . . . . . . . . . . . . . . . . . I-7
d. Responsible Personnel . . . . . . . . . . . . . . . . . . . . I-7
e. Backup Frequency and Location . . . . . . . . . . . . . . . . I-7
f. Documentation . . . . . . . . . . . . . . . . . . . . . . . . I-7
g. Exercise of Continuity of Operations Plans . . . . . . . . . . I-7
h. Cost to Exercise Plan . . . . . . . . . . . . . . . . . . . . I-7
10. Data and Operating System Backup Procedures . . . . . . . . . . . . I-8
11. Classified AIS Security Program Evaluations . . . . . . . . . . . . I-8
a. CSOM Review . . . . . . . . . . . . . . . . . . . . . . . . . I-8
b. CSSM Review . . . . . . . . . . . . . . . . . . . . . . . . . I-8
12. Alternative Protection Means and Deviations . . . . . . . . . . . . I-8
13. User Awareness and Responsibilities . . . . . . . . . . . . . . . . I-8
a. User Guidelines . . . . . . . . . . . . . . . . . . . . . . . I-8
b. Code of Conduct . . . . . . . . . . . . . . . . . . . . . . . I-9
c. Nondisclosure Agreements . . . . . . . . . . . . . . . . . . . I-9
14. AIS Security Training and Awareness Program . . . . . . . . . . . . I-9
a. Training Responsibilities . . . . . . . . . . . . . . . . . . I-9
b. Qualification Training . . . . . . . . . . . . . . . . . . . . I-10
c. Participation . . . . . . . . . . . . . . . . . . . . . . . . I-10
d. Classified AIS Security Awareness Training . . . . . . . . . . I-10
e. Classified AIS Escort Training . . . . . . . . . . . . . . . . I-10
15. Waste, Fraud, and Abuse Protection . . . . . . . . . . . . . . . . I-10
16. Classified AIS Security Incident Handling . . . . . . . . . . . . . I-10
a. System-Specific Vulnerabilities . . . . . . . . . . . . . . . I-10
b. Special Attention for Malicious Logic, Viruses, and Intruders I-11
CHAPTER II - CERTIFICATION AND ACCREDITATION
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . II-1
a. Certification . . . . . . . . . . . . . . . . . . . . . . . . II-1
b. Accreditation . . . . . . . . . . . . . . . . . . . . . . . . II-1
2. Classified AIS Approval and Accreditation Process . . . . . . . . . II-1
a. Preparation of the Classified AIS Security Plan . . . . . . . II-1
b. CSSM Review of the Classified AIS Security Plan . . . . . . . II-1
c. Approval of the Classified AIS Security Plan . . . . . . . . . II-1
d. Security Performance Test Plan Approval . . . . . . . . . . . II-2
e. Certification Security Performance Testing . . . . . . . . . . II-2
f. Independent Validation and Verification Support . . . . . . . II-2
g. Accreditation . . . . . . . . . . . . . . . . . . . . . . . . II-2
h. Accreditation of Similar Classified AISs . . . . . . . . . . . II-2
3. Classified AIS Security Plans . . . . . . . . . . . . . . . . . . . II-3
a. Security Plan Contents . . . . . . . . . . . . . . . . . . . . II-3
b. Security Plan Approval . . . . . . . . . . . . . . . . . . . . II-3
4. Security Performance Testing . . . . . . . . . . . . . . . . . . . II-3
a. Certification Security Performance Test Plans . . . . . . . . II-3
b. Certification Security Performance Test Performance . . . . . II-4
(1) CSSO Specified Testing . . . . . . . . . . . . . . . . . II-4
(2) Independent Validation and Verification Team Testing . . II-4
(3) Independent Validation and Verification Team Planning . . II-4
c. Ongoing Security Performance Testing . . . . . . . . . . . . . II-4
d. Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . II-5
e. Documentation . . . . . . . . . . . . . . . . . . . . . . . . II-5
f. Additional Tests . . . . . . . . . . . . . . . . . . . . . . . II-5
5. Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . II-5
a. Certification Statement . . . . . . . . . . . . . . . . . . . II-5
b. Certification Report . . . . . . . . . . . . . . . . . . . . . II-5
6. Determination of Designated Accrediting Authority . . . . . . . . . II-5
a. Classified AISs Operated Under the Jurisdiction of More Than
One Operations Office . . . . . . . . . . . . . . . . . . . . II-5
b. Classified AISs for Which the DAA Cannot be Determined . . . . II-6
c. Classified AISs Operated With a Protection Index of Zero, One,
Two, Three, or Four . . . . . . . . . . . . . . . . . . . . . II-6
e. Classified AISs Operated by the Headquarters . . . . . . . . . II-6
f. Intelligence Information . . . . . . . . . . . . . . . . . . . II-7
g. Director of Naval Reactors Program . . . . . . . . . . . . . . II-7
7. Provisional Accreditation . . . . . . . . . . . . . . . . . . . . . II-7
8. Reaccreditation . . . . . . . . . . . . . . . . . . . . . . . . . . II-7
a. Updated Classified AIS Security Plan . . . . . . . . . . . . . II-7
b. Review of the Classified AIS Security Plan . . . . . . . . . . II-7
c. Continuation of Reaccreditation Process . . . . . . . . . . . II-8
Figure II-1 - Classified AIS Security Accreditation Flowchart II-9
CHAPTER III - MODES OF OPERATION
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . III-1
a. Boundary and Perimeter of the Classified AISs . . . . . . . III-1
(1) Boundary . . . . . . . . . . . . . . . . . . . . . . . III-1
(2) Perimeter . . . . . . . . . . . . . . . . . . . . . . . III-1
b. Determination of Mode of Operation . . . . . . . . . . . . . III-1
2. Periods Processing . . . . . . . . . . . . . . . . . . . . . . . III-1
3. Definitions of Modes of Operation . . . . . . . . . . . . . . . . III-1
a. Dedicated Mode . . . . . . . . . . . . . . . . . . . . . . . III-1
b. System High Mode . . . . . . . . . . . . . . . . . . . . . . III-2
c. Compartmented Mode . . . . . . . . . . . . . . . . . . . . . III-2
d. Multilevel Mode . . . . . . . . . . . . . . . . . . . . . . III-2
CHAPTER IV - PROTECTION INDICES
1. Protection Indices . . . . . . . . . . . . . . . . . . . . . . . . IV-1
a. Protection Index 0 . . . . . . . . . . . . . . . . . . . . . . IV-1
(1) Security Features . . . . . . . . . . . . . . . . . . . . IV-1
(2) Security Assurances . . . . . . . . . . . . . . . . . . . IV-1
b. Protection Index 1 . . . . . . . . . . . . . . . . . . . . . . IV-1
(1) Security Features . . . . . . . . . . . . . . . . . . . . IV-1
(2) Security Assurances . . . . . . . . . . . . . . . . . . . IV-1
c. Protection Index 2 . . . . . . . . . . . . . . . . . . . . . . IV-1
(1) Security Features . . . . . . . . . . . . . . . . . . . . IV-1
(2) Security Assurances . . . . . . . . . . . . . . . . . . . IV-1
d. Protection Index 3 . . . . . . . . . . . . . . . . . . . . . . IV-2
(1) Security Features . . . . . . . . . . . . . . . . . . . . IV-2
(2) Security Assurances . . . . . . . . . . . . . . . . . . . IV-2
e. Protection Index 4 . . . . . . . . . . . . . . . . . . . . . . IV-2
f. Protection Index 5 . . . . . . . . . . . . . . . . . . . . . . IV-2
(1) Security Features . . . . . . . . . . . . . . . . . . . . IV-2
(2) Security Assurances . . . . . . . . . . . . . . . . . . . IV-2
g. Protection Index 6 . . . . . . . . . . . . . . . . . . . . . . IV-2
h. Protection Index 7 . . . . . . . . . . . . . . . . . . . . . . IV-2
i. Protection Index 8 . . . . . . . . . . . . . . . . . . . . . . IV-2
2. Determination of the Protection Index . . . . . . . . . . . . . . . IV-2
a. Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . . IV-3
b. Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . IV-3
3. Indeterminate Protection Index . . . . . . . . . . . . . . . . . . IV-3
CHAPTER V - CLASSIFIED AIS SECURITY PLAN
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . V-1
2. Common Documents . . . . . . . . . . . . . . . . . . . . . . . . . V-1
3. Classified AIS Security Plan . . . . . . . . . . . . . . . . . . . V-1
a. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . V-1
b. Security Requirements Specification . . . . . . . . . . . . . V-2
(1) Security Personnel . . . . . . . . . . . . . . . . . . . V-2
(2) Secure Operating Environment . . . . . . . . . . . . . . V-2
(3) Data Sensitivity . . . . . . . . . . . . . . . . . . . . V-2
(4) Personnel Security . . . . . . . . . . . . . . . . . . . V-3
(5) Protection Index . . . . . . . . . . . . . . . . . . . . V-3
(6) Physical Protection . . . . . . . . . . . . . . . . . . . V-3
(7) Security Contracts . . . . . . . . . . . . . . . . . . . V-3
(8) Approved Waivers, Variances, or Exceptions . . . . . . . V-3
(9) Special Security Countermeasures . . . . . . . . . . . . V-3
c. System Description . . . . . . . . . . . . . . . . . . . . . . V-3
d. Configuration Management Program . . . . . . . . . . . . . . . V-3
e. Risks and Vulnerabilities . . . . . . . . . . . . . . . . . . V-3
f. Security Measures . . . . . . . . . . . . . . . . . . . . . . V-4
(1) Personnel Security . . . . . . . . . . . . . . . . . . . V-4
(2) Physical Security . . . . . . . . . . . . . . . . . . . . V-4
(3) Telecommunications Security . . . . . . . . . . . . . . . V-4
(4) Administrative Security . . . . . . . . . . . . . . . . . V-4
(5) Technical Security . . . . . . . . . . . . . . . . . . . V-4
(6) Waste, Fraud, and Abuse . . . . . . . . . . . . . . . . . V-5
g. Network Requirements . . . . . . . . . . . . . . . . . . . . . V-5
(1) Overview of the Network . . . . . . . . . . . . . . . . . V-5
(2) Communications Protocols . . . . . . . . . . . . . . . . V-5
(3) Security Support Structure . . . . . . . . . . . . . . . V-5
(4) Security Policies . . . . . . . . . . . . . . . . . . . . V-5
h. Remote Maintenance/Diagnostics . . . . . . . . . . . . . . . . V-5
i. Ongoing Security Performance Test Plan . . . . . . . . . . . . V-5
j. Security Incidents . . . . . . . . . . . . . . . . . . . . . . V-6
k. Continuity of Operations . . . . . . . . . . . . . . . . . . . V-6
4. Interconnected Classified AIS Security Plan . . . . . . . . . . . . V-6
Figure V-1 - Development of Security Requirements
Specifications . . . . . . . . . . . . . . . . . V-7
CHAPTER VI - PERSONNEL SECURITY REQUIREMENTS
1. Baseline Requirements . . . . . . . . . . . . . . . . . . . . . . . VI-1
2. Personnel Access . . . . . . . . . . . . . . . . . . . . . . . . . VI-1
3. Users of the Classified AIS . . . . . . . . . . . . . . . . . . . . VI-1
a. Protection Index Zero, One, or Two . . . . . . . . . . . . . . VI-1
b. Protection Index Three or Greater . . . . . . . . . . . . . . VI-1
CHAPTER VII - PHYSICAL SECURITY REQUIREMENTS
1. Baseline Requirements . . . . . . . . . . . . . . . . . . . . . . VII-1
2. Protection Requirements for Protection Index Zero, One, Two, or
Three . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VII-1
3. Protection Requirements for Protection Index of Four or Five . . VII-2
4. Unescorted Physical Access to the Classified AIS . . . . . . . . VII-3
