Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
42 Cards in this Set
- Front
- Back
|
Once an SSP has been submitted, you may receive an IATO or formal accreditation (see paragraph 3.1), based on the circumstances involved. The IATO is typically the first step in the accreditation process. An IATO may be granted based upon a preliminary review of the SSP. Upon review, temporary waivers may be granted, on a case-by-case basis, for the operation of an IS which has security deficiencies if the waiver supports the time-critical, mission-essential processing requirements. An IATO may be issued with an expiration date for temporary projects. Upon approval of the IATO, approval letters or messages are sent by the DAA directly to the organizational-level ISSM with information copies as necessary to ensure proper notification. The issuing of any approval is based upon the DAA’s willingness to accept the risk for the IS based upon the documented evidence that adequate security measures have been taken to safeguard NSI. An IATO should not exceed
|
180 Days
|
|
|
If required, an additional 180-day extension may be granted by the DAA Rep, but may not exceed
|
360 days
|
|
|
The current approved list for accreditation exemptions is
|
· Computerized test equipment.
· Computers used in driving drill presses and their operations. · Computers used in engraving devices or machines. |
|
|
Each IS accreditation will be reviewed every
|
3 Years
|
|
|
____________is responsible for ensuring that recertification of each accredited IS is completed upon its 3-year anniversary. The SSP will be updated to reflect any undocumented changes and will be coordinated and forwarded to the appropriate DAA for approval.
|
ISSM
|
|
|
accreditation may be initiated from one of three different logical points
|
Unit, Service Cryptologic Element (SCE), and the National Security Agency (NSA)/Central Security Service (CSS).
|
|
|
Formal accreditation for any cryptologic IS can only be granted by
|
DAA, or DAA designee, after a site visit and only after a full test of the security controls of the entire system. This applies to ISs processing any classification level of information and those which may currently have an IATO.
|
|
|
Once an SSP has been submitted and reviewed, the next step in the process is to
|
issue accreditation/approval
|
|
|
Information Systems Security Program Manager (ISSPM) and certain accrediting action officers have the authority to
|
accredit all unclassified systems, collateral systems, and certain Sensitive Compartmented Information (SCI) systems within SCI Facilities (SCIFs)
|
|
|
For certain systems, the _____ has the authority to issue accreditation on behalf of the NSA/CSS DAA.
|
ISSPM
|
|
|
accreditation may be initiated from one of three different logical points
|
Unit, Service Cryptologic Element (SCE), and the National Security Agency (NSA)/Central Security Service (CSS).
|
|
|
Formal accreditation for any cryptologic IS can only be granted by
|
DAA, or DAA designee, after a site visit and only after a full test of the security controls of the entire system. This applies to ISs processing any classification level of information and those which may currently have an IATO.
|
|
|
Once an SSP has been submitted and reviewed, the next step in the process is to
|
issue accreditation/approval
|
|
|
Information Systems Security Program Manager (ISSPM) and certain accrediting action officers have the authority to
|
accredit all unclassified systems, collateral systems, and certain Sensitive Compartmented Information (SCI) systems within SCI Facilities (SCIFs)
|
|
|
For certain systems, the _____ has the authority to issue accreditation on behalf of the NSA/CSS DAA.
|
ISSPM
|
|
|
When certain operational changes are made to an accredited IS, it must be submitted for reaccredidation by the Information System Security Officer (ISSO)/System Administrator (SA). If this is not done, the DAA may rescind the current accreditation. Reaccredidation is required when
|
· The type of Central Processing Unit (CPU) and/or IS operating system changes.
· The IS is relocated to another area or TEMPEST zone. · The IS Protection Level (PL) changes. · The classification of material processed by the IS is changed. · The IS is being connected to another IS or a network not previously connected. · When users with a lower security clearance are added to the system. · Any change to the IS which impacts security. |
|
|
Accreditation is not rescinded for:
|
· The substitution of similar components while components are in maintenance. However, if the original CPU is not returned to the IS when repair is completed, then an update to the SSP must be accomplished to reflect the correct serial numbers of the replacement CPU.
