Official Use Only. Lesley Nelson-Burns Office of Quality Management (301)
|
|
- Marilyn Hubbard
- 6 years ago
- Views:
Transcription
1 Official Use Only Lesley Nelson-Burns Office of Quality Management (301)
2 Why Official Use Only? D D D Consolidates most CUI information within DOE Includes unclassified controlled information which is not governed by a DOE-wide directive (e.g., Export Controlled Information, Protected Cooperative Research and Development Information, Applied Technology) Does not include D Unclassified Controlled Nuclear Information (UCNI), which is governed by DOE Order 471.1A and DOE Manual D Unclassified Naval Nuclear Propulsion Information, which is Naval Reactors information OUO ensures consistent handling and protection of unclassified information throughout the complex OUO ensures information is not released through informal methods (posted on a website or sent to a person without a need-to-know the information) 2
3 What is OUO Information? Official Use Only Draft Documents Attorney-Client Patent Information Export Controlled Information Source Selection Information Business Confidential Privacy Act Information Attorney-Work Applied Technology Personally Identifiable Information Intellectual Property Sensitive Nuclear Technology Proprietary Information 3
4 Who has Responsibility for OUO? D D The Office of Classification is responsible for developing DOE s overall policy and guidelines for identifying and protecting OUO The Chief Information Officer (CIO) issues guidance regarding the protection of OUO and other sensitive information on DOE information systems and the identification of PII D Program Offices determine the specific information within their purview that is OUO 4
5 Does OUO Mean the Information is Exempt from Release under the FOIA? D D D OUO is not a determination that information is FOIA exempt OUO is a determination that the information may be FOIA exempt OUO markings ensure a document is not publicly released without an appropriate review If an OUO document is requested under the FOIA, a FOIA Authorizing Official must determine whether the information must be released Only a FOIA Official may determine that information is FOIA exempt The threshold for withholding information under the FOIA is higher, requires in-depth knowledge of FOIA OUO FOIA Exempt 5
6 How is OUO Marked? 6
7 OUO Marking D OUO Markings Ensures everyone understands a documents must be protected Ensures everyone knows how it must be protected D Without OUO markings Does not require protection No recourse if information is released 7
8 How are OUO Documents Marked? Front Marking Determination based on Guidance (Classification/Control Guides) Exemption Number Exemption Name Name AND Organization OFFICIAL USE ONLY May be exempt from public release under the Freedom of Information Act (5 U.S.C. 552), exemption number and category: 5, Privileged Information Department of Energy review required before public release Name/Org: John Smithson, NA-121 Date: 4/11/07 Guidance (if applicable): CG-SS-4 Date of Determination Short Name of Guide Markings are for example purposes only 8
9 How is a Document Transmitting OUO Marked? D Required if transmittal document itself does not contain classified or controlled information D Calls attention to presence of OUO information in attachment Document transmitted contains OUO information Markings are for example purposes only 9
10 Sample Marking of Document Transmitting OUO XXX XXXXXX XX XXXXXXX XXXXX XXXXXXXXXXXX XXXXXX Attachment contains OUO, transmitting document does not contain OUO XXXXXXX. Xxxx xxxxxx xxxxxxxxx xxx xxxxxxxx xxxx xxxxxxx xxxxxxxxx xxx xxxxxxxxxxx, xxxxxxx, xxx xxxxxxxxxx Xxxxxxxx Xxx Xxxx (XXX) xxxxxxxxxxx. Xxxxx xxxxxxxx xxxxxxx xxxxxxxxx xxxxxxxxxx xxx xxxxxxxxxx xxxxxxxxx. Xxxxxxx X xxxxxxxxx xxx xxxxxxxxxxxx xxx xxxxxxxxxxx xxx xxxxxxx XXX xxxxxxxxxxx; Xxxxxxx XX xxxxxxxxx xxxxxxxxxx XXX xxxxxxxxxxx. Xxx Xxxxxxxxxx Xxxxxxxxxxxx Xxxxxxxx (XXX), Xxxxxxxxxx x, xxxx xxxxx xxxxxxxxxxxx xx xxx Xxxxxx xxx xxxxx xx xxx/xxxxxxxx xxxxxxxxxx xxxxxxxxxxx. LXX. Xxxxxxxx xxxxxxxxxx xxxx Xxxxxx xxxxxx xx xxxxxxxxx xx Xxxxxxxxxxx Xxxxxxxxxxxxxx xxx Xxxxxxx Xxxxxx xx xxx-xxx-xxxx. Document transmitted contains OUO Information Markings are for example purposes only 10
11 How is an containing OUO Marked? D First line of message Insert OUO before text D If attachment to message is OUO Message must so indicate Attachment must be marked correctly 11