a. Protection Index of Zero, One, or Two . . . . . . . . . . . VII-3
b. Protection Index of Three or Greater . . . . . . . . . . . VII-3
c. Temporary Access . . . . . . . . . . . . . . . . . . . . . . VII-3
5. Visual Access Requirements . . . . . . . . . . . . . . . . . . . VII-3
CHAPTER VIII - TELECOMMUNICATIONS SECURITY REQUIREMENTS
1. Baseline Requirements . . . . . . . . . . . . . . . . . . . . . . VIII-1
2. Transmissions Security . . . . . . . . . . . . . . . . . . . . . VIII-1
a. Communications Security . . . . . . . . . . . . . . . . . . VIII-1
b. Protected Distribution Systems . . . . . . . . . . . . . . . VIII-1
c. Use of STU-III as an Encryption Device . . . . . . . . . . . VIII-1
3. Emission Security . . . . . . . . . . . . . . . . . . . . . . . . VIII-1
CHAPTER IX - ADMINISTRATIVE SECURITY REQUIREMENTS
1. Baseline Requirements . . . . . . . . . . . . . . . . . . . . . . . IX-1
2. User Warning Notice . . . . . . . . . . . . . . . . . . . . . . . . IX-1
a. Notice to All Users . . . . . . . . . . . . . . . . . . . . . IX-1
(1) Initial Screen Notice . . . . . . . . . . . . . . . . . . IX-1
(2) Other Methods of Notification . . . . . . . . . . . . . . IX-1
b. Monitoring and Recording . . . . . . . . . . . . . . . . . . . IX-1
3. User Access Controls . . . . . . . . . . . . . . . . . . . . . . . IX-1
a. User Authorizations . . . . . . . . . . . . . . . . . . . . . IX-2
b. User Identification (User IDs) . . . . . . . . . . . . . . . . IX-2
(1) User ID Reuse . . . . . . . . . . . . . . . . . . . . . . IX-2
(2) User ID Removal . . . . . . . . . . . . . . . . . . . . . IX-2
(3) User ID Revalidation . . . . . . . . . . . . . . . . . . IX-2
c. Authentication . . . . . . . . . . . . . . . . . . . . . . . . IX-2
(1) Logon . . . . . . . . . . . . . . . . . . . . . . . . . . IX-2
(2) Protection of Authenticator . . . . . . . . . . . . . . . IX-2
4. User Accountability . . . . . . . . . . . . . . . . . . . . . . . . IX-3
5. Marking of Classified AIS Components . . . . . . . . . . . . . . . IX-3
6. Marking of Classified AIS Media . . . . . . . . . . . . . . . . . . IX-3
a. Hardcopy Output . . . . . . . . . . . . . . . . . . . . . . . IX-3
(1) Protection Index Zero, One, or Two . . . . . . . . . . . IX-3
(2) Protection Index Three or Greater . . . . . . . . . . . . IX-3
b. Removable Media . . . . . . . . . . . . . . . . . . . . . . . IX-4
(1) Protection Index of Zero, One, or Two . . . . . . . . . . IX-4
(2) Protection Index of Three or Greater . . . . . . . . . . IX-4
(3) Classified AIS Facilities . . . . . . . . . . . . . . . . IX-4
(4) Additional Requirements . . . . . . . . . . . . . . . . . IX-4
(5) Security Labels . . . . . . . . . . . . . . . . . . . . . IX-5
7. Transfer of Removable Media . . . . . . . . . . . . . . . . . . . . IX-5
8. Protection of Media Containing System Software . . . . . . . . . . IX-5
a. Protection Index Zero, One, or Two . . . . . . . . . . . . . . IX-5
b. Protection Index Three or Greater . . . . . . . . . . . . . . IX-5
9. Protection of Printer Media . . . . . . . . . . . . . . . . . . . . IX-5
a. Protection and Destruction of Multistrike Printer Ribbons . . IX-5
b. Laser Toner Cartridges . . . . . . . . . . . . . . . . . . . . IX-6
(1) Sanitization of Laser Printer Toner Cartridges . . . . . IX-6
(2) Maintenance of Laser Printer Toner Cartridges . . . . . . IX-6
10. Clearing and Sanitization . . . . . . . . . . . . . . . . . . . . . IX-6
a. Clearing . . . . . . . . . . . . . . . . . . . . . . . . . . . IX-6
(1) Clearing of Storage Media . . . . . . . . . . . . . . . . IX-6
