DIACAP Artifact 3 - Security Design Doc Template Feb 2007

Document Sample
DIACAP Artifact 3 - Security Design Doc Template Feb 2007 Powered By Docstoc
					       ARTIFACT 3
SECURITY DESIGN DOCUMENT
[Site Name]                                             Artifact 3 Security Design Document
                                                                             [Month Year]


                         EXECUTIVE SUMMARY
BOILERPLATE: The purpose of this Security Design Document (SDD) is to define the
security components located within the accreditation boundary of the information system
(IS) residing at [Site Name] ([Site Name Abbreviation]). This involves identifying and
describing in detail the Information Assurance (IA) technical framework and explaining
how IA Support Services collectively satisfy the protection objectives of the Department
of Defense (DoD) IA Program as defined in DoD Directive 8500.1.
The [Site Name Abbreviation] specifies:
   Program Coordination
   IA Controls
   IA Management Review and Assessment
   IA Technical Framework
   Product Specification and Evaluation
   Security Configuration Specification
   Connection Management
   Computer Network Defense
   Key Management Infrastructure
   IA Support Services
Many of these topics are addressed within this SDD and throughout the accompanying
DIACAP accreditation package artifacts.
The SDD satisfies requirements necessary for the ([Site Name Abbreviation]). DoD
Information Assurance Certification and Accreditation Process (DIACAP) initiated by
TRICARE Management Activity (TMA).
[Site Name]                                                                                            Artifact 3 Security Design Document
                                                                                                                                            [Month Year]


                                               TABLE OF CONTENTS
1 INTRODUCTION ..................................................................................................................................... 1
   1.1      Purpose.............................................................................................................................................. 1
   1.2      Applicability and Scope .................................................................................................................... 1
   1.3      Source Documents ............................................................................................................................ 1

2 SYSTEM DESCRIPTION ........................................................................................................................ 2
   2.1      Mission.............................................................................................................................................. 2
   2.2      System Architecture/Description ...................................................................................................... 2
   2.3      System Interfaces and External Connections .................................................................................... 2
   2.4      Ports, Protocols, and Services ........................................................................................................... 3
   2.5      Accreditation Boundary .................................................................................................................... 3
   2.6      Data Flow .......................................................................................................................................... 3
   2.7      System Components .......................................................................................................................... 4
   2.8      Hardware Specifications ................................................................................................................... 4
      2.8.1          Standard Server Hardware ....................................................................................................... 4
      2.8.2          Client Workstation Hardware .................................................................................................. 5
      2.8.3          Large Site Cisco Router Specifications ................................................................................... 7
      2.8.4          Medium Site Cisco Router Specifications ............................................................................... 7
      2.8.5          Small Site Cisco Router Specifications ................................................................................... 8
      2.8.6          Switches and Hubs .................................................................................................................. 8
   2.9      Software Specifications..................................................................................................................... 9
      2.9.1          Application Software Specifications ....................................................................................... 9
      2.9.2          Utilities Software Specifications ........................................................................................... 11
      2.9.3          Server Software Specifications .............................................................................................. 11
      2.9.4          Workstation Software Specifications .................................................................................... 12
   2.10         Connection Management ............................................................................................................ 12
   2.11         Ports, Protocols, and Services .................................................................................................... 14

3 SITE NAME INFORMATION ASSURANCE TECHNICAL FRAMEWORK................................ 15
   3.1      Information Assurance Support Services ........................................................................................ 15
   3.2      Types of Information Systems ........................................................................................................ 15
      3.2.1          Information System Applications .......................................................................................... 15
      3.2.2          Enclaves................................................................................................................................. 16
      3.2.3          Outsourced IT-based processes ............................................................................................. 16
      3.2.4          Platform IT Interconnections ................................................................................................. 16

4 DEPARTMENT OF DEFENSE INFORMATION ASSURANCE CONTROLS .............................. 17



                                                                                i
[Site Name]                                                                                    Artifact 3 Security Design Document
                                                                                                                                   [Month Year]

  4.1   Security Design and Configuration ................................................................................................. 17
    4.1.1       Procedural Review................................................................................................................. 17
    4.1.2       Best Security Practices .......................................................................................................... 17
    4.1.3       Configuration Control Board ................................................................................................. 17
    4.1.4       Configuration Specifications ................................................................................................. 17
    4.1.5       Compliance Testing ............................................................................................................... 17
    4.1.6       Dedicated IA Services ........................................................................................................... 17
    4.1.7       Functional Architecture for Information System Applications .............................................. 18
    4.1.8       Hardware Baseline ................................................................................................................. 18
    4.1.9       Interconnection Documentation ............................................................................................ 18
    4.1.10      Information Assurance Impact Assessment ........................................................................... 18
    4.1.11      Information Assurance for Information Technology Services .............................................. 18
    4.1.12      Mobile Code .......................................................................................................................... 18
    4.1.13      Non-Repudiation ................................................................................................................... 18
    4.1.14      Software Controls .................................................................................................................. 18
    4.1.15      Ports, Protocols, and Services ................................................................................................ 18
    4.1.16      Configuration Management Process ...................................................................................... 19
    4.1.17      Information Assurance Documentation ................................................................................. 19
    4.1.18      System Library Management Controls .................................................................................. 19
    4.1.19      Software Quality .................................................................................................................... 19
    4.1.20      System State Changes ............................................................................................................ 19
    4.1.21      Software Baseline .................................................................................................................. 19
    4.1.22      Acquisition Standards ............................................................................................................ 19
    4.1.23      Specified Robustness – Medium ........................................................................................... 19
  4.2   Identification and Authentication .................................................................................................... 19
    4.2.1       Key Management................................................................................................................... 19
    4.2.2       Token and Certificate Standards ............................................................................................ 19
    4.2.3       Group Identification and Authentication ............................................................................... 20
    4.2.4       Individual Identification and Authentication ......................................................................... 20
  4.3   Enclave and Computing Environment ............................................................................................ 20
    4.3.1       Audit Trail Monitoring, Analysis and Reporting ................................................................... 20
    4.3.2       Changes to Data ..................................................................................................................... 20
    4.3.3       Instant Messaging .................................................................................................................. 20
    4.3.4       Network Device Controls ...................................................................................................... 20
    4.3.5       Privileged Account Control ................................................................................................... 20
    4.3.6       Production Code Change Controls ........................................................................................ 20
    4.3.7       Audit Reduction and Report Generation ............................................................................... 20



                                                                        ii
[Site Name]                                                                                      Artifact 3 Security Design Document
                                                                                                                                      [Month Year]

