Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
software has been confirmed as level E by the certification authority, no<br />
further guidel<strong>in</strong>es of this document apply.” (Quoted from Section 2.2.2 of<br />
reference 5.)<br />
6.3.2 Federal Government Security Classifications.<br />
The Federal Government security classification system is codified <strong>in</strong> Executive Order 12958,<br />
“Classified Nation Security Information” [86], and Executive Order 13292 [87], “Further<br />
Amendment to Executive Order 12958.” Software and data are protected based upon their<br />
degree of sensitivity as measured by how much damage the release of <strong>in</strong>formation could cause to<br />
national security. The Executive Order def<strong>in</strong>es the follow<strong>in</strong>g levels of security and their impact<br />
on national security.<br />
“Information may be classified at one of the follow<strong>in</strong>g three levels:<br />
a. Top Secret shall be applied to <strong>in</strong>formation, the unauthorized disclosure of<br />
which reasonably could be expected to cause exceptionally grave damage to<br />
the national security that the orig<strong>in</strong>al classification authority is able to identify<br />
or describe. It merits the highest level of protection.<br />
b. Secret shall be applied to <strong>in</strong>formation, the unauthorized disclosure of which<br />
reasonable could be expected to cause serious damage to the national security<br />
that the orig<strong>in</strong>al classification authority is able to identify or describe.<br />
c. Confidential shall be applied to <strong>in</strong>formation, the unauthorized disclosure of<br />
which reasonably could be expected to cause damage to the national security<br />
that the orig<strong>in</strong>al classification authority is able to identify or describe.”<br />
(Quoted from Section 1.3 of reference 87.<br />
The Executive Order also specifies that the <strong>in</strong>formation systems conta<strong>in</strong><strong>in</strong>g this <strong>in</strong>formation have<br />
controls that prevent access by unauthorized persons and ensure the <strong>in</strong>tegrity of the <strong>in</strong>formation.<br />
In addition to the Executive Order, the Computer Security Act of 1987 (PL-100-235) [88]<br />
established requirements for protection of certa<strong>in</strong> <strong>in</strong>formation on Federal Government computer<br />
systems. It also def<strong>in</strong>ed an addition <strong>in</strong>formation classification, SBU.<br />
“Any <strong>in</strong>formation the loss, misuse, or unauthorized access to or modification of<br />
which could adversely affect the national <strong>in</strong>terest or the conduct of Federal<br />
programs or the privacy to which <strong>in</strong>dividuals are entitled under [the Privacy Act<br />
of 1974] but which has not been specifically authorized under criteria established<br />
by an Executive Order or an Act of Congress to be kept secret <strong>in</strong> the <strong>in</strong>terest of<br />
national defense or foreign policy.” [88]<br />
As a result, any <strong>in</strong>formation that violates privacy of an <strong>in</strong>dividual or that is controlled from<br />
export to foreign nations can fall <strong>in</strong>to the SBU category.<br />
85