CSAT Security Vulnerability Assessment Questions
Total Page:16
File Type:pdf, Size:1020Kb
CSAT Security Vulnerability Assessment Questions June 2008 Version 1.0 Version 1.0 1 CSAT SVA Questions OMB PRA # 1670-0007 Expires: 5/31/2011 General ................................................................................................................4 Facility Information.............................................................................................5 Facility Coordinates............................................................................................5 ASP Documents .........................................................................................................................6 Upload Plot Plans/Maps ............................................................................................................8 Facility Security Information............................................................................10 DHS Initial Notification Letter – Security Issues...................................................................10 Release Toxic Chemicals of Interest .....................................................................................12 Release Flammable Chemicals of Interest ............................................................................16 Release Explosive Chemicals of Interest ..............................................................................22 Theft/Diversion Explosive/Improvised Explosive Device Precursor (EXP/IEDP) Chemicals of Interest..................................................................................................................................25 Theft/Diversion Weapon of Mass Effect (WME) Chemicals of Interest ..............................29 Theft/Diversion Chemical Weapon/Chemical Weapon Precursor (CW/CWP) Chemicals of Interest ......................................................................................................................................32 Sabotage/Contamination Chemicals of Interest...................................................................36 Facility Characteristics............................................................................................................39 Security Equipment at the Facility .........................................................................................39 Utility Systems and Infrastructure Support ..........................................................................41 Inventory Control .....................................................................................................................42 Inventory Control - Details......................................................................................................43 Personnel Access Control Measures at the Facility ............................................................47 Shipping and Receiving Control Measures at the Facility ..................................................49 Shipping and Receiving Control Measures – Details...........................................................50 Post-Release Measures and Equipment................................................................................54 Site Vulnerability Factors........................................................................................................55 Asset Characterization .....................................................................................56 Facility Assets..........................................................................................................................56 Facility Assets - Description...................................................................................................57 Primary Security Issue For This Asset ..................................................................................57 Facility Assets - Detail.............................................................................................................58 Facility Asset Directions .........................................................................................................58 Release Chemicals of Interest................................................................................................61 Toxic Chemicals of Interest ....................................................................................................62 Primary Release Toxic.............................................................................................................63 Toxic Release – Mitigation......................................................................................................63 Theft/Diversion Primary COI...................................................................................................66 Facility Assets - Packaging Detail..........................................................................................66 Cyber Control Systems ...........................................................................................................67 Cyber Business Systems........................................................................................................68 Vulnerability Analysis.......................................................................................69 Attack Scenarios......................................................................................................................69 Attack Scenario Descriptions.................................................................................................70 Aircraft Scenario ......................................................................................................................72 Maritime Scenario ....................................................................................................................75 Vehicle Scenario ......................................................................................................................78 Assault Team Scenario ...........................................................................................................81 Standoff Scenario ....................................................................................................................83 Sabotage Scenario...................................................................................................................84 Theft Scenario ..........................................................................................................................85 Diversion Scenario ..................................................................................................................86 Mitigation Measures ................................................................................................................87 Identifiability Probability .........................................................................................................88 DHS Form 9015 Page 2 of 107 Version 1.0 CSAT SVA Questions OMB PRA # 1670-0007 Expires: 5/31/2011 Accessibility Probability .........................................................................................................89 Facility Security Response Force Capability........................................................................90 Offsite Security Response Force Capability.........................................................................91 Achievability Probability .........................................................................................................92 Target Hardness Probability...................................................................................................93 Availability Probability ............................................................................................................94 Unauthorized Customer Registration ....................................................................................95 Unauthorized Order Placement ..............................................................................................96 Unauthorized Order Pickup ....................................................................................................97 Computer Systems Analysis ...........................................................................98 Control System Analysis.......................................................................................................100 Security Policy .......................................................................................................................101 Cyber Access Control ...........................................................................................................102 Personnel Security ................................................................................................................103 Physical and Environmental.................................................................................................103 Awareness and Training .......................................................................................................103 Monitoring and Incident Response......................................................................................104 Configuration Management ..................................................................................................105 Risk and Vulnerability Management ....................................................................................106 DHS Form 9015 Page 3 of 107 Version 1.0 CSAT SVA Questions OMB PRA # 1670-0007 Expires: 5/31/2011 General Paperwork Burden Disclosure Notice: The public reporting burden for this form is estimated to be 250 hours. The burden estimate includes time for reviewing instructions,