Update on IS Security Issues - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Update on IS Security Issues

Description:

Classified lines only in conduit. Weekly alarm verification if secret, daily if TS or SAP ... Power PC (SVME/DMV-179) 32 Kbytes NV RAM with Auto Store ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 13
Provided by: ini64
Category:

less

Transcript and Presenter's Notes

Title: Update on IS Security Issues


1
FAISSR
Update on IS Security Issues
Florida Association of IS Security
Representatives (FAISSR) Presentation June 12,
2002
2
Overview
  • Policy
  • Lessons Learned
  • New Technology

3
New IS Policy
  • ISL 02L-1 Electronic Receipt/Dispatch Records
  • PL1 Contractual Record in document control
    each facility that information is transmitted to
    or received from by CAGE code, contract number,
    expiration date and classification level.
  • PL1 Non Contractual For each session,
    Automated or manual receipt/dispatch records

4
Policy
  • Para 8-501 Standalone 1 User system
  • Integrity of Password Audit Files (Note on Pg
    8-4-2)
  • Banners must be on IS if capable (8-609 a 1)
  • All IS protection from malicious code (ISL01-1)
  • Unix malicious code programs
  • Cybersoft - www.cybersoft.com
  • F-Secure - www.fsecure.com
  • McAfee - www.mcafee.com or www.nai.com

5
Policy
  • Floppies Shredding Prohibited (5-705)
  • New DSS Sanitization Products
  • Maresware
  • Sanitizer
  • Small Lan all removable media (8-303c)
  • Identification Authentication not required
  • All other audit trails are required

6
PDS Requirements
  • NISTISSI 7003
  • Records of inspection
  • Classified lines only in conduit
  • Weekly alarm verification if secret, daily if TS
    or SAP
  • Technical Inspections not required

7
Wide Area Networks (WANs) and NTK
  • NTK determined by contract
  • If all sites on the WAN have same contract then
    there is a common NTK
  • Different contracts at nodes then PL 2

8
WANs with Government Sites
  • Two options
  • Defense Information Systems Network (DISN)
    circuit (e.g. NIPRNET Type 1, SIPRNET, DREN
    etc.)
  • Waiver from DISA

9
Classified Contaminations
  • Downgrade
  • Remember the Swap File
  • Data Owner concurrence on actions if less than
    NISPOM requirements
  • New issue with NTFS alternate data streams
  • Default condition not implemented
  • Can not delete information
  • More info http//archives.neohapsis.com/archives/
    vulnwatch/2002-q1/0025.html
  • ITSClean ftp//ftp.gdeb.com/pub/

10
Like Equipment Self Certifications
  • Like equipment addition of any similar system
    component previously accredited (e.g. PCs,
    workstations, test equipment, etc.)
    Self certification not required.
  • Self Certification additional like systems
    (e.g. lan, standalone)
  • Question true or false You have an accredited
    lan with 10 workstations. The addition of 5 more
    similar workstations would be considered addition
    of like equipment.

11
New Technology
  • Metal Tape Verify degausser is correct type
  • 2500 Orsted Tapes DVC Pro, DDS3, DDS4, DTF 2
  • Power PC (SVME/DMV-179) 32 Kbytes NV RAM with
    Auto Store
  • KG-235 Sectra In-Line Network Encryptor
  • Replacement for NES
  • 20 Mbps speed

12
DSS Academy Chapter 8 Requirements Class
  • Atlanta, GA August 20-22, 2002
  • Cocoa Beach, FL January 21-23, 2003
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Update on IS Security Issues" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!