(2) Clearing of Memory . . . . . . . . . . . . . . . . . . . IX-6
b. Sanitization . . . . . . . . . . . . . . . . . . . . . . . . . IX-6
(1) Sanitization of Storage Media . . . . . . . . . . . . . . IX-7
(2) Sanitization of Memory . . . . . . . . . . . . . . . . . IX-7
(3) Sanitization of Hardware Components . . . . . . . . . . . IX-7
(4) Visual Examination of Hardware Components . . . . . . . . IX-7
11. Destruction Procedures . . . . . . . . . . . . . . . . . . . . . . IX-7
a. Destruction of Media . . . . . . . . . . . . . . . . . . . . . IX-7
b. Destruction of Output . . . . . . . . . . . . . . . . . . . . IX-7
12. Movement of Classified Equipment and Software . . . . . . . . . . . IX-7
13. Release of Classified AIS Equipment . . . . . . . . . . . . . . . . IX-7
14. Release of Media . . . . . . . . . . . . . . . . . . . . . . . . . IX-8
15. Waste, Fraud, and Abuse Review . . . . . . . . . . . . . . . . . . IX-8
16. Remote Diagnostic or Maintenance Services for Classified AISs . . . IX-8
a. Site Procedures . . . . . . . . . . . . . . . . . . . . . . . IX-8
b. Secure Remote Classified Diagnostic Facility . . . . . . . . . IX-8
Attachment IX-1 - PROTECTION REQUIREMENTS FOR INFORMATION MARKED
"PROTECT AS RESTRICTED DATA"
1. Sites Authorized to Use PARD Designation . . . . . . . . . . . . . IX-9
2. Handling and Control of PARD Information . . . . . . . . . . . . . IX-9
a. Authorization to Use the PARD Designation . . . . . . . . . . IX-9
b. PARD Protection Requirements . . . . . . . . . . . . . . . . . IX-9
c. Determination of Use . . . . . . . . . . . . . . . . . . . . . IX-9
Attachment IX-2 - PASSWORD MANAGEMENT
1. CSSO Responsibilities . . . . . . . . . . . . . . . . . . . . . . IX-13
a. Initial System Passwords . . . . . . . . . . . . . . . . . . IX-13
b. Password Length . . . . . . . . . . . . . . . . . . . . . . IX-13
c. Initial Password Assignment . . . . . . . . . . . . . . . . IX-13
d. Password Change Authorization . . . . . . . . . . . . . . . IX-13
2. User Responsibilities . . . . . . . . . . . . . . . . . . . . . . IX-13
a. Security Awareness . . . . . . . . . . . . . . . . . . . . . IX-13
b. Password Protection . . . . . . . . . . . . . . . . . . . . IX-14
c. Changing Passwords . . . . . . . . . . . . . . . . . . . . . IX-14
3. Password Functionality . . . . . . . . . . . . . . . . . . . . . IX-14
a. Password Generation . . . . . . . . . . . . . . . . . . . . IX-14
b. Internal Storage of Passwords . . . . . . . . . . . . . . . IX-14
(1) Use of Access Control Measures . . . . . . . . . . . . IX-14
(2) Use of Encryption . . . . . . . . . . . . . . . . . . . IX-14
c. Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . IX-14
CHAPTER X - TECHNICAL SECURITY REQUIREMENTS
1. Baseline Requirements . . . . . . . . . . . . . . . . . . . . . . . X-1
2. Security Features . . . . . . . . . . . . . . . . . . . . . . . . . X-1
a. Identification Controls . . . . . . . . . . . . . . . . . . . X-1
b. Authentication . . . . . . . . . . . . . . . . . . . . . . . . X-1
(1) Requirements . . . . . . . . . . . . . . . . . . . . . . X-1
(2) Additional Authentication Countermeasures . . . . . . . . X-1
(a) Logon Attempt Rate . . . . . . . . . . . . . . . . . X-1
(b) Notification to the User . . . . . . . . . . . . . . X-1
c. Audit Capability . . . . . . . . . . . . . . . . . . . . . . . X-1
(1) Audit Capability Failure . . . . . . . . . . . . . . . . X-2
(2) Accountability for Electronic Information . . . . . . . . X-2
(3) User Accountability . . . . . . . . . . . . . . . . . . . X-2
