Guides Foreign Trade Statistics by wdo11402


									Foreign Trade Statistics                                                         Issued October 2007

Security Guidelines for Federal Government Agencies
                                                                                 FTD 07-SG

USCENSUSBUREAU                         U.S. Department of Commerce
                                       Economics and Statistics Administration
                                       U.S. CENSUS BUREAU
Helping You Make Informed Decisions
                                                   The U.S. Census Bureau wishes to acknowledge the
                                                   assistance of the following individuals and organiza-
                                                   tions in the preparation of this booklet:

       U.S. Department of Commerce                 Judy Ward of Computer and Hi-Tech Management
                 Carlos M. Gutierrez,              was responsible for creating this booklet. The following
                                                   Census Bureau employees contributed heavily toward
                                Vacant,            the editing, content, and organization of the booklet:
                        Deputy Secretary           Clifford Jordan, Bryant Turner, Jerome Greenwell,
                                                   Dale Dickerson, Jacquelyn Mann, Samuel Jones,
                                                   Diane Oberg, and Dorothy Brown of the Foreign
                                                   Trade Division; Patrick Heelen of the Legal Office;
                                                   Patricia Melvin of the Policy Office; Timothy P.
                                                   Ruland, Chief, of the IT Security Office; Michael C.
                                  AND STATISTICS   Cook of the Customer Liaison and Marketing Services
                                                   Office; Lisa M. Blumerman, Division Chief, and
Economics and Statistics Administration            Joanne Dickinson, Chief, Marketing and Training
                  Cynthia A. Glassman,
      Under Secretary for Economic Affairs          Development Branch.

                                                   Linda Chen and Monique Lindsay of
                                                   the Administrative and Customer Services Division,
                                                   Walter C. Odom, Chief, provided publication and
                                                   printing management, graphics design and composition,
                      U.S. CENSUS BUREAU           and editorial review for print and electronic media.
                                                   General direction and production management were
                  Charles Louis Kincannon,
                                                   provided by Wanda Cevis, Chief, Publications Services
                        Preston Jay Waite,
                        Deputy Director and
                      Chief Operating Officer

                   Thomas L. Mesenbourg,
                      Associate Director for
                        Economic Programs

                      William G. Bostic, Jr.,
                 Chief, Foreign Trade Division
Table of Contents
1     Introduction
1.1     General ........................................................................................... 3
1.2     Legal and Regulatory Mandates ....................................................... 5
1.3     Overview of Publication .................................................................. 8

2     Requests for Confidential and Prerelease Data
2.1     General ......................................................................................... 10
2.2     Requests for Confidential Data ...................................................... 10
2.3     Requests for Prerelease Data ......................................................... 11
2.4     Request Format ............................................................................. 11

3     Documenting Need, Use, and Required Infrastructure
3.1       General......................................................................................... 12
3.2       Confidential Data Request Documents .......................................... 13
3.3       Prerelease Data Request Documents ............................................. 13
3.4       Need and Use ............................................................................... 14
3.5       Coordinating Safeguards Within an Agency ................................... 14
3.6       Safeguard Review ......................................................................... 14

4      Recordkeeping Requirements
4.1       General......................................................................................... 16
4.2       Tracking Log ................................................................................. 16

5      Information and System Security, and Other Safeguards
5.1       General......................................................................................... 18
5.2       Physical Security ........................................................................... 18
5.3       Logical Security ............................................................................ 19
5.4       Incident Response and Reporting.................................................. 21

6      Minimizing Access to Confidential and Prerelease Data
6.1       General......................................................................................... 22
6.2       Handling of Confidential and Prerelease Data................................ 22

7      Other Safeguards
7.1       General......................................................................................... 24
7.2       Internal Inspections ...................................................................... 24
7.3       Employee Awareness .................................................................... 25
    8      Reporting Requirements
    8.1      General......................................................................................... 27
    8.2      Security Plan ................................................................................. 27
    8.3      Safeguard Procedure Report.......................................................... 28
    8.4      Submission of Safeguard Procedure Report ................................... 29
    8.5      Annual Safeguard Activity Report.................................................. 30
    8.6      Submission of Annual Safeguard Activity Report ........................... 31

    9      Disposal of Confidential or Prerelease Data After Completion of Use
    9.1      General......................................................................................... 32
    9.2      Disposal of Paper Media ............................................................... 32
    9.3      Disposal of Magnetic Media .......................................................... 33

    10     Publication/Release of Confidential or Prerelease Data
    10.1     General......................................................................................... 34

    11     Reporting Indications of Improper Disclosure
    11.1     General......................................................................................... 35

    Appendix A
    A-1    Glossary .......................................................................................... 36

    Appendix B
    B-1    Physical Access ................................................................................ 37
    B-2    Operating Systems Security ............................................................. 37
    B-3    Security Incident Reporting .............................................................. 38
    B-4    Encryption ....................................................................................... 39

    Appendix C
    C-1    Checklist for Requesting Confidential or Prerelease Data.................. 40
    C-2    National Interest Determination Checklist ........................................ 41
    C-3    Memorandum of Understanding (MOU) Checklist ............................. 42
    C-4    Nondisclosure Agreement ................................................................ 45
    C-5    Checklist for Internal Safeguard Inspections..................................... 47

2                                                                                           FOREIGN TRADE STATISTICS

1.1 General                                       setting economic and fiscal policy, the

                                                  analysis of trends in international trade,
    Foreign Trade Statistics (import and
                                                  multilateral trade
export data) compiled by the U.S. Census
Bureau, Foreign Trade Division, are an                                         The foreign trade statistics are
                                                  and assistance
economic indicator. The statistics are                                     based upon confidential individual
                                                  to U.S. exporters
required to be collected and protected                                     business transactions between
                                                  in locating
by legal mandate in Title 13, United                                       U.S. exporters/importers and their
                                                  markets for their
States Code (USC) Chapter 9, Section                                       foreign customers. Because of the
301, and Title 18, USC Section 1905 and                                    sensitivity of the commercial data
                                                      The foreign
by regulatory mandate in Title 15 Code                                     collected, it is important to ensure
                                                  trade statistics
of Federal Regulations (CFR), Part 30                                      their confidentiality.
                                                  are based upon
(see Section 1.2 Legal and Regulatory
Mandates of this manual). The foreign
                                                  individual business transactions between
trade statistics are widely watched and
                                                  U.S. exporters/importers and their foreign
heavily relied upon by both the private
                                                  customers. Because of the sensitivity of the
sector and the government. The private
                                                  commercial data collected, it is important
sector uses the foreign trade statistics to
                                                  to ensure this confidentiality. Any public
measure the impact of foreign competition,
                                                  release would place the exporter/importer
to conduct market share analysis and
                                                  at a serious competitive disadvantage in the
market penetration studies, and to develop
                                                  world marketplace. Without the guarantee
various marketing policies. Government
                                                  of confidentiality, exporters/importers may
uses include the computation of the
                                                  be inclined to withhold correct information
balance of payments for the United States,

Security Guidelines for Federal Government Agencies                                            3
and, thereby, undermine the accuracy of          Prerelease Data in order to meet program-

the trade statistics.                            matic requirements.

    Transaction-level data or aggregate-             It is essential that Prerelease Data not

level export or import                                                   be released to the

information, from                                                        public prior to the
                                  Once data are designated
which one could                                                          official release date
                              as Confidential, they and all their
determine individual                                                     and time. The early
                              products, amalgamations, and
business transactions,                                                   release of such data
                              changes remain Confidential
are defined as                                                            could have a nega-
Confidential Data for                                                     tive impact on trade

the purposes of these                                                    negotiations and

guidelines. Confidential Data, whether            stock markets around the world. The with-

commingled with nonconfidential data              holding of foreign trade statistics prior to

or kept pure, aggregated, or retained as         official release is mandated by the Office

transaction-level, are still Confidential Data.   of Management and Budget (OMB) Statisti-

Once data are designated as Confidential,         cal Policy Directive Number 3 (see Section

they and all their products, amalgamations,      1.2 Legal and Regulatory Mandates of this

and changes remain Confidential Data and          manual).

must be handled according to the guide-              Prerelease Data must, therefore, be

lines presented in this handbook.                kept confidential and treated with the

    Additionally, for                                                  same consideration
                                    Aggregate trade data               as Confidential Data,
the purposes of these
                                compiled, but not yet officially         during the period of
guidelines, aggregate
                                released to the public will be         time between receipt
trade data compiled,
                                referred to as Prerelease              of the information by
but not yet officially
                                Data.                                  the requesting agency
released to the public
                                                                       and the official
will be referred to as
                                                                       release of the data to
Prerelease Data. In
                                                 the public. After the official release date
very limited circumstances, federal govern-
                                                 and time, however, Prerelease Data no
ment agencies may be authorized access to
                                                 longer have to be kept confidential.