12 Protecting OUO 12
13 Who May have Access to OUO? D Anyone needing the information to perform his/her job or other DOE-authorized activity No security clearance required Not limited to DOE employees No requirement for US citizenship D Some OUO may have additional access restrictions (Export Controlled Information, Source Selection Information, etc.) D Determination made by person possessing document not person wanting the document 13
14 What are the Cyber Security Requirements for OUO? D D D D Since the OUO Manual was published, the Office of the Chief Information Officer issued Technical and Management Requirements, Protection of Sensitive Unclassified Information, Including Personally Identifiable Information (TMR-22) TMR-22 requires senior management to develop Program Cyber Security Plans (PCSP) which are consistent with TMR-22 The DOE HQ PSCP requires HQ to follow TMR-22 If not with DOE HQ, recommend following TMR-22 requirements until you receive clarification from local 14 cyber security
15 What are the Cyber Security Requirements for OUO? D TMR-22 (and DOE HQ) Requirements OUO must be encrypted during transmission (If person receiving OUO does not have Entrust, contact cyber security for approved alternate method of transmission) OUO on portable/mobile devices and removable media (e.g., CDROMS, thumb drives) must be encrypted 15
16 How is OUO Transmitted by phone? D Transmitting over voice circuits Use encryption whenever possible If unavailable and other encrypted means not feasible alternative, regular voice circuits allowed 16
17 How is OUO Transmitted? D Transmitting by hand between facilities or within a facility May be handcarried Must control access to document 17
18 How is OUO Transmitted? D Transmitting by mail inside facility Place in sealed, opaque envelope or wrapping with recipient s address, and TO BE OPENED BY ADDRESSEE ONLY TO BE OPENED BY ADDRESSEE ONLY on outside 18
19 How is OUO Transmitted? D Transmitting by mail outside facility Place in sealed, opaque envelope or wrapping with recipient s address, return address, and TO BE OPENED BY ADDRESSEE ONLY on outside (same requirements as inside facility, but must include return address) U.S. mail First Class, Express, Certified, Registered Any commercial carrier 19
20 How is OUO Protected? D In Use Take reasonable precautions to prevent access by persons who don t need the information to do their jobs For example, don t read an OUO document in a public place (in the cafeteria, on public transportation) 20
21 How is OUO Protected? D Storing With internal building security during non-duty hours - Unlocked file cabinet, desk, briefcase, etc. No internal building security during non-duty hours - Locked room or locked file cabinet, desk, briefcase, etc. 21
22 How is OUO Protected? D Copying No permission from originator needed Make minimum number of copies Mark and protect copies 22
23 How is OUO Protected? D Destroying Strip-cut shredder with strips no more than ¼ wide Any other method approved by local security office 23
24 Protection Requirements D Apply to DOE OUO documents AND Other-agency CUI documents 24
25 What are Inappropriate Uses of OUO? D OUO must not be used to Conceal violations of law, inefficiency, or administrative error Prevent embarrassment to an organization or agency Prevent or delay the release of information that does not meet the criteria to be designated as OUO 25
26 Are There Penalties for Misuse of OUO? D Imposed if person Intentionally releases OUO information from document marked OUO Intentionally or negligently releases an OUO document Intentionally does not mark a document known to contain OUO information Intentionally marks a document OUO known not to contain OUO information 26
27 What Penalties are Possible? D Examples of penalties (DOE ) Supervisor Verbal admonishment Written reprimand Suspension Termination 27
28 Directives OUO Directives Issued 4/9/03 DOE Order DOE Manual DOE Guide Requirements and responsibilities Detailed instructions for implementing requirements Assists an employee in deciding whether information falls under one of the eight FOIA exemptions 28
29 Contacts Lesley Nelson-Burns Office of Quality Management (301) or Or the Outreach Hotline (301)
Safeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer
Safeguarding Controlled Unclassified Information and Cyber Incident Reporting Kevin R. Gamache, Ph.D., ISP Facility Security Officer Why Are We Seeing These Rules? Stolen data provides potential adversaries
More informationProtecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationPackaging and labelling
QRDvet template, opportunities for reduced label text and multi-lingual labels, recent examples EMA/IFAH-Europe Info Day 2014 Presented by: Jóhann M. Lenharðsson CVMP member (IS) An agency of the European
More informationCHAPTER ONE. The Writing Process COPYRIGHTED MATERIAL
CHAPTER ONE The Writing Process Successful communication is three-tiered: visual, verbal, and written. All firms, but particularly design firms, give considerable thought to the visual image and design
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More informationCourse Objectives Identifying Personally Identifiable Information (PII) Safeguarding Procedures of PII Reporting PII Breaches Proper disposal of PII
Course Objectives Identifying Personally Identifiable Information (PII) Safeguarding Procedures of PII Reporting PII Breaches Proper disposal of PII References Privacy Act of 1974 DA PAM 25-51, Army Privacy
More informationSpringfield, Illinois Police Department
Directive Number: ADM-46 01-084 Issue Date: 05/28/01 Distribution: C,E* Revision Dates: 06/01/01 Effective Date: 06/01/01 Related CALEA Standards: 82.1.7 References: CALEA Standards Manual Rescinds: ADM-46/01-015
More informationREGULATION BOARD OF EDUCATION FRANKLIN BOROUGH
R 3321/Page 1 of 6 The school district provides computer equipment, computer services, and Internet access to its pupils and staff for educational purposes only. The purpose of providing technology resources
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationWhy is the CUI Program necessary?
Why is the CUI Program necessary? Executive departments and agencies apply their own ad-hoc policies and markings to unclassified information that requires safeguarding or dissemination controls, resulting
More informationDEFENSE SECURITY SERVICE PRIVACY IMPACT ASSESSMENT GUIDANCE AND TEMPLATE
DEFENSE SECURITY SERVICE PRIVACY IMPACT ASSESSMENT GUIDANCE AND TEMPLATE Version 1.0 28 October 2008 1 DSS PRIVACY IMPACT ASSESSMENT For Industrial Security Facilities Database (ISFD) Project Identifying
More informationDATA STEWARDSHIP STANDARDS
DATA STEWARDSHIP STANDARDS Policy: Enterprise Data Stewardship Policy Document: Data Stewardship Standards Campus: MSU-Billings (MSUB) Revision: 01-08-18 Contact: Michael Barber, Chief Information Officer
More informationSouthern Adventist University Information Security Policy. Version 1 Revised Apr
Southern Adventist University Information Security Policy Version 1 Revised Apr 27 2015 Summary The purpose of this policy statement is to establish the requirements necessary to prevent or minimize accidental
More informationGUIDE FOR THE PREPARATION OF SANITIZED AND DERIVATIVE WORK PRODUCTS USING CHEMICAL-TERRORISM VULNERABILITY INFORMATION (CVI)
GUIDE FOR THE PREPARATION OF SANITIZED AND DERIVATIVE WORK PRODUCTS USING CHEMICAL-TERRORISM VULNERABILITY INFORMATION (CVI) June 2007 CONTENTS Introduction... 1 Categories of CVI Work Products... 1 1.
More informationTABLE OF CONTENTS. I. Policy 2. III. Supportive Data 2. IV. Signature Block with Effective Date 3. V. Definitions 3. VI. Protocol 4. VII.
Page 1 of 1 TABLE OF CONTENTS SECTION PAGE I. Policy 2 II. Authority 2 III. Supportive Data 2 IV. Signature Block with Effective Date 3 V. Definitions 3 VI. Protocol 4 VII. Procedure 4 VIII. Distribution
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More information4.2 Electronic Mail Policy
Policy Statement E-mail is an accepted, efficient communications tool for supporting departmental business. As provided in the Government Records Act, e-mail messages are included in the definition of
More informationAcceptable Use Policy
Acceptable Use Policy POLICY 07.01.01 Effective Date: 01/01/2015 The following are responsible for the accuracy of the information contained in this document Responsible Policy Administrator Information
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationFreedom of Information and Protection of Privacy (FOIPOP)
Freedom of Information and Protection of Privacy (FOIPOP) No.: 6700 PR1 Policy Reference: 6700 Category: FOIPOP Department Responsible: Records Management and Privacy Current Approved Date: 2008 Sep 30
More informationLet s get started with the module Ensuring the Security of your Clients Data.
