COMBINED FEDERATED BATTLE LABORATORIES NETWORK (CFBLNet)

Similar documents
COMBINED FEDERATED BATTLE LABORATORIES NETWORK (CFBLNet)

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

NATO UNCLASSIFIED ARCHIVES COMMITTEE. Directive on the Public Disclosure of NATO Information

UNCLASSIFIED. UNCLASSIFIED Defense Information Systems Agency Page 1 of 11 R-1 Line #189

INTERNATIONAL INDUSTRIAL SECURITY REQUIREMENTS GUIDANCE ANNEX

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release January 17, January 17, 2014

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

Post Market Surveillance (PMS): National Competent Authority Report (NCAR) Exchange Programme under IMDRF

FSO Role in the NISP. Student Guide. Lesson 1: Course Introduction. Course Information. Course Overview

OPNAV Correspondence Writing Guide

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

PROCEDURE COURTESY TRANSLATION

Regulation. Handbook for Awarding Organisations 2017

National Health Regulatory Authority Kingdom of Bahrain

HEA Accreditation Policy

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

UNCLASSIFIED. J-6 CJCSI D DISTRIBUTION: A, B, C 21 August 2017 MISSION PARTNER ENVIRONMENT INFORMATION SHARING REQUIREMENTS MANAGEMENT PROCESS

Improving the reporting of medication-related safety incidents

Diagnostic Waiting Times

Procedure for Joint and Concurrent Evaluations by APLAC and PAC

Corporate Emergency Response Plan

CHAPTER 9 THE MULTINATIONAL INDUSTRIAL SECURITY WORKING GROUP (MISWG) A. INTRODUCTION. International Programs Security Handbook 9-1

PART I: GENERAL APPROACH TO THE REVIEW. A. [Applicability

SECRET CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

TRICARE Prime Remote Program

Document Details Title

January Version 2. Accreditation Standards for Medical Centers

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

ADMINISTRATIVE INSTRUCTION

Quality Assurance Accreditation Scheme Assignment Report 2016/17. University Hospitals of Morecambe Bay NHS Foundation Trust

UNCLASSIFIED. Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable COMSEC Material ITSD-05

Keele Clinical Trials Unit

International Programs Security Handbook T-1

Lessons Learned from the MSG- 128 Study on Incremental Implementation of NATO Mission Training through Distributed Simulation Operations

RQIA Escalation Policy and Procedure

EXHIBIT R-2, RDT&E, N Budget Item Justification RDT&E / BA-5. COST ($ in Millions) FY 2007 FY 2008 FY 2009 FY 2010 FY 2011 FY 2012 FY 2013

CPSM STANDARDS POLICIES For Rural Standards Committees

Northern Arizona University Emergency Operations Plan 2011

GLOBAL CHALLENGES RESEARCH FUND TRANSLATION AWARDS GUIDANCE NOTES Closing Date: 25th October 2017

Derivative Classifier Training

EOD publications - overview

1. Text in red are additions. 2. Text high-lighted in yellow with strikeout are deletions.

Enhancing Patient Quality and Safety with Compliance

INFORMATION ASSURANCE DIRECTORATE

Audit Report Grant Closure Processes Follow-up Review

R-2 Exhibit RDT&E Budget Item Justification DATE FEBRUARY 1999 APPROPRIATION/BUDGET ACTIVITY RDT&E,DW/BA7

AUDIT UNDP BOSNIA AND HERZEGOVINA GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. Report No Issue Date: 15 January 2014

INTEGRATING OPSEC INTO CONTRACTS. A Companion Guide to the OPSEC Practitioner s Toolbox

Mission Network as the New Joint, Coalition Norm

Community Nurse Prescribing (V100) Portfolio of Evidence

Report No. D September 25, Controls Over Information Contained in BlackBerry Devices Used Within DoD

FAMILY WELLBEING GUIDELINES

Law on Medical Devices

NOT PROTECTIVELY MARKED Firearms_Policy_v2.3_Apr17. Police use of Firearms POLICY REFERENCE NUMBER

MODULE 5: HCWM Planning in a Healthcare Facility

PRIVACY MANAGEMENT FRAMEWORK

AF Technical Program 2018 Dixie Crow Symposium 43 Call for Papers

A Primer on Patient Safety Events Winnipeg Regional Health Authority November 2014

Student Guide: North Atlantic Treaty Organization

Seton Health Information Exchange (HIE) unifies inpatient & ambulatory patient data

TWU Office of Research and Sponsored Programs Creative Arts and Humanities Grants Program

Deputy Director, C5 Integration

Diagnostic Waiting Times

Title: F/A-18 - EA-18 Aircraft / System Program Protection Implementation Plan. Number: DI-MGMT-81826A Approval Date:

Report No. DODIG March 26, General Fund Enterprise Business System Did Not Provide Required Financial Information

DoD Update Insider Threat and the NISP

Capability Integration

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Informal Dispute Resolution and Independent Informal Dispute Resolution Key Elements and Updates