(4) Audit Trail Generation and Protection . . . . . . . . . . X-2
(5) Audit Trail Requirements . . . . . . . . . . . . . . . . X-2
(a) Recording Anomalies . . . . . . . . . . . . . . . . X-2
(b) Additional Events . . . . . . . . . . . . . . . . . X-2
(6) Audit Trail Monitoring . . . . . . . . . . . . . . . . . X-3
(a) Automated Extraction of Audit Data . . . . . . . . . X-3
(b) Automated Analysis of Audit Data . . . . . . . . . . X-3
(c) Continuous, Online Automated Monitoring and Real
Time Warning . . . . . . . . . . . . . . . . . . . X-3
(7) Audit Records Retention . . . . . . . . . . . . . . . . . X-3
d. Resource Reallocation and Allocation . . . . . . . . . . . . . X-3
(1) Resource Reallocation . . . . . . . . . . . . . . . . . . X-3
(2) Resource Allocation . . . . . . . . . . . . . . . . . . . X-3
e. File Access Controls . . . . . . . . . . . . . . . . . . . . . X-3
f. File Access Authorization . . . . . . . . . . . . . . . . . . X-4
g. Time Lockout . . . . . . . . . . . . . . . . . . . . . . . . . X-4
h. Resource Access Controls . . . . . . . . . . . . . . . . . . . X-4
(1) Security Labels . . . . . . . . . . . . . . . . . . . . . X-4
(2) Export of Security Labels . . . . . . . . . . . . . . . . X-4
i. Nondiscretionary Access Controls . . . . . . . . . . . . . . . X-4
j. Security Level Changes . . . . . . . . . . . . . . . . . . . . X-4
k. Trusted Path . . . . . . . . . . . . . . . . . . . . . . . . . X-5
l. Security Isolation . . . . . . . . . . . . . . . . . . . . . . X-5
3. Security Assurances . . . . . . . . . . . . . . . . . . . . . . . . X-5
a. Examination of Hardware and Software . . . . . . . . . . . . . X-5
(1) Classified AIS Hardware . . . . . . . . . . . . . . . . . X-5
(2) Classified AIS Software . . . . . . . . . . . . . . . . . X-5
(3) Custom Software or Hardware Systems . . . . . . . . . . . X-5
b. Security Performance Testing . . . . . . . . . . . . . . . . . X-5
c. Configuration Management . . . . . . . . . . . . . . . . . . . X-5
d. Confidence in Software Source . . . . . . . . . . . . . . . . X-6
e. Flaw Discovery . . . . . . . . . . . . . . . . . . . . . . . . X-6
f. Security Penetration Testing . . . . . . . . . . . . . . . . . X-6
g. Description of Security Support Structure Protections . . . . X-6
h. Independent Validation . . . . . . . . . . . . . . . . . . . . X-6
i. Independent Verification . . . . . . . . . . . . . . . . . . . X-6
j. Security Label Integrity . . . . . . . . . . . . . . . . . . . X-6
k. Detailed Design of Security Support Structure . . . . . . . . X-6
l. Flaw Tracking and Remediation . . . . . . . . . . . . . . . . X-7
m. Life-Cycle Assurance . . . . . . . . . . . . . . . . . . . . . X-7
n. Separation of Functions . . . . . . . . . . . . . . . . . . . X-7
o. Device Labels . . . . . . . . . . . . . . . . . . . . . . . . X-7
4. Use of Evaluated Products List . . . . . . . . . . . . . . . . . . X-7
Figure X-1 - Equivalence Table . . . . . . . . . . . . . . . . . . X-9
Figure X-2 - Security Features (Summary) . . . . . . . . . . . . . X-9
Figure X-3 - Security Assurances (Summary) . . . . . . . . . . . . X-10
CHAPTER XI - CLASSIFIED AIS NETWORK SECURITY REQUIREMENTS
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XI-1
a. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . XI-1
b. Security Protections . . . . . . . . . . . . . . . . . . . . . XI-1
c. Classified AIS Networks . . . . . . . . . . . . . . . . . . . XI-1
d. Security Plans and Security Requirements Specification . . . . XI-1