    4.3.8       Security Configuration Compliance ...................................................................................... 21
    4.3.9       Software Development Change Controls .............................................................................. 21
    4.3.10      Transmission Integrity Controls ............................................................................................ 21
    4.3.11      Audit Trail Protection ............................................................................................................ 21
    4.3.12      Voice over Internet Protocol.................................................................................................. 21
    4.3.13      Virus Protection ..................................................................................................................... 21
    4.3.14      Wireless Computing and Networking ................................................................................... 21
    4.3.15      Affiliation Display ................................................................................................................. 21
    4.3.16      Access for Need-to-Know ..................................................................................................... 21
    4.3.17      Audit Record Content ............................................................................................................ 21
    4.3.18      Audit Trail, Monitoring, Analysis, and Reporting ................................................................. 22
    4.3.19      Encryption for Confidentiality (Data at Rest)........................................................................ 22
    4.3.20      Encryption for Confidentiality (Data in Transit) ................................................................... 22
    4.3.21      Interconnections among Department of Defense Systems and Enclaves .............................. 22
    4.3.22      Logon .................................................................................................................................... 22
    4.3.23      Least Privilege ....................................................................................................................... 22
    4.3.24      Marking and Labeling ........................................................................................................... 22
    4.3.25      Conformance Monitoring and Testing ................................................................................... 23
    4.3.26      Encryption for Need-to-Know ............................................................................................... 23
    4.3.27      Resource Control ................................................................................................................... 23
    4.3.28      Audit Record Retention ......................................................................................................... 23
    4.3.29      Tempest Controls................................................................................................................... 23
    4.3.30      Warning Message .................................................................................................................. 23
    4.3.31      Account Control .................................................................................................................... 23
  4.4   Enclave Boundary Defense ............................................................................................................. 23
    4.4.1       Connection Rules................................................................................................................... 23
    4.4.2       Virtual Private Network Controls .......................................................................................... 23
    4.4.3       Boundary Defense ................................................................................................................. 23
    4.4.4       Public Wide Area Network Connection ................................................................................ 24
    4.4.5       Remote Access for Privileged Functions ............................................................................... 24
    4.4.6       Remote Access for User Functions........................................................................................ 24
  4.5   Physical and Environmental ............................................................................................................ 24
    4.5.1       Emergency Lighting .............................................................................................................. 24
    4.5.2       Fire Detection ........................................................................................................................ 24
    4.5.3       Fire Inspection ....................................................................................................................... 24
    4.5.4       Fire Suppression System ....................................................................................................... 24
    4.5.5       Humidity Controls ................................................................................................................. 24



                                                                         iii
[Site Name]                                                                                       Artifact 3 Security Design Document
                                                                                                                                        [Month Year]

    4.5.6        Master Power Switch ............................................................................................................. 24
    4.5.7        Screen Lock ........................................................................................................................... 24
    4.5.8        Temperature Controls ............................................................................................................ 24
    4.5.9        Environmental Control Training............................................................................................ 25
    4.5.10       Voltage Regulators ................................................................................................................ 25
    4.5.11       Access to Computing Facilities ............................................................................................. 25
    4.5.12       Clearing and Sanitizing ......................................................................................................... 25
    4.5.13       Data Interception ................................................................................................................... 25
    4.5.14       Physical Protection of Facilities ............................................................................................ 25
    4.5.15       Physical Security Testing ...................................................................................................... 25
    4.5.16       Workplace Security Procedures ............................................................................................. 25
    4.5.17       Storage ................................................................................................................................... 25
    4.5.18       Visitor Control to Computing Facilities ................................................................................ 25
  4.6   Personnel ......................................................................................................................................... 25
    4.6.1        Security Rules of Behavior or Acceptable Use Policy .......................................................... 25
    4.6.2        Access to Information ............................................................................................................ 26
    4.6.3        Maintenance Personnel .......................................................................................................... 26
    4.6.4        Access to Need-to-Know Information ................................................................................... 26
    4.6.5        Information Assurance Training ............................................................................................ 26
  4.7   Continuity ....................................................................................................................................... 26
    4.7.1        Alternate Site Designation ..................................................................................................... 26
    4.7.2        Protection of Backup and Restoration Assets ........................................................................ 26
    4.7.3        Data Backup Procedures ........................................................................................................ 26
    4.7.4        Disaster and Recovery Planning ............................................................................................ 26
    4.7.5        Enclave Boundary Defense ................................................................................................... 26
    4.7.6        Scheduled Exercises and Drills ............................................................................................. 26
    4.7.7        Identification of Essential Functions ..................................................................................... 26
    4.7.8        Maintenance Support ............................................................................................................. 27
    4.7.9        Power Supply ........................................................................................................................ 27
    4.7.10       Spares and Parts ..................................................................................................................... 27
    4.7.11       Backup Copies of Critical Software ...................................................................................... 27
    4.7.12       Trusted Recovery................................................................................................................... 27
  4.8   Vulnerability and Incident Management ......................................................................................... 27
    4.8.1        Incident Response Planning................................................................................................... 27
    4.8.2        Vulnerability Management .................................................................................................... 27

5 INFORMATION ASSURANCE MANAGEMENT REVIEW ............................................................ 28




                                                                          iv
[Site Name]                                             Artifact 3 Security Design Document
                                                                             [Month Year]


1 INTRODUCTION
1.1  Purpose
BOILERPLATE: The Security Design Document (SDD) describes the [Site Name]
([Site Name Abbreviation]) Information Assurance (IA) Program. This involves
identifying and describing in detail the security safeguards that comprise the [Site Name
Abbreviation] Information System (IS) and application and explaining how these security
safeguards collectively satisfy the protection objectives of the DoD IA Controls.
1.2      Applicability and Scope
BOILERPLATE: The information in this document provides Information Owners
system managers, developers, and security certification officials with a baseline for
measuring the effectiveness of the security design and managing design changes that
impact security throughout the [Site Name Abbreviation] IS lifecycle. This document
explains how the [Site Name Abbreviation] IA technical framework is translated into
technical and administrative solutions that comprise the Defense-in-Depth approach to IS
security. This document also describes the security safeguards associated with external
system interfaces and/or remote access solutions that are considered an integral part of
the [Site Name Abbreviation] IS. The [Site Name Abbreviation] IS includes all
hardware and software components that comprise the DoD Information Assurance
Certification and Accreditation Process (DIACAP) accreditation boundary. This includes
security mechanisms involved in hardware, firmware, and software, all of which are
involved in the successful operation of the [Site Name Abbreviation] IS. These
safeguards are used to implement and enforce the [Site Name Abbreviation] security
policy.
1.3      Source Documents
Source documents referenced during development of this guide include:
      Interim DoD IA Certification & Accreditation Process Guidance, dated July 6, 2006
       DoD Directive 8500.1, ―Information Assurance (IA),‖ dated 24 October 2002
      DoD Instruction 8500.2, ―Information Assurance (IA) Implementation,‖ dated 6
          February 2003
       ―Military Health System Information Assurance (IA) Policy Guidance,‖ dated 5
          March 2004
      DoD Instruction 8551.1, ―Ports, Protocols, and Services Management (PPSM),‖ dated
          13 August 2004




                                            1
[Site Name]                                                Artifact 3 Security Design Document
                                                                                [Month Year]


2 SYSTEM DESCRIPTION
This section describes the system’s mission needs and operational requirements, system
architecture, and the components that constitute the system. Although details should be
placed in this document, this section should also reference any other detailed
documentation available.
2.1    Mission
This section:
States the mission needs and operational requirement(s) that this system will meet (e.g.,
community of interest) with reference to the Mission Need(s) Statement (MNS)
Explains the criticality of the system or the information it processes
Prioritizes the effect on the mission, human lives, and estimated cost (in dollars)
associated with the loss, disclosure, or modification of system resources or the
information handled by the system for likely mission scenarios (e.g., peacetime-vs.-
wartime).
2.2    System Architecture/Description
This section provides more detail about the system architecture (including high-level
architecture diagrams and a listing of system components). This section also references
any supporting documentation.
The system architecture defines the system hardware, software, firmware and interfaces.
This description must contain an overview of the internal system structure including the
anticipated hardware configuration, application software, software routines, operating
systems, remote devices, communications processors, network, and remote interfaces.
The system architecture includes the configuration of any equipment or interconnected
system or subsystem of equipment used in the automatic acquisition, storage,
manipulation, management, movement, control, display, switching, interchange,
transmission, or reception of data or information and includes computers, ancillary
equipment, software, firmware, and similar procedures and services, including support
services and related resources.
2.3    System Interfaces and External Connections
Describe the operating system(s), database management system(s), and applications.
Describe the features of any security packages. Describe the target software and its
intended use. Identify whether the software is Commercial off-the-shelf (COTS),
government off-the-shelf (GOTS), or on the Ethernet Private Line (EPL). This includes
manufacturer supplied software, other COTS software, and all program generated
applications software.
Describe all connections to the [Site Name] [Site Name Abbreviation] Department of
Defense (DoD) Information System. Include external connections such as remote access
for telecommuters and connections for contractors performing maintenance tasks. All
connections involving components within the accreditation boundary should be covered
here.