AFCEA TECHNET LAND FORCES EAST

COMMUNITY PHARMACY MINOR AILMENTS SERVICE

Appendix 1. Policy on the Dissemination, Implementation and Monitoring of National Clinical Guidance

Implementation Status & Results Kazakhstan Agricultural Competitiveness Project (P049721)

Patient Safety in Ambulatory Care: Why Reporting Counts. August 11, 2010 Diane Schultz, RPh and Sheila Yates, MPH

PUTTING THINGS RIGHT POLICY FOR THE EFFECTIVE MANAGEMENT AND RESOLUTION OF CONCERNS. Assistant Director Quality and Safety. Director of Nursing

PROCEDURE FOR ACCREDITING INDEPENDENT ENTITIES BY THE JOINT IMPLEMENTATION SUPERVISORY COMMITTEE. (Version 06) (Effective as of 15 April 2010)

Department of Defense MANUAL

Information System Security

C-IED Working Group Update to the C-IED Conference. COL Juan GÓMEZ MARTIN C-IED WG Chairman

NZQA registered unit standard version 1 Page 1 of 6. Conduct asbestos assessment associated with removal

Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness)

Trust Quality Impact Assessment (QIA) Policy

Guidelines for Preparing Research Grant Applications within egms: Conference and Meetings Support

Department of Defense DIRECTIVE. DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)

TRIPARTITE 2016 Session 3b. REVIEW OF IACS TECHNICAL REQUIREMENT DEVELOPMENTS (URs, UIs, PRs etc)

DOD INSTRUCTION IMPLEMENTATION OF THE CORRESPONDENCE AND TASK MANAGEMENT SYSTEM (CATMS)

Department of Defense MANUAL

DoD H, November 1999

NATO UNCLASSIFIED. 6 January 2016 MC 0472/1 (Final)

themes, Drupal themes, Blogger templates and DNN skins. Notice:

RHODE ISLAND LONG TERM CARE MUTUAL AID PLAN (LTC-MAP) FULL-SCALE EXERCISES APRIL 10 & 11, 2017

Cybersecurity TEMP Body Example

Diagnostic Waiting Times

Delegation Framework for Nursing and Midwifery Practice

Emergency Department Waiting Times

ECHA and the implementation of REACH,CLP and other tasks

Grantee Operating Manual

Section Title. Prescribing competency framework Catherine Picton, Lead author

Unofficial copy not valid

Transcription:

UNCLASSIFIED COMBINED FEDERATED BATTLE LABORATORIES NETWORK (CFBLNet) PUBLICATION 1 ANNEX C APPENDICES CFBLNET SECURITY AND INFORMATION ASSURANCE STRATEGY Version 8.0 July 2015 UNCLASSIFIED

UNCLASSIFIED DOCUMENT CONTROL AND TRACKING METADATA Security Classification Unclassified Access Status Version.8.0 Usage Condition Publicly Releasable Scheme Type Scheme Name Title Words CFBLNet Documentation Control and Tracking Scheme See Pub 1, Annex G, CFBLNet Document Management CFBLNet Pub 1 Annex C, Appendices, CFBLNet Security and Information Assurance Strategy Function Descriptor Activity Descriptor Security and Information Assurance Strategy Informational Event Date Agent Type Agent Name Agent Details Event Type Event Description 30Oct09 C-EG Steve Pitcher C-EG Chair Review/Approve Sign Publication 1, Annex C, Appendices, Version 6.0 05Sep12 C-EG Steve Pitcher C-EG Chair Review/Approve Sign Publication 1, Annex C, Appendices, Version 7.0 24Jul15 C-EG LTC Jacqueline Guillory C-EG Chair Review/Approve Sign Publication 1 Annex C, Appendices, Version 8.0 Annex C UNCLASSIFIED Page 2 of 7

TABLE OF CONTENTS APPENDIX 1 MSAB NATIONAL ACCREDITATION ENDORSEMENT PROCESS... 4 APPENDIX 2 MSAB NATIONAL ACCREDITATION ENDORSEMENT CERTIFICATE (NAEC) TEMPLATE... 5 APPENDIX 3 CLASSIFICATION GUIDANCE FOR THE CFBLNET... 6 1. Introduction... 6 2. Guidance... 6 APPENDIX 4 SECURITY INCIDENT REPORTING... 7 1. Introduction... 7 2. Guidance... 7 Annex C UNCLASSIFIED Page 3 of 7

