DOCSLIB.ORG

IC Tech Spec for ICD/ICS

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
IC Tech Spec for ICD/ICS UNCLASSIFIED TECHNICAL SPECIFICATIONS FOR CONSTRUCTION AND MANAGEMENT OF SENSITIVE COMPARTMENTED INFORMATION FACILITIES VERSION 1.2 IC Tech Spec‐for ICD/ICS 705 An Intelligence Community Technical Specification Prepared by the Office of the National Counterintelligence Executive April 23, 2012 UNCLASSIFIED UNCLASSIFIED Table of Contents Chapter 1. Introduction ................................................................................................................. 1 A. Purpose ................................................................................................................................ 1 B. Applicability ....................................................................................................................... 1 Chapter 2. Risk Management ........................................................................................................ 2 A. Analytical Risk Management Process ................................................................................ 2 B. Security in Depth (SID) ...................................................................................................... 3 C. Compartmented Area (CA) ................................................................................................. 4 Chapter 3. Fixed Facility SCIF Construction ................................................................................ 6 A. Personnel ............................................................................................................................. 6 B. Construction Security.......................................................................................................... 7 C. Perimeter Wall Construction Criteria ................................................................................. 8 D. Floor and Ceiling Construction Criteria ........................................................................... 11 E. SCIF Door Criteria ............................................................................................................ 11 F. SCIF Window Criteria ...................................................................................................... 12 G. SCIF Perimeter Penetrations Criteria ................................................................................ 13 H. Alarm Response Time Criteria for SCIFs within the U.S. ............................................... 14 I. Secure Working Areas (SWA).......................................................................................... 14 J. Temporary Secure Working Area (TSWA) ...................................................................... 14 Chapter 4. SCIFs Outside the U.S. and NOT Under Chief of Mission (COM) Authority ......... 20 A. General .............................................................................................................................. 20 B. Establishing Construction Criteria Using Threat Ratings ................................................. 20 C. Personnel ........................................................................................................................... 23 D. Construction Security Requirements ................................................................................ 24 E. Procurement of Construction Materials ............................................................................ 27 F. Secure Transportation for Construction Material ............................................................. 30 G. Secure Storage of Construction Material .......................................................................... 31 H. Technical Security ............................................................................................................ 31 I. Interim Accreditations ...................................................................................................... 31 i UNCLASSIFIED UNCLASSIFIED Chapter 5. SCIFs Outside the U.S. and Under Chief of Mission Authority ............................... 32 A. Applicability ..................................................................................................................... 32 B. General Guidelines............................................................................................................ 32 C. Threat Categories .............................................................................................................. 33 D. Construction Requirements ............................................................................................... 34 E. Personnel ........................................................................................................................... 35 F. Construction Security Requirements ................................................................................ 37 G. Procurement of Construction Materials ............................................................................ 39 H. Secure Transportation for Construction Material ............................................................. 41 I. Secure Storage of Construction Material .......................................................................... 42 J. Technical Security ............................................................................................................ 42 K. Interim Accreditations ...................................................................................................... 42 Chapter 6. Temporary, Airborne, and Shipboard SCIFs ............................................................. 43 A. Applicability ..................................................................................................................... 43 B. Ground-Based T-SCIFs .................................................................................................... 43 C. Permanent and Tactical SCIFS Aboard Aircraft .............................................................. 45 D. Permanent and Tactical SCIFs on Surface or Subsurface Vessels ................................... 47 Chapter 7. Intrusion Detection Systems (IDS) ............................................................................ 53 A. Specifications and Implementation Requirements ............................................................ 53 B. IDS Modes of Operation ................................................................................................... 