                                             2
[Site Name]                                               Artifact 3 Security Design Document
                                                                               [Month Year]

Define all network interfaces, the connection medium used {asynchronous transfer mode
(ATM), Frame Relay, T-1, etc.}, and any security features employed over those links.
Include information regarding the applications requiring the interface.
Include network diagrams depicting the connections as described.
2.4    Ports, Protocols, and Services
Provide a high-level description of ports, protocols, and services (PPS) requirements for
applications, network infrastructure devices, and external interfaces that are within the
C&A boundary. Provide reference to the System Design Document (SDD) that allows for
detailed configuration description of PPS that will be implemented in the enterprise
network. The detailed description provided in the SDD should identify all interfaces.
2.5    Accreditation Boundary
Describe the boundary of the system. The description must include diagrams or text to
clearly delineate which components will be evaluated as part of the C&A task and are
not included. All components included must be described in the systems description.
Elements outside the accreditation boundary must be included in the section on external
interfaces.
Accreditation Boundary Definition:
TRICARE Management Activity has defined the accreditation boundary as any system or
networks that receive, process, store, display, or transmit DoD Sensitive Information
and/or connects to any DoD Information System (IS). Include the interconnected ISs and
be sure to use the dotted line to denote the Boundary.
EXAMPLE (Must be site specific): The IS certification and accreditation (C&A)
boundary encompasses the IS components, the system’s environment (physical,
procedural, and administrative considerations), interfaces (to users, administrators,
operators, maintainers, and to external systems), and all personnel that will be interacting
with the system. Personnel are considered part of a system’s C&A boundary, though they
are not considered part of the system itself.
2.6    Data Flow
Describe the system’s internal interfaces and data flows. The types of data and the
general methods for data transmission must be determined. If specific transmission
media or interfaces to other systems are necessary, these needs may influence the
security requirements for the system. The description must include diagrams or text to
explain the flow of critical information from one component to another. This
information will be useful to the C&A team in determining a suitable method for
processing the data flow requirements.
[Site Name Abbreviation] does not maintain dataflow for all DoD Healthcare IS
applications. Defense Manpower Data Center (DMDC) maintains control of the
dataflow during open sessions with the DEERS.
Include data flow diagrams as appropriate.




                                             3
[Site Name]                                             Artifact 3 Security Design Document
                                                                               [Month Year]

2.7      System Components
Enter a current and comprehensive baseline inventory of all hardware and software to
include the network topology or architecture required to support enclave operations and
explain how backup inventory is stored.
This section is repeated for each system component identified above. Each section
includes:
A description of the component
Manufacture, type, model, physical location
The component’s architecture
Functional/operational requirements
Purpose/operation of component
Hardware
Software
Information/Department of Defense (DoD) Data flows
System internal interfaces and external connections
2.8      Hardware Specifications
This section describes the hardware used in the [Site Name Abbreviation] IS.
2.8.1 Standard Server Hardware
EXAMPLE (Must be site specific): The standard [Site Name Abbreviation] server is a
rack-mountable Dell or Compaq/HP installed with Compaq System tools and the
Windows NT/2000 Server OS. The standard hardware configuration is shown in Table
2-1.
The server models used in the [Site Name Abbreviation] IS are:
      Compaq ProLiant 3000
      Compaq ProLiant ML370
      HP ProLiant 5000
      HP ProLiant 5500
      Dell PowerEdge 4400
NOTE: The [Site Name Abbreviation] Network Engineer should complete all tables. The
information in the tables below is provided as examples and should be replaced with
specific information related to the IS and application. Remove any tables that are not
applicable.

                          Standard Server Hardware Configuration
Model                       Compaq ProLiant ML370        Compaq ProLiant 1600r 500
Central Processing Unit     P3\1133




                                              4
[Site Name]                                                      Artifact 3 Security Design Document
                                                                                       [Month Year]


                          Standard Server Hardware Configuration
Memory                      1GB SDRAM                             384 MB RAM
Disk Storage                4 x 36GB SCSI drives                  3 x 18.2 GB SCSI drives
Tape Storage                Compaq Internal 40/80 GB DLT drive
Network Interface Card      Compaq NC3134 Fast Ethernet 64-bit PCI Dual Base 10\100
System Console              PC Anywhere
Other Hardware              PS/2 mouse and 104-key3.5‖ FDD
                            APC Smart-UPS 1500 and 1400
Model                       Dell PowerEdge 4400
Central Processing Unit
Memory                      512 MB RAM
Disk Storage                4 x 18 GB drives
Tape Storage                Compaq Internal 40/80 GB DLT drive
Network Interface Card      10\100 Ethernet
System Console              PC Anywhere
Other Hardware              PS/2 mouse and 104-key
                            3.5″ FDD
                            APC Smart-UPS 1500 and 1400

                            Table 2-1: Server Hardware Configurations

2.8.2 Client Workstation Hardware
EXAMPLE (Must be site specific): [Site Name Abbreviation] administrative personnel
and system administrators use the client workstation to run subcontractor applications
and perform administrative tasks. The client workstation hardware configuration remains
the same for all tasks; the appropriate software is added to the client workstation to
accommodate different user functions. The client hardware configuration consists of an
IBM-compatible workstation, video monitor, mouse, and keyboard. Each workstation
has access to one or more shared printers, while some workstations may have its own
private printer. The client hardware configuration must meet the minimum requirements
needed to run [Site Name Abbreviation] applications and middleware utilities. Table 2-2
displays the [Site Name Abbreviation] client workstation hardware.

                    Standard Workstation Hardware Configuration
Model                             Dell Optiplex                      Dell Optiplex GX50
Central Processing Unit           Pentium III 733 MHZ                Celeron 900 MHZ
Memory                            128 MB
Disk Support                      10 GB
Monitor                           17″



                                                   5
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]

Other Devices                 Keyboard, mouse, CD-ROM
Network Interface Card        10/100 Ethernet
Model                         300XL
CPU                           266 MHZ
Memory                        32-64 MB
Disk Support                  4 GB
Monitor                       17″
Other Devices                 Keyboard, mouse, CD-ROM
Network Interface Card        10/100 Ethernet

                  Table 2-2: Standard Workstation Hardware Configurations




                                                6
[Site Name]                                                      Artifact 3 Security Design Document
                                                                                          [Month Year]

2.8.3 Large Site Cisco Router Specifications
Table 2-3 displays [Site Name Abbreviation] large site router configuration.

                          Standard Large Site Router Configuration
Model                            Cisco 4700 Router
CPU                              R4600 processor, Implementation 32, Revision 2.0 (Level 2 Cache)
Flash Memory                     16384 K bytes of processor board System flash (Read/Write)
                                 4096 K bytes of processor board Boot flash (Read/Write)
NVRAM                            128 K bytes
Interfaces                       2 Token Ring/IEEE 802.5 interface(s)
                                 8 Serial network interface(s)
IOS                              Version 11.2(14.3), MAINTENANCE INTERIM SOFTWARE
Model                            Cisco 7206VXR Router
CPU                              R7000 CPU at 350Mhz, Implementation 39, Rev 3.2, 256KB L2,
                                 4096KB L3 Cache
Flash Memory                     8192 K bytes of Flash internal SIMM (Sector size 256K)
NVRAM                            125 K bytes of non-volatile configuration memory
Interfaces                       4 FastEthernet/IEEE 802.3 interface(s)
                                 24 Serial network interface(s)
                                 24 Channelized T1/PRI port(s)
IOS                              Version 12.2(2)T1
Other                            Hardware Crypto Engine
                                 6 slot VXR midplane, Version 2.6

                      Table 2-3: Standard Large Site Router Configuration

2.8.4 Medium Site Cisco Router Specifications
Table 2-4 displays [Site Name Abbreviation] mid-sized site router configuration.