4                                                                    FOREIGN TRADE STATISTICS
    As a condition of receiving either                The legal authority for the collection
Confidential or Prerelease Data, the receiv-       and publication of U.S. foreign commerce
ing agency must show, to the satisfaction         and trade statistics is established by Title
of the Census Bureau, the ability to protect      13, USC Chapter 9 and Title 18, USC
the confidentiality of the data. Safeguards        Section 1905.
must be designed to prevent unauthorized

access and uses. In addition to a written

request, the Census Bureau may require                      Title 13, Chapter 9, §301,
a formal agreement that specifies, among                 of the United States Code,
other things, the purposes for which the                Paragraph (a):
data will be used and how it will be                        “The Secretary [of Commerce]
protected. An agency must ensure that                   is authorized to collect informa-
its safeguards will be ready for immediate              tion from all persons exporting
implementation upon the receipt of the                  from, or importing into, the
data.                                                   United States and the noncontig-

                                                        uous areas over which the United
1.2 Legal and                                           States exercises sovereignty,
Regulatory Mandates                                     jurisdiction, or control . . .”

    Several laws and policy documents

govern the confidentiality of and access

to Confidential and Prerelease Data: Title

13 USC, Chapter 9; Title 15 CFR, Sections

30.90–30.91; and Title 18 USC, Section                Title 13 directs the Secretary of

1905 govern the access to Confidential             Commerce to collect, compile, and publish

Data. The Foreign Trade Division’s statisti-      foreign trade statistics on a monthly and

cal guidelines, Memorandums of Under-             cumulative basis. Title 13 is implemented

standing (MOU) between the U.S. Census            by regulations contained in Title 15 of the

Bureau and specific agencies, and OMB’s            CFR, Part 30. These regulations define

Statistical Policy Directive, Number 3,           the confidentiality of the trade data:

govern the access to Prerelease Data.

Security Guidelines for Federal Government Agencies                                              5
        Title 15 Code of Federal                Title 15 Code of Federal
    Regulations, Part 30,                   Regulations, Part 30,
    Subpart H:                              Subpart H:
        Ҥ30.91 Confidential                     Ҥ30.90 Confidential
    information, Shipper’s Export           information, import entries
    Declarations.                           and withdrawals.
        (a) Confidential status.                 The contents of the statisti-
    The shipper’s Export Declaration        cal copies of import entries and
    is an official Department of Com-         withdrawals on file with the
    merce form prescribed jointly           Census Bureau are treated as
    by the Census Bureau and the            confidential and will not be
    Bureau of Industry and Security.        released without authorization
    Information required thereon is         by the U.S. Customs Service . . .”
    confidential, whether filed elec-

    tronically or in any other

    approved format, for use solely        OMB further defines both the limits
    for official purposes authorized     imposed, in order to keep Prerelease Data
    by the Secretary of Commerce.      confidential and the burden placed upon
    Use for unauthorized purposes is   the party making the request:
    not permitted. Information

    required on the Shipper’s Export

    Declarations may not be

    disclosed to anyone except

    the exporter or his agent . . .”

6                                                         FOREIGN TRADE STATISTICS
          Office of Management                               Title 13, Chapter 9,

      and Budget Statistical Policy                   §301, of the United States

      Directive Number 3:                             Code, Paragraph (g):

          Section 3:                                       “[Trade data], wherever

          “(a) The [Census Bureau]                    located, shall be exempt from

      head must establish whatever                    public disclosure unless the

      security arrangements are                       Secretary [of Commerce]

      necessary and impose whatever                   determines that such

      conditions on the granting of                   exemption would be contrary

      access are necessary to ensure                  to the national interest.”

      that there is no unauthorized

      dissemination or use.

          (b) The [Census Bureau]

      head shall ensure that any
                                                          Title 15 Code of Federal
      person granted access has been
                                                      Regulations, Subpart H,
      fully informed of and agreed to
      these conditions.
                                                          “In recommendations
          Section 7:
                                                      regarding any other requests
          Any agency requesting an
                                                      for access to official copies, a
      exception must demonstrate . . .
                                                      judgment in the light of
      that the proposed exception is
                                                      circumstances will be made as
      necessary and is consistent with
                                                      to whether it is contrary to the
      the purposes of the Directive.”
                                                      national interest to apply the

                                                      exception, keeping in view that

                                                      the maintenance of confidenti-
    Moreover, a National Interest Determi-
                                                      ality has in itself an important
nation (NID) is integral to the acceptance or
                                                      element of national interest.”
refusal of a request for data, as dictated by

both Titles 13 USC and 15 CFR:

Security Guidelines for Federal Government Agencies                                      7
    No request for Confidential Data             1.3 Overview of
will be granted, unless the Census              Publication
Bureau Director determines it is in
                                                    This Foreign Trade Statistics Security
the national interest to do so. Also,
                                                Guidelines handbook is directed towards
no request by a federal agency for
                                                any federal agency granted access to data
advance access to Prerelease data will
                                                considered by the Census Bureau as
be granted unless the agency enters
                                                Confidential or Prerelease Data. Its
into a Memorandum of Understanding
                                                purpose is to make a requesting agency
(MOU) with the U.S. Census Bureau’s
                                                aware of their responsibility for protecting
Foreign Trade Division. Additionally,
                                                the confidentiality and security of these
no request for public disclosure of
                                                data. A federal agency accessing Confi-
Prerelease Data will be granted unless
                                                dential or Prerelease Data must exercise
approved by OMB.
                                                diligence in adhering to the controls and
    Penalties for unauthorized disclosure
                                                safeguards set in place to protect the
of Confidential Data are defined under
                                                integrity, confidentiality, and sensitivity of
Title 18:
                                                the data.

                                                    This handbook is divided into 11 chap-
            Title 18, USC Section
                                                ters. Chapter 2, immediately following this
     1905, et seq.:
                                                section, addresses the preliminary steps
            The penalty for unlawful
                                                for submission of a request to receive data.
     disclosure is a fine under this
                                                Chapter 3 discusses the documents used to
     title and/or imprisonment for
                                                specify the need and use of the Confiden-
     not more than 1 year, or removal
                                                tial Data, as well as, the security infrastruc-
     from office or employment.
                                                ture required prior to receiving Confidential

                                                or Prerelease Data. Chapters 4 through 8

                                                contain information regarding the
    Because of the sensitivity of this infor-
                                                necessary safeguards and recordkeeping
mation, requests for and usage of Confi-
                                                requirements for the data once they are
dential or Prerelease Data are restricted and
                                                received from the Census Bureau.
controlled as specified in the body of this
                                                Chapter 9 outlines proper disposal of

8                                                                    FOREIGN TRADE STATISTICS
Confidential and Prerelease Data, while                This publication, as well as other infor-

Chapters 10 and 11 detail the inherent            mation including the Foreign Trade Statis-

confidentiality and acceptable use of the          tics Regulations, is available on our Web

data, and the requirements for reporting of       site <

any improper disclosures. Finally, the            /reference/guides/index.html>.

appendices following the body of this

booklet contain procedures, checklists, and

additional instructions designed to help

ensure that any agency receiving Confiden-

tial or Prerelease Data protects and uses

them appropriately.

