DATA PROTECTION MEASURES

FIPS (Federal Information Processing Standards) PUB 39 Glossary for Computer Systems Security defines data security as "The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure." We are always concerned with the integrity of data; is the data the same as that in the source documents? We want to ensure that the data has not been exposed to accidental or intentional modification, disclosure, or destruction.

Depending on the type of data being processed, the other users with access to the system, and the technical features of the system to provide the needed safeguards, the system may have to operate in a specific security mode.

If your command processes classified and/or sensitive unclassified data, it must abide by certain rules to protect it. In the central computer facility (where the host computer is located), the physical security requirements will be equal to the highest classification of data being handled. If there are two or more computer systems located in the same controlled area, the systems should be separated to limit direct personnel access to a specific system.

In remote terminal areas, security requirements are based upon the highest classification of data to be accessed through the terminals. Each remote terminal must be identifiable through hardware or software features when it is connected to a computer system or network processing classified data. The system or network must know who is logging on.

If the computer system to which your remote terminal is connected is processing classified data and your terminal is not authorized, controlled, or protected for that classification of data, it must be disconnected. The disconnect procedures may be by a hardware measure (such as turning off a switch at the host computer) or a software measure (such as deleting the ID of your terminal during certain processing periods). Because each data classification has different security requirements, we cover each separately.

Classified Data

Handling requirements and procedures for classified AIS media (Confidential, Secret, and Top Secret) are the same as those for handling classified information. Anyone who has possession of classified material is responsible for safeguarding it at all times. You need to be familiar with the four security modes that provide for processing classified data: system high, dedicated, multilevel, and controlled.

SYSTEM HIGH SECURITY MODE.- A computer system is in the system high security mode when the central computer facility and all of the connected peripheral devices and remote terminals are protected in accordance with the requirements for the highest classification category and type of material then contained in the system. All personnel having computer system access must have a security clearance, but not necessarily a need-to-know for all material then contained in the system. In this mode, the design and operation of the computer system must provide for the control of concurrently available classified material in the system on the basis of need-to-know.

DEDICATED SECURITY MODE.- A computer system is operating in the dedicated security mode when the central computer facility and all of its connected peripheral devices and remote terminals are exclusively used and controlled by specific users or group of users having a security clearance and need-to-know for the processing of a particular category(ies) and type(s) of classified material.

MULTILEVEL SECURITY MODE.- A computer system is operating in the multilevel security mode when it provides a capability permitting various categories and types of classified materials to be stored and processed concurrently in a computer system and permitting selective access to such material concurrently by uncleared users and users having differing security clearances and need-to-know. Separation of personnel and material on the basis of security clearance and need-to-know is accordingly accomplished by the operating system and associated system software. In a remotely accessed resource-sharing system, the material can be selectively accessed and manipulated from variously controlled terminals by personnel having different security clearances and need-to-know. This mode of operation can accommodate the concurrent processing and storage of (1) two or more categories of classified data, or (2) one or more categories of classified data with unclassified data, depending upon the constraints placed on the system by the designated approving authority.

CONTROLLED SECURITY MODE.- A computer system is operating in the controlled security mode when at least some personnel (users) with access to the system have neither a security clearance nor a need-to-know for all classified material then contained in the computer system. However, the separation and control of users and classified material on the basis, respectively, of security clearance and security classification are not essentially under operating system control as in the multilevel security mode.

Sensitive Unclassified Data

Sensitive unclassified data is unclassified data that requires special protection. Examples are data For Official Use Only and data covered by the Privacy Act of 1974.

The Privacy Act of 1974 imposes numerous requirements upon federal agencies to prevent the misuse of data about individuals, respect its confidentiality, and preserve its integrity. We can meet these requirements by applying selected managerial, administrative, and technical procedures which, in combination, achieve the objectives of the Act.

The major provisions of the Privacy Act that most directly involve computer security are as follows:

e Limiting disclosure of personal information to authorized persons and agencies;

l Requiring accuracy, relevance, timeliness, and completeness of records; and

l Requiring the use of safeguards to ensure the confidentiality and security of records.

To assure protection for AIS processing of sensitive unclassified data, the Navy has established the limited AIS access security mode.

A computer system or network is operating in the limited access security mode when the type of data being processed is categorized as unclassified and requires the implementation of special access controls to restrict the access to the data only to individuals who by their job function have a need to access the data.

Unclassified Data

Although unclassified data does not require the safeguards of classified and sensitive unclassified data, it does have value. Therefore, it requires proper handling to assure that it is not intentionally or unintentionally lost or destroyed.