                     Standard Mid-Sized Site Router Configuration
Model                            Cisco 3640 Router
Central Processing Unit          R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Flash Memory                     32768 K bytes of processor board System flash (Read/Write)
NVRAM                            125 K bytes of non-volatile configuration memory
Interfaces                       1 FastEthernet/IEEE 802.3 interface(s)
                                 1 Serial network interface(s)
                                 4 Channelized T1/PRI port(s)
                                 1 Virtual Private Network (VPN) Module(s)
IOS                              Version 12.2(4) T1



                                                  7
[Site Name]                                                    Artifact 3 Security Design Document
                                                                                      [Month Year]


                     Standard Mid-Sized Site Router Configuration
Model                          Cisco 3640 Router
Central Processing Unit        R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Flash Memory                   8192 K bytes of processor board System flash partition 1 (Read ONLY)
                               8192 K bytes of processor board System flash partition 2 (Read/Write)
NVRAM                          125 K bytes of non-volatile configuration memory
Interfaces                     1 FastEthernet/IEEE 802.3 interface(s)
                               1 Serial network interface(s)
                               4 Channelized T1/PRI port(s)
                               1 Virtual Private Network (VPN) Module(s)
IOS                            Version 11.2(14.3), MAINTENANCE INTERIM SOFTWARE

                   Table 2-4: Standard Mid-Sized Site Router Configurations

2.8.5 Small Site Cisco Router Specifications
Table 2-5 displays [Site Name Abbreviation] small-sized router configuration.

                   Standard Small-Sized Site Router Configuration
Model                          Cisco 2511 Router
Central Processing Unit        R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Flash Memory                   32768 K bytes of processor board System flash (Read/Write)
NVRAM                          32 K bytes of non-volatile configuration memory
Interfaces                     1 Ethernet/IEEE 802.3 interface(s)
                               2 Serial network interface(s)
                               16 terminal line(s)
IOS                            Version 12.0(11)

                  Table 2-5: Standard Small-Sized Site Router Configurations

2.8.6 Switches and Hubs
Table 2-6 displays [Site Name Abbreviation] switch and hub hardware configurations.

                   Cisco Switch and Hub Hardware Configurations
Model                          Cisco 1900 Ethernet Switch
Central Processing Unit        Catalyst 1900 (486sxl) processor with 2048K/1024K bytes of memory
Ports                          27 Fixed Ethernet/IEEE 802.3
IOS                            Cisco Catalyst 1900/2820 Enterprise Edition Software Version V9.00.05
Model                          Cisco 2912-XL Ethernet Switch




                                                  8
[Site Name]                                                   Artifact 3 Security Design Document
                                                                                   [Month Year]


                   Cisco Switch and Hub Hardware Configurations
Central Processing Unit        WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with
                               8192K/1024 K bytes of memory
Ports                          27 Fixed Ethernet/IEEE 802.3
IOS                            Version 12.0(5.2) XU,
                               MAINTENANCE INTERIM SOFTWARE
Other                          Cluster Command and Member Compatibility
Model                          Cisco 2950-XL Ethernet Switch
Central Processing Unit        WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with
                               8192K/1024 K bytes of memory
Ports                          24 FastEthernet/IEEE 802.3
IOS                            Version 12.0(5.3) WC (1)
Other                          Cluster Command and Member Compatibility
Model                          Cisco 424 hub
Central Processing Unit        MPC860EN processor with 4096/1024K
Ports                          24 10/100 Ethernet

                   Table 2-6: Cisco Switch and Hub Hardware Configurations

NOTE: Only those hardware and software items that are within the accreditation
boundary should be listed in the preceding tables.
2.9      Software Specifications
This section describes the software used in the [Site Name Abbreviation] IS.
2.9.1 Application Software Specifications
EXAMPLE (Must be site specific): The current image used for all [Site Name
Abbreviation] desktops consist of various COTS products. Table 2-7 lists and describes
the COTS software incorporated into the current image or loaded for Windows 2000
desktops.
Application information should be updated to include all software and version
information specific to target contractor. This list should also include custom developed
solutions as well as any GOTS products. Remove any software components that are not
applicable.




                                                9
[Site Name]                                                     Artifact 3 Security Design Document
                                                                                       [Month Year]


                                   Application Software
                          [Note: For every storage device storing data]
Application Name       Description                                           Information Owner
Adobe Acrobat Reader   Adobe Acrobat Reader 5.0 is software that             POC information
5.0                    translates Portable Document Format (PDF) files.      [Name]
[Server Name]                                                                [Phone Number]
                                                                             [Email]
Attachmate             Attachmate is the leading supplier of enterprise
[Server Name]          information access and management software and
                       services to major corporations and government
                       agencies worldwide. It provides a smart value by
                       supplying an immediate business return on the
                       mainframe data and logic for new internet or e-
                       business applications.
Authorware Reader      The Authorware Reader software creates
[Server Name]          interactive e-learning applications.

CHCS - SMART           The Composite Health Care System (CHCS) uses
TERM V4.63 (COTS)      client software, Smart Term version 4.63, to
[Server Name]          schedule or check members’ appointments.

DB2                    The DB2 software helps solve critical business
[Server Name]          problems by integrating information across the
                       entire enterprise by leveraging the federated Web
                       Services and XML. DB2 is delivering new
                       federated capabilities that enable customers to
                       integrate information as Web Services. DB2 also
                       delivers new XML enhancements that make it
                       easier for programmers to integrate DB2 and XML
                       information. DB2 provides significant automation
                       capabilities including self-configuring, self-
                       optimizing, and self-managing capabilities. DB2
                       delivers a new Configuration Advisor and Health
                       Center features.
DOES version 2.0101    The Defense Online Enrollment System (DOES
[Server Name]          version 2.0101) inputs members’ information into
                       the National Enrollment Database (NED).
                       Members’ confidential information is stored in this
                       system.
McAfee Antivirus 4.5   McAfee VirusScan™ Enterprise provides
[Server Name]          comprehensive protection from virus’s worm,
                       Trojans, and other malicious code for desktops and
                       fileservers.
Microsoft SQL          Microsoft SQL Server is a relational database
[Server Name]          management and analysis system for e-commerce,
                       line-of-business, and data warehousing solutions.
Oracle                 Oracle software is an enterprise for information
[Server Name]          management. The self-tuning and self-
                       management software capabilities help to improve



                                                10
[Site Name]                                                        Artifact 3 Security Design Document
                                                                                         [Month Year]


                                     Application Software
                             [Note: For every storage device storing data]
Application Name         Description                                            Information Owner
                         DBA productivity and efficiency. In addition,
                         Oracle functionality has been expanded and
                         significant enhancements and optimizations have
                         been made for the Windows and Linux operating
                         systems.
Outlook 2000             Microsoft Outlook 2000 software is the
[Server Name]            Microsoft’s premier messaging and collaboration
                         client. It combines the leading support for Internet
                         standards-based messaging systems—including
                         Microsoft Exchange Server—with integrated
                         calendar, contact, and task-management features.
Windows XP               Microsoft’s latest offering for workstation
Professional Operating   operating system software. Windows XP
System                   Professional is built on NT technology featuring a
[Server Name]            32-bit computing architecture and a fully protected
                         memory model. Advanced security features
                         available with this operating system include
                         Encrypted File System (EFS), IP Security (IPSec),
                         Kerberos and Smart Card support.