Security Guidelines for Federal Government Agencies                                            9
                                                or trade-related responsibilities may be
2.1 General
                                                granted access to Confidential Data. Trade-
     Export data are compiled based upon
                                                related responsibilities include: enforce-
information reported on the Shipper’s
                                                ment of export/import laws and regula-
Export Declaration (SED) or through the
                                                tions; monitoring of trade agreements;
Automated Export System (AES). These
                                                official, legal, or regulatory needs by the
documents/records have enforcement, as
                                                exporter/importer or their agent as authori-
well as statistical purposes and may only
                                                zation for proof of export/import; and U.S.
be released to authorized agencies for
                                                Department of Agriculture requirements for
specific, authorized purposes if the Direc-
                                                proof of export in connection with subsidy
tor of the Census Bureau, as the designee
                                                payments. Access can only be granted
of the Secretary of Commerce, determines
                                                if it is determined to be in the national
that it is in the national interest to do so.
                                                interest to do so. To receive Confidential

                                                Data for statistical purposes, the agency
2.2 Requests for
                                                must have requirements that cannot be
Confidential Data
                                                met with aggregate, published data. Those
     As detailed in Section 1.2, Legal and
                                                requirements must be explained in a
Regulatory Mandates, Title 13 USC, Chap-
                                                written request.
ter 9, Section 301(g), and 15 CFR, Sections
                                                    All requests for export or import Confi-
30.90–30.91 govern the confidentiality of
                                                dential Data must be made in writing to:
and access to Confidential Data. Except
for requests by an exporter/importer
                                                      U.S. Census Bureau
for its own data, only Congress and U.S.
                                                      Washington, DC 20233
government agencies with statistical

10                                                                  FOREIGN TRADE STATISTICS
    The guidelines presented in the subse-        2.4 Request Format
quent sections of this handbook apply to
                                                      All written requests for Confidential or
all Confidential Data.
                                                  Prerelease Data must:

                                                      • Be written on requesting agency
2.3 Requests for
Prerelease Data
                                                      • Specify precisely what data (i.e., net
    Because export and import data are
                                                       import/export record layout fields,
considered one of the leading economic
                                                       country of destination/origin, port of
indicators, it is only under very rare
                                                       export/import) are being requested.
circumstances that agencies are authorized

to receive a restricted amount of                     • Stipulate why the requested data are

Prerelease Data. To receive Prerelease Data            required.

for extraordinary purposes, the agency                • Cite the legislative authority

must have unique requirements that can-                supporting the request.

not be met with published data released               • Demonstrate why data aggregated
publicly at preordained intervals. Those               to the agency’s specifications will
requirements must be explained in a writ-              not suffice, if requesting Confidential
ten request.                                           Data.
    All requests from federal agencies for
                                                      • Substantiate and justify the early
export/import Prerelease Data must be
                                                       access, if requesting Prerelease Data.
directed in writing to the Director of the
                                                      For complete information, see
Census Bureau (see Section 2.2 for
                                                  Appendix C, Section C-1, for a Checklist for
                                                  Requesting Confidential or Prerelease Data.

Security Guidelines for Federal Government Agencies                                          11
     NEED, USE,

3.1 General                                         Memorandum of Understanding
National Interest Determination
                                                    For each approved request for Con-
     When a request for Confidential Data        fidential or Prerelease Data, the Census
is received, the Director of the Census         Bureau’s Foreign Trade Division works with
Bureau, under Title 13 USC, 301 (g), makes      the requesting agency to develop the MOU.
a National Interest Determination (NID)         This document, after being approved and
that results in the granting or denial of the   ratified with an authorized signature of the
request. NIDs can be made for: (1) specific      agency, will be returned and retained in
(one time) export/import or commodity           Census Bureau files for a period of
detail file requests, or (2) more complex        3 years. Included in the MOU will be
requests for data covering specific export/      security provisions tailored to both the
import or commodity information over a          information security requirements for the
specified time period. The granting of a         requested data and the system security
request results in the drafting of a Memo-      infrastructure of the requesting agency.
randum of Understanding (MOU). (See

Memorandum of Understanding below.)                       Included in the MOU will

The MOU will include the NID as a cover               be security provisions tailored

memorandum, attachment, or enclosure.                 to both the information security

Also, the MOU will have an NID statement              requirements for the requested

included in the body of the document.                 data and the system security

     A checklist for the information included         infrastructure of the requesting

in a National Interest Determination is               agency.

available in Appendix C, Section C-2.

12                                                                  FOREIGN TRADE STATISTICS
The MOU will detail, among other things,
                                                  3.3 Prerelease Data
the data to be released, the purposes for
                                                  Request Documents
which they may be used, who may have
                                                      In those rare instances when a request
access to the data, the restrictions on use
                                                  for Prerelease Data is granted, the
of the data, how the data will be protected
                                                  requester will be permitted early access to
from unauthorized disclosure, and the ulti-
                                                  export/import data. The MOU developed in
mate disposition of the data.
                                                  such an instance will detail the data to be
    A checklist for the information included
                                                  provided, the purposes for which the data
in an MOU is available in Appendix C,
                                                  are being provided, and the restrictions on
Section C-3.
                                                  use of the data. In addition, it will prohibit

                                                  any further distribution of the data beyond
3.2 Confidential Data
                                                  the approved parties prior to the Census
Request Documents
                                                  Bureau’s official release of the trade statis-
    To ensure compliance with Census
                                                  tics, and will also detail strict provisions
Bureau disclosure requirements, the MOU
                                                  for the handling of the data.
for export/import Confidential Data will
                                                      The receiving agency, in cooperation
specifically prohibit receiving agencies
                                                  with the Census Bureau, must also detail
from publishing data compiled from Con-
                                                  how the data will be protected from
fidential Data without the express, written
                                                  unauthorized disclosure. As with Confi-
consent of the Census Bureau. The receiv-
                                                  dential Data, the receiving agency must
ing agency, in cooperation with the Census
                                                  restrict access to nonconfidential Prerelease
Bureau, must detail how the data will be
                                                  Data only to authorized personnel with a
protected from unauthorized disclosure. In
                                                  need to know. It is the requesting agency’s
addition, the receiving agency must restrict
                                                  responsibility to ensure that none of these
Confidential Data access to authorized
                                                  data, nor any information based upon the
personnel only and ensure that neither
                                                  data—including inferences regarding the
the data, nor any information based upon
                                                  level of trade (for example, that imports
the data, are made available to any other
                                                  went up or down)—are made available
agency or third party without a need to
                                                  prior to the data’s official release.
know and prior written approval from the

Census Bureau.

Security Guidelines for Federal Government Agencies                                              13
3.4 Need and Use                               3.5 Coordinating
     In all instances, the requested data
                                               Safeguards Within
must be used exclusively for the autho-
                                               an Agency
rized purpose. If an agency’s needs extend         Confidential or Prerelease Data may

beyond the purpose for which the data          only be disbursed to those employees

were originally authorized, a new request      within an agency who have a need to know

must be submitted explaining the reason        and have been authorized to have access

for the additional use. Written approval is    under the provisions of the MOU.

required before the data provided may be           The agency should designate a specific

used for any additional purpose.               individual to be responsible for establish-

     Any unauthorized disclosure may result    ing and maintaining safeguard standards

in denial of future access and imposition of   consistent with the Census Bureau guide-

penalties on the responsible officials, as       lines. The official assigned these responsi-

authorized Under Title 18 USC,                 bilities must have adequate authority in the

Section 1905.                                  agency’s organizational structure to ensure

                                               compliance with the agency’s safeguard

                                               standards and procedures. The selected
           The penalty for unlawful
                                               official should be responsible for conduct-
      disclosure is a fine under this
                                               ing internal inspections (see Section 7.2),
      title and/or imprisonment
                                               for submitting safeguard reports to the
      for not more than 1 year,
                                               Census Bureau (see Section 8.3), and for
      or removal from office or
                                               any necessary liaison with the Census

                                               3.6 Safeguard Review
                                                   A Safeguard Review is an onsite evalua-

                                               tion of the receiving agency by the Census

                                               Bureau to determine if Confidential or

14                                                                 FOREIGN TRADE STATISTICS
Prerelease Data are being used according          provide a written review plan. The plan

to the specifications detailed in the MOU,         will include:

and to observe the measures implemented               • A list of records to be reviewed (e.g.,

to protect the data. Census Bureau security             Title 13, Nondisclosure Agreements,

staff will also verify that security policies            internal inspection reports, and

and procedures are in place to protect the              agency awareness program).

Confidential or Prerelease Data.                       • The scope and purpose of the review.
    The initial onsite Safeguard Review
                                                      • A list of the specific areas to be
will occur before the initial provision of
Confidential or Prerelease Data and then
                                                      • A list of agency personnel to be
at least every 3 years thereafter. As a
condition of granting access the Census

Bureau’s Foreign Trade Division has the               Need and use will be evaluated and

option to regularly conduct onsite reviews        actual operations will be observed. Agency

of agency safeguards. The onsite reviews          employees may be interviewed during the

will be conducted by a Census Bureau              onsite review, generally to clarify proce-

safeguard team comprised of persons from          dures or to determine employee awareness

the following areas: Foreign Trade Division       of security requirements and Titles 13 and

Regulations and Outreach Branch; Foreign          18 penalty provisions.

