DRAFT PROCEDURES OF JOINING THE CLASSIFIED ENTERPRISE

Document Sample
DRAFT PROCEDURES OF JOINING THE CLASSIFIED ENTERPRISE Powered By Docstoc
					TEMPLATES FOR CERTIFICATION AND ACCREDITATION WITHIN
  THE HQDA CLASSIFIED ENTERPRISE NETWORK (HCEN)




                      Prepared by the HQDA Information Management
                                 Support Center (IMCEN)

                                                           17 April 2000


                                                               Contents

Procedures for Joining the HQDA Classified Enterprise Network (HCEN) .......................... 2
Memorandum for All IMCEN Supported Organizations ......................................................... 5
Checklist for Interim Approval to Operate within the HQDA Classified Enterprise Network
(HCEN) ...................................................................................................................................... 7
Open Storage Memorandum (If Applicable) ........................................................................... 9
Amendment Request ..............................................................................................................10
OISSO Appointment Memorandum .......................................................................................11
PC Configuration and Logical Connection Layout Diagrams ..............................................12
List and Location of Hardware and Software ........................................................................14
SOP Concurrence Memorandum ...........................................................................................17
Information Systems Security Inbriefing (New Appointed ISSO & OISSO's) ......................18
HQDA Classified Enterprise Network (HCEN) Logon ID Request ........................................19
End of Day Procedures For Classified Processing ..............................................................20
HQDA Classified Enterprise Network (HCEN)              Information Management Support Center (IMCEN)

                         Procedures for Joining the HQDA
                       Classified Enterprise Network (HCEN)

IMCEN provides a wide variety of both unclassified and classified Information Technology (IT)
services including classified mail exchange services for many HQDA users. While most HQDA
users are familiar with IMCEN’s unclassified IT capabilities, many users are not aware that
IMCEN maintains a classified e-mail Exchange server, as well as other classified file servers, in
the classified ARDAII domain. The establishment of mail accounts on the classified server is
performed as a service on a non-reimbursable basis for HQDA users. However, IMCEN
classified e-mail customers may incur costs, just as unclassified e-mail customers do, for the
purchase of any additional mail software licenses required for their classified workstations.

Unlike the unclassified enterprise, which normally connects all of an agency’s PCs to the
Exchange or applications servers, individual classified PCs can be provided accounts on either
server. However, each PC must be configured using the standards established for the classified
enterprise as outlined in the document, Processing Information at the Classified Sensitivity Level
(IMCEN Memorandum, dated 28 September 1999), and be either accredited by SAM-DS or
have an interim approval to operate (IATO) from them.

Certification and Accreditation (C&A) Requirements
The most difficult part of establishing a classified HEN account is actually obtaining
connectivity to the SIPRNET. The flowchart in Figure 1will guide you through the steps required
to process an agency’s request for SIPRNET connectivity with the SAM.

Once the classified PC has been accredited and SIPRNET connectivity is available, the IMCEN
System Administrator and/or Information System Security Manager (ISSM) for the Classified
Enterprise can process a request from the agency to amend the IMCEN Certification and
Accreditation to include the new classified PC/workstation.

C&A Documentation Requirements
To request accreditation for inclusion in the HQDA Classified Enterprise Network (HCEN), the
agency’s Security Manager, in conjunction with the OISSO must submit the following:

    Checklist for Interim Approval to Operate Within the HQDA Classified Enterprise
     Network (HCEN). This form is for verifying the minimum physical security standards for
       SECRET LAN line drops terminating inside office areas.

