Sanitization of Electronic MediaSanitization of Electronic Media

January 27, 2005 OCIO/IS

SBU Security AwarenessSBU Security Awareness

What is Sanitization?What is Sanitization?Which answer best describes sanitization? Which answer best describes sanitization?

A. Santa Claus taking over the world.A. Santa Claus taking over the world. B. What you experience traveling alongB. What you experience traveling along the Santa Fe Trail in New Mexico. the Santa Fe Trail in New Mexico. C. The sand you get on your feet afterC. The sand you get on your feet after a walk on the beach.a walk on the beach. D. Clearing data from computer drives.D. Clearing data from computer drives.

What Sanitization is:What Sanitization is:The correct answer is “D”: The correct answer is “D”: D. Clearing data from computer drives.D. Clearing data from computer drives.

What is SBU Information?What is SBU Information?Which acronym best describes SBU information? Which acronym best describes SBU information?

A. A brochure of A. A brochure of SSouth outh BBoston oston UUniversity.niversity. B. B. SSmart mart BBut ut UUseless nonsense. seless nonsense. C. C. SSensitive ensitive BBut ut UUnclassified data.nclassified data. D. D. SSchool chool BBasketball asketball UUniforms.niforms.

What SBU Information is:What SBU Information is:The correct answer is “C”: The correct answer is “C”: C. C. Sensitive But Unclassified data.Sensitive But Unclassified data.

Information ClassificationsInformation Classifications Classified versus Unclassified Information Classified versus Unclassified Information ClassifiedClassified: Top Secret/Secret/Confidential: Top Secret/Secret/Confidential - Rarely handled within GSA- Rarely handled within GSA - e.g. DOD or DHS National Defense Information- e.g. DOD or DHS National Defense Information - A totally separate handling process- A totally separate handling process - Will not be addressed at this time- Will not be addressed at this time

UnclassifiedUnclassified: Sensitive But Unclassified (SBU) : Sensitive But Unclassified (SBU) Information:Information: - Used daily by most GSA associates- Used daily by most GSA associates - In numerous forms and media - In numerous forms and media - The focus of our discussion- The focus of our discussion

Classified Information PoliciesClassified Information PoliciesFor handing of Classified Information, the following For handing of Classified Information, the following

references are available:references are available:

Executive Order 12958, Executive Order 12958, Classified National Security Classified National Security Information as AmendedInformation as Amended  

GSA Handbook, Classified GSA Handbook, Classified National Security Information, National Security Information, ADM P 1025.2D, October 3, 1996ADM P 1025.2D, October 3, 1996 (Expires: 10/3/06)(Expires: 10/3/06)

Types of SBU InformationTypes of SBU Information

Types of SBU (Unclassified) InformationTypes of SBU (Unclassified) Information

- Financial Information- Financial Information - Privacy (Personnel) Information- Privacy (Personnel) Information - Contractual Information - Contractual Information - Building (Floor and Space) Plans- Building (Floor and Space) Plans - Physical Security- Physical Security - IT Security (Technical)- IT Security (Technical) - Proprietary Information- Proprietary Information - Other information not releasable under the- Other information not releasable under the Freedom of Information Act.Freedom of Information Act.

Electronic Media: Then and nowElectronic Media: Then and now

    1974 2004 1974 2004 Report BlackberryReport Blackberry    

The Challenge: Information The Challenge: Information Technology (IT)Technology (IT)

* Biggest headaches to the Federal Government* Biggest headaches to the Federal Government

- Spread of desktop technologies- Spread of desktop technologies

- Protection of the information handled, - Protection of the information handled, processed,processed,

and distributedand distributed

- Classified versus unclassified information.- Classified versus unclassified information.

* Unclassified sensitive information least controlled in * Unclassified sensitive information least controlled in the realm of most everyday government operations.the realm of most everyday government operations.

