ACP 122 (F) - Multilateral Planners Conference

More documents

Recommendations

Info

UNCLASSIFIED ACP 122(F) CHAPTER 5 SECURE OPERATION OVERVIEW 501. Not only does a CIS have to be implemented in a secure manner, but the manner and environment in which it is operated also needs to remain appropriately secure. The responsibility for maintaining this posture rests jointly with a number of interlocking functions: a. System Operating Authorities (SOA), b. Security Staffs: (a) (b) ISSOs, those responsible for the security of the CIS which can encompass but is not limited to the Intrusion Detection element of the Defensive Information Operations (DIO) mission, and Those charged with maintaining the security of the environment, such as Physical and Personnel aspects; c. End Users. 502. These aspects are covered in a variety of security instructions. NATIONAL MAPPING 503. The following table summarises variations in terminology between the CCEB participants, and provides details of the national lead authority for any clarification required on this topic. AUS CAN NZ UK US Terminology OpSec SyOPs SECOPS Lead Authority CIOG DISSP D IM Secur DJCIS DGS&S DSSO Joint Staff J65C 5-1 Original UNCLASSIFIED
UNCLASSIFIED ACP 122(F) MEASURES REQUIRED 504. Although Secure Operation in an Allied and Coalition context will be handled in line with existing national procedures, the following specific topics should be considered: a. Accounting and Safeguarding. There may be associated information and material that must be handled, stored and transmitted in a particular way due to its classification/sensitivity, and those assets will need to be identified; b. Back Up Measures. File system backups not only provide protection in the event of hardware failure or accidental deletions, but they also protect against unauthorised changes made by an intruder; c. Banners. Part of the privacy issue centres around an individual's expectations of privacy when using a system. It is essential that individuals using an official CIS be conditioned not to have an expectation of privacy when using these systems; d. Business Continuity/Disaster Recovery. Provision must be made for restoring operational capability in the event of an incident or disaster; e. Computer Network Defence. Techniques, procedures and agreements with respect to CND must be provided as discussed below; f. Configuration Management. Effective management of residual risk requires continuous evaluation of threats the system is exposed to. Identifying and managing the vulnerabilities and capabilities of the system and the environment will minimize the risk. Any changes to a CIS must be controlled, tracked and managed to ensure that additional risks that may be introduced by these changes are reviewed and either mitigated or deemed acceptable accordingly; g. Emergency Situations. Actions to be taken in the event of a bomb threat, fire, or any other emergency situation; h. Exercises. Exercises may be conducted to determine if the procedures defined are adequate for the threat to be countered; i. Incident Handling. While every reasonable precaution can be taken to prevent the unauthorised disclosure, loss, manipulation, or denial of access to classified or sensitive information, there will be occasions when information security incidents will occur, and the Reporting and Response regime at Chapter 14 will be required; 5-2 Original UNCLASSIFIED
Page 1 and 2: UNCLASSIFIED ACP 122(F) INFORMATION
Page 3 and 4: UNCLASSIFIED ACP 122(F) THE COMBINE
Page 5 and 6: UNCLASSIFIED ACP 122(F) TABLE OF CO
Page 7 and 8: UNCLASSIFIED ACP 122(F) CHAPTER 10.
Page 9 and 10: UNCLASSIFIED ACP 122(F) referred to
Page 11 and 12: UNCLASSIFIED ACP 122(F) CHAPTER 2 P
Page 13 and 14: UNCLASSIFIED ACP 122(F) b. Availabi
Page 15 and 16: UNCLASSIFIED ACP 122(F) 213. Most o
Page 17 and 18: UNCLASSIFIED ACP 122(F) 305. The pr
Page 19 and 20: UNCLASSIFIED ACP 122(F) CHAPTER 4 C
Page 21 and 22: UNCLASSIFIED ACP 122(F) 407. The Me
Page 23: UNCLASSIFIED ACP 122(F) ISSUE RESOL
Page 27 and 28: UNCLASSIFIED ACP 122(F) CHAPTER 6 V
Page 29 and 30: UNCLASSIFIED ACP 122(F) a. Physical
Page 31 and 32: UNCLASSIFIED ACP 122(F) CHAPTER 7 S
Page 33 and 34: UNCLASSIFIED ACP 122(F) CHAPTER 8 C
Page 35 and 36: UNCLASSIFIED ACP 122(F) 812. TRANSE
Page 37 and 38: UNCLASSIFIED ACP 122(F) INTRODUCTIO
Page 39 and 40: UNCLASSIFIED ACP 122(F) 912. Caveat
Page 41 and 42: UNCLASSIFIED ACP 122(F) CHAPTER 10
Page 45 and 46: UNCLASSIFIED ACP 122(F) TRUSTED COM
Page 47 and 48: UNCLASSIFIED ACP 122(F) d. Password
Page 51 and 52: UNCLASSIFIED ANNEX A TO ACP 122(F)
Page 53 and 54: UNCLASSIFIED ACP 122(F) Checklists
Page 55 and 56: UNCLASSIFIED ACP 122(F) Annexes 3.
Page 57 and 58: UNCLASSIFIED ACP 122(F) Access Cont
Page 59 and 60: UNCLASSIFIED ACP 122(F) Combined In
Page 61 and 62: UNCLASSIFIED ACP 122(F) support wil
Page 63 and 64: UNCLASSIFIED ACP 122(F) National In
Page 65 and 66: UNCLASSIFIED ACP 122(F) Security Ar
Page 67 and 68: UNCLASSIFIED ACP 122(F) ABBREVIATIO
Page 69: UNCLASSIFIED ACP 122(F) WG WS Worki

ACP 122 (F) - Multilateral Planners Conference

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?