    HQDA Classified Enterprise Network (HCEN) Logon ID Request This form is for
     requesting a classified IP address for the user’s PC and a logon ID for the user. This
     document will be used to certify that the user:
       1.   Has a Secret clearance
       2.   Has a valid need for access to the SIPRNET
       3.   Is scheduled for a LAN security briefing



                                                2
HQDA Classified Enterprise Network (HCEN)            Information Management Support Center (IMCEN)

       The Agency OISSO will then provide the IMCEN System Administrator with an e-mail
       request for a classified IP and user logon, with a copy sent to the RAD POC; the request
       will include the following information:
       1.   A copy of the approved workstation accreditation(s)
       2.   Name of User
       3.   User’s Phone #
       4.   Agency
       5.   Location of user’s equipment
       6.   List of equipment to be connected by type, i.e., workstations and printers
       7.   The MAC address of the NIC card of any equipment to be connected

    Open Storage Memorandum. A work area approved for open storage of classified
     information (i.e., not locked in an approved security container) must have an open storage
     memorandum. The open storage letter must be included in the AIS’s accreditation
     package. A sample of an open storage letter is included in this document.

    Amendment Request. If your agency is supported by IMCEN, this request will be
     processed by the IMCEN ISSM. If not supported by IMCEN, you must submit this
     request to the SAM-DSS. A sample is included.

    OISSO Appointment Memorandum. This must be included in all accreditation packages.

    PC Configuration and Logical Connection Layout Diagrams. These are largely self-
     explanatory. The PC configuration diagram must reflect that the classified printers cannot
     be connected to unclassified printers.

    List and Location of Hardware and Software. Self-explanatory.

    SOP Concurrence Memorandum. This must accompany all accreditation requests. It
     certifies concurrence with the HCEN Standard Operating Procedures.

    Information Systems Security Briefing. This must accompany all accreditation requests.

NOTE: Some of the sections are “locked.” That is, you can only take the cursor from field to
field with the arrow keys or page up/down keys. If that is not convenient for you, simply press
Tools>Unprotect Document.




                                                3
HQDA Classified Enterprise Network (HCEN)            Information Management Support Center (IMCEN)




Figure 1. Flowchart of steps required to process a request for SIPRNET connectivity with
                                         the SAM
With the requested information, the IMCEN System Administrator will complete the following
actions:
1.   Acquire an IP address from the SAM
2.   Update the ARDAII accreditation to include the additional user’s PC
3.   Add a user account to the Classified Exchange server for e-mail

The final step for users who are supported by the IMCEN Help Desk for their first line support,
will be to enter a Magic Ticket to complete the installation of their workstations and printers.
Depending on the number of workstations to be connected, a Magic Ticket will be completed
and forwarded to either the IMCEN Help Desk or the Implementation Cell.

                                                4
HQDA Classified Enterprise Network (HCEN)                 Information Management Support Center (IMCEN)

JDIM-SS

                                                                                    13 December 1999


Memorandum for All IMCEN Supported Organizations


SUBJECT: IMCEN Policy for Users Accessing Secret Internet Protocol Routing
          Network (SIPRNet) Via HQDA Classified Enterprise Network (HCEN)

1. References.
       a. AR 380-19 Information Systems Security, 27 February 1998

       b. AR 380-5 Department of the Army Information Security Program, 25 February
          1988

2. Purpose. To prescribe policies and procedures to be used for processing
information at the Classified sensitivity level via the SIPRNet.

3. Applicability. Applicable to all personnel performing AIS functions within the HQDA
Classified Enterprise Network.
4. Procedures.
    a. Each office not approved for open storage or not in a Sensitive Compartmented
Information Facility (SCIF) that require SIPRNet access via the HCEN must have a
Hoffman Box which houses and secures the network devices necessary to transmit
Classified information. Features and requirements for the Hoffman Box are as follows:
              12”x12”x6” silver aluminum box mounted on the wall
              Must have a GSA approved changeable combination padlock
              Hoffman Box houses the AC power strip, fiber UTP transceiver, and HUB network devices
              Must have a ON/OFF type sign posted on the Hoffman Box to indicate when Classified processing
               is active or inactive.
              Must have End of Day Procedures posted near the Hoffman Box.


       b. Each office must appoint an Information System Security Officer (ISSO) or
Organization Information System Security Officer responsible for performing the
following duties for each AIS under their purview:

   Ensure that all users requiring access is familiar with the End of Day Procedures for
    Classified Processing, the HCEN Standard Operating Procedures and the
    Processing Information at the Classified Sensitivity Level policy letter.