                                 Table 2-7: Application Software

2.9.2 Utilities Software Specifications
EXAMPLE (Must be site specific): [Site Name Abbreviation] utilizes terminal
emulator software to establish sessions with subcontractor applications. The terminal
emulation software runs on a Windows XP workstation and provides a user interface for
authorized individuals to read, write, and update patient information.
2.9.3 Server Software Specifications
EXAMPLE (Must be site specific): Servers in the [Site Name Abbreviation] IS are
typically built with the Windows NT/2000 Server OS. In some cases, the Novell
Netware 4.11 OS is used for file servers. Table 2-8 depicts the additional COTS software
deployed on [Site Name Abbreviation] servers.




                                                   11
[Site Name]                                                         Artifact 3 Security Design Document
                                                                                            [Month Year]


                                           Server Software
Application Name                   Description
Windows NT Option Pack             A set of web and application services that enables developers to create
                                   the next generation of distributed network applications for Windows NT
                                   Server 4.0
Microsoft Internet Explorer, v6,   IE v6, SP1, provides a flexible and reliable browsing experience with
SP1                                enhanced Web privacy features for all Windows users.
APC PowerChute+, Version 5.1       UPS management for servers and workstations providing safe system
or PowerChute+ v/s, v1.1.0         shutdown.
McAfee AntiVirus v4.5              Anti-virus program
VERITAS Backup Exec v8.60          Backup utility software
Symantec PCAnywhere v7.5           Remote access software
Compaq System Tools                Utilities for servers

                                      Table 2-8: Server Software

2.9.4 Workstation Software Specifications
EXAMPLE (Must be site specific): [Site Name Abbreviation] deploys a wide variety
of software that is critical for meeting business needs. The Microsoft Windows XP OS
provides the [Site Name Abbreviation] client workstation with a multi-functional OS that
includes network support for various protocols. For example, the [Site Name
Abbreviation] client workstation utilized the Transmission Control Protocol and Internet
Protocol (TCP/IP) suite to communicate with the server over a network. The TCP/IP
stack provides each workstation with network connectivity allowing access, if authorized,
to all [Site Name Abbreviation] network resources, including servers, shared
applications, and shared files.
The Windows XP OS is built on the reliable Windows NT code base featuring a 32-bit
computing architecture and a fully protected memory model. Windows XP offers a
number of advanced security features, including encrypted file system (EFS), available IP
Security (IPSec) and support for Kerberos and smart cards. Windows XP supports
scalable memory and processors for workstations, allowing up to four gigabytes (GB) of
memory and dual processors.
Windows XP maintains the same event log structure as found in Windows NT. The
Microsoft Active Directory structure at [Site Name Abbreviation] supports the
deployment of security policies and corporate software packages using Group Policy
Objects. Additional [Site Name Abbreviation] workstation software packages are listed
in Table 2-9.
2.10     Connection Management
EXAMPLE (Must be site specific): The [Site Name Abbreviation] WAN connects
internal system resources to external subcontractors and remote locations via a virtual
private network (VPN).



                                                     12
[Site Name]                                                     Artifact 3 Security Design Document
                                                                                        [Month Year]


                                  Workstation Software
Application Name               Description
Windows XP Professional        Windows 2000 Professional can be configured to start with multiple
Operating System               operating systems, such as Windows 2000, Windows NT 4.0 and earlier,
                               Windows 95, Windows 98, Windows 3.x, MS-DOS, and OS/2. This is
                               called a dual-boot or multiple-boot configuration. This section discusses
                               configuration details for when Windows 2000 Professional resides with
                               another operating system on the same computer.
Adobe Acrobat Reader v5.0      PDF viewer
Microsoft Internet Explorer,   Web browser
v5.5 SP2
Microsoft Office 97 SP2        Office automation tools
McAfee AntiVirus v4.5          Anti-virus program
Rumba                          Remote administration
Lotus Notes                    Email
RightFax v7.2                  Fax software
Sigma Plot v8.0                Powerful graphing utility
Visio Standard v5.0a           Drawing software
People Trak v7.0               Automated human resources software
UPS Online v7.0                UPS shipping rates, tracking, address validation, and other customer
                               service tools
Symantec PCAnywhere v7.5       Remote access software
AOL v4.0                       Internet connectivity, web browser, instant messenger
SPSS v11.0                     Planning, data collection, data access and management, analysis,
                               reporting, and deployment

                               Table 2-9: Workstation Software

[Site Name Abbreviation] deploys numerous Cisco network devices throughout the
network to maintain communication both within the local site and between remote
locations, regional offices, TRICARE Service Centers (TSC), (e.g., Military Treatment
Facilities (MTFs)).
The [Site Name Abbreviation] network core contains two Cisco Catalyst 6509 switches
that are connected via a trunked line for redundancy. These switches provide network
connectivity for the entire corporate network. The [Site Name Abbreviation] server farm
is connected directly to the network core switches with 10/100 Ethernet.
The [Site Name Abbreviation] network core has access to the Internet via a Cisco 3640
router with Dual T-1 lines to Qwest, and is protected from the Internet by dual Cisco PIX
525 firewalls configured for fail over. The two firewalls are connected via a Cisco 2950
switch, providing full redundancy. The 2950 and 3640 devices are connected to a Cisco
FastHub 400.



                                               13
[Site Name]                                               Artifact 3 Security Design Document
                                                                               [Month Year]

Cisco 3548 switches, located in telecommunications closets on each floor of the [Site
Name Abbreviation] building, provide 10/100 Ethernet connectivity from the [Site Name
Abbreviation] network core 6509 switches to the workstations throughout the building
via the 3550 choke router.
2.11   Ports, Protocols, and Services
In accordance with DoD Instruction 8551.1, provide a detailed configuration description
for ports and protocols that correspond to the Internet protocol (IP) suite. Focus should
be placed on the three most widely used and needed protocols: Internet Control
Messaging Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram
Protocols (UDP). The description should include ports, protocols and services (PPS)
configurations for the use of any virtual private networks (VPNs) and for the security
controls over the use of the VPN data content. Configurations should also provide a
detailed description of any port redirection to alternate on non-standard ports and
recognize data services operation on any other acceptable well-known ports. Firewall
and router configurations should follow DISA and DoD configuration standards.
Network infrastructure and parameter device configurations should be clearly defined
and the principle of "least privilege" concepts and configurations should be identified as
they relate to the ports and protocols required to conduct official business. Provide
functional descriptive information on default, conditional, and permissive configurations
associated with network traffic across the network boundary. Provide a detailed
description of the network infrastructure and parameter interfaces to all boundary
crossings. A separate network diagram should be included to depict the boundary
crossing specific to the enterprise. In addition, provide a detailed list of PPS associated
with each application within the C&A boundary.