Welcome to Data Academy. Data Academy is a series of online training modules to help Ryan White Grantees be more proficient in collecting, storing, and sharing their data. Let s get started with the module
More informationMaria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationViolations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.
Page 1 of 6 Policy: All computer resources are the property of Lee County and are intended to be used for approved County business purposes. Users are permitted access to the computer system to assist
More informationLesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)
Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part
More informationA. PE1676/A submission from the Scottish Government of 6th March 2018 unsigned**, - and
PE1676/C Petitioner submission of 15 March 2018 Thank you for expressing your support for my petition and other supporting statements expressed at the Committee Meeting 1st February 2018. As of the 7th
More informationPRIVACY 102 TRAINING FOR SUPERVISORS. PRIVACY ACT OF U.S.C.552a
PRIVACY 102 TRAINING FOR SUPERVISORS PRIVACY ACT OF 1974 5 U.S.C.552a PRIVACY TOOL BOX WEB SITE: WWW.PRIVACY.NAVY.MIL Lists all approved Navy and Marine Corps Privacy Act systems of records DOD systems
More informationDocument Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes
Effective Date: 01/01/2014 Page 1 of 7 REVISION HISTORY Revision No. Revision Date Authors Description of Changes 1.0 11/04/2013 CISO Populate Into Standard Template APPROVED BY This Policy is established
More informationMATH 104B OCTAL, BINARY, AND HEXADECIMALS NUMBERS
MATH 104B OCTAL, BINARY, AND HEXADECIMALS NUMBERS A: Review: Decimal or Base Ten Numbers When we see a number like 2,578 we know the 2 counts for more than the 7, even though 7 is a larger number than
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationINFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES
INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES 1. INTRODUCTION If you are responsible for maintaining or using
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationThe Data Protection Act 1998 Clare Hall Data Protection Policy
The Data Protection Act 1998 Clare Hall Data Protection Policy Introduction This document is a guide to the main requirements of the new Data Protection Act (DPA) that came into force on 24th October 2001.
More informationNEWTON COUNTY OPEN RECORDS ACT POLICY
NEWTON COUNTY OPEN RECORDS ACT POLICY As a public entity, Newton County is subject to the Open Records Act, O. C. G.A. 50-18- 70 et seq. Newton County is committed to conducting its business in a manner
More informationADOPTED STANDARDS/POLICIES. Information Technology Security Policy
INFORMATION TECHNOLOGY POLICY BOARD ADOPTED STANDARDS/POLICIES Information Technology Security Policy COUNTY OF SACRAMENTO Office of Communications and Information Technology TO: Agency Administrators,
More informationSTUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System
Slide 1 RMF Overview RMF Module 1 RMF takes into account the organization as a whole, including strategic goals and objectives and relationships between mission/business processes, the supporting information
More informationJacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope
Jacksonville State University Acceptable Use Policy 1. Overview Information Technology s (IT) intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Jacksonville
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationThis page is intentionally left blank.