   Ensure that each office establish security pin #’s which will be used to verify
    authentication of users requesting extended periods of Classified processing beyond
    it’s designated core hours.



                                                    5
HQDA Classified Enterprise Network (HCEN)                               Information Management Support Center (IMCEN)

JDIM-SS

SUBJECT: IMCEN Policy for Users Accessing Secret Internet Protocol Routing Network
          (SIPRNet) Via HQDA Classified Enterprise Network (HCEN)

    Ensure security pin #’s are changed every 90 days and reported to IMCEN security.

    Maintain access control of the combination to the lock on the Hoffman Box and
     ensure the combination is stored in a safe available to users for the purpose of
     maintenance or trouble calls.

    Report immediately to IMCEN security any additions of equipment to include
     workstations, laptops, hubs or printers to the existing classified connection.

    The individual appointed ISSO or OISSO is designated the responsibility to re-
     establish a classified/SIPRNet connection when it is terminated after being left on
     past the designated core hours. Users must contact his/her ISSO/OISSO in order to
     re-establish a connection. The ISSO/OISSO must provide IMCEN security his/her
     telephone number that can be reached at any time in such a case.

    The NSMC will notify the HQDA ISSM and the ISSO/OISSO via e-mail for any office
     in violation of leaving a Classified connection on after the designated core hours
     without notification. The e-mail notice will have a ticket number assigned and will
     also serve as a security violation. When the ISSO/OISSO calls the NSMC to re-
     establish a terminated connection they must provide their ticket number, name and
     security pin # to re-establish the connection.

    Primary and alternate POCs must be assigned for each office with the responsibility
     of notifying the Network Security Monitoring Center (NSMC) of extended Classified
     processing beyond designated core hours. The Primary or alternate POC must give
     the security pin # for their office in order to request an extension. He/she must all
     specify the amount of extended time needed.

               c. The ISSO/OISSO must ensure that an alternate security officer is
available in his or her absence to authenticate and re-establish terminated connections
at any given time.
By signing below, I acknowledge the responsibility to ensure the protection of the Classified SIPRNET connection via HQDA
Classified Enterprise Network. I am the only person authorized to re-establish a terminated Classified connection for my office.
ANY unauthorized use of a Classified account or failure to comply with the provisions of the HCEN SOP for Automated Information
Systems Security is a violation of AR 380-19 and will result in TERMINATION of system privileges. I further acknowledge that I will
report to the HQDA Information System Security Manager (ISSM) any problems I may encounter in the use of the SIPRNet or any
misuse of Classified passwords by other personnel. I certify that I have read, understand, and agree to comply with systems security
policies for Automated Information Systems Security.

ISSO/OISSO Signature:




                                                                 6
HQDA Classified Enterprise Network (HCEN)                 Information Management Support Center (IMCEN)

              Checklist for Interim Approval to Operate within the
                 HQDA Classified Enterprise Network (HCEN)

The following constitute the minimum physical security standards for SECRET LAN line drops
terminating inside office areas not approved for Open Storage. This checklist will grant a 30-day interim
access to the HCEN until the CA Classified Template is completed and submitted.
1. Have you already been approved for open storage? If Yes, answer Items 11, 12 and 13 only.
   Yes     No
2. Does the organization use Hoffman boxes?
   Yes      No         N/A
3. If so, are the Hoffman boxes secured?
   Yes        No        N/A
4. Are the Hoffman boxes equipped with GSA-approved changeable combination padlocks or
   high-security, key-operated padlocks?
   Yes      No         N/A
5. Are the hinges and hasps on the Hoffman boxes secured by preening or spot welding or by
   using another acceptable means to prevent their removal?
   Yes      No         N/A
6. Are adequate internal security procedures in place to prevent unauthorized access to the
   Hoffman boxes?
   Yes     No          N/A
7. Are the removable hard drives stored in GSA-approved containers?
   Yes       No       N/A
8. Does the organization use Security Container Check Sheets?
   Yes      No
9. Has the hub been assigned a static IP address?
   Yes      No
10. Have “Hot/Cold” signs been posted on the Hoffman boxes?
    Yes     No         N/A