                                            14
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]


3 SITE NAME INFORMATION ASSURANCE TECHNICAL FRAMEWORK
3.1  Information Assurance Support Services
BOILERPLATE: [Site Name] ([Site Name Abbreviation]) is required to implement
security safeguards that satisfy the components of the Department of Defense (DoD)
Information Assurance (IA) Program. [Site Name Abbreviation] system security
safeguards must be designed to ensure:
      Availability
      Integrity
      Confidentiality
      Authentication
      Non-repudiation
EXAMPLE (must be site specific): In addition, [Site Name Abbreviation]
communication services are required to be properly configured to mitigate risks
associated with unauthorized access and modification from external system interfaces and
network connections. Furthermore, procedural controls must be implemented at each
TRICARE Service Center (TSC) to ensure [Site Name Abbreviation] system security
safeguards are properly implemented and maintained throughout the system lifecycle.
The [Site Name Abbreviation] IS is an operational system that has a comprehensive
security system in place to ensure the availability, integrity, confidentiality, and
authentication of all associated assets. In addition, this system helps system
administrators identify vulnerable areas, allowing them to more easily develop improved
security policies and choose appropriate tools to minimize possible security risks.
[Site Name Abbreviation] IS security is provided on multiple logical levels to multiple
objects. Security is generally assigned based on the ―job function‖ of the object.
Application security is provided at the functional level (add, update, super-update) and
occasionally at the field level (for database applications). Network security relies on
appropriate Internet Protocol addresses, Access Control Facility 2 controls, and Virtual
Telecommunication Access Method tables. IS security also relies on non-technical
safeguards including physical security measures, security audits, and periodic security
reviews.
3.2      Types of Information Systems
BOILERPLATE: There are four categories of IS from an IA management perspective.
Systems can be comprised of a combination of the four categories or may fall into a
single category. [Site Name Abbreviation] is considered an IS
Application/Enclave/Outsourced Information Technology (IT)-based process/Platform IT
Interconnection.
3.2.1 Information System Applications
BOILERPLATE: An IS application is the product or deliverable of an IT acquisition
program whose mission assurance category (MAC) and information classification or
sensitivity and need-to-know remain fixed by its information and user base despite the
MAC of the hosting enclave. Through the certification and accreditation (C&A) process,


                                            15
[Site Name]                                                Artifact 3 Security Design Document
                                                                                 [Month Year]

responsibility for IA services is negotiated with hosting enclaves as the IS application is
subject to DoD IA management processes and controls.
3.2.2 Enclaves
BOILERPLATE: An enclave is a collection of computing environments connected by
one or more internal networks but falls under the realm of a single authority and security
policy. An enclave’s MAC and security domain are fixed during interconnection to other
enclaves. Enclaves with a higher MAC connecting to enclaves with a lower MAC are
responsible for ensuring that the connection does not degrade its availability or integrity.
Interconnection rules are typically established in a Interconnection Memorandum of
Agreement, found in Artifact 6.
3.2.3 Outsourced IT-based processes
BOILERPLATE: Outsourced IT-based processes provide functionality associated with
an application, enclave, platform IT, or some combination. Processes that support non-
DoD users or processes and are not under DoD configuration control must be managed
and reported as outsourced IT-based processes.
3.2.4 Platform IT Interconnections
BOILERPLATE: Platform IT Interconnections include hardware and software computer
resources, that are physically part of, dedicated to, or essential in real time to the mission
performance of special purpose systems. System design and operation addresses the
availability, integrity, confidentiality, authentication and non-repudiation requirements of
the data it processes.




                                             16
[Site Name]                                               Artifact 3 Security Design Document
                                                                               [Month Year]


4 DEPARTMENT OF DEFENSE INFORMATION ASSURANCE CONTROLS
BOILERPLATE: The Defense of Defense (DoD) Information Assurance (IA) Program
establishes a baseline set of IA Controls for each Mission Assurance Category (MAC)
and sensitivity level. These IA Controls are designed to allocate IA responsibilities and
provide a consistent reference for certification and accreditation (C&A) activities.
An IA Control describes an objective IA condition achieved through the application of
specific safeguards or through the regulation of specific activities. The objective
condition is testable, compliance is measurable, and the activities required to achieve the
IA Control are assignable and thus accountable.
DoD IA Controls apply to the definition, configuration, operation, interconnection,
maintenance and decommission of the information systems (IS). They are essential
measures of security and are necessary elements for measuring compliance with the DoD
Information Assurance Certification and Accreditation Process (DIACAP).
There are different controls for each MAC level. Since the majority of the systems
encountered are MAC III, only those specific controls are listed below. The controls are
categorized by IA subject area. Include updated information for each control listed to
indicate how [Site Name] is in compliance with the documented requirement.
4.1   Security Design and Configuration
4.1.1 Procedural Review
BOILERPLATE: Annual IA reviews are conducted and new findings are evaluated and
mitigated.
4.1.2 Best Security Practices
BOILERPLATE: Best security practices are incorporated into the [Site Name
Abbreviation] security policy. Additional security practices are implemented when a
Defense Information Security Agency (DISA) security technical implementation guide
(STIG) or security recommendation guide is not available for that specific technology.
4.1.3 Configuration Control Board
BOILERPLATE: A configuration control board is chartered and meets regularly.
Recommended configuration changes are not made without the board’s approval.
4.1.4 Configuration Specifications
BOILERPLATE: Specifications for configuration of IT components of the [Site Name
Abbreviation] IS follow DISA STIGs, security recommendation guides, or commercially
acceptable best practices.
4.1.5 Compliance Testing
BOILERPLATE: A baseline security assessment is conducted as an initial measure of
the overall security posture at [Site Name] ([Site Name Abbreviation]).
4.1.6 Dedicated IA Services
BOILERPLATE: Dedicated IA services are included as part of a formal risk
assessment.


                                            17
[Site Name]                                             Artifact 3 Security Design Document
                                                                             [Month Year]

4.1.7 Functional Architecture for Information System Applications
BOILERPLATE: Functional architecture components are identified, developed, and
maintained. These components include:
   External interfaces
   User roles
   Unique security requirements
   Categories of sensitive information (SI) processed or stored
   Restoration priority of subsystems
4.1.8 Hardware Baseline
BOILERPLATE: The Information System Concept of Operations (IS ConOps)
documentation contains an inventory of all hardware items. This information includes:
   Manufacturer
   Type
   Model
   Physical location
   Network topology
4.1.9 Interconnection Documentation
BOILERPLATE: A list of all hosted IS applications and/or enclaves is maintained along
with connection rules and requirements. Interconnection Memorandum of Agreements
can be found in Artifact 6.
4.1.10 Information Assurance Impact Assessment
BOILERPLATE: Any proposed change to [Site Name Abbreviation] IS is first assessed
for IA and accreditation impact. Any major planned changes are first reported to the
TRICARE Management Activity IA Program Office.
4.1.11 Information Assurance for Information Technology Services
BOILERPLATE: All IA roles and responsibilities are specified.
4.1.12 Mobile Code
BOILERPLATE: Use of mobile code meets standards set forth in DoD policy.
4.1.13 Non-Repudiation
BOILERPLATE: Only National Institute of Standards and Technology (NIST) Federal
Information Processing Standards (FIPS) Publication 140-2 approved encryption
standards are used.
4.1.14 Software Controls
BOILERPLATE: All software packages are approved by the Designated Accrediting
Authority (DAA) and are evaluated for impact to IA.
4.1.15 Ports, Protocols, and Services
BOILERPLATE: Enclaves register all active PPS in accordance with DoD guidance.