This page is intentionally left blank. STANDARD 900-508710-STD-002 REV. 0 REVISION HISTORY Rev. No. Date Details of Rev. Reviewed By Approved By 0 2017/11/06 Comments incorporated. Issued as L. Johns
More informationIS-906: Workplace Security Awareness. Visual 1 IS-906: Workplace Security Awareness
IS-906: Workplace Security Awareness Visual 1 Course Administration Sign-in sheet Course evaluation forms Site logistics Emergency procedures Breaks Restrooms Cell phones/blackberrys Visual 2 Course Objectives
More informationISOO CUI Overview for ACSAC
ISOO CUI Overview for ACSAC Briefing Outline ISOO Overview Overview of the CUI Program CUI and IT Implementation CUI and NIST Standards and Guidelines NIST SP 800-171 CUI Approach for the Contractor Environment
More information- Cyber threat information: information directly pertaining to,
WHAT INFORMATION MAY BE SHARED H.R. 3674, the PRECISE Act of 2011, as reported from HHSC Subcmte on Cybersecurity (Lungren) law, H.R. 3523, the Cyber Intelligence sharing and Protection Act of 2011, as
More informationHIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA Privacy & Security Training HIPAA The Health Insurance Portability and Accountability Act of 1996 AMTA confidentiality requirements AMTA Professional Competencies 20. Documentation 20.7 Demonstrate
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationOutline. Other Considerations Q & A. Physical Electronic
June 2018 Outline What is CUI? CUI Program Implementation of the CUI Program NIST SP 800-171A (Draft) Federal Acquisition Regulation update Basic and Specified CUI Marking Destruction Controlled Environments
More informationYour FOIA Rights. You have the right to request to inspect or receive copies of public records, or both. 09/23/16
1 Rights & Responsibilities: The Rights of Requesters and the Responsibilities of Wytheville Community College under the Virginia Freedom of Information Act The Virginia Freedom of Information Act (FOIA),
More informationCERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement
CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement Welcome to Certified Mail Envelopes and Certified Mail Labels web sites (the Site ) a website, trademark and business name owned and operated
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationGovernment Privacy. Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer
IAPP Privacy Certification Certified Information Privacy Professional/Government (CIPP/G) Government Privacy Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationEnterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
More informationMaking a Request for records from The Town of Gordonsville
Rights & Responsibilities: The Rights of Requesters and the Responsibilities of the Town of Gordonsville under the Virginia Freedom of Information Act The Virginia Freedom of Information Act (FOIA), located
More informationPROCEDURE Cryptographic Security. Number: G 0806 Date Published: 6 July 2010
1.0 About this procedure This procedure explains the specific requirements that staff handling cryptographic material must follow. Cryptographic material is the medium by which we will configure any computer
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Removable Storage Media Security Standard This standard is applicable to all VCU School of Medicine personnel.
More informationInformation Technology Acceptable Use Policy
Department of Technology Policy Title: Information Technology Acceptable Use Policy Authority: Chief Information Officer Effective Date: January 1, 2017 Purpose: This policy outlines the acceptable use
More informationMULTINATIONAL INDUSTRIAL SECURITY WORKING GROUP MISWG Document Number 5 November 1, 2007 PROGRAM/PROJECT SECURITY INSTRUCTION
International Programs Security Handbook N-1 APPENDIX N PROGRAM/PROJECT SECURITY INSTRUCTION MULTINATIONAL INDUSTRIAL SECURITY WORKING GROUP MISWG Document Number 5 November 1, 2007 PROGRAM/PROJECT SECURITY
More informationIndustry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018
Industry Webinar Project 2018-02 Modifications to CIP-008 Cyber Security Incident Reporting November 16, 2018 Agenda Presenters Standard Drafting Team NERC Staff - Alison Oswald Administrative Items Project
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationVoyager Mobile Entry Plus. (VME Plus) Installer Manual
Voyager - 50 Mobile Entry Plus (VME Plus) Installer Manual Device Telephone Number: 1 Installation Steps 1. If there is a SIM installed in the GSM device skip to step 3. 2. If there is no SIM installed
More informationPolicy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4
Policy Sensitive Information Version 3.4 Table of Contents Sensitive Information Policy -... 2 Overview... 2 Policy... 2 PCI... 3 HIPAA... 3 Gramm-Leach-Bliley (Financial Services Modernization Act of
More informationWhat is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.
HIPAA Training What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. It provides the ability to transfer and continue health insurance coverage for workers
More informationNOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.
