|
The government customer must approve each AIS prior to authorizing its use to process, store, or transmit national security information. In order to gain that approval, the government customer usually requests:
Identification of the AIS;
Physical location;
Mode of operation (also called by the U.S. government agencies "security profiles" and "levels of concern");
Level of national security information to be processed;
Equipment information:
Size and type of internal memory and storage medium;
Components where national security information is retained;
Disconnect methods used to separate various components, such as printers;
Switching devices to disable equipment; and Block diagram of hardware with links;
Software information to include the types of operating system(s) and firmware; application programs, vendor's name, and version numbers; and
Communications devices:
Configuration;
Interfaces;
Identification;
Points of encryption;
Remote devices; and
Protection procedures.
|