· The addition of new terminals, peripheral devices, or relocation of an IS providing the SSP is updated within 90 days to reflect the system additions or relocation. These actions can only be done with appropriate coordination (TEMPEST, Physical Security Office, etc.) and with Information Systems Security Manager (ISSM) approval. |
|
|
Focuses on understanding the IS requirement, the environment in which the IS will operate, the users of the IS, the security requirements that apply to the IS, and the level of effort necessary to achieve accreditation. The objective of Phase ? is to agree on the intended system mission, security requirements, C&A boundary, schedule, level of effort, and resources required for the certification effort. This information is captured in the SSP/SSAA which is developed by the Program Manager.
|
Phase 1 - Definition
|
|
|
Focuses on the system development activity and ensures that the system complies with the security requirements and constraints previously agreed during definition phase. This includes Beta-I system testing.
|
Phase 2. Development and Verification
|
|
|
Confirms compliance of the IS with the security requirements stated in the SSP/SSAA. The objective of this phase is to produce the required evidence to support the DAA in making an informed decision whether or not to grant approval to operate the system with an acceptable level of residual security risk. This includes Beta-II system testing.
|
Phase 3. Validation and Testing
|
|
|
This phase starts after the system has been certified and accredited for operation. The Post Accreditation phase includes several activities to ensure an acceptable level of residual security risk is preserved. These activities include security documentation, configuration management, compliance validation reviews, and monitoring any changes to the system environment and operations. Changes to the security configuration of the system will require security review by the DAA.
|
Phase 4. Post Accreditation
|
|
|
During this visit each site will be officially notified by the SCO that it was selected to undergo a Site-Based accreditation. A Certification Team will initiate the accreditation process by visiting the site. The purpose of this visit is to gather important baseline information. This function may be incorporated or combined in the Site Accreditation and Site Security and Engineering Certification Testing and Evaluation.
|
Initial Site Visit (Initial Site Certification Visit
|
|
|
This visit will normally be conducted within 60-90 days following the Initial Site Certification Visit; however if the site has its site documentation, baseline, and security posture in order, it may be performed during the initial visit. It will consist of system security certification testing and/or security documentation review on each system.
|
Site Evaluation Visit (Site Security and Engineering Certification Testing and Evaluation and Site Accreditation).
|
|
|
This visit includes a vulnerability assessment of the networks, ISs, and linked operational elements. Assessments may be performed remotely or onsite. In addition, this periodic visit by the DAA Rep/SCO ensures that the site properly maintains control of the site security baseline. Vulnerability Assessment and Compliance Verification are normally conducted simultaneously as required.
|
Site Compliance Visit (Vulnerability Assessment and Compliance Verification).
|
|
|
is responsible for ensuring that the certification/recertification of each accredited IS is kept current based on the DoDIIS Security Certification and Accreditation Guide. The accreditation security documentation package will be updated to reflect any undocumented changes and will be coordinated and forwarded to the appropriate SCO.
|
ISSM
|
|
|
MINIMUM SECURITY REQUIREMENTS.
|
All DoDIIS systems and networks processing SCI shall be protected according to DCID 6/3 by the continuous employment of appropriate administrative, environmental, and technical security measures. These measures will provide individual accountability, access control, enforcement of least privilege, auditing, labeling, and data integrity.
|
|
|
Compromise or Probable Compromise
|
Examples of these are: Missing accountable media; human error in reviewing media for content and classification, resulting in compromise; and incorrect setting of a security filter, resulting in compromise.
|
|
|
Spillage
|
Information of a higher classification or restrictive in nature intentionally or inadvertently placed on machines or networks of lower or less restrictive policy.
|
|
|
External Hacker Activity
|
Activity where a hacker is operating from an outside location by using some network and he/she is not physically resident at the location where the activity is being observed.
|
|
|
Internal Hacker Activity.
|
Activity where a hacker is operating from within the site where the activity is being observed. Caution: if the hacker is suspected of monitoring the Automatic Digital Network (AUTODIN)/Defense Message Messaging System (DMS) message traffic, do not use AUTODIN/DMS to send the report. Instead, send the report by facsimile to the required addressees, followed up by a phone call to confirm receipt of the report.
|
|
|
Malicious Code.
|
Any potentially hazardous or destructive computer code other than a virus, such as a logic bomb, worm or TROJAN horse. NOTE: __________will probably also represent a vulnerability, as described below.
|
|
|
Unauthorized Monitoring
|
Any individual or group of individuals found to be monitoring an IS without written authority from security officials.