Trade Division Commodity Analysis Branch;             Safeguard Reviews are conducted to

Foreign Trade Division Information Security       determine the adequacy of safeguards, as

Staff; and staff from the Census Bureau             opposed to an evaluation of the agency’s

IT Security Office. Several factors will be         programs. The Census Bureau will issue a

considered when determining the need              Safeguard Review Report. The agency will

for and the frequency of a review. In each        have the opportunity to provide comments

instance, the Census Bureau will                  that will be included in the report.

Security Guidelines for Federal Government Agencies                                            15

4.1 General                                      4.2 Tracking Log
     The Census Bureau requires that all             The tracking log for Confidential or

agencies granted access to Confidential           Prerelease Data should include the follow-

or Prerelease Data establish a permanent         ing sections:

system for tracking the flow of data within           Receipt of Data
the agency. The tracking system must
                                                     • Description of data to be received
begin with the expected date of receipt
                                                      (i.e., export/import, prerelease, net
and must be maintained until:                         export/import record layout fields,
     • The completion of use, in the case             country of destination/origin, port
      of Confidential Data, where the data             of export/import, month/year).
      are either destroyed or returned to            • Expected date of receipt, if data
      the Census Bureau as described in               are to be delivered to the receiving
      Chapter 9 of this manual.                       agency. (If the data are not received

     • Until their official release, in the case        by the scheduled due date and the

      of Prerelease Data.                             agency was not informed of a delay,
                                                      the agency must immediately notify
     The tracking record of all Confidential
                                                      the Census Bureau contact person
or Prerelease Data received must remain
                                                      identified in the MOU.)
on file for a period of 2 years after the
                                                     • Actual date of receipt (or pickup
date the data are destroyed, returned, or
                                                      from the Census Bureau).
released to the public.
                                                     • Name of authorized person receiving
                                                      the data.

                                                     • Location where data are stored or filed.

16                                                                   FOREIGN TRADE STATISTICS
    Receipt of Data from AES                      transfer mechanism and related security
                                                  measures for the transfer and data access.
    When agencies request access to AES
                                                  As previously discussed, automatic auditing
data in an interactive mode the following
                                                  is to be performed on the computer access-
                                                  ing the data. Security controls must be in
    Pursuant to an NID and establishing an
                                                  place for the media (hard drive, removable
MOU with the Census Bureau, the receiving
                                                  media) used to store the data after it is
agency must enter into an Interconnection
                                                  downloaded. This will be outlined in the MOU.
Security Agreement (ISA) with U.S. Customs            Note: The agency must establish accounts

and Border Protection (CBP). Computers                through U.S. Customs for every employee
                                                      designated to access AES data. When agency
used to access the data are to have an
                                                      employees depart or no longer have a need
operating system (Windows XP or Vista)
                                                      to access AES data their accounts are to be
that is in compliance, or will comply with
                                                      terminated. Agency employee AES accounts
OMB M-07-11 “Plans for Managing Security              will be further addressed in the MOU.

Risk by Using Common Security Configura-
                                                      Access to Data (Audit Trail)
tions.” The operating system must also                A. Documents and listings
allow for automatic auditing. Auditing is              • Name and signature of authorized
to track the person accessing the data, as                 user.

well as the time and date of the access.               • Date and time logged “Out/In.”

The downloading of data (i.e. print screens,          Note: The agency must account for any lost
                                                      or misplaced data by documenting search
transposing the data into a spreadsheet,
                                                      efforts and notifying the responsible official
etc.) accessed in this manner is prohibited
                                                      noted in the MOU.
unless specified in the MOU.
                                                      B. Operating System/Application
                                                       • Name of authorized user.
    Receipt of Data from AES
    (Data Transfer)                                    • Date of computer access.

    For requested AES data that is down-              Disposal of Data

loaded by the Census Bureau and provided              A. Name and signature of authorized
                                                           person disposing of data.
to an agency, upon approval of the request
                                                      B.   Date and method of destruction or
pursuant to an NID, the receiving agency
                                                           date and method of return to the
must enter into an MOU with the Census
                                                           Census Bureau.
Bureau. These documents will detail the
                                                      For disposal guidelines see Chapter 9.

Security Guidelines for Federal Government Agencies                                             17
                    INFORMATION AND
                    SYSTEM SECURITY,
                    AND OTHER

               5.1 General                                      dance with NIST SP 800-37 and SP 800-53,

                                                                of the system or application, and make
                    Agencies receiving Confidential or
                                                                available for viewing a copy of its current
               Prerelease Data must take appropriate
                                                                security plan to document the measures
               actions to ensure that the data are protected
                                                                implemented for securing Confidential or
               against unauthorized possession and use.
                                                                Prerelease Data. During Safeguard
               Possession and use of Confidential or
                                                                Reviews and any subsequent inspections,
               Prerelease Data must be in accordance with
                                                                the Census Bureau or its representative
                                       the provisions of the
                                                                may use these submitted documents or
                                       MOU between the
    Use of Confidential or                                       request to review other pertinent documen-
                                       Census Bureau and
Prerelease Data must be in                                      tation to include plans, policies, standards,
                                       the agency autho-
accordance with the provisions                                  procedures, and approvals related to infor-
                                       rized to receive the
of the MOU between the Census                                   mation and system security in implement-
                                       data. In addition, all
Bureau and the agency autho-                                    ing the MOU and authorizing the release
                                       systems and appli-
rized to receive the data.                                      of Confidential or Prerelease Data to the
                                       cations that receive,
                                                                receiving agency. Several areas will be
                                       transmit, process,
                                                                addressed during this Inspection and
               manipulate, or store Confidential or Pre-
                                                                Review as described below.
               release Data must meet minimum security

               requirements as set forth in the MOU. The

               Census Bureau reserves the right to view
                                                                5.2 Physical Security
               and approve any measures utilized by the             Receiving agencies must identify and

               receiving agency to secure the data.             document measures to control physical

               The receiving agency should submit a secu-       access to equipment, media, and work

               rity certification and accreditation, in accor-   areas where Confidential or Prerelease

               18                                                                   FOREIGN TRADE STATISTICS
Data are housed to ensure against eaves-          rocedures are in place. All Confidential or

dropping, theft, vandalism, or accidents          Prerelease Data files transmitted from

that may occur. Physical controls shall           the Census Bureau to the receiving agency

be employed to secure the facility of the         will be in accordance with the ratified and

receiving agency in accordance with agency        approved MOU. All such transmissions

security standards.                               require the specific written approval of the

                                                  Census Bureau. UNENCRYPTED TRANS-
    Work Area and Desktop
                                                  MISSION OF CONFIDENTIAL OR PRE-
    All computer and work areas contain-          RELEASE DATA SHALL NOT BE ALLOWED
ing Confidential or Prerelease Data must be        VIA ELECTRONIC MAIL OR MESSAGING
protected with key locks, cipher locks, or        SYSTEMS, EVEN AMONG AUTHORIZED
other suitable access controls. Such areas        USERS.
must be kept locked when not occupied by

staff. Computer terminals must be capable              Removable Media

of locking to prevent unauthorized use or             The receiving agency shall not use

viewing of the data. Such terminals must          removable media without written authori-

be kept locked when not occupied by staff.         zation from the Census Bureau. Authorized

                                                  removable media must be kept locked and
    Mobile Computers and Other
    Electronic Equipment                          stored securely when in, or removed from,

                                                  designated equipment.
    Confidential or Prerelease Data are
not to be placed onto laptop, handheld,
                                                  5.3 Logical Security
or mobile computers of any kind. Further,
                                                      Receiving agencies must identify and
Confidential or Prerelease Data shall not be
                                                  document measures to control logical
placed, stored, or processed on personally
                                                  access to systems, applications, media, and
owned equipment or media of any kind.
                                                  data where Confidential or Prerelease Data
Confidential or Prerelease Data are not for
                                                  are housed to ensure against eavesdrop-
use over the Internet, on an intranet, with
                                                  ping, theft, vandalism, or accidents that
unsecured facsimile machines, or with
                                                  may occur.
computers containing modems unless

appropriate and authorized security

Security Guidelines for Federal Government Agencies                                           19
     Data Integrity                            will be changed periodically to further

     Prior to releasing Confidential or Pre-    ensure data security and access control.

release Data to the receiving agency, the      The receiving agency must appoint a

data are scanned to ensure their content is    contact person to receive these keys and

protected against malicious and/or destruc-    passphrases and imple-

tive programs or scripts. Furthermore,         ment efforts to ensure          Encryption keys
                                                                              and passphrases
Confidential or Prerelease Data are verified     their continued security.
                                                                               will be changed
                                               The Census Bureau uses          periodically to
for accuracy and integrity prior to release.
                                                                               further ensure
The receiving agency shall implement virus     encryption software that         data security
                                               meets current NIST and            and access
detection and eradication efforts, as well                                           control.
as integrity verification efforts, to ensure     FIPS requirements. The

continued security of the data. The Census     receiving agency shall

Bureau uses encryption software that meets     be informed by the Information Security

current National Institute of Standards        Officer as to the software required.

