SOW Annex D - Ministerio de Defensa

More documents

Recommendations

Info

NATO UNCLASSIFIEDIFB-CO-12546-GAG - SOW Annex DAppendix 1NATO 7. Target of AccreditationThe primary objective of security approval or accreditation is to ensure thatthe implemented CIS conforms with NATO Security Policy and supportingdirectives (and, where appropriate, National equivalent(s)), and the CISspecificsecurity-related documentation (e.g. CSRS). Security approval andaccreditation is the authorisation granted to a CIS to store, process or transmitinformation up to the determined security classification in its operationalenvironment.8. Accreditation DocumentationIn order to grant security approval or accreditation for a CIS, the SecurityApproval or Accreditation Authority should be satisfied that the applicablesecurity requirements will be met by proper enforcement of the SRS(s), withparticular emphasis on the SSRS, and the SecOPs. The SRS(s) form thebasis for an understanding and agreement between the security approval oraccreditation authority and the CIS Operating Authority that the CIS will beoperated in a secure manner.9. Approved SoftwareSoftware used on the system shall be approved by the appropriate SAA. Thisapproval is automatically applied if the software is listed in the ApprovedFielded Product List (AFPL) maintained by NCSA.10. Process of Accreditationa. A security risk assessment of the shall be conductedby the Host Nation (HN) e.g. NATO C3 Agency (NC3A) inconjunction with the SAA and project staffs.b. HN shall produce SRS(s) for the as required. TheSRS(s) shall:(1) Include (generic) Security Operating Procedures(SecOPs).(2) Describe the minimum levels of security deemednecessary to counter risk identified in a risk assessmentof the .(3) Define the security testing requirements and include asecurity test and evaluation (ST&E) plan.(4) Include a Statement of Compliance, including aninterconnection statement, as Annex to the SRS(s)c. The SRS(s) shall be presented to the SAA for approval in duetime to permit timely reviews and resolution of outstandingissues prior to being required operationally.NATO NATO UNCLASSIFIEDPage 12 of 14
NATO UNCLASSIFIEDIFB-CO-12546-GAG - SOW Annex DAppendix 1NATO d. Each site shall produce:(1) Its own SecOPs.(2) ST&E plan based on the generic version included in theSRS(s).e. The SecOPs and the ST&E plan shall be approved by the localSAA.f. Each node shall securely implement the local againstthe SRS(s) and SecOPs.g. Security testing of the site shall be conducted by the appropriateCIS Operating Authority in coordination with NITC/SECAN.h. Accreditation of each local site shall only be granted by the localSAA after security testing has been successfully completed.i. Once local accreditation has been completed, the CIS OperatingAuthority shall sign and forward a Statement of Compliance(SoC) to the appropriate Security Accreditation Authority (SAA).j. Upon receipt of a signed Statement of Compliance, the SAAshall arrange a security inspection of the NATO site to verifycompliance with the SRS(s) prior to granting accreditation. Theinspection of the NATO site shall be arranged by the SAA on acase-by-case basis.11. Accreditation Decision for ConnectionsThe SAA can only grant security accreditation to connections after statementsof compliance have been received from the local SAAs of the connectingsites. As an exceptional measure, the SAA may grant temporary securityapproval to a connecting site by granting Interim Approval to Operate (IATO).These IATOs shall only be granted for limited time periods (maximum of 12month) after which, if the nodes have not been accredited and certifiedcompliant, the SAA may recommend their disconnection from the NGCS PTCto the appropriate risk owner and declare that the network is being operatedwithout security accreditation or authority.NATO NATO UNCLASSIFIEDPage 13 of 14
Page 3 and 4: NATO UNCLASSIFIEDAMD-7 TO IFB-CO-12
Page 5 and 6: NATO UNCLASSIFIEDAMD-7 TO IFB-CO-12
Page 7 and 8: NATO UNCLASSIFIEDIFB-CO-12546-GAG -
Page 9 and 10: NATO UNCLASSIFIEDIFB-CO-12546-GAG -
Page 11: NATO UNCLASSIFIEDIFB-CO-12546-GAG -

SOW Annex D - Ministerio de Defensa

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?