57 C. Operations and Maintenance of IDS ................................................................................. 59 D. Installation and Testing of IDS ......................................................................................... 60 Chapter 8. Access Control Systems (ACS) ................................................................................. 62 A. SCIF Access Control......................................................................................................... 62 B. ACS Administration.......................................................................................................... 63 C. ACS Physical Protection ................................................................................................... 63 D. ACS Recordkeeping.......................................................................................................... 63 E. Using Closed Circuit Television (CCTV) to Supplement ACS........................................ 64 F. Non-Automated Access Control ....................................................................................... 64 ii UNCLASSIFIED UNCLASSIFIED Chapter 9. Acoustic Protection ................................................................................................... 65 A. Overview ........................................................................................................................... 65 B. Sound Group Ratings ........................................................................................................ 65 C. Acoustic Testing ............................................................................................................... 65 D. Construction Guidance for Acoustic Protection ............................................................... 66 E. Sound Transmission Mitigations ...................................................................................... 66 Chapter 10. Portable Electronic Devices (PEDs) .......................................................................... 68 A. Approved Use of PEDs in a SCIF..................................................................................... 68 B. Prohibitions ....................................................................................................................... 69 C. PED Risk Levels ............................................................................................................... 69 D. Risk Mitigation ................................................................................................................. 70 Chapter 11. Telecommunications Systems ................................................................................... 73 A. Applicability ..................................................................................................................... 73 B. Unclassified Telephone Systems ...................................................................................... 73 C. Unclassified Information Systems .................................................................................... 74 D. Using Closed Circuit Television (CCTV) to Monitor the SCIF Entry Point(s) ..............
Load more

Recommended publications
  • Protect Yourself and Your Personal Information*
    CYBER SAFETY Protect yourself and your personal information * Cybercrime is a growing and serious threat, making it essential that fraud prevention is part of our daily activities. Put these safeguards in place as soon as possible—if you haven’t already. Email Public Wi-Fi/hotspots Key Use separate email accounts: one each Minimize the use of unsecured, public networks CYBER SAFETY for work, personal use, user IDs, alerts Turn oF auto connect to non-preferred networks 10 notifications, other interests Tips Turn oF file sharing Choose a reputable email provider that oFers spam filtering and multi-factor authentication When public Wi-Fi cannot be avoided, use a 1 Create separate email accounts virtual private network (VPN) to help secure your for work, personal use, alert Use secure messaging tools when replying session to verified requests for financial or personal notifications and other interests information Disable ad hoc networking, which allows direct computer-to-computer transmissions Encrypt important files before emailing them 2 Be cautious of clicking on links or Never use public Wi-Fi to enter personal attachments sent to you in emails Do not open emails from unknown senders credentials on a website; hackers can capture Passwords your keystrokes 3 Use secure messaging tools when Create complex passwords that are at least 10 Home networks transmitting sensitive information characters; use a mix of numbers, upper- and Create one network for you, another for guests via email or text message lowercase letters and special characters and children
    [Show full text]
  • Corp Bro Inside Layout
    Message from the Director, NSA The National Security Agency’s rich legacy of cryptologic success serves not only as a reminder of our past triumphs, but also as an inspiration for our future. Harry Truman, the man responsible for signing the legislation that brought our Agency into existence, was once quoted as saying, “There is nothing new in the world except the history you do not know.” Like all truisms, it is only partially accurate. Each generation of Americans must at some point deal with unforeseen problems and issues that transcend the status quo. Most would agree that the challenges faced by NSA in today’s war against terrorism are far different from those of World War II, Vietnam, or Desert Storm. Even so, President Truman was correct in his assertion that there is much to be learned from the past. The history of the National Security Agency has in many respects been based on and characterized by feats of intellectual brilliance. Pioneers like William Friedman, Frank Rowlett, Dr. Louis Tordella, and Agnes Meyer Driscoll, to name but a few, were able to build on past successes and do whatever was necessary to meet the challenges of their time. We should not forget, however, that NSA’s success is due not just to the efforts of the well- known legends of the cryptologic past, but also to the dedicated work of thousands of men and women whose names will never be noted in any history book. History tells us that both genius and hard work are required to ensure success.