                                           18
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]

4.1.16 Configuration Management Process
BOILERPLATE: A configuration management process is implemented.
4.1.17 Information Assurance Documentation
BOILERPLATE: IA documentation is complete and maintained regularly to ensure
accuracy.
4.1.18 System Library Management Controls
BOILERPLATE: Privileged application programs are protected to prevent the
introduction of unauthorized code.
4.1.19 Software Quality
BOILERPLATE: During software development, negative impacts on integrity or
availability are minimized through specification of requirements and validation methods.
4.1.20 System State Changes
BOILERPLATE: The system is configured to remain in a secure state during shutdown,
process termination and initialization.
4.1.21 Software Baseline
BOILERPLATE: A current inventory of all software products in use provides the
following information:
   Manufacturer
   Type
   Version
   Installation manuals and procedures
4.1.22 Acquisition Standards
BOILERPLATE: All government off-the-shelf (GOTS) and commercial off-the-shelf
(COTS) products are evaluated and validated.
4.1.23 Specified Robustness – Medium
BOILERPLATE: SI that is transmitted across public networks or resides on systems
accessible by individuals not authorized to access information on the system is protected
by medium robustness COTS IA and IA-enabled products.
4.2   Identification and Authentication
4.2.1 Key Management
BOILERPLATE: Only NIST-approved key management technology and processes are
used for symmetric keys. Asymmetric keys utilize DoD Public Key Infrastructure (PKI)
Class 3 certificates or pre-placed keying material.
4.2.2 Token and Certificate Standards
BOILERPLATE: DoD PKI Class 3 certificates and hardware security tokens are used
for I&A.



                                           19
[Site Name]                                               Artifact 3 Security Design Document
                                                                               [Month Year]

4.2.3 Group Identification and Authentication
BOILERPLATE: Group authenticators for application or network access are used in
conjunction with an individual authenticator. If the use of group authenticators is not
based on the DoD PKI they must be explicitly approved by the DAA.
4.2.4 Individual Identification and Authentication
BOILERPLATE: Individual identifiers are required for IS access. Passwords meet the
standards described in the STIGs.
4.3   Enclave and Computing Environment
4.3.1 Audit Trail Monitoring, Analysis and Reporting
BOILERPLATE: Auditing logs are reviewed regularly and suspected violations are
analyzed and reported in accordance with IS IA procedures.
4.3.2 Changes to Data
BOILERPLATE: Security mechanisms prevent unauthorized access and changes to
data.
4.3.3 Instant Messaging
BOILERPLATE: Independent end user installation of instant messaging clients that
interact with public service providers is prohibited.
4.3.4 Network Device Controls
BOILERPLATE: A program exists for network device control and includes the
following:
   Instructions for restart and recovery procedures
   Restrictions on source code access
   System utility access
   System documentation
   Protection from deletion of system and application files
   Structured process for implementation of directed solutions (i.e. Information
       Assurance Vulnerability Alerts [IAVA])
4.3.5 Privileged Account Control
BOILERPLATE: The Information Assurance Manager (IAM) tracks privileged role
assignments.
4.3.6 Production Code Change Controls
BOILERPLATE: Ability to change production code and data is limited to privileged
users and access is periodically reviewed.
4.3.7 Audit Reduction and Report Generation
BOILERPLATE: Tools are available to allow the review and report generation of audit
records.




                                            20
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]

4.3.8 Security Configuration Compliance
BOILERPLATE: All DoD security configuration or implementation guides are applied
to the enclave or IS application.
4.3.9 Software Development Change Controls
BOILERPLATE: Software development change controls are in place to prevent
unauthorized modifications.
4.3.10 Transmission Integrity Controls
BOILERPLATE: Integrity checks are in place for COTS, GOTS, and custom developed
solutions.
4.3.11 Audit Trail Protection
BOILERPLATE: Audit trails have file protection controls.
4.3.12 Voice over Internet Protocol
BOILERPLATE: Unapproved personal use of Voice over Internet Protocol (VoIP)
solutions are blocked in both directions at the enclave boundary.
4.3.13 Virus Protection
BOILERPLATE: Virus protection with the ability to receive automatic updates is in
place on all servers, workstations, and mobile computing devices.
4.3.14 Wireless Computing and Networking
BOILERPLATE: Any wireless devices in use are operated according to DoD wireless
policy and are not independently configured by end users. Unused wireless devices are
disabled.
4.3.15 Affiliation Display
BOILERPLATE: Contractors and foreign nationals (FN) are identified as such for DoD
email addresses, display names, and automated signature blocks. FN email addresses
include country of origin.
4.3.16 Access for Need-to-Know
BOILERPLATE: Access to all DoD information is determined by both its classification
and user need-to-know.
4.3.17 Audit Record Content
BOILERPLATE: Audit records include the following:
   UserID
   Successful and unsuccessful attempts to access security files
   Date and time of events
   Type of events
   Success or failure of event
   Successful and unsuccessful logons



                                           21
[Site Name]                                               Artifact 3 Security Design Document
                                                                               [Month Year]

   Denial of access resulting from excessive number of logon attempts
   Blocking or blacklisting a UserID, terminal, or access port and the reason for the
       action
   Activities that might modify, bypass, or negate safeguards controlled by the system
4.3.18 Audit Trail, Monitoring, Analysis, and Reporting
BOILERPLATE: All available sources of audit trail records are regularly reviewed and
suspected violations are analyzed and reported in accordance with DoD IA procedures.
4.3.19 Encryption for Confidentiality (Data at Rest)
BOILERPLATE: NIST-certified cryptography is used to encrypt stored SI if required
by the information owner.
4.3.20 Encryption for Confidentiality (Data in Transit)
BOILERPLATE: Sensitive unclassified data transmitted through a commercial or
wireless network are encrypted using NIST-certified cryptography.
4.3.21 Interconnections among Department of Defense Systems and
       Enclaves
BOILERPLATE: DoD IS operating at the same classification but with different need-
to-know access rules can utilize discretionary access controls as an IA mechanism. DoD
IS operating at different classification levels require a controlled interface which is
addressed in separate guidance.
4.3.22 Logon
BOILERPLATE: Successive logon attempts are controlled using one or more of the
following:
   Access is denied after multiple unsuccessful logon attempts
   The number of access attempts in a given period is limited
   Time-delay control system is employed
   If a system allows multiple-logon sessions for each UserID, the system provides the
        capability to control the number of logon sessions.
4.3.23 Least Privilege
BOILERPLATE: In addition to an appropriate security clearance and need-to-know
authorization, access procedures enforce the principles of separation of duties and ―least
privilege.‖




4.3.24 Marking and Labeling
BOILERPLATE: Information and IS that store, process, transmit, or display data in any
form or format that is not approved for public release comply with all requirements for



                                            22
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]

marking and labeling contained in policy and guidance documents, such as DoD 5200.1-
R.
4.3.25 Conformance Monitoring and Testing
BOILERPLATE: Conformance testing is planned, scheduled, and conducted regularly
to ensure the system’s IA capabilities continue to provide adequate assurance against
evolving threats and vulnerabilities.
4.3.26 Encryption for Need-to-Know
BOILERPLATE: Information in transit that must be separated for need-to-know reasons
is encrypted with NIST-certified cryptography.
4.3.27 Resource Control
BOILERPLATE: No residual data is available to any subject once the object has been
released back to the system.
4.3.28 Audit Record Retention
BOILERPLATE: Audit records are retained for at least one year unless the IS contains
sources and methods intelligence (SAMI), then records are retained for five years.
4.3.29 Tempest Controls
BOILERPLATE: Measures to protect against comprising emanations are implemented.
4.3.30 Warning Message
BOILERPLATE: Appropriate privacy and security notices warn all users before
entering a Government IS and they are subject to monitoring, recording, and auditing.
4.3.31 Account Control
BOILERPLATE: A comprehensive account management process is implemented and
ensures only authorized users have access to workstations, applications, and networks.
4.4   Enclave Boundary Defense
4.4.1 Connection Rules
BOILERPLATE: DoD connection rules and approval processes are established and
functional.
4.4.2 Virtual Private Network Controls
BOILERPLATE: All virtual private network (VPN) traffic is visible to intrusion
detection systems (IDS).
4.4.3 Boundary Defense
BOILERPLATE: Firewalls and network IDS are deployed at the enclave boundary to
the wide area network (WAN), at layered or internal enclave boundaries and at key points
in the network, as required. Internet access is proxied through Internet access points that
are physically or logically separated from other IS. Host-based IDS are required.