Please provide the following pertinent information about your area:
11. Room Number
12. Organization Name                          Central Office Tel. #
    The number provided above should be for a telephone located next to the Classified PC.
13. Name of primary POC                  Tel. #           Alternate?             Tel. #
14. Indicate your core hours for classified processing:
    From                To

15. IMCEN assigned Security Pin Number
    The Pin Number is the last four digits of the Primary POC’s Social Security Number.

                                                     7
HQDA Classified Enterprise Network (HCEN)            Information Management Support Center (IMCEN)

Grace Period
At 2200 hours daily, classified connections for all organizations will be checked for validity and
authentication. A 30-minute grace period will be granted to those classified connections not
terminated or granted extended processing. This grace period is for the user(s) to notify the
NSMC of extended processing. Only users with a valid Security PIN Number (Item 15) for their
organization can validate a classified connection.

Contacting the NSMC
To notify the NSMC of extended processing, call 614-NSMC (6762). Skip the menu and dial
ext. 8505 directly. Provide the NSMC personnel with the Security PIN Number assigned in Item
15. The NSMC uses the Security Pin Number to authenticate the individual requesting the
extension.

Organization Responsibility
If the NSMC is not contacted within the 30-minute grace period, NSMC personnel will call the
central office telephone number provided in Item 12 to verify connection. The user will be asked
to provide the PIN# for extended processing to be granted.

If the NSMC is unable to contact an authorized individual at the central office telephone number,
the connection will be terminated. The OISSO or ISSO (POCs) will be notified of any classified
connection in violation of this agreement. The telephone numbers provided in Item 13 must be
numbers where the POCs can be reached at any time.




                                                8
HQDA Classified Enterprise Network (HCEN)             Information Management Support Center (IMCEN)

                              Open Storage Memorandum


   MEMORANDUM FOR DIRECTOR, INFORMATION MANAGEMENT SUPPORT
                       CENTER (IMCEN)

ATTN:          RONALD L. GREENFIELD (ISSM), ROOM 1D614, 6002 ARMY
               PENTAGON, WASHINGTON, DC 20310-6602

SUBJECT:       Authority for Open Storage



In accordance with AR 380-5, Department of the Army Information Security Program, 25
February 1988, you are authorized the open storage of automated information systems hardware
that will store/process classified data at the SECRET level in Room [number], Office of the
Secretary of the Army

Standard operating procedures for the security of the classified information are part of the
accreditation for the automated systems and should be vigorously complied with.

This authority is granted at subject location until 1 May 2001, at which time a physical security
survey must be requested to reevaluate the adequacy of your activity for continued open storage.
Changes in the mission, facility, structure, systems hardware, or operating system software
should be reported to this office prior to their occurrence.




                                                                     (Signature)

                                                  R.W. McGinnis
                                                  Director
                                                  HQDA Security Services




                                                 9
HQDA Classified Enterprise Network (HCEN)            Information Management Support Center (IMCEN)

                                   Amendment Request

                                                                                1 February, 2010


MEMORANDUM FOR NISA-SR

FROM:          JDIM-SS

SUBJECT:       Amendment to HQDA Classified Enterprise Network (HCEN)


1. Amendment to HCEN is submitted for your approval.

     Organization name:                     .
2. The following additions are required for the Office of the Secretary of the Army:

   a. [(#) workstations will be added to the HCEN]

   b. Configuration diagram and hardware/software list for these additions are enclosed.

   c. Open Storage Certification Memorandum is included, if applicable.