(NIST) and Federal Information Processing
                                                   Information Sharing and
Standards (FIPS) requirements. The receiv-         Interconnecting Systems Controls

ing agency shall also use software that            The receiving agency must identify
meets current NIST and FIPS guidelines.        and document any sharing of information

                                               or interconnected system that impacts the
     Data Confidentiality
                                               security of Confidential or Prerelease Data.
     Prior to releasing Confidential or Pre-
                                               It is required that written authorization be
release Data to the receiving agency, the
                                               obtained prior to connection with other
data are encrypted to secure their content
                                               systems and/or sharing Confidential or
against unauthorized access. The Foreign
                                               Prerelease Data.
Trade Division, Information Security Officer

oversees encryption policies, procedures,          Operational Controls

and practices, and oversees the provision          The receiving agency must describe
of encryption keys and passphrases to the      the controls used for receiving, identifying,
authorized representative of the receiving     handling, processing, storing, and dispos-
agency. Encryption keys and passphrases        ing of input and output data and its media.

20                                                                 FOREIGN TRADE STATISTICS
In addition, the controls used to monitor         5.4 Incident Response
the installation of, and updates to, hard-        and Reporting
ware and software for the system shall be
                                                      The receiving agency must appoint
documented. It is required that written
                                                  a representative to respond to incidents,
authorization be obtained prior to release
                                                  serve as the contact person for the Infor-
or distribution of Confidential or Prerelease
                                                  mation Security Officer, and report any
                                                  incidents to the Information Security

    Technical Controls                            Officer. A security incident, as it relates to

                                                  the possession and use of Confidential or
    The receiving agency must describe the
                                                  Prerelease Data, is any violation, or sus-
controls used for identifying and authenti-
                                                  pected violation, of standards, policies,
cating users, limiting and restricting user
                                                  procedures, and practices governing the
access, tracking and auditing user activi-
                                                  data as set forth in the MOU. Examples of
ties, deterring and detecting unauthorized
                                                  security incidents may include, but are not
use, preventing undesired use, and
                                                  limited to:
protecting data integrity and availability.
                                                      • Unauthorized use of Confidential or
It is required that written authorization be
                                                        Prerelease Data.
obtained prior to accessing Confidential or

Prerelease Data.                                      • Use of unauthorized accounts to

                                                        access Confidential or Prerelease


                                                      • Misused, stolen, or compromised


                                                      • Lost or stolen Confidential or

                                                        Prerelease Data.

                                                      • Duplication or distribution of

                                                        Confidential or Prerelease Data.

Security Guidelines for Federal Government Agencies                                            21

6.1 General                                    6.2 Handling of
     Only authorized employees whose
                                               Confidential and
duties and responsibilities require access
                                               Prerelease Data
may use the Confidential and Prerelease             Confidential and Prerelease Data should

Data. An employee’s background should          be handled in such a manner that ensures

be considered when designating authorized      they do not become misplaced or made

personnel. Access to and use of Confiden-       available to unauthorized personnel. To

tial and Prerelease Data must be within the    the maximum extent possible, Confidential

restrictions of the MOU.                                             and Prerelease Data

Access granted to                                                    should not be copied
                                 Good safeguard practice
authorized employees                                                 to agency files, sepa-
                             dictates that access to Confiden-
must be on a need-to-                                                rate listings, or tables,
                             tial or Prerelease Data must be
know basis, where no                                                 in order to avoid in-
                             strictly on a need-to-know basis.
employee is granted                                                  advertent disclosure.

more information than                                                Likewise, Confidential

is needed to perform                                                 and Prerelease Data

his or her duties. Each employee granted       should not be transmitted in any form to

access to Confidential and Prerelease Data is anyone, except as prescribed in the MOU.

required to sign a Nondisclosure Agreement     Any file, listing, table, or other material on

(see Appendix C, Section C-4).                 any media containing such data must be

                                               clearly labeled, “Disclosure Prohibited-Title

                                               13 USC, Authorized Personnel Only,” and

                                               remain so labeled until the release date,

22                                                                  FOREIGN TRADE STATISTICS
if Prerelease Data, or until destroyed or              processing equipment to only
returned to the Census Bureau, if                      those personnel authorized to see
Confidential Data.                                      Confidential or Prerelease Data.

                                                      • Removing all Confidential or
                                                       Prerelease Data from all resident files,
    If Confidential or Prerelease Data are
                                                       databases, and programs after the data
recorded on CD-ROM or any other elec-
                                                       have served their authorized purpose.
tronic media with agency data, it should be
                                                      Commingled data in shared facilities
protected as if it were entirely Confidential
                                                  present additional security risks that must be
or Prerelease Data, and labeled as described
                                                  addressed. If your agency shares physical
above. Such commingling on a single media
                                                  and/or computer facilities with
should be avoided to the maximum extent
                                                  other agencies, departments, or individuals
possible. When data processing equipment
                                                  not authorized to have access to Confidential
is used to process or store Confidential
                                                  or Prerelease Data, strict controls—physical
or Prerelease Data and the information is
                                                  and systemic—must be maintained to
mixed with agency data, the agency must
                                                  prevent unauthorized disclosure of this
ensure that Confidential or Prerelease Data
                                                  information (see Appendix B).
cannot be extracted from the computer
                                                      The restrictions imposed upon use of
during processing, such as by a remote
                                                  Prerelease Data end once the Census Bureau
terminal or remote access, and the commin-
                                                  has officially released the data. A listing
gled data must be handled as if it were all
                                                  of the press release dates and times are
Confidential Data. Confidential or Prerelease
                                                  provided with the MOU authorizing access
Data access must be controlled by:
                                                  to the data. However, the restrictions upon
    • Systemic means, including server
                                                  access to Confidential Data are permanent.
      protection, password protection, and
                                                  The restrictions upon release of the specific
      labeling. (See Chapter 5, Information
                                                  data provided to the agency are detailed in
      and System Security and Other Safe-
                                                  the MOU.
      guards for additional information.)

    • Restricting access to the data

Security Guidelines for Federal Government Agencies                                           23

7.1 General
                                                citing compliance with security provisions
     Title 15 CFR, Subpart H, §30.91 requires
                                                outlined in the MOU, as well as any deficien-
agencies receiving Confidential or Prerelease
                                                cies and corrective actions taken.
Data to provide other safeguard measures
                                                       The inspection records should be filed
as appropriate to ensure the confidentiality
                                                in a separate folder in a designated area and
of the data. Internal inspections and a good
                                                retained on file for 4 years. They should
employee security
                                                                            be available for the
awareness program
                                Internal inspections and                    Safeguard Review
can provide effective,
                            a good employee security awareness              outlined in Section
yet inexpensive,
                            program can provide effective, yet               3.6.
protection against
                            inexpensive, protection against                        Safeguard
unauthorized disclo-
                            unauthorized disclosure of Confiden-             Inspections should
sure of Confidential or
                            tial or Prerelease Data.                        include the following
Prerelease Data.