  

  

““VA toughens security after PC VA toughens security after PC disposal blunders”disposal blunders”

By Judi Hasson, By Judi Hasson,

Federal Computer Week, August 29, 2002Federal Computer Week, August 29, 2002 CASE: CASE: August 2002, VA Medical Center, Indianapolis Indiana, August 2002, VA Medical Center, Indianapolis Indiana, retired 139 desktop computers. retired 139 desktop computers. - Some were donated to schools - Some were donated to schools - Others were sold on the open market - Others were sold on the open market - 3 ended up in a thrift shop where a journalist - 3 ended up in a thrift shop where a journalist purchased them. purchased them. OMISSION:OMISSION: The VA neglected to sanitize the computer's hard drives The VA neglected to sanitize the computer's hard drives (remove the drives' confidential information). (remove the drives' confidential information). RESULTS:RESULTS: Many of the computers were later found to contain Many of the computers were later found to contain sensitive medical information, including:sensitive medical information, including: - Names of veterans with AIDS and mental health - Names of veterans with AIDS and mental health problems. problems. - 44 credit card numbers used by that facility.- 44 credit card numbers used by that facility.

SBU Information LawsSBU Information LawsFor handing of SBU Information, the following For handing of SBU Information, the following

references are available:references are available: Privacy Act of 1874 (Public Law 93-579)Privacy Act of 1874 (Public Law 93-579) Federal Information Security Management Act (FISMA) of Federal Information Security Management Act (FISMA) of 2002.2002. Office of Management and Budget (OMB) Circular A-130, Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, and Management of Federal Information Resources, and Appendix III, Security of Federal Automated InformationAppendix III, Security of Federal Automated Information Systems as Amended. Systems as Amended. Homeland Security Presidential Directive (HSPD-7), Critical Homeland Security Presidential Directive (HSPD-7), Critical Infrastructure Identification, Prioritization, and Protection, Infrastructure Identification, Prioritization, and Protection, December 17, 2003.December 17, 2003.

SBU Information PoliciesSBU Information PoliciesFor handing of SBU Information, the following GSA For handing of SBU Information, the following GSA

orders are available:orders are available: GSA Order CIO P 2100.1B, GSA Information Technology (IT) GSA Order CIO P 2100.1B, GSA Information Technology (IT) Security, November 4, 2004Security, November 4, 2004 GSA Order PBS 3490.1, Document security for sensitive but unclassified paper and electronic building information, March 8, 2002

Definition: Sanitization of Definition: Sanitization of Electronic MediaElectronic Media

SOURCE:SOURCE:

NIST Special Publication 800-18, Guide for Developing Security NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology SystemsPlans for Information Technology Systems, December 1998, December 1998

4.4 Planning for Security in the Life Cycle4.4 Planning for Security in the Life Cycle

4.4.5 Disposal Phase4.4.5 Disposal Phase

Media Sanitization:Media Sanitization:

·      The removal of information from a storage medium (such as a ·      The removal of information from a storage medium (such as a hard disk or tape) is called sanitization. Different kinds of hard disk or tape) is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable be made between clearing information (rendering it unrecoverable by keyboard attack) and purging (rendering information by keyboard attack) and purging (rendering information unrecoverable against laboratory attack). There are three general unrecoverable against laboratory attack). There are three general methods of purging media: methods of purging media: overwriting, degaussing (for magnetic overwriting, degaussing (for magnetic media only), and destruction.media only), and destruction.

Sanitization Procedures of Sanitization Procedures of Electronic MediaElectronic Media

Basically the following procedures are best practices:Basically the following procedures are best practices: a. Hard Drives – Triple over-write or degaussa. Hard Drives – Triple over-write or degauss b. Tapes – Degaussb. Tapes – Degauss c. Compact Disks – Incinerate or c. Compact Disks – Incinerate or chemical destruction chemical destruction d. Paper - Shredd. Paper - Shred e. Floppy diskettes – degauss, overwrite, or thee. Floppy diskettes – degauss, overwrite, or the removed internal plastic mylar surface can removed internal plastic mylar surface can

be shreddedbe shredded

Bottom line: Anything containing a microchip or Bottom line: Anything containing a microchip or plastic Mylar recording surface (iron oxide layers) plastic Mylar recording surface (iron oxide layers) can contain SBU information.can contain SBU information.

