ACP 122 (F) - Multilateral Planners Conference

More documents

Recommendations

Info

UNCLASSIFIED ACP 122(F) b. Dial-In/Out Accounts. Users should be briefed on the security problems inherent in providing dial-in access. Such connections should be used only on a strictly mission-critical basis and when no other type of connections are available, c. Privileged Accounts. Access to privileged user accounts should be monitored, and only used when needed; unless the privileges are needed all the time, the user should be encouraged to have a 2 nd , standard account for routine use, d. Operating System Software Configuration. Users shall not modify the operating system software configuration without the consent of the ISSO or the Information Systems (IS) Manager, e. Detection and Surveillance - Audit Records. All security relevant-events, as defined by national policy, shall be recorded in audit records, f. Remote Diagnostics. Remote diagnostics should not normally be provided for Classified CIS, g. Malicious Software. A malicious software strategy shall be maintained. All data shall be checked on export. The requirements for handling malicious software, as laid down at Chapter 14, should be known by all users, h. Import of Information. The import of all information into an IT system from any source, either by media or a network connection to an external system, is to be approved in accordance with operating procedures. It is also to be legally acquired and used in accordance with the licence agreement, i. Handling and Marking of Electronic Storage Media. All types of removable electronic storage media are to be labelled, handled, accounted for, de-classified or re-classified, and disposed of, in accordance with their security classification, j. On-site Maintenance of Classified Hardware and Media. If classified assets of a Defence information system are maintained on-site, the maintainer is to either hold a security authorisation and/or clearance at the appropriate level, or be escorted by someone who is authorised and/or cleared, and k. Off-Site Repair of Classified Hardware and Media. If classified assets of an information system are repaired off-site, the removal and repair of the media is to be in accordance with (i) above. 11-2 Original UNCLASSIFIED (Reverse Blank)
UNCLASSIFIED ACP 122(F) TRUSTED COMPUTING BASE 1105. One method of providing COMPUSEC is through the use of a Trusted Computing Base (TCB), which is the totality of components that together enforce a unified security policy over a product or system. CCEB nations have in the past employed different standards for evaluating the assurance of TCBs (TCSEC, ITSEC, CTCPEC), however, the Common Criteria has been developed and has been endorsed by several nation’s national security authorities (Australia, Canada, Finland, France, Germany, Greece, Italy, Netherlands, Norway, Spain, the United Kingdom, and the United States). CWAN ASPECTS 1106. In a CWAN environment, it is essential that the interoperability implications of any COMPUSEC measures applied in NAS and shared CIS be considered. 11-3 Original UNCLASSIFIED (Reverse Blank)
Page 1 and 2: UNCLASSIFIED ACP 122(F) INFORMATION
Page 3 and 4: UNCLASSIFIED ACP 122(F) THE COMBINE
Page 5 and 6: UNCLASSIFIED ACP 122(F) TABLE OF CO
Page 7 and 8: UNCLASSIFIED ACP 122(F) CHAPTER 10.
Page 9 and 10: UNCLASSIFIED ACP 122(F) referred to
Page 11 and 12: UNCLASSIFIED ACP 122(F) CHAPTER 2 P
Page 13 and 14: UNCLASSIFIED ACP 122(F) b. Availabi
Page 15 and 16: UNCLASSIFIED ACP 122(F) 213. Most o
Page 17 and 18: UNCLASSIFIED ACP 122(F) 305. The pr
Page 19 and 20: UNCLASSIFIED ACP 122(F) CHAPTER 4 C
Page 21 and 22: UNCLASSIFIED ACP 122(F) 407. The Me
Page 23 and 24: UNCLASSIFIED ACP 122(F) ISSUE RESOL
Page 25 and 26: UNCLASSIFIED ACP 122(F) MEASURES RE
Page 27 and 28: UNCLASSIFIED ACP 122(F) CHAPTER 6 V
Page 29 and 30: UNCLASSIFIED ACP 122(F) a. Physical
Page 31 and 32: UNCLASSIFIED ACP 122(F) CHAPTER 7 S
Page 33 and 34: UNCLASSIFIED ACP 122(F) CHAPTER 8 C
Page 35 and 36: UNCLASSIFIED ACP 122(F) 812. TRANSE
Page 37 and 38: UNCLASSIFIED ACP 122(F) INTRODUCTIO
Page 39 and 40: UNCLASSIFIED ACP 122(F) 912. Caveat
Page 41 and 42: UNCLASSIFIED ACP 122(F) CHAPTER 10
Page 43: UNCLASSIFIED ACP 122(F) CHAPTER 11
Page 47 and 48: UNCLASSIFIED ACP 122(F) d. Password
Page 49 and 50: UNCLASSIFIED ACP 122(F) CHAPTER 14
Page 51 and 52: UNCLASSIFIED ANNEX A TO ACP 122(F)
Page 53 and 54: UNCLASSIFIED ACP 122(F) Checklists
Page 55 and 56: UNCLASSIFIED ACP 122(F) Annexes 3.
Page 57 and 58: UNCLASSIFIED ACP 122(F) Access Cont
Page 59 and 60: UNCLASSIFIED ACP 122(F) Combined In
Page 61 and 62: UNCLASSIFIED ACP 122(F) support wil
Page 63 and 64: UNCLASSIFIED ACP 122(F) National In
Page 65 and 66: UNCLASSIFIED ACP 122(F) Security Ar
Page 67 and 68: UNCLASSIFIED ACP 122(F) ABBREVIATIO
Page 69: UNCLASSIFIED ACP 122(F) WG WS Worki

ACP 122 (F) - Multilateral Planners Conference

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?