                                                       1. A review of the storage and
7.2 Internal Inspections                                    handling of Confidential or
     Agencies receiving Confidential or                      Prerelease Data.
Prerelease Data must conduct inspections
                                                       2.   A review of how access to
once a year to ensure that safeguards are
                                                            Confidential or Prerelease Data is
adequate. These Safeguard Inspections
                                                            granted to authorized employees.
should be done according to written specifi-
                                                       3.   An assessment of facility security
cations detailed in the MOU. A complete
record must be made of each inspection,

24                                                                      FOREIGN TRADE STATISTICS
    4.   Verification that Confidential or              These inspections should be con-
         Prerelease Data has not been             ducted by authorized personnel who are
         commingled with other information        not directly responsible for the use of the
         in such a way that confidentiality
                                                  data. The inspections should be subject to
         could be inadvertently
                                                  formal follow-up procedures and reporting
                                                  for any necessary corrective actions.
    5.   A review of after-hours security
                                                      A checklist for internal inspections is
                                                  available in Appendix C, Section C-5.
    6.   A review of access to secure
         storage containers or areas and
         of responsibility for changing keys.
                                                  7.3 Employee Awareness
    7.   An analysis of security procedures           All agency employees granted access

         and instructions to employees.           to Confidential or Prerelease Data must be

    8.   A review of the data processing          thoroughly briefed on security procedures

         operations, including computer           and instructions requiring their awareness.

         systems.                                 As part of the awareness program, a copy

    9.   A review of the control and storage      of the MOU developed between the Census
         of magnetic and paper media.             Bureau and the agency must be provided

    10. An audit of the file room activity.        to each authorized employee. In addition,

    11. Interviews of those charged with          a copy of this Security Guidelines booklet

         security responsibilities.               must also be pro-

    12. A review of planned organization-         vided.                        Before being granted access
         al changes to assure that security           Before being          to Confidential or Prerelease
         consideration is covered.                granted access            Data and each year thereafter,
    13. A review of procedures for and            to Confidential or         all authorized employees are
         documentation of, returning,             Prerelease Data           required to sign a Nondisclo-
         disposing of, or destroying              and each year             sure Agreement.
         Confidential or Prerelease Data no
                                                  thereafter, all au-
         longer needed by the recipient.
                                                  thorized employ-

                                                  ees are required to sign a Nondisclosure

                                                  Agreement (see Appendix C, Section C-4).

Security Guidelines for Federal Government Agencies                                             25
The receiving agency must inform the em-       briefings should be made in writing to the

ployees of this requirement.                   Chief of the Foreign Trade Division.

     Security guidelines should periodically       Agency employees are to be made

be a topic of discussion with agency           aware of the provisions in Title 18 USC,

employees. Upon request, the Census            Section 1905 which makes unauthorized

Bureau, Foreign Trade Division, Regula-        disclosure of Confidential Data a crime,

tions, Outreach, and Education Branch          punishable under this title, and/or by

will be available to conduct briefings for      imprisonment for not more than 1 year, or

agencies on Confidential or Prerelease Data     removal from office or employment.

security measures. Requests for security           REPORTING

26                                                                 FOREIGN TRADE STATISTICS
8.1 General                                           • Summarizes the agency’s current

    Agencies receiving Confidential or                  efforts to ensure the confidentiality

Prerelease Data must file a report con-                 of Confidential or Prerelease Data.

taining a description of the procedures               • Certifies the agency is protecting

established and used by the agency for                 Confidential or Prerelease Data

ensuring the confidentiality of the informa-            pursuant to the security requirements

tion received from the Census Bureau. The              specified in the MOU and the agency’s

Safeguard Procedures Report is a record                own security requirements.

of how Confidential or Prerelease Data is              • Failure to submit either the Safeguard
used by the agency and how the data are                Procedures Report or the Annual
protected from unauthorized disclosure by              Safeguard Activity Report by the
that agency.                                           designated date may result in
    Annually thereafter, the agency must               discontinuance of the provision of
file a Safeguard Activity Report. This report           Confidential or Prerelease Date to the
advises the Census Bureau of any changes               receiving agency.
to the procedures or safeguards described

in the Safeguard Procedures Report, no
                                                  8.2 Security Plan
matter how minor. It also:
                                                      Any changes to the agency’s Security
    • Advises the Census Bureau of future
                                                  Plan or security procedures, during the
      actions that will affect the agency’s
                                                  period of Confidential or Prerelease Data
      safeguard procedures.
                                                  usage, must be documented and reported

                                                  to the security contact designated in the

Security Guidelines for Federal Government Agencies                                           27
MOU, or to the Foreign Trade Division’s        3.   A chart or description of the flow
Computer Security Team Leader. Census               of Confidential or Prerelease Data
Bureau security staff will determine if              through the organization, from
the protection provided for Confidential or          receipt to return to the Census Bureau
Prerelease Data has been modified in any             or their destruction.
way. The security policies, procedures, and    4.   A determination whether Confidential
practices outlined in the MOU are essential         or Prerelease Data are commingled
to the nondisclosure requirements man-              with or transcribed into data kept by
dated in Title13 of the USC, Title 15 of the        the agency.
CFR, and OMB Circular A-130.
                                               5.   If applicable, a description of

                                                    automated data processing (ADP)
8.3 Safeguard Procedure
                                                    system(s) as they relate to main-
                                                    taining or processing Confidential
      All agencies receiving Confidential
                                                    or Prerelease Data, including
or Prerelease Data must provide a report
                                                    system configuration, what data
to the Chief of the Foreign Trade Division
                                                    are processed, files/records created
describing the Safeguard Procedures used
                                                    when processing Confidential or
to protect the confidentiality of the data.
                                                    Prerelease Data and which of these
The report is to be submitted by March 1st
                                                    files/records contain such data,
and cover the preceding calendar year. The
                                                    timesharing, internal system security
head of the agency must sign the report,
                                                    (access controls, audit trails, and so
unless otherwise specified in the MOU.
                                                    forth), equipment and area physical
      The Safeguard Procedure Report will
                                                    security, and networks to remote
contain the following information:
                                                    terminals and/or other computers.
 1.    Name, title, and telephone number
                                                    Also, include any planned changes
       of the official responsible for imple-
                                                    to the agency’s system (equipment,
       menting safeguard procedures.
                                                    safeguards, or processes).
 2.    Description of the data covered by
                                               6.   Copies of all other written procedures
       the report.
                                                    and other related memoranda con-

                                                    cerning the safeguards afforded

28                                                                 FOREIGN TRADE STATISTICS
      to the Confidential or Prerelease                      authorized access to Confidential or

      Data. The procedures should, at                       Prerelease Data, and any changes

      a minimum, describe the physical                      or enhancements to physical and

      security afforded Confidential or                       computer security measures utilized

      Prerelease Data, the access allowed                   to safeguard Confidential or

      to Confidential or Prerelease Data                     Prerelease Data.

      by authorized agency employees,                 9.    Copy of reports of internal inspections
      and the manner in which access                        conducted by the agency to assure
      is controlled. The procedures will                    that the written procedures are being
      also describe in detail the manner in                 adhered to by all authorized agency
      which Confidential or Prerelease Data                  employees.
      are disposed of upon completion of
                                                      10. Copy of records of the disposal of
      use, to include the methods of
                                                            Confidential or Prerelease Data. The
      destruction, the place of destruction,
                                                            information should be adequate
      the time schedule for disposal,
                                                            to identify the material destroyed,
      and the names and titles of agency
                                                            include the control number of the
      employees who are responsible for
                                                            data destroyed, and the date and
      supervising destruction or disposal
                                                            manner of destruction.
      of Confidential or Prerelease Data. In

      addition, the procedures will describe
                                                  8.4 Submission of
      the agency’s security awareness
                                                  Safeguard Procedure
      program and the controls used to
      restrict visitors, janitorial help, and
                                                           The Safeguard Procedure
      unauthorized employees in areas
                                                  Report is to be submitted to:
      where Confidential or Prerelease Data
                                                           Chief, Foreign Trade Division
      are maintained.
                                                           U.S. Census Bureau
 7.   Copies of all signed Nondisclosure
                                                           4600 Silver Hill Rd.
      Agreements and access logs.
                                                           Room 6K032
 8.   Detailed description of significant                   Washington, DC 20233
      changes in safeguard procedures or

Security Guidelines for Federal Government Agencies                                               29
8.5 Annual Safeguard                               of the confidentiality requirements,

Activity Report                                    the security requirements,

                                                   and the sanctions imposed for
     Agencies should submit an annual
                                                   unauthorized disclosure of
Safeguard Activity Report by March 1st each
                                                   Confidential or Prerelease Data.
year; the report should cover the preced-

ing calendar year. The report must be on      • Reports of Internal Inspections—

agency letterhead and be signed by the             Copies of a representative sampling
head of the agency or delegate. The report         of the Safeguard Inspections
should contain the following information:          Reports and a narrative of the

                                                   corrective actions taken (or
     Changes to Information or
     Procedures Previously Reported                planned) to correct any deficiencies

                                                   should be included with the annual
     • Responsible Officers or Employees.
                                                   Safeguard Activity Report.
     • Functional Organizations Using the
                                              • Disposal of Confidential or Prerelease
      Confidential or Prerelease Data.
     • Computer Facilities or Equipment
                                                   Report the disposal of the Confi-
      and System Security—Changes or
                                                   dential or Prerelease Data to the
                                                   Census Bureau. The information
     • Physical Security—Changes or
                                                   should be adequate to identify the
                                                   material destroyed/returned, and
     • Retention or Disposal Policy or
                                                   the data and manner of destruction
                                                   (see Chapter 9, Disposal of

                                                   Confidential or Prerelease Data).
     Current Annual Reporting Period
     Safeguard Activities                     Note: Including Confidential or Prerelease
                                              Data in the disposal record is not necessary,
     • Agency Disclosure Awareness
                                              and should be avoided. Alternative identifica-
                                              tion methods should be employed in order to
         Describe the efforts to inform        avoid unintended disclosure during communi-

         all employees having access to       cation of disposal information.