GSA IT Security PolicyGSA IT Security Policy

GSA Information Technology (IT) Security PolicyGSA Information Technology (IT) Security Policy

GSA Order CIO HB 2100.1BGSA Order CIO HB 2100.1B 26. Data Classification. The Data Owner shall identify the level of

protection required for a particular system commensurate with the need for confidentiality, integrity, availability, and accountability of the data processed by the system.

Sensitivity Levels. Sensitive data is data that is protected from unauthorized disclosure (confidentiality) or modification (integrity) because of the damage that could result to the Government or individuals as a result of such disclosure or modification. The sensitivity of the data input, stored, and processed by the system dictates the level of protection. Protection criteria for specific classifications of information are mandated by public laws. Penalties under section (g) of the Privacy Act for negligence of entrusted data could result in criminal liability for employees and cause significant embarrassment to GSA if information to be protected were compromised, corrupted, or unavailable.

GSA IT Security PolicyGSA IT Security Policy

GSA Information Technology (IT) Security PolicyGSA Information Technology (IT) Security Policy

GSA Order CIO HB 2100.1BGSA Order CIO HB 2100.1B Sanitization of Electronic MediaSanitization of Electronic MediaCHAPTER 1.CHAPTER 1.THE GSA INFORMATION TECHNOLOGY SECURITY PROGRAM THE GSA INFORMATION TECHNOLOGY SECURITY PROGRAM 39. 39. Sanitization of Electronic MediaSanitization of Electronic Media. . Sensitive but unclassified data shall be removed Sensitive but unclassified data shall be removed from equipment and electronic and optical storage from equipment and electronic and optical storage media, using methods approved by the Data Owner or media, using methods approved by the Data Owner or DAA, before disposal or transfer outside of GSA.DAA, before disposal or transfer outside of GSA.

GSA IT Security PolicyGSA IT Security Policy

GSA Information Technology (IT) Security PolicyGSA Information Technology (IT) Security Policy

GSA Order CIO HB 2100.1BGSA Order CIO HB 2100.1B 26. Data Classification. The Data Owner shall identify the level of

protection required for a particular system commensurate with the need for confidentiality, integrity, availability, and accountability of the data processed by the system.

Sensitivity Levels. Sensitive data is data that is protected from unauthorized disclosure (confidentiality) or modification (integrity) because of the damage that could result to the Government or individuals as a result of such disclosure or modification. The sensitivity of the data input, stored, and processed by the system dictates the level of protection. Protection criteria for specific classifications of information are mandated by public laws. Penalties under section (g) of the Privacy Act for negligence of entrusted data could result in criminal liability for employees and cause significant embarrassment to GSA if information to be protected were compromised, corrupted, or unavailable.

PBS Building Information PolicyPBS Building Information PolicyDocument security for sensitive but unclassified paper and electronic building information, GSA Order PBS 3490.1, March 8, 2002 1. Purpose. This order sets forth the PBS's policy on the

dissemination of sensitive but unclassified (SBU) paper and electronic building information of GSA's controlled space, including owned, leased, or delegated Federal facilities.

This document includes direction: This document includes direction: Reasonable care for dissemination of sensitive but unclassified Reasonable care for dissemination of sensitive but unclassified (SBU) building information, (SBU) building information, Limiting dissemination to authorized users, Limiting dissemination to authorized users, Record keeping, Record keeping, Retaining and destroying documents, Retaining and destroying documents, Electronic transfer and dissemination, Electronic transfer and dissemination, Defining the appropriate level of security, Defining the appropriate level of security, Handling of Freedom of Information (FOIA) requests, Handling of Freedom of Information (FOIA) requests, Handling proprietary information owned by Architect/EngineersHandling proprietary information owned by Architect/Engineers..