1. The Point of Contact for this request is the OISSO [name], [phone].




                                                                (ISSM Signature)

                                                 RONALD L. GREENFIELD
                                                 IMCEN ISSM




                                                10
HQDA Classified Enterprise Network (HCEN)                       Information Management Support Center (IMCEN)

                                    OISSO Appointment Memorandum

TO:                RONALD L. GREENFIELD, Information System Security Manager (ISSM), HQDA
                   Information Management Support Center (IMCEN)
FROM:

SUBJECT:           Appointment of Organization Information System Security Officer (OISSO)

DATE:

cc:


1.       The following individual is appointed OISSO for [ORGANIZATION] IAW the Pentagon AIS Security
         Manual and IMCEN ISS Standard Operating Procedures.

            OISSO (name, grade/rank):

            VOICE TEL. NUMBER:

            FAX NUMBER:

            E-MAIL ADDRESS:

            BUILDING AND ROOM NUMBER:




         APPOINTING AUTHORITY:
         [NAME, GRADE/RANK, TITLE]                         SIGNATURE


1.       I have been provided a copy of the OISSO Duties/Responsibilities and have read them and all questions have
         been answered. I understand that it is my responsibility to call SAM-DSS (SATE) and schedule initial ISSO
         training within 30 days.




         OISSO:
         [NAME, GRADE/RANK, TITLE]                         SIGNATURE                                          DATE

Distribution:
     ISSM
     OISSO
     ISSO





    Head of organization, representative, or ISSM

                                                         11
HQDA Classified Enterprise Network (HCEN)                 Information Management Support Center (IMCEN)

         PC Configuration and Logical Connection Layout Diagrams




                                             Raritan CompuSwitch
                                            Keeyboard/Monitor/Mous



                 Unclassified PC                                               Classified PC




                     Unclassified                                            Classified
                       Printer                                                Printer


                        Figure 2. Classified PC Configuration (SAMPLE)




                                                    12
HQDA Classified Enterprise Network (HCEN)                    Information Management Support Center (IMCEN)


                         Room 140




                               Ÿ 1 Server
                               Ÿ 3 Printers
                               Ÿ 11 Workstations




          7-line modem
               bank




                              Room 160


                                                              Pentagon Unclassified Backbone Network
                                                    T-1
                                 Router
                                                   Circuit
           Cabletron MMAC-B
                  hub




                                                   10-line modem bank
                                                     (outgoing only)




                                                                        Ÿ 1 Server
                                                                        Ÿ 3 Printers
                                                                        Ÿ 11 Workstations




                                                                             Room 150




                     Figure 3. Logical Connection Layout between Rooms
                                                     TBS




                                                       13
HQDA Classified Enterprise Network (HCEN)           Information Management Support Center (IMCEN)



                   List and Location of Hardware and Software
1.   System Title:
[Office, Subnetwork] (IMCEN supported)
2.   Organization and Address:




3.   System Location:
[Office room number]
4.   Classification of the System:
       The highest level of data processed on this system is: Sensitive but Unclassified (SBU).
5.   Hardware:
Hardware is detailed in the following table.

Location <room number>

      Hardware                Manufacturer               Model                    Quantity




                                                                          [To add table rows, click
                                                                          here and press <Tab>]




Location <room number>

      Hardware                Manufacturer               Model                    Quantity




                                               14
HQDA Classified Enterprise Network (HCEN)              Information Management Support Center (IMCEN)



Location <room number>

      Hardware                Manufacturer                  Model                   Quantity

                                                                            [To add table rows, click
                                                                            here and press <Tab>]




Location <room number>

      Hardware                Manufacturer                  Model                   Quantity




                                                                            [To add table rows, click
                                                                            here and press <Tab>]



