INTERCONNECTION SECURITY AGREEMENT



Similar documents
between and U.S. CUSTOMS AND BORDER PROTECTION (CBP)

DRAFT Standard Statement Encryption

Office of Transportation Vetting and Credentialing Screening Gateway and Document Management System Privacy Impact Assessment

CHIS, Inc. Privacy General Guidelines

SCADA/Business Network Separation: Securing an Integrated SCADA System

How Managed File Transfer Addresses HIPAA Requirements for ephi

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

SCADA SYSTEMS AND SECURITY WHITEPAPER

Medical Information Technology Services Business Partner Connection Policy 05- APRIL -2011

Electronic Service Agent TM. Network and Transmission Security And Information Privacy

Site to Site Virtual Private Networks (VPNs):

Office of Inspector General

Recommended Wireless Local Area Network Architecture

Chapter 37. Secure Networks

Virtual Private Networks

Case Study for Layer 3 Authentication and Encryption

Best practices for protecting network data

Wireless Encryption Protection

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

The next generation of knowledge and expertise Wireless Security Basics

Virtual Private Network (VPN)

Virtual Private Networks (VPN) Connectivity and Management Policy

Cornerstones of Security

How To Understand And Understand The Security Of A Key Infrastructure

Securing Ship-to-Shore Data Flow

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Copyright Telerad Tech RADSpa. HIPAA Compliance

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

8. Does this system collect, display, store, maintain or disseminate Personally Identifiable Information (PII)? Yes

NETWORK SECURITY (W/LAB) Course Syllabus

Healthcare Compliance Solutions

Clever Security Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Controls for the Credit Card Environment Edit Date: May 17, 2007

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Cisco QuickVPN Installation Tips for Windows Operating Systems

ADM:49 DPS POLICY MANUAL Page 1 of 5

Privacy Impact Assessment (PIA) Waiver Review System (WRS) Version Last Updated: December 2, 2013

Shipping Services Files (SSF) Secure File Transmission Account Setup

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

SSL Certificate Based VPN

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

United States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Compliance and Industry Regulations

Firewalls, Tunnels, and Network Intrusion Detection

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

Print4 Solutions fully comply with all HIPAA regulations

Healthcare Compliance Solutions

Homeland Security Virtual Assistance Center

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Industrial Classed H685 H820 Cellular Router User Manual for VPN setting

Introduction to Cyber Security / Information Security

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

INTRUSION DETECTION SYSTEMS and Network Security

VPN Technologies: Definitions and Requirements

Payment Card Industry (PCI) Compliance. Management Guidelines

Purple Sturgeon Standard VPN Installation Manual for Windows XP

Secure SCADA Network Technology and Methods

BMC s Security Strategy for ITSM in the SaaS Environment

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Chapter 1 The Principles of Auditing 1

CIS 253. Network Security

Enterprise Forensics and ediscovery (EnCase) Privacy Impact Assessment

PCI DSS Requirements - Security Controls and Processes

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

VPN. Date: 4/15/2004 By: Heena Patel

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Building Secure Network Infrastructure For LANs

FortiOS Handbook IPsec VPN for FortiOS 5.0

Privacy and Encryption in egovernment. Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

itrust Medical Records System: Requirements for Technical Safeguards

Network Security Protocols

Cyber-Ark Software and the PCI Data Security Standard

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Nuclear Regulatory Commission Computer Security Office Computer Security Standard

Replacing Sneaker Net with the Internet. DREXEL UNIVERSITY ischool INFO614 DISTRIBUTED COMPUTING & NETWORKING FINAL PROJECT

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Alliance AES Key Management

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

Best Practices For Department Server and Enterprise System Checklist

Background Check Service

PSWN. Land Mobile Radio System Security Planning Template. Final. Public Safety Wireless Network

Global Telehealth Conference 2012

How To Write A Health Care Security Rule For A University

Transcription:

INTERCONNECTION SECURITY AGREEMENT March, 2008 U. S. Department of Homeland Security Customs and Border Protection