Electronic Media Affected:Electronic Media Affected:What Hardware is affected:What Hardware is affected:- Desktop/Hard Drives- Desktop/Hard Drives - Laptops/Hard Drives- Laptops/Hard Drives - Server/Hard Drives- Server/Hard Drives - PDAs and Integrated Devices- PDAs and Integrated Devices - Cell/Camera Phones- Cell/Camera Phones - Miniature Recording Devices- Miniature Recording Devices - Cameras/Removable Flash/Media Memory Cards- Cameras/Removable Flash/Media Memory Cards - Peripherals: Printers/Scanners- Peripherals: Printers/Scanners - Backup Storage Devices- Backup Storage Devices

Backup Storage Devices include: Backup Storage Devices include: - Compact disks (CDs)- Compact disks (CDs) - Floppy diskettes and zip tapes- Floppy diskettes and zip tapes - Removal hard and zip drives- Removal hard and zip drives - Flash/Thumb/Pen drives- Flash/Thumb/Pen drives Note: Disposal of paper copies cannot be ignoredNote: Disposal of paper copies cannot be ignored

Sanitization TechniquesSanitization Techniques SOURCE:GSA Standards of Good PracticesSanitization of Sensitive But Unclassified (SBU)Data from Magnetic Storage Media 3. Sanitization Techniques: overwriting, degaussing, and destruction.

OverwritingOverwriting is an effective method for clearing data from hard magnetic media (hard drives and disks, but not

floppy disks or tape).  As the name implies, overwriting uses a program to write (1s, 0s, or a combination) onto the media. Common practice is to overwrite the media three times in alternating fashion "1010101010 ..." then "0101010101 ...." However, it is not uncommon to see overwrites of media up to eight times depending on the sensitivity level of the information. Overwriting should not be confused with merely deleting the pointer to a file (which typically happens when a delete command is used). 

Overwriting requires that the media be in working order (ideally, a bad block map is made prior to sensitive data being introduced on the media and another map made after the overwrites). If bad blocks develop after the initial mapping which are not corrected during the “overwrite,” then the “overwrite” is considered to have "failed" at least insofar as the data potentially resident in the bad block. Similarly if an initial bad block map was not made and bad blocks exist after the “overwrite,” we have to assume that sensitive data could potentially be on one of the bad blocks. At the point it's a risk decision whether you accept the “overwrite” or move on to degaussing or physical destruction of the media.

DegaussingDegaussing is a method to magnetically erase data from magnetic media. Two types of degausser exist: strong

permanent magnets and electric degaussers. Degaussers come in a variety of strengths, and are generally categorized as Type I (weakest magnetic field) to Type III (strongest magnetic field). Type I degaussers are not particularly useful given the proliferation of high density media -- they're just not strong enough. Type II's are generally used for floppy disks, but are generally not strong enough for the high density hard disks which typically require the Type III degaussers.

DestructionThe final method of sanitization is destruction of the media by shredding, burning, sanding, or chemical

decomposition. For hard disks, typically that means sanding to physically remove the top coated layers of the hard disk. Floppy disks and tape can sometimes be shredded. Burning and chemical decomposition generally pose some environmental hazards, and should be avoided if possible.

Erasing and Recovery LevelsErasing and Recovery Levels There are Levels 1 through 5. Which level do I use?There are Levels 1 through 5. Which level do I use?

All levels erase the disk completely. The only difference is how difficult it All levels erase the disk completely. The only difference is how difficult it would be for someone to recover data from the disk using sophisticated would be for someone to recover data from the disk using sophisticated recovery tools (including scanning tunneling electron microscopes). recovery tools (including scanning tunneling electron microscopes). Level 1 is the fastest, level 5 is the slowest. Level 5 is the most secure, Level 1 is the fastest, level 5 is the slowest. Level 5 is the most secure, level 1 is the least secure. I personally couldn't recover anything from a level 1 is the least secure. I personally couldn't recover anything from a disk that had been cleaned with level 1, but someone with the know-disk that had been cleaned with level 1, but someone with the know-how and a few thousand dollars could. I'm not guaranteeing anything, how and a few thousand dollars could. I'm not guaranteeing anything, but I doubt the NSA could recover anything from a disk that had been but I doubt the NSA could recover anything from a disk that had been cleaned with level 5. Level 3 meets most corporate and nonclassified cleaned with level 5. Level 3 meets most corporate and nonclassified government erasure specifications. Here's what each level does:government erasure specifications. Here's what each level does:

1 - A single pass of all zero.1 - A single pass of all zero. 2 - One pass of random data followed by one pass of all zero.2 - One pass of random data followed by one pass of all zero. 3 - Three passes: all zero, all one, all zero.3 - Three passes: all zero, all one, all zero. 4 - Ten passes, some of which are random, followed by one of 4 - Ten passes, some of which are random, followed by one of zero.zero. 5 – 25 passes, three of which are random.5 – 25 passes, three of which are random.