1.   Software:
     Software is detailed in the following table(s):

           Name                 Developer                Version No.         No. of Licensed Users

COTS Software




                                                                            [To add table rows, click
                                                                            here and press <Tab>]



           Name                 Developer                Version No.         No. of Licensed Users

Government-Developed
Software




                                                15
HQDA Classified Enterprise Network (HCEN)        Information Management Support Center (IMCEN)




                                                                      [To add table rows, click
                                                                      here and press <Tab>]




                                            16
HQDA Classified Enterprise Network (HCEN)              Information Management Support Center (IMCEN)



                            SOP Concurrence Memorandum


MEMORANDUM FOR JDIM/CS-S

ATTN:           RONALD L. GREENFIELD (ISSM)

SUBJECT:        Network Certification




1.      I have carefully reviewed the IMCEN Classified Enterprise Network Standard Operating
        Procedures and concur that this office adheres to all policies and procedures contained
        within.

2.      The Point of Contact for this letter is

        Name:

        Agency

        Phone no.:




                                                                   (OISSO Signature)

                                                   Name, grade/rank:
                                                   Organization:




                                                  17
HQDA Classified Enterprise Network (HCEN)            Information Management Support Center (IMCEN)



                      Information Systems Security Inbriefing

Users, supervisors and managers will acknowledge by signature that they have read and
understood the HQDA Classified Enterprise Network Standard Operating Procedures (Appendix
A) and been briefed on its contents. Any questions regarding these instructions must be answered
by the ISSO/SA (briefer) prior to signing. Persons who refuse to acknowledge the briefing will
not be allowed to operate Government AIS. All individuals receiving this briefing will be given a
signed personal file copy for future reference.




USER:                                                   DATE: _________________________________
                       (Print name)




Signature:                                             Rank/Grade: ____________________________




BRIEFER:                                                DATE: _________________________________
                       (Print name)




Signature:                                             Rank/Grade: ____________________________




                                               18
            HQDA Classified Enterprise Network (HCEN) Logon ID Request
                                                                                  INSTRUCTIONS
                              Complete one form for each person. The ISSO/OISSO will retain this form for 30 days after access removal.
                                         The HCEN Administrator will ensure prompt removal of all unauthorized personnel.
                                         To delete an account, only parts 1, and 4 (if applicable) of this form are necessary.

                                    PART 1. TO BE COMPLETED BY AUTOMATION POC OR INDIVIDUAL REQUESTOR
1. USER NAME                                                                          2. OFFICE SYMBOL               3. ORGANIZATION                 4. PHONE (include area code)
Last:                     First:                     MI:
5. RANK OR TITLE                        6. SSN                                        7. ROOM WHERE WORKSTATION IS LOCATED                           9. FAX (include area code)


10. SYSTEMS TO BE ACCESSED                                                            11. TYPE OF REQUEST                      12. TYPE OF ACCOUNT
        SIPRNet              AKO-S                                                             ADD            DELETE                PERMANENT                TEMPORARY

        DMS-Secret           Other ____________                                               MODIFY                           IF TEMPORARY, DEACTIVATION DATE:


                                       PART 2. TO BE COMPLETED BY THE ORGANIZATION SECURITY MANAGER
                                   I certify that the individual identified in Part 1 holds a valid security clearance of ____________ issued by
                                           _______________________ on             /    / , based on a _______ completed on        /   / .
14. REQUEST                                                                                                                                      15. DATE ACCESS AUTHORIZED
        APPROVED                   DISAPPROVED (if disapproved, specify reason)
16. ORGANIZATION SECURITY MANAGER                                                                                                                17. OFFICE SYMBOL


18. SIGNATURE                                                                                                                                    19. PHONE (include area code)