INTERCONNECTION SECURITY AGREEMENT The intent of the Interconnection Security Agreement (ISA) is to document and formalize the interconnection agreement between Customs and other non-customs organizations. 1. INTERCONNECTION STATEMENT OF REQUIREMENTS. a. The requirements for interconnection between the Customs and Border Protection (CBP) and your company is for the express purpose of the following: Provide your company with VPN tunnel connectivity to CBP for the purpose of allowing your company to send/receive data, to/from CBP, via MQ Client/Server. If providing Stow Plans or Container Status Messages (CSMs) as part of a Security Filing, then this ISA supports the use of e-mail and Secure File Transport Protocol (SFTP) for Stow Plans as well as SFTP for CSMs sent from your organization to CBP only. b. No other services are authorized under this agreement. Other than the passing of data stated in paragraph 1a, only communication control signals typical of Transmission Control Protocol/Internet Protocol (TCP/IP) and MQ Client/Server will be permitted. SFTP and email for filing of Stow Plans and CSMs only are supported. c. Data transmitted between your designated end-point system and CBP will be protected (encrypted) in accordance with the guidelines of the Privacy Act, Trade Secrets Act (18 U. S. Code 1905), and Unauthorized Access Act (18 U. S. Code 2701 & 2710). Transaction data returned to your system remains protected (encrypted) until transmitted through the layer-3 VPN tunnel connected to your system, at which point the data is decrypted (open and unprotected) for final transmission into your system. Your company is responsible for providing any further protection measures for your company data when resident in your computing environment, as necessary. 2. SYSTEM SECURITY CONSIDERATIONS. a. General Information/Data Description. The interconnection between your company and CBP is via the public Internet, over an FIPS 140-2 Approved Advanced Encryption Standard (AES) 256 bit protected VPN tunnel. Authentication will be via CBP provided user ID and password and/or pre-share keys. b. Services Offered. The security of the information being passed on this layer-3 IPSEC VPN connection uses either Cisco VPN hardware or software. c. Data Sensitivity. The sensitivity of all data filed is Sensitive But Unclassified (SBU). d. FIPS-199 Security Categorization. All associated CBP applications are security categorized as High.

e. User Community. All CBP employees with access to the data are U. S. citizens with a valid and current CBP Background Investigation. f. Information Exchange Security. The connection with CBP is via the public Internet, over a AES 256 bit protected VPN tunnel. g. Trusted-Behavior Expectations. The CBP system and users are expected to protect this data in accordance with the Privacy Act, Trade Secrets Act (18 U.S. Code 1905), and Unauthorized Access Act (18 U.S. Code 2701 & 2710). h. Formal Security Policy. Policy documents that govern the protection of the data are CBP (Customs) CIS HB 1400-05C and Department of Homeland (DHS) 4300A Sensitive Systems Policy. i. Incident Reporting. All security incidents that have any effect on the security posture of CBP must be reported to the CBP Computer Security Incident Response Center (CSIRC) located at the CBP NDC (tel: 703-921-6507). The policy governing the reporting of security incidents is CIS HB 1400-05C. j. Audit Trail Responsibilities. CBP maintains an audit trail and employs intrusion detection measures to maintain security and system integrity.

3. TOPOLOGICAL DRAWING. The two systems are joined via an encrypted VPN tunnel. The CBP NDC facility maintains a 24-hour physically secure facility where access is controlled using restricted access and all visitors are escorted. The lines of demarcation are as illustrated in the following drawing 1 : 1 Diagram was updated on August 24, 2010 by DHS/CBP Network Engineering Team

4. SIGNATORY AUTHORITY. This ISA is valid upon electronic acknowledgement of receipt of an agreement from your designated corporate approval authority. The ISA will be reviewed, validated, stored, and tracked for periodic renewal by CBP. This agreement may be terminated upon 30-days advanced notice by either party or in the event of a security exception that would necessitate an immediate response. DOCUMENT SIGNED IN MARCH 2008 BY: Ken Ritchhart Acting Assistant Commissioner Office of Information and Technology Customs and Border Protection THE ORIGINAL SIGNATURE MAY NOT BE POSTED ON-LINE, BUT WILL BE MADE AVAILABLE FOR REVIEW UPON REQUEST.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information