    [Show full text]
  • Using PSTN Encryption HC-2203 Over BGAN Version 1 3 September 2009
    Using PSTN Encryption HC-2203 over BGAN Version 1 3 September 2009 inmarsat.com/bgan Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure its accuracy, Inmarsat makes no warranty or representation as to the accuracy, completeness or fitness for purpose or use of the information. Inmarsat shall not be liable for any loss or damage of any kind, including indirect or consequential loss, arising from use of the information and all warranties and conditions, whether express or implied by statute, common law or otherwise, are hereby excluded to the extent permitted by English law. INMARSAT is a trademark of the International Mobile Satellite Organisation, Inmarsat LOGO is a trademark of Inmarsat (IP) Company Limited. Both trademarks are licensed to Inmarsat Global Limited. © Inmarsat Global Limited 2009. All rights reserved. Contents 1 Overview 1 1.1 PSTN encryption explained 1 2 Typical users 1 3 Key features 1 4 Benefits to BGAN users 1 5 Setting up 1 5.1 Setting up HC-2203 PSTN Encryption 1 5.2 About your BGAN SIM card subscription 1 5.3 Setting up the EXPLORER 500/527 and EXPLORER 700 1 5.4 Setting up the Hughes 9201 or Hughes 9250 terminal 1 6 Technical specifications 1 7 General data 1 8 Further details and support 1 1 Overview Inmarsat BGAN offers the same telephony services as its predecessor system GAN, namely Standard Voice (compressed), ISDN Data and the Audio 3.1kHz service which can be used for fax and data communication.
    [Show full text]
  • How to Stay Safe in Today's World
    REFERENCES Internet Safety http://www.aarp.org/money/scams-fraud/info-08-2011/ internet-security.html How to Stay Safe in Identify Theft Federal Trade Commission (FTC) File Complaint: https://www.ftccomplaintassistant.gov/ ID Theft Hotline: 1-877-438-4338 Today’s World Credit Bureaus: Eqiuifax: 1-888-766-0008 Experian: 1-888-397-3742 TransUnion: 1-800-680-7289 Internet Terminology Medical Fraud: Hotline: 1-800-403-0864 Internet Safety Social Security: Hotline: 1-800-269-0271 Identify/Medical Theft http://oig.ssa.gov/report-fraud-waste-or-abuse/fraud-waste- and-abuse Card Skimming http://www.ftc.gov/bcp/edu/microsites/idtheft/ Remote Controls Booklet Sponsored by: Indiana Extension Homemakers Association Education Focus Group 2015-2016 www.ieha.families.com For more information contact your County Extension Office 16 INTERNET TERMINOLOGY NOTES APPS (applications): a shortcut to information categorized by an icon Attachment: a file attached to an e-mail message. Blog: diary or personal journal posted on a web site, updated frequently. Browser: a program with a graphical user interface for displaying HTML files, used to navigate the World Wide Web (a web browser) Click: pressing and releasing a button on a mouse to select or activate the area on the screen where the cursor s pointing to. Cloud: a loosely defined term for any system providing access via processing powers. Cookies: a small piece of code that is downloaded to computers to keep track of user’s activities. Cyberstalking: a crime in which the attacker harasses a victim using electronic communication, such as -e mail, instant messaging or post- ed messages.