TITLE MOBILE WIRELESS DEVICES AND SERVICES SCOPE Provincial APPROVAL AUTHORITY Alberta Health Services Executive SPONSOR Information Technology PARENT DOCUMENT TITLE, TYPE AND NUMBER Not applicable DOCUMENT
More informationComponents and Considerations in Building an Insider Threat Program
Components and Considerations in Building an Insider Threat Program Carly Huth Insider Threat Researcher, CEWM Carly L. Huth is an insider threat researcher in the Cyber Enterprise and Workforce Management
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationElectricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013
Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013 Purpose and Scope The purpose of the Electricity Sub-Sector Coordinating Council (ESCC) is to facilitate and support
More informationClassification of information V1.1
Classification of information V1.1 Effective Date: 2016; February, the 17 th Document's target audience: This document, as an annex of the BOOSTAEROSPACE Security policy is intended to all BOOSTAEROSPACE
More informationRequest the Creation and Changes to Security Access Groups
Electronic Records Management System (ERMS) ERMS Process Guide 5 Request the Creation and Changes to Security Access Groups 1. Purpose This Process Guide describes the process for requesting the creation
More informationNMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
More informationPTLGateway Acceptable Use Policy
1 PTLGateway Acceptable Use Policy Last Updated Date: 02 March 2018 Acceptable Use Policy Your use of our Services must fall within our Acceptable Usage Policy. Contents Key details... 1 COVERAGE OF THIS
More informationThe New Government Security Classification System -
The New Government Security Classification System -? Industry The guidance in this booklet is being developed for use from April 2014. It is but is being shared with industry in order to raise awareness
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationPA TURNPIKE COMMISSION POLICY
POLICY SUBJECT: PA TURNPIKE COMMISSION POLICY This is a statement of official Pennsylvania Turnpike Policy RESPONSIBLE DEPARTMENT: NUMBER: 6.03 APPROVAL DATE: 08-25-1978 EFFECTIVE DATE: 08-25-1978 Management
More information2018 SRAI Annual Meeting October Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA
2018 SRAI Annual Meeting October 27-31 Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA Controlled Unclassified Information Regulations: Practical Processes and Negotiations
More informationSubcontractor OPSEC Training Government Programs
2017-2018 Subcontractor OPSEC Training Government Programs September 5, 2017 What is OPSEC and Why is it Necessary? Operations Security (OPSEC): A risk management tool used to deny an adversary information
More information8/28/2017. What Is a Federal Record? What is Records Management?
Ramona Branch Oliver US Department of Labor What Is a Federal Record? Records include all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical
More informationGramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationTechnology Control Plan
Technology Control Plan I. Statement of policy and assignment of responsibility The University of Illinois at Urbana-Champaign (UIUC) is committed to complying with the export laws and regulations of the
More informationRMU-IT-SEC-01 Acceptable Use Policy
1.0 Purpose 2.0 Scope 2.1 Your Rights and Responsibilities 3.0 Policy 3.1 Acceptable Use 3.2 Fair Share of Resources 3.3 Adherence with Federal, State, and Local Laws 3.4 Other Inappropriate Activities
More informationState of West Virginia Department of Health and Human Resources (DHHR) Office of Management Information Services (OMIS)
1.0 PURPOSE Periodic security audits, both internal and external, are performed for the benefit of the and its employees to: (1) identify weaknesses, deficiencies, and areas of vulnerability in operations;
More informationANNUAL SECURITY AWARENESS TRAINING 2012
UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff ANNUAL SECURITY AWARENESS TRAINING 2012 NETWORK AND COMPUTER USE POLICY Users of information technology
More informationFORMATTING GUIDELINES These guidelines are designed for Microsoft Word or a similar word processing program.
FORMATTING GUIDELINES These guidelines are designed for Microsoft Word or a similar word processing program. Cover Page Your play should have standard one-inch margins. If your submission is bound, you
More informationPRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber
More informationEvery Toastmaster s First Stop for Advice and Resources HOW TO FILE YOUR CLUB S IRS 990 N FORM
SIMPLE STEP-BY-STEP INSTRUCTIONS FOR FILING THE IRS 990-N POSTCARD ALL CLUBS are REQUIRED to submit the Postcard by May 15 th of each year. There are Many Steps But They Are Simple Steps Follow the instructions
More informationResponsible Officer Approved by
Responsible Officer Approved by Chief Information Officer Council Approved and commenced August, 2014 Review by August, 2017 Relevant Legislation, Ordinance, Rule and/or Governance Level Principle ICT
More informationAcceptable Use Policy
Acceptable Use Policy. August 2016 1. Overview Kalamazoo College provides and maintains information technology resources to support its academic programs and administrative operations. This Acceptable
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More information300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0
P.O. Box 212 Philip D. Murphy, Governor 300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ 08625-0212 www.tech.nj.gov STATE OF NEW JERSEY TECHNOLOGY CIRCULAR Enterprise Information
More informationPCA Staff guide: Information Security Code of Practice (ISCoP)
PCA Staff guide: Information Security Code of Practice (ISCoP) PCA Information Risk and Privacy Version 2015.1.0 December 2014 PCA Information Risk and Privacy Page 1 Introduction Prudential Corporation
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More information