         Confidential or Prerelease Data

30                                                              FOREIGN TRADE STATISTICS
    Actions on Safeguard Review                       Agency Use of Contractors
                                                      Agencies employing contractors, who
    The agency should report all actions
                                                  require access to Confidential or Prerelease
taken, or being initiated, regarding recom-
                                                  Data, must ensure the contractor’s adher-
mendations in the Final Safeguard Review
                                                  ence to the mandates discussed in this
Report issued as a result of the latest
Safeguard Review.

    Planned Actions Affecting
                                                  8.6 Submission of Annual
    Safeguard Procedures                          Safeguard Activity Report
    Any planned agency action that would              Annual Safeguard Activity Reports are
create a major change to current proce-           to be submitted to:
dures or safeguard considerations should              Chief, Foreign Trade Division
be reported. Such major changes would                 U.S. Census Bureau
include, but are not limited to, new com-             4600 Silver Hill Rd.
puter equipment, facilities, or systems.              Room 6K032

                                                      Washington, DC 20233

Security Guidelines for Federal Government Agencies                                           31
     OF USE

9.1 General                                   9.2 Disposal of
     If use of Prerelease Data is completed   Paper Media
prior to the official release date, the data       The following methods must be used
must be destroyed, otherwise the data         to destroy Confidential Data:
should continue to be secured by the             • Burning—Use Environmental
receiving agency as outlined in the MOU.           Protection Agency (EPA) approved
     Conversely, in order to continue to           public incinerators. When burning
protect their confidentiality through the           sensitive material, examine ash
completion of their life cycle, Confidential        residue, if possible. If there are any
Data, including the original data provided         large pieces of unburned material,
by the Census Bureau and any working files          reburn it until totally destroyed.
containing Confidential Data, must always         • Shredding—Use shredders that reduce
be destroyed or returned to the Census             residue particle size to 3/16 of an
Bureau according to the following guide-           inch or less in width for destruction
lines after they have served their autho-          of sensitive paper and nonpaper
rized purpose. The timeframe indicating            products containing Confidential or
when such actions must be performed will           Prerelease Data. All material should
be detailed in the MOU between the U.S.            be shredded in such a manner that
Census Bureau and the receiving agency.            recognition or reconstruction is
The destruction process must prevent               impossible by feeding material into
recognition of the information. Outlined           the shredder vertically or diagonally
below are the required methods of destruc-         to chop up sentences. Shredded
tion for both paper and magnetic media             materials must be recycled or thrown
containing Confidential Data.

32                                                               FOREIGN TRADE STATISTICS
      in the trash and must not be used for       9.3 Disposal of Magnetic
      other purposes, such as packaging.          Media
    • Return to Census Bureau—If the                  Magnetic media, such as cartridges,
      receiving agency does not have the          disks, e-mail drop boxes, and hard drives
      facilities to properly destroy the          containing sensitive Confidential or
      paper media, then the documents             Prerelease Data, must be cleared prior to
      must be returned to the Census              reuse. To clear, overwrite all Confidential
      Bureau to the office from which they          or Prerelease Data a minimum of three
      were originally obtained.                   times with a commercial disk utility

    Additionally, paper documents jammed          program. Then, for additional confidence,

in copying equipment, unusable copied             degauss using a commercial degausser.

documents, and tables, including listings         Destroy CD-ROMs by breaking into pieces

or other documents prepared from the data         so that they are completely unusable. The

provided by the Census Bureau, must be            broken pieces should be discarded in the

destroyed using one of the above methods.         trash.

Security Guidelines for Federal Government Agencies                                            33
                          RELEASE OF
                          CONFIDENTIAL OR
                          PRERELEASE DATA

                     10.1 General                                       The prerelease of such data could have a

                                                                        negative impact on trade negotiations and
                          As stated earlier, foreign commerce and
                                                                        stock markets around the world.
                     trade statistics are based upon confidential
                                                                            To ensure compliance with Census Bureau
                     data, individual business transactions
                                                                        disclosure requirements, agencies that receive
                     between U.S. exporters/importers and their
                                                                        Confidential or Prerelease Data are specifically
                     foreign customers. Because of the sensitiv-
                                                                        prohibited from publishing data compiled
                     ity of the commercial data collected, it is
                                                                        from Confidential or Prerelease Data without
                     important to ensure their confidentiality. Any
                                                                        the express, written consent of the Census
                                       public release would place
                                                                        Bureau. The agency must ensure that neither
    The agency must ensure             the exporter/importer at a
                                                                        the Confidential or Prerelease Data, nor any
that neither the Confidential           serious competitive disad-
                                                                        information based upon the Confidential or
or Prerelease Data, nor any            vantage in the world market-
                                                                        Prerelease Data, including inferences that
information based upon the             place. Without the security
                                                                        would disclose individual business transac-
Confidential or Prerelease              of confidentiality, exporters/
                                                                        tions, are made available to any other agency
Data, including inferences             importers may be inclined to
                                                                        or third party without prior written permis-
that would disclose individu-          withhold correct information
                                                                        sion from the Census Bureau’s Foreign Trade
al business transactions, are          and, thereby, undermine the
made available to any other            accuracy of the trade                Penalties for failure to adhere to these
agency or third party without          statistics.                      requirements are detailed in the provisions
prior written permission from               It is also essential that   of Title 18 USC, Section 1905, which makes
the Census Bureau’s Foreign            trade statistics are not         unauthorized disclosure of Confidential Data
Trade Division.                        released to the public prior     a crime, punishable by a fine under this title,
                                       to the official release date       and/or imprisonment for not more than 1
                                       and time.                        year, or removal from office or employment.

                     34                                                                      FOREIGN TRADE STATISTICS

                                                  and avoid using words that would alert the
11.1 General
                                                  violator. Words like “hackers,” “incident,”
    Both the Information Security Officer of
                                                  or the suspected person’s name would
the Census Bureau’s Foreign Trade Division
                                                  probably alert the suspected party or
and the Chief of the Foreign Trade Division
                                                  someone who has knowledge of the
should be contacted upon discovery of any
                                                  suspected party. Faxed information should
possible improper disclosure of Confi-
                                                  be followed up with a detailed written
dential or Prerelease Data by an agency
                                                  report. If e-mail must be used, like faxed
employee or any other person.
                                                  information, details that could possibly
    The individual making the observation
                                                  alert the violator should be avoided. Sensi-
or receiving the information should com-
                                                  tive details should be written to a file and
municate the security incident via tele-
                                                  encrypted as an e-mail attachment (see
phone, fax, or paper mail. Faxed informa-
                                                  Section 5.3).
tion should include only minimum detail,

Security Guidelines for Federal Government Agencies                                             35
     A-1 Glossary
     ADP    Automated Data Processing

     AES    Automated Export System

     CFR    Code of Federal Regulations

     DES    Data Encryption Standard

     EIN    Employer Identification Number

     EPA    Environmental Protection Agency

     FIPS   Federal Information Processing Standard

     IT     Information Technology

     MOU    Memorandum of Understanding

     NID    National Interest Determination

     OMB    Office of Management and Budget

     SED    Shipper’s Export Declaration

     USC    United States Code

36                                                    FOREIGN TRADE STATISTICS
    B-1 Physical Access

    1.   Protect all offices, computer rooms, and work areas containing Confidential or

         Prerelease Data with key locks, cipher locks, magnetic card door locks, or other

         suitable access controls.

    2.   Employees, while passing through doors, gates, and other entrances to access-

         controlled areas, must not permit unknown or unauthorized persons to pass

         through at the same time.

    3.   Limit the number of entrances to the office space. Place the computer system

         away from the main entrances. Position work stations so there is control over

         who gains access to the computer system area. If a theft does occur, report it to

         the appropriate authority.

    4.   Properly secure computer systems to prevent theft, misuse, and abuse.

    5.   Supervise or challenge unauthorized personnel whenever they are in a restricted

         area containing Confidential or Prerelease Data.