    [Show full text]
  • 32Principles and Practices to Successfully Transition To
    32 PRINCIPLES AND PRACTICES TO SUCCESSFULLY TRANSITION TO U.S. DOD CLOUD COMPUTING DATA CENTERS Tra·di·tion·al • Da·ta • Cen·ters (trə-dĭsh′ə-nəl • dā′tə • sĕn′tərz′). Centralized capital-intensive information technology (IT) assets, which include land, security fences, buildings, power-space-and-cooling, networks, computers, storage devices, operating systems, middleware, databases, development tools, and monitoring systems. Oftentimes, traditional IT applications were assembled one computer, server, rack elevation, or server farm at a time. That is, a computer system with a microprocessor, memory, motherboard, disk drives, network interfaces, operation systems, and input-output devices such as display screens, printers, and portable or removable tape, disk, or solid-state media. Traditional physical computer systems ranged in size from small to extremely large or monolithic. For instance, a computer system may be a laptop, desktop computer, Unix workstation, small rack elevation, small server farm with multiple racks, a building with many server farms, or even a monolithic collection of buildings with multiple data centers or high-performance computing equipment for massively parallel processing applications. About 80% to 90% of IT data centers are in the small to medium-sized range that sit underneath desks, or in conference room corners, hallway closets, or small conference rooms. Typically, small to medium-sized IT data centers were engineered to host a single information system or small ecosystem of highly interrelated applications. Rack elevations allowed engineers to assemble their computer systems one high-performance component at a time for high-performance computing needs, multitasking and multi-user systems, reliability and fault-tolerance, or fast network delivery.
    [Show full text]
  • (U) a History of Secure Voice Codin~: Insights Drawn from the Career of One of Tile Earliest Practitioners of the Art of Speech Coding JOSEPH P
    DOCID: 3860926 UNCLASSIFIED Cryptologic Quarter1y (U) A History of Secure Voice Codin~: Insights Drawn from the Career of One of tile Earliest Practitioners of the Art of Speech Coding JOSEPH P. CAMPBELL, JR., and RICHARD A. DEAN Editor's Note: This artrde Is basecl on one publlshecl In Dlgittl Signal Processing, July 1993, wfth permission ofthe authors. The history of speech coding is closely tied to tion of PCM. A "Buzz" /"Hiss" generator was used the career of Tom Tremain. He joined the as an exciter for the vocoder corresponding to the National Security Agency i~ 1959 as an Air Force voiced/unvoiced attribute of each 20-ms speech lieutenant assigned to duty at the Agency. Llttle segment. Balance of the "Buzz" /"Hiss" generator, did he know then that this assignment would or voicing, represented a major factor in the qual­ shape his career as well as' the future of speech ity of the speech. Early practitioners of speech coding. 1 coders, like Tom, can still be found today speak­ I . ing"Aaahhh" /"Sshhhhh" into voice coders to test Thomas E. Tremain was the U.S. govern- this balance. ment's senior speech scientist. He was a recog­ nized leader and an expert in speech science. From the time of SIGSALY until Tom arrived 1 Tom's work spanned five dife3des of state-of-the- at NSA, several generations of voice coders had art modem and speech co<;Iing innovations that been developed in conjunction with Bell Labs. are the basis of virtually e~ery U.S. and NATO The K0-6 voice coder, developed in 1949 and modem and speech coding standard.
    [Show full text]
  • Encryption of Voice, Data and Video (Vdv) for Secure Terrestrial and Satellite Communications
    Dimov Stojce Ilcev / International Journal of New Technologies in Science and Engineering Vol. 2, Issue. 4,October 2015, ISSN 2349-0780 ENCRYPTION OF VOICE, DATA AND VIDEO (VDV) FOR SECURE TERRESTRIAL AND SATELLITE COMMUNICATIONS Stojce Dimov Ilcev Durban University of Technology (DUT), 133 Bencorrum, 183 Prince Street, Durban, South Africa Abstract: This paper introduces the Voice, Data and Video (VDV) encryption as protection shield for secure terrestrial and satellite communication systems deploying special hardware and software scrambling solutions against government or private surveillance and spying. The encryption covers fixed, personal and mobile (cellular) solutions including computer, fax and telex messaging modes for commercial and military applications. Keywords: Encryption, VDV/NSA, DES/AES, RSA/IBE I. INTRODUCTION Secure communication is when two entities are communicating and do not want a third party to listen in or to communicate in a way not susceptible to eavesdropping or interception. It includes means by which people can share mutual information with varying degrees of certainty that third parties cannot intercept what was said, heard, sent and saw. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed secure in this sense, although practical obstacles such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication serve to limit surveillance. In cryptography, encryption is the process of encoding voice (speech and fax), data (messages or text) and video (TV, videoconference and images) in such a way that only authorized parties can listen, read or see it properly. Encryption does not of itself prevent interception, but denies the speech, message and image content to the interceptor.