Sanitization ToolsSanitization ToolsSOURCE:Below are just a few of Sanitization tools available:

Darik’s Boot and Nuke (“DBAN”)WhiteCanyon WipeDrive. New Technologies M-Sweep. Paragon Disk Wiper. DTI Data Disk Wipe. Acronis Drive Cleanser. East-Tec Disk Sanitizer. LSoft Active@ KillDisk. CyberScrub CyberCide. Think System Mechanic 4 Pro/DriveScrubber Pro

Note: most meet DOD 5220-22M Standard for Sanitizing Drives: “Non-Removable Rigid Disks" or hard drives must be sanitized for reuse

by overwriting all addressable locations with a character, its complement, then a random character and verify.”

Security Risk: Ambient DataSecurity Risk: Ambient DataBottom Line: The deletion of a file or the Reformat of a hard disk provides Bottom Line: The deletion of a file or the Reformat of a hard disk provides

essentially no level of security. Left behind: Ambient data is a forensic term essentially no level of security. Left behind: Ambient data is a forensic term which describes, in general terms, data stored in non-traditional computer which describes, in general terms, data stored in non-traditional computer storage areas and formats:storage areas and formats:

- Windows Swap/Page File- Windows Swap/Page FileThese are "scratch pad" files to write data when additional random access memory These are "scratch pad" files to write data when additional random access memory

is needed. (100MB to over 1GB. They contain remnants of any work that may is needed. (100MB to over 1GB. They contain remnants of any work that may have occurred.have occurred.

- Unallocated File Space- Unallocated File SpaceWhen files are erased or deleted the file is not actually erased. Data from the 'erased When files are erased or deleted the file is not actually erased. Data from the 'erased

file' remains behind in an area called unallocated storage space. file' remains behind in an area called unallocated storage space.

- File Slack- File SlackFiles are stored in fixed length blocks of data called clusters. Rarely do file sizes Files are stored in fixed length blocks of data called clusters. Rarely do file sizes

exactly match the size of one or multiple clusters perfectly. The extra data exactly match the size of one or multiple clusters perfectly. The extra data storage space that is assigned to a file is called "file slack". File slack contains storage space that is assigned to a file is called "file slack". File slack contains padded data from memory and remains undeleted.padded data from memory and remains undeleted.

- Shadow Data- Shadow DataShadow data contains the remnants of computer data that was written previously to Shadow data contains the remnants of computer data that was written previously to

a track and it is located slightly outside the track's last write path.a track and it is located slightly outside the track's last write path.

ContactsContacts GSA CHIEF INFORMATION OFFICER WEBSITEGSA CHIEF INFORMATION OFFICER WEBSITE IT Security Points of ContactIT Security Points of Contact - GSA ISSM/ISSO Contact List 10/15/2004- GSA ISSM/ISSO Contact List 10/15/2004 http://insite.gsa.gov/_cio/http://insite.gsa.gov/_cio/ - OCIO Security Division (email)- OCIO Security Division (email) (ITSecrutiy@gsa.gov)(ITSecrutiy@gsa.gov)

Free and Commercially Available Free and Commercially Available

Sanitization ToolsSanitization Tools PROGRAM/COST/PLATFORM/COMMENTSPROGRAM/COST/PLATFORM/COMMENTS

AutoClave AutoClave http://staff.washington.edu/jdlarios/autoclaveFreeFreeSelf-booting PC diskSelf-booting PC diskWrites just zeroes, DoD specs, or the Gutmann patterns. Very convenient and easy to use. Erases Writes just zeroes, DoD specs, or the Gutmann patterns. Very convenient and easy to use. Erases

the entire disk including all slack and swap space.the entire disk including all slack and swap space.