                                                           PART 3. TO BE COMPLETED BY THE ISSO/OISSO
                                       I have reviewed this request and certify that the requestor has a valid need for access to HCEN.
20. REQUEST                                                                                                                                      21. DATE ACCESS AUTHORIZED
        APPROVED                   DISAPPROVED (if disapproved, specify reason)
22. ISSO/OISSO                                                                                                                                   23. OFFICE SYMBOL


24. SIGNATURE                                                                                                                                    25. PHONE (include area code)


              PART 4. CONTRACTORS ONLY — TO BE COMPLETED BY CONTRACTING OFFICER’S REPRESENTATIVE (COR)
26. COMPANY NAME                     27. CONTRACT NO.                 28. EFFECTIVE DATE                 29. EXPIRATION DATE                     30. COR


31. COR SIGNATURE                                                                                                                                32. PHONE (include area code)


                                                            PART 5. TO BE COMPLETED BY REQUESTOR

   By signing below, I acknowledge my responsibility to ensure the protection of the USERID / PASSWORD that will be assigned to me following the
   processing of this form, and I am aware of my user responsibilities listed below:
    1. I must protect my password and all information on the system(s) as required by National Security and IMCEN directives and SOP’s.
    2. I am the only person authorized to use this password, and I will not share my password with anyone.
    3. I will report to the ISSO/OISSO any problems that I encounter in the use of the password, any possible compromise of my password, or any
        misuse of passwords by other personnel.
    4. I understand that ANY unauthorized use of this password or failure to comply with the provisions of the HCEN SOP for Automated Information
        Systems Security is a violation of AR 380-19 and will result in TERMINATION of system privileges.
    5. I recognize that regular changes of passwords are necessary, and I will make every effort to comply with programmed notices to that effect.
    6. I must report changes in my status promptly, in writing, to the ISSO/OISSO or to my security manager. Examples of changes in status
        include: TDY of 60 days or more, PCS, removal of security access, or changes in the requirements for “need to know.”
    7. I understand that my access requirement must be revalidated on a semi-annual basis.
    8. I consent to authorized monitoring.
    9. I understand that the ISSO/OISSO has the right to revoke my access and/or inspect any files that I create.
    10. I certify that I have read, understand, and agree to comply with systems security policies for Automated Information Systems Security.

33. USER SIGNATURE                                                                                                                               34. DATE



                                                                         PRIVACY ACT STATEMENT
                                                                Authority: Executive Order 10450
    Personal information provided on this form is used to determine eligibility for access to the HCEN. This information is used to ensure that only authorized
 personnel may access the system. Disclosure of information on this form is voluntary; however, if the information is not provided, system access will be denied.


HQDA HCEN Access Request – 13 September 2000                                                              SECURITY CLASSIFICATION:               For Official Use Only




                                                                                     19
     End of Day Procedures For Classified Processing
       1.            Logged Off Desktop/Laptop
       2.            Turned Off Hoffman Box AC Power Supply
       3.            Secured Hoffman Box with GSA Approved Padlock
       4.            Ensured Hoffman Box Indicates “COLD” Sign
       5.            All Removable Hard Drives and Laptops Stored in
                     GSA Approved Containers.
       6.            Security Container Check Sheet Signed Off.



                    FOR OFFICIAL USE ONLY

Procedure for Extension of Classified Processing
                     Hours


Core Hours of Operation:            From                        To


The core hours specified above should match the hours specified on
the Classified Connectivity Checklist. The hours must be followed
strictly. If a classified session is continued before or after the specified
hours, notify the Network Security Monitoring Center (NSMC)
immediately.
Contact the NSMC at 614-NSMC (6762). Skip the menu and dial ext.
8505 directly. Provide the NSMC personnel with the assigned
Security Pin Number.
If an unapproved classified session is discovered and the NSMC is unable to get
verification from the appointed POCs, the classified connection will be
immediately TERMINATED.

       Signature:           ______________________
       OISSO:               ______________________
       Date:                ______________________


                             614-NSMC EXT. 8505
                                          20