    [Show full text]
  • Model 90Si Secure Fax Gateway User's Guide
    Model 90si Secure Fax Gateway User's Guide GateWay Fax Systems, Inc. Secure Fax Products Virginia, USA Tel: 804-796-1900 Toll-Free: 877-951-9800 Fax: 804-796-1116 E-Mail: [email protected] Web: www.gwfs.com Help Line: 877-951-9814 Revision 4.7 3/27/2013 GateWay Fax Systems, inc. Model 90si Secure Fax Gateway User's Guide 90si Quick Reference Guide Your 90si comes from the factory set for the Secure Only mode, whereby the commercial (COTS) fax connects to the 90si’s FAX jack (the other two phone jacks remain empty) and the 90si’s RS-232 Data cable connects to the Secure Data port of your crypto device. In this configuration the COTS fax can only be used for classified transac- tions with the crypto in Secure Data Mode. Connecting the COTS fax, 90si and Crypto This diagram shows the default (and recommended) factory configuration for the 90si. Shown are the rear panel of the 90si, Secure Telephone, Commercial-Off-The-Shelf (COTS) fax and the outside telepone line connection. Although there are other 90si configurations, this one will work right out of the box. See Section 2.3, Choose a Configuration, for others. 90si Secure Fax Gateway Rear Panel FAX Commercial-Off-The-Shelf Fax Machine 5VDC Power LINE (Set to Auto-Answer on 1 Ring) Supply "Red" Data Port "Secure" Secure Telephone PSTN Phone Line / Crypto (Set to Async 9.6kbps) Telephone Wall Jack Transmitting a Secure Fax Step Procedure 1. Place a call on your secure telephone / crypto. 2. Place it in secure data mode and set the handset on the table 3.
    [Show full text]
  • Cybersecurity Intelligence
    CYBER SAFETY Cybersecurity and fraud prevention are top priorities for J.P. Morgan* In Asset & Wealth Management, our educational programs and supporting materials about cybersecurity and fraud prevention can help you understand how to better protect yourself, your family and your office against the ever-evolving threats of cyber crime. GET STARTED Cybersecurity Speak with your J.P. Morgan representative to learn more about our cyber and fraud prevention programs, for educational information Intelligence and to schedule a session with our experts. J.P. Morgan is committed to safeguarding your data, but clients remain ultimately responsible for ensuring their own cybersecurity. PROTECT yourself and your family Learn best practices that you and your family can Key topics implement to help mitigate cybersecurity risk • Email • Mobile security • Passwords • Malware Audiences: Principals, Board members, C-suite, • Wi-Fi networks • Social engineering decision makers, family members, office staff • Internet usage PROTECT your office Understand how you can help improve your Key topics family office’s, small business’s or law firm’s • Working together • Technology controls cybersecurity posture • Phishing • Operations • Social • Office security Audiences: Office staff, Board members, C-suite engineering • Third-party risk • Ransomware • Secure communications PROTECT yourself from fraud Understand the latest fraud trends and fraud Key topics prevention best practices to help strengthen • Money movement • Business email money movement controls controls compromise • Common fraud • Secure communications Audiences: Financial staff, authorized users, schemes principals, decision makers * This document is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein.