CyberScrub CyberScrub www.cyberscrub.com$39.95$39.95WindowsWindowsErases files, folders, cookies, or an entire drive. Implements Gutmann patterns.Erases files, folders, cookies, or an entire drive. Implements Gutmann patterns.

DataScrubber DataScrubber www.datadev.com/ds100.html$1,695$1,695Windows, UnixWindows, UnixHandles SCSI remapping and swap area. Claims to be developed in collaboration with the US Air Handles SCSI remapping and swap area. Claims to be developed in collaboration with the US Air

Force Information Welfare Center.Force Information Welfare Center.

DataGone DataGone www.powerquest.com$90$90WindowsWindowsErases data from hard disks and removable media. Supports multiple overwriting patterns.Erases data from hard disks and removable media. Supports multiple overwriting patterns.

Eraser Eraser www.heidi.ie/eraserFreeFreeWindowsWindowsErases directory metadata. Sanitizes Windows swap file when run from DOS. Sanitizes slack space Erases directory metadata. Sanitizes Windows swap file when run from DOS. Sanitizes slack space

by creating huge temporary files. by creating huge temporary files.

Free and Commercially Available Free and Commercially Available

Sanitization Tools (Cont.)Sanitization Tools (Cont.) PROGRAM/COST/PLATFORM/COMMENTSPROGRAM/COST/PLATFORM/COMMENTS

OnTrack DataEraser OnTrack DataEraser www.ontrack.com/dataeraser$30 $500$30 $500Self-booting PC disk Self-booting PC disk Erases partitions, directories, boot records, and so on. Includes DoD specs in professional version Erases partitions, directories, boot records, and so on. Includes DoD specs in professional version

only.only.

SecureClean SecureClean www.lat.com$49.95$49.95WindowsWindowsSecurely erases individual files, temporary files, slack space, and so on.Securely erases individual files, temporary files, slack space, and so on.

Unishred Pro Unishred Pro www.accessdata.com$450$450Unix and PC hardwareUnix and PC hardwareUnderstands some vendor-specific commands used for bad-block management on SCSI drives. Understands some vendor-specific commands used for bad-block management on SCSI drives.

Optionally verifies writes. Implements all relevant DoD standards and allows custom patterns.Optionally verifies writes. Implements all relevant DoD standards and allows custom patterns.

Wipe Wipe http://wipe.sourceforge.netFreeFreeLinuxLinuxUses Gutmann's erase patterns. Erases single files and accompanying metadata or entire disks.Uses Gutmann's erase patterns. Erases single files and accompanying metadata or entire disks.

WipeDrive WipeDrive www.accessdata.com$39.95$39.95Bootable PC diskBootable PC diskSecurely erases IDE and SCSI drives.Securely erases IDE and SCSI drives.

Free and Commercially Available Free and Commercially Available

Sanitization Tools (Cont.)Sanitization Tools (Cont.) PROGRAM/COST/PLATFORM/COMMENTSPROGRAM/COST/PLATFORM/COMMENTS

. Wiperaser XP . Wiperaser XP www.liveye.com/wiperaser$24.95$24.95WindowsWindowsErases cookies, history, cache, temporary files, and so on. Graphical user interface.Erases cookies, history, cache, temporary files, and so on. Graphical user interface.

Other ReferencesOther ReferencesOffice of Management and Budget Circular A-130, “Management of Federal Information Office of Management and Budget Circular A-130, “Management of Federal Information

Resources”, Appendix III, “Security of Federal Automated Information Resources.”Resources”, Appendix III, “Security of Federal Automated Information Resources.”Establishes a minimum set of controls to be included in Federal IT security programsEstablishes a minimum set of controls to be included in Federal IT security programs. .   Computer Security Act of 1987Computer Security Act of 1987..This statute set the stage for protecting systems by codifying the requirement for This statute set the stage for protecting systems by codifying the requirement for

Government-wide IT security planning and training.Government-wide IT security planning and training.  Paperwork Reduction Act of 1995Paperwork Reduction Act of 1995. . The PRA established a comprehensive information resources management The PRA established a comprehensive information resources management

framework including security and subsumed the security responsibilities of the framework including security and subsumed the security responsibilities of the Computer Security Act of 1987.Computer Security Act of 1987.