e. Accreditation . . . . . . . . . . . . . . . . . . . . . . . . XI-2
(1) Unified Network . . . . . . . . . . . . . . . . . . . . . XI-2
(2) Interconnected Networks . . . . . . . . . . . . . . . . . XI-2
2. Security Support Structure . . . . . . . . . . . . . . . . . . . . XI-2
a. Secure Operation . . . . . . . . . . . . . . . . . . . . . . . XI-2
b. Secure Transmission . . . . . . . . . . . . . . . . . . . . . XI-2
c. Certification Testing . . . . . . . . . . . . . . . . . . . . XI-2
3. Unified Network . . . . . . . . . . . . . . . . . . . . . . . . . . XI-2
a. Forming a Unified Network . . . . . . . . . . . . . . . . . . XI-3
b. Adding a Classified AIS to a Unified Network . . . . . . . . . XI-3
(1) No Difference . . . . . . . . . . . . . . . . . . . . . . XI-3
(2) Difference . . . . . . . . . . . . . . . . . . . . . . . XI-3
c. Security Support Structure . . . . . . . . . . . . . . . . . . XI-3
d. Classified AIS Security Plan . . . . . . . . . . . . . . . . . XI-3
4. Interconnected Network . . . . . . . . . . . . . . . . . . . . . . XI-4
a. Interconnected Security Support Structure . . . . . . . . . . XI-4
b. Controlled Interface Implementation . . . . . . . . . . . . . XI-4
c. Security Contract . . . . . . . . . . . . . . . . . . . . . . XI-4
d. Certification Testing . . . . . . . . . . . . . . . . . . . . XI-4
e. Interconnected Classified AIS Security Plan . . . . . . . . . XI-4
f. Interconnection . . . . . . . . . . . . . . . . . . . . . . . XI-5
g. Adding to an Interconnected Network . . . . . . . . . . . . . XI-5
h. Perimeter of a Network . . . . . . . . . . . . . . . . . . . . XI-5
5. Network Mode of Operation and Protection Indices . . . . . . . . . XI-5
6. Classified AIS Network Management . . . . . . . . . . . . . . . . . XI-5
a. Designated Accrediting Authority . . . . . . . . . . . . . . . XI-5
b. Configuration Management Program . . . . . . . . . . . . . . . XI-5
c. Software Implementation . . . . . . . . . . . . . . . . . . . XI-6
d. Certification Testing . . . . . . . . . . . . . . . . . . . . XI-6
e. Certification . . . . . . . . . . . . . . . . . . . . . . . . XI-6
(1) Certification Statement . . . . . . . . . . . . . . . . . XI-6
(2) Certification Report . . . . . . . . . . . . . . . . . . XI-6
f. Accreditation . . . . . . . . . . . . . . . . . . . . . . . . XI-6
g. Reaccreditation . . . . . . . . . . . . . . . . . . . . . . . XI-7
7. Classified Network Security Requirements . . . . . . . . . . . . . XI-7
a. Access Control . . . . . . . . . . . . . . . . . . . . . . . . XI-7
(1) Identification and Authentication Forwarding . . . . . . XI-7
(2) Protection of Authenticator Data . . . . . . . . . . . . XI-7
b. Audit Trails and Monitoring . . . . . . . . . . . . . . . . . XI-7
c. Secure Message Traffic . . . . . . . . . . . . . . . . . . . . XI-8
d. Communications Security For Classified AIS Networks . . . . . XI-8
8. Controlled Interfaces . . . . . . . . . . . . . . . . . . . . . . . XI-8
a. Controlled Interface Implementation . . . . . . . . . . . . . XI-9
b. Controlled Interface Functions . . . . . . . . . . . . . . . . XI-9
(1) Gateway Functions . . . . . . . . . . . . . . . . . . . . XI-9
(2) Guard Functions . . . . . . . . . . . . . . . . . . . . . XI-9
Attachment XI-1 - PARTITIONED NETWORKS
1. Partitioning in a Network . . . . . . . . . . . . . . . . . . . . XI-11
2. Partitioning Within a Single AIS . . . . . . . . . . . . . . . . XI-11
3. Partitioned Networks . . . . . . . . . . . . . . . . . . . . . . XI-11
a. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . XI-11
b. Security Support Structure . . . . . . . . . . . . . . . . . XI-11
(1) Software Security . . . . . . . . . . . . . . . . . . . XI-11
(2) Hardware Security . . . . . . . . . . . . . . . . . . . XI-12
(3) Certification Testing . . . . . . . . . . . . . . . . . XI-12
c. Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . XI-12
d. Server . . . . . . . . . . . . . . . . . . . . . . . . . . . XI-12
e. Multilevel Security . . . . . . . . . . . . . . . . . . . . XI-12
f. Host AIS . . . . . . . . . . . . . . . . . . . . . . . . . . XI-12
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . XI-13
a. Location of Components . . . . . . . . . . . . . . . . . . . XI-13
b. Location of User Code . . . . . . . . . . . . . . . . . . . XI-13
c. Servers . . . . . . . . . . . . . . . . . . . . . . . . . . XI-13
d. Perimeter of the Classified AIS . . . . . . . . . . . . . . XI-13
e. Security Controls . . . . . . . . . . . . . . . . . . . . . XI-13
f. Star (*) Property . . . . . . . . . . . . . . . . . . . . . XI-13
g. Untrustworthy . . . . . . . . . . . . . . . . . . . . . . . XI-14
5. Independent Validation and Verification Requirement . . . . . . . XI-14
CHAPTER XII - SECURITY REQUIREMENTS FOR STANDALONE SINGLE-USER AIS
1. Single-user Classified AIS . . . . . . . . . . . . . . . . . . . XII-1
2. Security Requirements . . . . . . . . . . . . . . . . . . . . . . XII-1
3. Administrative Procedures . . . . . . . . . . . . . . . . . . . . XII-1
a. Waste, Fraud, and Abuse Review . . . . . . . . . . . . . . . XII-1
b. Marking . . . . . . . . . . . . . . . . . . . . . . . . . . XII-1
c. Protection of Media Containing Software . . . . . . . . . . XII-2
d. Protection of Media Containing Data . . . . . . . . . . . . XII-2
e. Media Clearing, Sanitization, and Destruction . . . . . . . XII-2
f. Removal of Classified AIS Equipment . . . . . . . . . . . . XII-2
4. Special Emphasis . . . . . . . . . . . . . . . . . . . . . . . . XII-2
a. User Responsibility . . . . . . . . . . . . . . . . . . . . XII-2
b. Removable Media Handling . . . . . . . . . . . . . . . . . . XII-2
c. Release of Removable Media . . . . . . . . . . . . . . . . . XII-2
d. Viruses and Intruders . . . . . . . . . . . . . . . . . . . XII-2
e. Physical Access . . . . . . . . . . . . . . . . . . . . . . XII-3
f. Backup Procedures . . . . . . . . . . . . . . . . . . . . . XII-3
CHAPTER XIII - REQUIREMENTS FOR PERIODS PROCESSING
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . XIII-1
2. Sanitization After Use . . . . . . . . . . . . . . . . . . . . . XIII-1
3. Sanitization Between Periods . . . . . . . . . . . . . . . . . . XIII-1
4. Media for Each Period . . . . . . . . . . . . . . . . . . . . . . XIII-1
5. Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XIII-1
CHAPTER XIV - SECURITY REQUIREMENTS FOR AISs USED AS ALARM SYSTEMS
1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . XIV-1
2. Communications Security . . . . . . . . . . . . . . . . . . . . . XIV-1
a. Transmitting Classified Information . . . . . . . . . . . . XIV-1
b. Transmitting Unclassified Information . . . . . . . . . . . XIV-1
c. Other Communication Lines . . . . . . . . . . . . . . . . . XIV-1
3. Certification Testing . . . . . . . . . . . . . . . . . . . . . . XIV-1
a. Encryption . . . . . . . . . . . . . . . . . . . . . . . . . XIV-1
b. Protected Distribution System . . . . . . . . . . . . . . . XIV-1
c. Change of Functionality . . . . . . . . . . . . . . . . . . XIV-1
Top of Document