    B-2 Operating Systems Security

    1.   Control access to Confidential or Prerelease Data according to the user’s

         authorization. The system must be able to allow or deny access based on the

         profile of the user.

    2.   Prevent unauthorized access by clearing all Confidential or Prerelease Data from

         systems before relocating the data to another system. Use software approved by

         the security contact identified in the MOU to overwrite erased data to ensure


Security Guidelines for Federal Government Agencies                                         37
     3.   All vendor-supplied default passwords must be changed before any computer or

          communications system is used for processing Confidential or Prerelease Data.

     4.   Password protect those utilities that are required only by the installation LAN

          manager to maintain security files.

     5.   Mask, suppress, or otherwise obscure the password display, such that

          unauthorized parties will not be able to observe or subsequently recover them.

     B-3 Security Incident Reporting

     1.   Report all suspected IT Confidential or Prerelease Data security problems or

          violations to the Chief, Foreign Trade Division and the Information Security Officer

          of the Foreign Trade Division.

     2.   Communicate the security incident via telephone or paper mail. If e-mail or

          facsimile must be used, avoid revealing phrases in the subject. Words like

          “hackers,” “incident,” or suspect names can be dead giveaways to unauthorized,
          interested parties. The details should be written to a file and encrypted as an

          e-mail attachment.

     3.   Ensure that every password is changed on a system that has been involved in a

          successful attack by a hacker or by some other system penetrator.

38                                                                   FOREIGN TRADE STATISTICS
    B-4 Encryption

    1.   Use only encryption software that utilizes FIPS-approved Data Encryption

         Standard (DES).

    2.   Ensure that Confidential or Prerelease Data are not sent through e-mail.

    3.   Develop management procedures involving key distribution, key storage, and

         key destruction, and submit them to the Chief, Foreign Trade Division and the
         Information Security Officer of the Foreign Trade Division for review and

         approval prior to implementation.

    4.   Provide appropriate physical security for the protection of all encryption keys.

Security Guidelines for Federal Government Agencies                                         39
     C-1 Checklist for Requesting Confidential
     or Prerelease Data
       Written on receiving agency letterhead

       Cites the legislative authority that supports the request

       Identifies the requester and agency employee(s) primarily responsible for

       data security

       Specifies precisely what data (i.e., net export/import fields off net record

       layout, country of destination/origin, port of export/import) are being requested

       Defines what period of time the requested data spans, if applicable

       Details how the data will be used (i.e., in what investigation, or as input to what

       type of statistical analysis)

       Identifies all users of the requested information

       If requesting Confidential Data, demonstrates why data aggregated to the

       agency’s requirements will not suffice

       If requesting Prerelease Data, justifies the early access

       Specifies what time increment is being requested between installments

       (i.e., monthly, biweekly), if applicable

       If a company is involved in a court case or investigation, includes the

       company’s federal Employer Identification Number (EIN)

40                                                                 FOREIGN TRADE STATISTICS
    C-2 National Interest Determination Checklist
        Description of requested or affected export data, including timeframe(s)

        (i.e., Shipper’s Export Declarations or detail files)

        Statement of the primary purpose(s) of agency data use, including statutory

        and regulatory citations

        Descriptions of the kinds of activities or operations for which data use is

        requested or authorized

        Statement that data received will be used and maintained under strictly

        secure conditions

        Description of the purposes, activities, or operations for which use is not

        authorized, if applicable

        Statement of export/import law enforcement, statistical, or other NID

        policy justification

        Explanation of how the agency use, as requested, is in the national interest

        Statement of time period for which the determination is effective, up to 3 years

        Statement that agency must designate employee(s) primarily responsible for

        data security (i.e., Agency Contact Person)

        Statement that specific conditions apply to agency receipt, use, and security

        of data (Foreign Trade Security Manual)

        Statement of whether there is or may be a related interagency agreement,

        if applicable

        States Census Bureau will conduct safeguard review at agency site to evaluate

        both the use of Confidential or Prerelease Data and the measures employed by the

        receiving agency to protect that data

        Statement of whether Census Bureau actions do, or may, require agency

        reimbursement, if applicable

        Statement as to how the affected agency may request a renewal of the NID

Security Guidelines for Federal Government Agencies                                       41
     C-3 Memorandum of Understanding (MOU) Checklist
       Includes NID statement

       Identifies parties involved in the agreement

       States objective of the MOU

       States specific purpose to which the data are being applied

       Includes confidentiality statement

       Cites legal and regulatory authority under which the data are being released

       Specifies effective dates for data release/expiration date of MOU, if

       Prerelease Data

       Particularizes data to be provided:

           Codes/Field names


           Time periods

       Specifies method of data transmittal

       States access control procedures will be updated/changed at least every quarter

       States Census Bureau will conduct safeguard review at agency site to evaluate

       both the use of Confidential or Prerelease Data and the measures employed by

       the receiving agency to protect that data

42                                                               FOREIGN TRADE STATISTICS
        Itemizes any specific conditions applicable to agency receipt, use, and security

        of data (Foreign Trade Security Manual)

             Held and managed only under strictly secure conditions

             Used only for purposes, activities, and operations as authorized in the NID

             Accessed and used only by named agency employees or agents with a

             need to know

             Not used for any specifically unauthorized purpose, activity, or operation,

             if applicable

             Returned or destroyed when use is complete or determination expires

        Outlines detailed data protection security measures specific to the receiving

        agency’s systems, usage requirements, and environment

        Identifies a Census Bureau Information Security Officer as the contact for

        key/access control transmittal and general security oversight

        Identifies the agency employee(s) to serve as the contact for key/access control

        transmittal and general security oversight

        Specifies that anyone who might come in contact with Confidential or Prerelease

        Data must annually renew and sign a Census Bureau Nondisclosure Agreement

        States necessity for continuing data integrity monitoring

        Prohibits receiving agencies from publishing data compiled from Confidential

        Data without the express, written consent of the Census Bureau; and prohibits

        any further distribution of the data, or information based upon the data, beyond

        the approved parties prior to the Census Bureau’s official release of the trade

        statistics, if Prerelease Data, or permanently, if Confidential Data

Security Guidelines for Federal Government Agencies                                        43
     States data are not to be released to third parties without prior written approval

     Stipulates MOU is internal government document and does not confer rights

     or benefits on any private person or party

     Defines termination terms

     Specifies MOU needs to be updated/renewed after 3 years, and procedure for

     doing so

     Cites that any unauthorized disclosure may result in denial of future access

     and imposition of penalties on the responsible officials, as authorized by

     Title 18 USC, Section 1905

44                                                              FOREIGN TRADE STATISTICS
C-4 Nondisclosure Agreement
          This Agreement will be reratified annually by anyone receiving,

             using, or having access to Confidential or Prerelease Data.

 U.S. Census Bureau Nondisclosure Agreement for CY/FY

 with                                                                 (agency/dept name)

    I will not disclose any of the confidential foreign commerce or trade statistics
obtained for or prepared by the Census Bureau to any person or persons either during or

after my employment. I know such disclosure through publication, or any other com-

munication method, could result in a fine and/or imprisonment, or removal from office

or employment. I will use these data only for the purposes authorized in the governing

Memorandum of Understanding (MOU) and will abide by the terms and conditions of that


    This commitment to confidentiality as detailed in Title 13, USC forms the basis of our

bond of trust with the public. Respondents entrust to us personal and financial informa-
tion that we need to produce aggregate data. In turn, we promise not to disclose any of

our data in such a way that respondents can be identified.

    In addition, I acknowledge receipt of a copy of the MOU and the Foreign Trade Statis-

tics Security Guidelines handbook.

    Name                                        Signature                     Date

Security Guidelines for Federal Government Agencies                                      45
C-5 Checklist for Internal Safeguard Inspections
     Review storage and handling of Confidential or Prerelease Data

     Review how access to Confidential or Prerelease Data is granted to

     authorized employees

     Assess facility security features

     Verify that Confidential or Prerelease Data have not been commingled with

     other information in such a way that confidentiality could be inadvertently

     Review after-hours security measures

     Review access to secure storage containers or areas and of responsibility

     for changing keys

     Analyze security procedures and instructions to employees

     Review data processing operations, including computer systems

     Review the control and storage of magnetic and paper media

     Audit the file room activity

     Interview those charged with security responsibilities

     Review planned organizational changes to assure that security considerations

     are covered

     Review procedures for and records of returning, disposing of, or destroying

     Confidential or Prerelease Data no longer needed by the recipient

46                                                                FOREIGN TRADE STATISTICS

To top