between and U.S. CUSTOMS AND BORDER PROTECTION (CBP)



Similar documents
INTERCONNECTION SECURITY AGREEMENT

Cornerstones of Security

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

How To Pass A Credit Course At Florida State College At Jacksonville

DRAFT Standard Statement Encryption

Chapter 1 The Principles of Auditing 1

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Recommended Wireless Local Area Network Architecture

CHIS, Inc. Privacy General Guidelines

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Implementing Cisco IOS Network Security v2.0 (IINS)

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Cisco Which VPN Solution is Right for You?

Office of Inspector General

Case Study for Layer 3 Authentication and Encryption

SCADA/Business Network Separation: Securing an Integrated SCADA System

SCADA SYSTEMS AND SECURITY WHITEPAPER

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Wireless Encryption Protection

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewalls, Tunnels, and Network Intrusion Detection

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

CISCO IOS NETWORK SECURITY (IINS)

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Site to Site Virtual Private Networks (VPNs):

NETWORK SECURITY (W/LAB) Course Syllabus

L2F Case Study Overview

Virtual Private Networks

HC Emission Protected Security Workstation

VPN. Date: 4/15/2004 By: Heena Patel

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

How To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address

Ensuring the security of your mobile business intelligence

User Guide Managed VPN Router. Wireless Maingate AB. Wireless Maingate AB

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

IT Networking and Security

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Associate in Science Degree in Computer Network Systems Engineering

Using BroadSAFE TM Technology 07/18/05

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Introduction to Security and PIX Firewall

Network Security Guidelines. e-governance

Developing Network Security Strategies

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Electronic Service Agent TM. Network and Transmission Security And Information Privacy

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Virtual Private Networks (VPN) Connectivity and Management Policy

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

CCNA Security 2.0 Scope and Sequence

Technical papers Virtual private networks

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Cisco Actualtests Exam Questions & Answers

The next generation of knowledge and expertise Wireless Security Basics

Recommended IP Telephony Architecture

Network Security Protocols

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Understand Wide Area Networks (WANs)

Network Security Administrator

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

INTRUSION DETECTION SYSTEMS and Network Security

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

(d-5273) CCIE Security v3.0 Written Exam Topics

Introduction. Technology background

Intranet Security Solution

Quidway SVN3000 Security Access Gateway

IINS Implementing Cisco IOS Network Security Exam.

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

OS/390 Firewall Technology Overview

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

Freescale Security Backgrounder Page 1

How Managed File Transfer Addresses HIPAA Requirements for ephi

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

CCNA Security v1.0 Scope and Sequence

The Cisco ASA 5500 as a Superior Firewall Solution

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Understanding VPN Technology Choices

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Networking: EC Council Network Security Administrator NSA

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

Transcription:

INTERCONNECTION SECURITY AGREEMENT between Your Company Name and U.S. CUSTOMS AND BORDER PROTECTION (CBP) MONTH, YEAR Full Company Name (including other legal names or d.b.a.* company names) Address City, State, Zip Tel #: Fax #: Email: * doing business as Department of Homeland Security Customs and Border Protection

INTERCONNECTION SECURITY AGREEMENT The intent of the (ISA) is to document and formalize the interconnection agreement between Customs and Border Protection (CBP) and other non-customs organizations. 1. INTERCONNECTION STATEMENT OF REQUIREMENTS. YOUR COMPANY NAME a. The requirements for interconnection between the CBP and located at, COMPANY ADDRESS, CITY, STATE, ZIP is for the express purpose of the following: Provide your company with VPN tunnel connectivity to CBP for the purpose of allowing your company to send/receive Automated Commercial System (ACS) and/or Automated Export System (AES) data, to/from CBP via MQ Server. b. No other services are authorized under this agreement. Other than the passing of data stated in paragraph 1a, only communication control signals typical of Transmission Control Protocol/Internet Protocol (TCP/IP) and MQ Server will be permitted. c. Data transmitted between your designated end-point system and CBP will be protected (encrypted) in accordance with the guidelines of the Privacy Act, Trade Secrets Act (18 U. S. Code 1905), and Unauthorized Access Act (18 U. S. Code 2701 & 2710) while in CBP possession. Transaction data returned to your system remains protected (encrypted) until transmitted through the layer-3 VPN tunnel connected to your system, at which point the data is decrypted (open and unprotected) for final transmission into your system. Your company is responsible for providing any further protection measures for your company data when resident in your computing environment, as necessary. d. The pertinent details of the connection are: Router Access Lists (RAC) and TCP/IP addresses and ports Cisco VPN Concentrator or IOS based VPN and IPSEC encryption MQSeries server connections, only 2. SYSTEM SECURITY CONSIDERATIONS. YOUR COMPANY NAME a. The interconnection between and CBP is via a dedicated Multi Protocol Layer Switching (MPLS) Peerless IP (PIP) Virtual Private Network (VPN). Triple Data Encryption System (3DES), or Advanced Encryption Standard (AES) protect a VPN tunnel over a commercially provided native IP backbone network with no connection to the public Internet. The Cisco VPN Concentrator or IOS based VPN hardware on the end point devices provides the cryptographic function. Access is further controlled by a CA-Top Secret profile specific to each approved user. All access is controlled by authentication methods to validate the approved users. b. The security of the information being passed on this network layer VPN connection uses Cisco VPN Concentrator or IOS based VPN hardware.

c. The CBP system and users are expected to protect this data in accordance with the Privacy Act, Trade Secrets Act (18 U.S. Code 1905), and Unauthorized Access Act (18 U.S. Code 2701 & 2710). d. The sensitivity of all data filed is Sensitive But Unclassified (SBU). e. All CBP employees with access to the data are U. S. citizens with a valid and current CBP Background Investigation. f. Policy documents that govern the protection of the data are CBP 1400-05D Security Policy Handbook and Department of Homeland Security 4300A Security Policy Handbook. g. CBP maintains an audit trail and employs intrusion detection measures to maintain security and system integrity. h. All security incidents that have any effect on the security posture of CBP must be reported to the CBP Computer Security Incident Response Center (CSIRC) located at the CBP NDC (tel: 703-921-6507). The policy governing the reporting of security incidents is CIS HB 1400-05D. 2

3. TOPOLOGICAL DRAWING. The two systems are joined via a layer-3 IPSEC VPN tunnel. The DHS/CBP facilities both maintain a 24-hour physically secure facility where access is controlled using restricted access and all visitors are escorted. The lines of demarcation are as illustrated in the following drawing: 3

4. SIGNATORY AUTHORITY This ISA is valid for (3) years after the latest date on either signature below. Approximately 30 days prior to expiration, the ISA will be updated, reviewed, and revalidated. This agreement may be terminated upon 30-days advanced notice by either party or in the event of a security exception that would necessitate an immediate response. SIGNATURE AUTHORITY NAME AND TITLE Donald A. Matheson Acting Executive Director Enterprise Data Management and Engineering Directorate (EDMED) Office of Information & Technology U.S. Customs and Border ----------------------------------------------- -----------------------------------------------Signature Date Signature Date Telephone ----------------------------------------------Telephone 4

Addendum Additional Connection / Computer Sites (if applicable) Please list pertinent identifying information name (if different/d.b.a.), full address, contact name, contact number, contact facsimile, etc. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information