                                            23
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]

4.4.4 Public Wide Area Network Connection
BOILERPLATE: A Demilitarized Zone (DMZ) is required for connections between
DoD enclaves and the Internet or other public or commercial WAN.
4.4.5 Remote Access for Privileged Functions
BOILERPLATE: Remote access for privileged functions is permitted only for
compelling operational needs, is strictly controlled, and audited completely.
4.4.6 Remote Access for User Functions
BOILERPLATE: All remote access always uses encryption and is mediated through a
managed access control point. Remote access mechanism information is also protected.
4.5   Physical and Environmental
4.5.1 Emergency Lighting
BOILERPLATE: Emergency exits at evacuation routes have automatic emergency
lighting.
4.5.2 Fire Detection
BOILERPLATE: Smoke detectors are installed in the facility.
4.5.3 Fire Inspection
BOILERPLATE: Periodic fire marshal inspections occur and deficiencies are promptly
resolved.
4.5.4 Fire Suppression System
BOILERPLATE: Handheld fire extinguishers or fixed fire hoses are available.
4.5.5 Humidity Controls
BOILERPLATE: Humidity controls are installed and provide an alarm for fluctuations
potentially harmful to personnel or equipment operation.
4.5.6 Master Power Switch
BOILERPLATE: Emergency cut-off switch to IT equipment is present, located near the
main entrance of the IT area, and is labeled and protected by a cover to prevent accidental
shut-off.
4.5.7 Screen Lock
BOILERPLATE: Screen locks are present on user workstations to occur with specified
periods of inactivity or enabled explicitly by the user.
4.5.8 Temperature Controls
BOILERPLATE: Temperature controls are installed and provide an alarm when
temperature fluctuations that are potentially harmful to personnel or equipment operation
are detected.




                                            24
[Site Name]                                                Artifact 3 Security Design Document
                                                                                [Month Year]

4.5.9 Environmental Control Training
BOILERPLATE: Employees receive initial and periodic training in the operation of
environmental controls.
4.5.10 Voltage Regulators
BOILERPLATE: Automatic voltage control is implemented for key IT assets.
4.5.11 Access to Computing Facilities
BOILERPLATE: Only authorized personnel with a need-to-know are granted physical
access to computing facilities that process sensitive or unclassified information that has
not been cleared for release.
4.5.12 Clearing and Sanitizing
BOILERPLATE: All documents, equipment, and machine-readable media containing
sensitive data are cleared and sanitized according to DoD 5200.1 before release.
4.5.13 Data Interception
BOILERPLATE: Devices that display or output SI in human-readable form are
positioned to deter unauthorized individuals from reading the information.
4.5.14 Physical Protection of Facilities
BOILERPLATE: Physical access points to facilities that contain, process, or display
sensitive or unclassified information that has not been cleared for release are controlled
during working hours and guarded or locked during non-working hours.
4.5.15 Physical Security Testing
BOILERPLATE: Periodic, unannounced attempts to penetrate key computing facilities
occur as part of a facility penetration testing process.
4.5.16 Workplace Security Procedures
BOILERPLATE: Procedures are implemented to ensure the proper handling and storage
of information.
4.5.17 Storage
BOILERPLATE: Approved containers or facilities are used to store documents and
equipment in accordance with DoD 5200.1-R.
4.5.18 Visitor Control to Computing Facilities
BOILERPLATE: Current signed procedures exist for controlling visitor access and
maintaining a detailed log of all visitors to the computing facility.
4.6   Personnel
4.6.1 Security Rules of Behavior or Acceptable Use Policy
BOILERPLATE: Policy exists that describes the set of rules necessary for IA operations
and clearly delineate IA responsibilities and expected behavior of all personnel.
Consequences of non-compliance to the rules are also included. Signed
acknowledgements of the rules are a condition of access.


                                             25
[Site Name]                                              Artifact 3 Security Design Document
                                                                              [Month Year]

4.6.2 Access to Information
BOILERPLATE: DoD personnel security policies are followed when granting
individuals access to SI.
4.6.3 Maintenance Personnel
BOILERPLATE: Only authorized personnel perform maintenance and the process for
determining authorization is documented along with the list of authorized maintenance
personnel.
4.6.4 Access to Need-to-Know Information
BOILERPLATE: Only individuals with a valid need-to-know demonstrated by assigned
official Government duties are granted access to SI. These individuals must satisfy all
personnel security criteria with special protection measures or restricted distribution as
established by the information owner.
4.6.5 Information Assurance Training
BOILERPLATE: A training program is implemented to ensure all personnel receive
initial and annual training to perform their assigned IA responsibilities.
4.7   Continuity
4.7.1 Alternate Site Designation
BOILERPLATE: Alternate site exists that permits the partial restoration of mission- or
business-essential functions.
4.7.2 Protection of Backup and Restoration Assets
BOILERPLATE: Backup and restoration procedures are in place for hardware,
software, and firmware.
4.7.3 Data Backup Procedures
BOILERPLATE: Data backup is performed at least weekly.
4.7.4 Disaster and Recovery Planning
BOILERPLATE: Disaster recovery procedures exist and provide partial resumption of
mission- or business-essential functions within five days of activation.
4.7.5 Enclave Boundary Defense
BOILERPLATE: Alternate site boundary defense is equal to the security measures in
place at the primary location.
4.7.6 Scheduled Exercises and Drills
BOILERPLATE: Continuity of operations exercises occurs annually.
4.7.7 Identification of Essential Functions
BOILERPLATE: Mission- and business-essential functions are identified for priority
restoration planning.




                                           26
[Site Name]                                            Artifact 3 Security Design Document
                                                                            [Month Year]

4.7.8 Maintenance Support
BOILERPLATE: Within 24 hours of failure, maintenance support for key IT assets is
available.
4.7.9 Power Supply
BOILERPLATE: Manually activated power generators exist in the event of loss of
electrical power.
4.7.10 Spares and Parts
BOILERPLATE: Within 24 hours of failure, maintenance spares and spare parts for key
IT assets can be obtained.
4.7.11 Backup Copies of Critical Software
BOILERPLATE: Critical software is stored in a fire-rated container or separated with
other operational software.
4.7.12 Trusted Recovery
BOILERPLATE: Recovery procedures exist to ensure that recovery is done in a secure
and verifiable manner. Any circumstances that inhibit a trusted recovery are documented
and appropriate mitigating procedures are in place.
4.8   Vulnerability and Incident Management
4.8.1 Incident Response Planning
BOILERPLATE: An Incident Response Plan exists in accordance with DoD Instruction
O-8530.2 and is exercised annually.
4.8.2 Vulnerability Management
BOILERPLATE: A process is in place for identification and mitigation of software and
hardware vulnerabilities.




                                          27
[Site Name]                                           Artifact 3 Security Design Document
                                                                           [Month Year]


5 INFORMATION ASSURANCE MANAGEMENT REVIEW
Please provide information on tracking compliance with the DoD IA Controls applicable
to the DoD information system and reporting IA management review items, such as C&A
status, compliance with personnel security requirements, compliance with training and
education requirements, and compliance with the Information Assurance Vulnerability
Management notifications (IAVMs), and other directed solutions.




                                         28