EXHIBIT 6 Procedures for monitoring NETWORK INTRUSION
DETECTION SYSTEM (NIDS)
INTRODUCTION TO THE INFORMATION ASSURANCE (IA) PROGRAM
Purpose. Per references (a) through (h), provide command guidance with regards to TTGL IA program.
Objectives. This Information Assurance program plan establishes TTGL IA policies and procedures and serves as a central management tool relevant to the secure handling of all IS equipment, software, devices, systems, and data produced.
Policy. Per references (a) through (e), the policies, guidance and procedures set forth in this instruction support the Department of Defense (DoD) and Department of the Navy (DON) IA requirements. Strict adherence to policies and procedures identified in this IA plan is mandatory for all TTGL personnel. Specific TTGL IA policies include:
Authority to Operate. In accordance with reference (f), all new, modified, or otherwise operable IS must include a valid Authority To Operate (ATO) or Interim Authority To Operate (IATO) from the Navy’s Office of Designated Approving Authority (ODAA) to process classified and sensitive unclassified data. All requests for ATO/IATO recertification’s shall be submitted to ISIC N6 via email NLT 120 days prior to expiration and via broadcast message traffic NLT 30 days prior to expiration.
User Access. User access to IS and data produced shall be based on the users established need to access such systems and data. Privileged users are users designated by the Information Assurance Manager (IAM) to conduct those functions required by reference (b) or any other function above and beyond a common user level access and shall be strictly limited to those personnel with an absolute need to access.
All prospective users are required to sign OPNAV 5239/14 (System Access Authorization Request-Navy (SAAR-N)) and complete IA Awareness training prior to receiving access to any TTGL computer asset.
Individual Accountability. TTGL IS users’ access controls shall be maintained using approved password requirements and internal software security controls.
Creating, revising, disabling, and deleting accounts shall be performed IAW TTGL policy.
Privileged Users are required to sign both the SAAR-N and Privileged Access Authorization (PAA) form IAW reference (n).
Physical Control. Access to TTGL IS, media, and data storage areas will be externally controlled and protected against unauthorized access by using authorized Force Protection measures.
Warning Banners. A log-on warning banner will be used on all network and stand-alone computer systems. This warning banner shall be displayed before a successful log-on and include an option that allows the opportunity to terminate the connection. Warning Banners shall be IAW CTO 08-008A.
Information Systems Product Control. IS memory media, classified hard copy reports, printouts, and integrity is the responsibility of everyone authorized to use TTGL IS or networks. Specifically:
Memory media (flash drives, MP3 players, cameras, etc), regardless of classification, shall not be removed or introduced into the TTGL IS without written approval of the IAM.
All unlabeled IS media found within TTGL shall be protected as classified material and immediately reported/forwarded to IAM/IAO for further determination.
Classified IS media and hard copy printouts shall conspicuously display the overall classification and any special category markings (if applicable) on use, control, and accounting procedures, specifically:
IS media will be externally marked with a permanent, DoN approved security classification and control label (SF-710). The label will be affixed in a manner that will not adversely affect the operation of the medium or the equipment used. The placement of the label may vary, however it should be conspicuous when in use and when inserted into sleeves, disc boxes, etc.
SIPR monitor displays shall be protected against casual observation of terminal content by unauthorized users.
Cell phones are not authorized within TTGL or in the immediate vicinity of any TS/SECRET IS assets.
Operators are required to log out of the system when not in use. A lock-out setting is used to automatically lock the machine that has been without activity for more than 10 minutes.
License/Copyright. Adherence to software licensing agreements for copyrighted software packages used within TTGL shall be strictly enforced. N6 Department shall closely monitor prepared software packages to ensure licensing/copyright integrity is maintained. All violations shall be reported to IAM for further action.
IS residue. Printer ribbons or other readable IS residue will be controlled at the highest level of information processed by the associated equipment.
IS/Media Inventory. Inventory of TTGL IS and media is not required to accommodate security. However, inventory of licensed and proprietary software shall be conducted annually by N6 Department personnel under the direction of the TTGL IAM. Inventory will verify location of each piece of licensed or proprietary software and determine the need for continued retention. A master list of all licensed and proprietary software including location, custodial responsibility, and a permanently assigned control number will be maintained within the magnetic media central database to facilitate an inventory. A formal report will be issued by the TTGL IAM to the CO and TTGL N4 upon completion of each inventory. All documents relevant to annual software inventory, including completed inventory listings, worksheets and reports will be retained by the IAM for one year.
Incident Reporting. All incidents that influence the security and integrity of TTGL computer systems will be reported immediately to the IAM. Per references (i), (k) and (l), the IAM will investigate each incident thoroughly and recommend appropriate corrective action to prevent recurrence. IA incidents and violations will be documented and forwarded to the Commanding Officer. If it is determined that a compromise and/or violation has occurred, the Commanding Officer will direct a formal investigation (assign investigating officer) per references (i), (k) and (l). Specific incident reporting procedures shall be conducted IAW Chapter 4 of this instruction.
IA General Training. A TTGL IA training program shall be maintained under the direction of IAM. Training will include all aspects of IA, including internal accountability, sanitization procedures, scanning and patching, configuration control, and certification requirements. Training plans and curriculum shall be maintained by the IAM/IAO.