  Clinger-Cohen Act of 1996Clinger-Cohen Act of 1996. . This Act linked security to agency capital planning and budget processes, This Act linked security to agency capital planning and budget processes,

established agency Chief Information Officers, and re-codified the Computer established agency Chief Information Officers, and re-codified the Computer Security Act of 1987.Security Act of 1987.

  Presidential Decision Directive 63, “Protecting America’s Critical InfrastructuresPresidential Decision Directive 63, “Protecting America’s Critical Infrastructures.” .” This directive specifies agency responsibilities for protecting the nation’s This directive specifies agency responsibilities for protecting the nation’s

infrastructure, assessing vulnerabilities of public and private sectors, and infrastructure, assessing vulnerabilities of public and private sectors, and eliminating vulnerabilities.eliminating vulnerabilities.

Presidential Decision Directive 67, “Enduring Constitutional Government and Continuity of Presidential Decision Directive 67, “Enduring Constitutional Government and Continuity of GovernmentGovernment.”.”

Relates to ensuring constitutional government, continuity of operations (COOP) Relates to ensuring constitutional government, continuity of operations (COOP) planning, and continuity of government (COG) operationsplanning, and continuity of government (COG) operations

  OMB Memorandum 99-05, Instructions on Complying with President's Memorandum of May 14, OMB Memorandum 99-05, Instructions on Complying with President's Memorandum of May 14,

1998, “Privacy and Personal Information in Federal Records1998, “Privacy and Personal Information in Federal Records.” .” This memorandum provides instructions to agencies on how to comply with the This memorandum provides instructions to agencies on how to comply with the

President's Memorandum of May 14, 1998 on "Privacy and Personal Information President's Memorandum of May 14, 1998 on "Privacy and Personal Information in Federal Records." in Federal Records."

  

Other References (Cont.)Other References (Cont.)OMB Memorandum 99-18, “Privacy Policies on Federal Web SitesOMB Memorandum 99-18, “Privacy Policies on Federal Web Sites.”.”  This memorandum directs Departments and Agencies to post clear privacy policies This memorandum directs Departments and Agencies to post clear privacy policies

on World Wide Web sites, and provides guidance for doing so.on World Wide Web sites, and provides guidance for doing so.  OMB Memorandum 00-13, “Privacy Policies and Data Collection on Federal Web SitesOMB Memorandum 00-13, “Privacy Policies and Data Collection on Federal Web Sites .” .”   The purpose of this memorandum is a reminder that each agency is required by The purpose of this memorandum is a reminder that each agency is required by

law and policy to establish clear privacy policies for its web activities and to law and policy to establish clear privacy policies for its web activities and to comply with those policies.comply with those policies.

  General Accounting Office “Federal Information System Control Audit Manual” (FISCAM)General Accounting Office “Federal Information System Control Audit Manual” (FISCAM). .   The FISCAM methodology provides guidance to auditors in evaluating internal The FISCAM methodology provides guidance to auditors in evaluating internal

controls over the confidentiality, integrity, and availability of data maintained controls over the confidentiality, integrity, and availability of data maintained in computer-based information systems. in computer-based information systems.

  NIST Special Publication 800-14, “Generally Accepted Principles and Practices for Security NIST Special Publication 800-14, “Generally Accepted Principles and Practices for Security

Information Technology Systems.”Information Technology Systems.”   This publication guides organizations on the types of controls, objectives, and This publication guides organizations on the types of controls, objectives, and

procedures that comprise an effective security program.procedures that comprise an effective security program.  NIST Special Publication 800-18, “Guide for Developing Security Plans for Information NIST Special Publication 800-18, “Guide for Developing Security Plans for Information

Technology Systems.”Technology Systems.”   This publication details the specific controls that should be documented in a This publication details the specific controls that should be documented in a

system security plan.system security plan.