    [Show full text]
  • Trend Micro™ Scanmail™ for IBM Domino™ Administrator's Guide
    Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes, and the latest version of the Administrator’s Guide, which are available from the Trend Micro Web site at: www.trendmicro.com/download/documentation/ NOTE: A license to the Trend Micro Software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. Maintenance must be renewed on an annual basis at the Trend Micro then-current Maintenance fees. Trend Micro, the Trend Micro t-ball logo, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. This product includes software developed by the University of California, Berkeley and its contributors. All other brand and product names are trademarks or registered trademarks of their respective companies or organizations. Copyright© 2013 Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. Document Part No. SNEM55971_130516 Release Date: September 2013 Protected by U.S. Patent Nos. 5,951,698 and 5,889,943 i Trend Micro™ ScanMail™ for IBM Domino™ Administrator’s Guide The Administrator’s Guide for ScanMail for IBM Domino introduces the main features of the software and provides installation instructions for your production environment. Read through it before installing or using the software.
    [Show full text]
  • ITC 2015 DVD Files Itcconfplanner
    A High Assurance Firewall in a Cloud Environment Using Hardware and Software Item Type text; Proceedings Authors Golriz, Arya; Jaber, Nur Publisher International Foundation for Telemetering Journal International Telemetering Conference Proceedings Rights Copyright © held by the author; distribution rights International Foundation for Telemetering Download date 27/09/2021 04:32:59 Link to Item http://hdl.handle.net/10150/596381 A HIGH ASSURANCE FIREWALL IN A CLOUD ENVIRONMENT USING HARDWARE AND SOFTWARE Dr. Arya Golriz, Nur Jaber Faculty Advisors: Dr. Richard Dean, Dr. Yacob Astatke and Dr. Farzad Moazzami Department of Electrical and Computer Engineering Morgan State University ABSTRACT This paper will focus on analyzing the characteristics of firewalls and implementing them in a virtual environment as both software- and hardware-based solutions that retain the security features of a traditional firewall. INTRODUCTION With the evolution of telemetry into network environments, telemetry experts must consider the impact of cloud computing solutions in future telemetry systems. Cloud computing is becoming increasingly popular and offers a wide variety of advantages over conventional networking, including the ability to centralize resources both physically and financially. While implementing a cloud infrastructure does raise security concerns, a secure cloud infrastructure similar to that of a conventional network can be achieved using tools and tactics deployed to protect the network from adversaries and various malicious attacks. One primary component in any secure network, cloud or otherwise, is a firewall that examines inbound and outbound traffic on the network to ensure that it is authentic and based on a set of rules, as well as enables the network administrator to permit safe content.
    [Show full text]
  • NSIAD-86-7 Concerns Regarding the National Security Agency Secure Telephone Program
    1 II UNITED STATES GENE& ACCGWT~NGOFFICE WASHINGTON, D.C. 2Q548 NATIONAL SECURITY AND IMIERNATIONAL AFFAlRS DlVlS1ON OCf 15 1985 IIIll IIll,ll~~ B-220762 128229 The Honorable Glenn English Chairman, Subcommittee on Government Information, Justice, and Agriculture ' Committee on Government Operations House of Representatives Dear Mr. Chairman: Subject: Concerns Regarding the National Security Agency Secure Telephone Program (GAO/NSIAD-86-7) On September 24, 1984, you requested that we evaluate the use of TEMPEST and similar technologies--such as secure telephones-- for the protection of national security information. As requested by your office on July 26, 1985, this letter identifies the major issues regarding secure telephones that we have identified to date. The STU-II is the secure telephone in use today. These telephones are to be replaced by lower cost STU-III telephones. Development contracts for the STU-III telephones were awarded 'in March 1985 to AT&T, Motorola, and RCA to develop an easy to use, low cost (target price about $2,000) secure telephone, deliverable by early 1987. Current plans are to award production contracts to all three contractors (if they successfully develop a product) in March 1986, with deliveries to begin in April 1987. The number of units awarded to each contractor will depend on their price and degree of success in performance tests. A contract has also been awarded to GTE Sylvania for systems integration and testing. The total cost to the government for this developmental effort is about $82 million. This program is very unique because, in addition to having applicability to national security information, this secure telephone will also have a commercial market, that is, banks, brokerage firms, and other businesses interested in securing (395037) B-220762 their communications.
    [Show full text]