APPENDIX 1 MSAB NATIONAL ACCREDITATION ENDORSEMENT PROCESS MSAB Accreditation Endorsement Process NATO US UK NZ CAN AUS SPONSORED Submits accreditation package to NAA (2) Coalition Project Office (1) (1) INVITED NATO US UK NZ CAN AUS INVITED NAA Accreditation (3) Y National MSAB Rep Provides NAEC to National Project Office /MSAB Chair and MSAB members MSAB Chair Provides Coalition Accreditation Endorsement Certificate (4) NAA revi ews Architecture and provides feedback to MSAB rep N Figure 1 - MSAB Accreditation Endorsement Flow Chart 101. All projects, systems or networks requesting endorsement of the MSAB (inclusive of sponsored and invited nation activities) are required to brief the MSAB during the development process. a. The CMP/GMP Project Office submits accreditation package to their CMP/GMP Accreditation Authority for approval. b. Sponsored nations are to be accredited by the sponsoring CMP. The appropriate MSAB national representative is responsible for providing the NAEC of any sponsored nation. 102. Invited nations are to be accredited by their National Accreditation Authority to the accreditation policy of one of the MSAB member nations. a. CMP/GMP Accreditation Authority is to inform the national MSAB and invited national representative when the system or network is accredited. Annex C UNCLASSIFIED Page 4 of 7

APPENDIX 2 MSAB NATIONAL ACCREDITATION ENDORSEMENT CERTIFICATE (NAEC) TEMPLATE Multinational Security Accreditation Board MSAB National ACCREDITATION ENDORSEMENT CERTIFICATE (NAEC) [From: MSAB National Representative] [Address] [To: MSAB Chair] [Address] [Contact Telephone] [Contact Telephone] (Only For CFBLNet Lead CLR and Secretariat (PMO)) [MSAB Members] [Nation Name of Site, System/Network or Initiative] References: A. [National Policy] B. Multi-national Security Policy (e.g. CFBLNet Pub 1) This letter certifies that the following site, system, network or Initiative has approval to test or approval to operate in accordance with national accreditation procedures (Reference A): Nation Site System Network Initiative Location Date Issued Accreditation Expiry Date 1. Highest data classification to be exchanged: 2. The following caveats/restrictions or additional information are noted: [Caveat/Restriction/MOU] This MSAB NAEC supersedes the previously issued certificate dated xx xx 20xx. [Signed] MSAB National Representative [Date] Annex C UNCLASSIFIED Page 5 of 7

APPENDIX 3 CLASSIFICATION GUIDANCE FOR THE CFBLNet 1. Introduction 101. The rationale for classifying aspects of the CFBLNet is based on the potential damage to national security should such information fall into the wrong hands. The CFBLNet and the Initiatives that are conducted on it will have security significance and some aspects will need to be protected accordingly. The following guidance is provided so that the aspects of CFBLNet and any sensitive parts of Initiatives are protected appropriately. 2. Guidance 201. Existence of CFBLNet: UNCLASSIFIED 202. Purpose of CFBLNet: UNCLASSIFIED 203. Membership of CFBLNet: UNCLASSIFIED 204. Specific vulnerabilities and determinations of the CVAT/NVAT activities: SECRET Rel. AUSCANNZUKUS and NATO [and additional Initiative partners when applicable] 205. Level 0 Topology: UNCLASSIFIED 206. Systems and Technical Architecture of the CFBLNet: According to the classification of the respective enclave. 206. IP addresses and specific architecture should be classified in accordance with N/O policy (but can not be lower than Unclassified Not Releasable to the Internet). 207. Key Management: According to the classification of the affected enclave 208. CFBLNet Documentation: UNCLASSIFIED 209. Initiative Information: When an Initiative covers a sensitive capability, which requires a higher classification than UNCLASSFIED, an UNCLASSIFIED synopsis must be produced. The Initiative sponsor will determine the appropriate classification of the Initiative. 210. Funding Issues: National/organizational classification as appropriate. 211. Routing information for the CFBLNet backbone shall be treated as unclassified information as long as the complete IP addresses are not shown. 212. Commercially Sensitive Material: To be classified in accordance with the respective national/organizational rules and in accordance with the requirements of the commercial interests involved. Annex C UNCLASSIFIED Page 6 of 7

APPENDIX 4 SECURITY INCIDENT REPORTING 1. Introduction 101. A Security Incident is defined as any event compromising or that has the potential to compromise, the confidentiality, integrity or availability of a communication and information system. 2. Guidance 202. The objective of the reporting process is to provide a framework under which CMP/GMP are able to quickly inform each other of a CFBLNet security incident (including in the context of an initiative). The intent is to: Inform partners/participants of initiatives in a timely manner the occurrence of an incident within an initiative. Allow first responder/triage of incidents to inform Nations Incident Response/Handling procedures to be invoked. Facilitate the inclusion of security incidents in initiative closure reports. Incident impact category Description Action officer (by order of priority) Category 1 (possible examples: prolonged network/service outage, extremely widespread malware infection) Category 2 (possible examples: short term network/service outage cause and remediation are known, local malware infection) Category 3 (possible examples: detected network latency, unexpected IP range) Table 1 - Incident Categories The incident may cause severe impact on any users (including users from a different CMP/GMP) of the initiative. The incident may also be related to the possible compromise of classified information The incident may cause moderate impact on any users (including users from a different CMP/GMP) of the initiative The incident impact may cause minor impact on any users (including users from a different CMP/GMP) of the initiative 1) CLR 2) Initiative Lead 3) Security WG rep 1) Initiative Lead 2) Security WG rep 1) Security WG rep Annex C UNCLASSIFIED Page 7 of 7

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback