|
|
 |
|
|
|
register |
bbs |
search |
rss |
faq |
about
|
|
|
meet up |
add to del.icio.us |
digg it
|
|
|
|
Naval Surface Warfare Center AIS FAQ
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
NSWCDD Automated Information Systems (AIS) Security
Frequently Asked Questions (FAQ)
Last updated 04 February 1997
Miscellaneous Comments
This gets updated on request only (either I have a need or you do),
so let me know what information you think would be useful. I will
re-organize the layout as needs and time dictate.
Accreditation
What is accreditation?
Accreditation is a formal statement issued by the Designated
Approving Authority (DAA) that an AIS is approved to operate in a
particular configuration. The vulnerabilities are sufficiently offset
by appropriate countermeasures.
How do I get my AIS accredited?
If the AIS is an unclassified, single-user PC or Macintosh server, it
can be accredited by a departmental DAA. See Accreditation
Express for details. CD2S no longer accredits these AISs.
If the AIS does not meet the above description (e.g., server,
classified, network), submit a completed accreditation request to
the AIS Security Office via your AIS Security Officer (AISSO).
AISSOs in the various organizations have been trained to complete
these forms. Contact your AISSO for details.
How do I get an AIS removed from the accreditation database?
They are deleted automatically when CD2S receives a sanitization
certificate and notice from the folks in Plant and Minor Property
Management that the item has been excessed. In addition, there are
SOP that tell you how to handle transfers and and excessed
equipment.
Forms
Where do I get forms?
Check here for information on accreditation request, risk
assessment, sanitization, and virus report forms).
Can I use my own form for accreditation requests?
Yes. If it is different from the one used by CD2S, you must include
the needed information on your form.
Training
Where can I get AIS Security training?
Training is available from a number of sources: tutorials are
available on the AIS Security Web page and computer based
training (CBT) is available at the Learning Resource Center in
Building 189. CD2S has developed tutorials which we present from
time to time and we have videotapes available.
What do I have to report?
Viruses, trojan horses, intrusions, and any suspicious or
questionable activity.
Where do I go for information?
Your organizational AISSO. If you see data that is out of date,
please let the AIS Security Office know. We use the current letter
of appointment as the source of information. Check out the CD2S
web page. Information is also posted to the local news group
(navy.nswc.misc).
When do I have to sanitize my disk?
When the AIS is being transferred to another user or being
excessed.
How do I sanitize my disk?
Hard disks (up to, and including Secret) can be sanitized by
degaussing or overwriting. Floppy disks (including Bernoulli
cartridges) must be degaussed. (Note that degaussing a Bernoulli
cartridge will render it unusable.) Physical destruction is acceptable
for all classification levels. See NAVSO publication P-5239/26 for
additional info. It's available for downloading as a Microsoft Word
or a PDF file
Where are degaussers located at Dahlgren?
There are at least two in Building 1200 (call Gerald Sullivan -
X8077), one in the Aegis Computing Center (POC to be provided),
and F department is rumored to be ordering one for Building 1490.
Protected Distribution Systems Info
What is it?
See OPNAVINST C5510.93E for details. It is used to transmit
unencrypted classified information between controlled spaces.
How do I know if I need one?
See the OPNAVINST.
What do I need to do if I do need one?
click here
Documents
What documents are applicable to the AIS Security Program?
Good sources include the following:
OPNAVINST 5239.1A
SECNAVINST 5239.3
NAVSWCINST 5239.1
OPNAVINST C5510.93E
The NAVSO P-5239 series publications
OPNAVINST 5510.1H
Where can I get security programs for my AIS?
ftp.cert.org
coast.cs.purdue.edu
infosec.nosc.mil
|
|
|
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
totse.com certificate signatures
|
|
|
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
|
|
|
|
|
|