|
|
|
Virus Actual infection
|
A known active attack or presence on an IS where the virus has executed on that system.
|
|
|
Vulnerability
|
Any detected lack of protection which may render the system vulnerable to security breaches. Examples are: failure, or potential failure, of a system or network security feature; the discovery of any computer code, such as a trapdoor, which was originally coded into the operating system by the software vendor; or code added by software maintenance personnel, that provides an undocumented entry/exit capability into the system by unauthorized personnel.
|
|
|
Incidents in progress are classified a minimum
|
CONFIDENTIAL in accordance with NSA/CSS Classification Guide 75-98 or DoD 5105.21-M-1.
|
|
|
Examples of tactical/deployable systems and their security implementations that require DAA attention are as follows
|
IS which process SCI information may be developed specifically for tactical environments, implemented with tactical/operational features that are contrary to SCI information security requirements.
Tactical systems may be introduced into SCI environments for tactical processing at the SCI level, which could require modification to meet SCI information requirements. Generalized systems may be developed which are intended for use in both environments. These systems need a capability to alternate between meeting the respective requirements of each environment. |
|
|
The following is a collection of security requirements that have direct conflict with tactical/operational requirements.
Audit Process Requirements. |
Security requirement: If the Audit process fails, the system is unable to provide monitoring for unauthorized activities and should not continue operating, but should default to a safe/secure posture pending restoring the ability to maintain proper audit.
· Operational requirement: Failure of the Audit process should not interfere with continued normal operation of a system. · Sample security implementation: Allow the system to continue operation if the Audit process fails. |
|
|
The following is a collection of security requirements that have direct conflict with tactical/operational requirements.
Audit log requirements |
Security requirement: If the Audit logs fill up and the system is unable to record the monitoring information for unauthorized activities, it should not continue operating, but should default to a safe/secure posture pending proper retrieval/storage/archive of the audit data.
· Operational requirement: Full audit logs should not interfere with normal operation of a system. Audits may fill up due to other than normal activities required to support operations, or a system administrator being too busy responding to another operational requirement. · Sample security implementation: Placing operational requirements ahead of security requirements could result in the Audit process being set for "overwrite oldest if full" or FIFO overwrite |
|
|
The following is a collection of security requirements that have direct conflict with tactical/operational requirements.
Protection for Information against unattended operation. |
· Security requirement: When a terminal is not attended, screen savers, screen locks, and deadman lockout features provide protection of classified information. These features can interrupt an operation when a terminal is left in a monitoring mode while other evolutions are taking place.
· Operational requirement: Long term monitoring may be required without continuous user interaction with a system. Rapid response may require eliminating delays resulting from required security passwords on screen locks. The need for rapid response could also completely obviate Deadman timeout features. · Sample security implementation: disable these features for the IS for use in the tactical environments. |
|
|
The following is a collection of security requirements that have direct conflict with tactical/operational requirements.
Labeling media and hardware components. |
· Security requirement: Removable media and IS hardware components should be labeled in accordance with Chapter 13.
· Operational requirement: Operational security (OPSEC) requirement to disguise the existence of classified information on an IS (including specification of compartments). Sample security implementation: Reusable, deployed hardware sanitized for travel (media removed) is shipped via commercial carrier to its intended destination, no labels present. |
|
|
The following is a collection of security requirements that have direct conflict with tactical/operational requirements.
Use of group accounts. |
· Security requirement: Individual accountability for all users requires individual accounts which can be monitored through automated audit capabilities (see DCID 6/3).
· Operational requirement: Use of group user accounts in a tactical/watchstanding environment allows rapid interchange between users whose primary focus is quick access to the system without interruption of functions or capabilities. This also avoids system transients (and potential for errors on startup) as the system is shut down and restarted for a different user to logon. · Sample security implementation: Lists do exist for watchstander rotations or battle station assignments, which could be retained and used to augment activity logs to correlate user identities to actions as recorded on audit logs. Advanced alternative: Developers provide a simple pop-up “change USERID” GUI which does not cause the system to shutdown or change operations, but which simply changes accountability via the new USERID/password for continuing processes for an individual member of a common functional group. |
|
|
For SCI systems that do not have existing certification, the _______ will provide appropriate documents for SCI Security certification and accreditation
|
PM/PMO
|
