Security Considerations. The work to be performed under specific delivery orders may require security clearances. In that event, the contractor will be advised of the requirements in the delivery order statement of work. The contractor shall follow the security requirements identified in the delivery order statement of work and other guidance that may be establish by the OCO. Only those contractors that meet the required security clearance levels on individual delivery orders are eligible to compete for such delivery orders. Clearances may require Special Background Investigations, Sensitive Compartmented Information access or Special Access Programs, or agency-specific access. In such cases, the contractor is responsible for providing personnel with appropriate security clearances to ensure compliance with government security regulations, as specified on the individual delivery order. The Contractor shall fully cooperate on all security checks and investigations by furnishing requested information to verify the contractor employee's trustworthiness and suitability for the position. Delivery orders containing classified work will include a Contract Security Classification Specification, (DD Form 254 or agency equivalent). The DD Form 254 is available at the following site: xxxx://xxx.xxxx.xxxx.xxx/Contracts/SETAC10/ATTACHMENT%2003%20- %20DD%20254.pdf.
Security Considerations. Security requirements will be dictated by agency specific requirements, specified on individual Orders. Examples of such requirements are The Office of Management and Budget (OMB) Circular A-130, The Federal Information Security Management Act (FISMA), NIST FIPS PUB 140-2 Security Requirements for Cryptographic Modules, the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), and the National Information Assurance Certification and Accreditation Process (NIACAP) NSTISSI-1000.
Security Considerations. 6.1. Security requirements will be dictated by agency specific requirements, specified on individual Orders. Examples of such requirements are The Office of Management and Budget (OMB) Circular A-130, The Federal Information Security Management Act (FISMA), NIST FIPS PUB 140-2 Security Requirements for Cryptographic Modules, the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), and the National Information Assurance Certification and Accreditation Process (NIACAP) NSTISSI-1000. The basic contract’s pre-established labor categories and associated ceiling prices cover work at the Secret level..
Security Considerations. A We outline the security of the presented scheme with an informal security proof. At first we give an overview about possible attacks on our scheme, followed by how our scheme is able to resist those attacks. Consider an adversary as a probabilistic Turing machine, who has control over all communication channels.
Security Considerations. With the printer driver encryption setting, the passwords used for Authentication, Account Track and Secure Print will be encrypted before they are embedded in the print data. This does not secure the print data itself and it is still be possible to capture and read the print data (e.g. using a network sniffer). For secure transport, it is recommended to use a secure printing protocol (IPP over SSL) or secure the whole communication with the printer by using IPsec. Support for other applications YSoft SafeQ Printing with SafeQ may require different user name to be send with the print data, other than the Linux systems user name. Required settings: Output Method Output Method = SafeQ SafeQ User [text of 1 to 30 characters] PSES (Page Scope Enterprise Suite) PSES requires a different authentication method. Required settings: User Authentication User Authentication = PSES User Name Password Workaround … for applications that do not support custom input fields in their printer driver dialog. Workaround 1 The filter contains additional code to read from a settings file named KMdrv.txt which is located in the user’s home folder. It is expected that the home folder name matches the username which is transferred to CUPS. To enable this function the filter (XXxxxXxxXX.xx) needs to be modified. Following lines need to be changed and verified: # my $usesettingsfile=1; # my $homefolderspath="/home"; Within the settings file following settings can be defined: OutputMethod SecurePrintID SecurePrintPassword BoxNumber BoxFileName SafeQUser AccountTrack DepartmentCode AccountPassword Authentication AuthenticationUsername AuthenticationPassword Printer Driver Encryption EncryptionPassphrase The settings file is an ASCII text file, which contains lines for each setting in the format: option=value For example: to enable Secure Print, with Secure Print ID=secid and password=pass the settings file has to contain these lines. OutputMethod=Secure SecurePrintID=secid SecurePrintPassword=pass Or alternative the output method can be selected in the print dialog, and then only the SecurePrintID and SecurePrintPassword are required to be defined in the file. A sample settings file KMdrv.txt listing all possible parameters is included in this driver package. Attention! If this function is enabled and the settings file exists in the user’s home folder, the settings from that file will override the settings made in the printer dialog. These settings ...
Security Considerations. The contractor shall adhere to Government standards and best practices with regard to security in general. DHS Components and agencies will address and define specific security requirements in individual TOs. The contractor may work with procurement sensitive and Privacy Act material and information. Any DHS information made available or to which access is provided to the contractor, and is marked or shall be marked “Official Use Only,” shall be used only for the purpose of carrying out the provisions of the TO and shall not be divulged or made known in any manner to any person except as may be necessary in performing the TO. The contractor shall adhere to DHS security policies for using all applications, data bases and data integrity. Additionally, contractors must satisfy requirements to work with and safeguard Security Sensitive Information. All contractor personnel must understand and follow DHS and agency requirements, policies, and procedures for safeguarding Security Sensitive Information. DHS shall have and exercise full control over granting, denying, withholding or terminating unescorted Government facility and sensitive Government information access for contractor personnel.
Security Considerations. Contractor agrees that in the performance of this Agreement it is of paramount importance to maintain the security and safety of passengers, the general public and all personnel employed at the Airport and to safeguard the security and integrity of all personal, public and corporate property. In this regard, Contractor agrees, in accordance with applicable laws, to take those actions necessary to accomplish this purpose, including but not limited to the actions outlined in this Section 13.
Security Considerations. The proposed approach relies on building blocks whose security is widely established, namely ECDH [6] and ECQV [10]. Note that these building blocks remain independent in our construction, opposed to being composed, and secret parameters for both schemes are neither exposed to external entities nor used in a way different from their standard usage. In this way, we avoid possible issues that may emerge when mixing blocks whose conjuncted adoption is not universally guaranteed ([9], for instance, shows problems related to the composition of implicit certificates and ECDSA technique). Moreover, ECQV implicit certificates, binding a public key to its owner in a trusted way, make the proposed strategy robust against Man-In-The-Middle (MITM) attacks. Furthermore, the mutual authentication scheme implemented in the second part of the protocol protects the entire approach against replay attacks, and explicitly binds the exchanged cryptographic quantities to the involved peer identities using per-session nonces. It is worth noting that the two authentication messages closely mimic the operation of the Finished message in the Transport Layer Security (TLS) protocol, and therefore inherit the relevant security properties assessed for the TLS protocol [17]. Indeed, each authentication tag is computed by including all the information exchanged in the first two messages (plus the peer identities) and hence protects the entire exchange from MITM modifications. Finally, the designed protocol does not specifically influence (i.e. neither positively or negatively) resilience against physical attacks such as tampering, fault, and side-channel attacks, resilience which is mandated to a careful technical implemen- tation and choice of the involved Elliptic curves. For instance, standard software/hardware-based techniques can be used to mitigate tampering attacks and prevent the physical access to security parameters stored within the device. To prevent fault attacks which force the victim device to perform calculations on weak elliptic curves in order to leak the secret key, it is necessary to carefully select the considered ECC curve: the one adopted in our implementation (see Section IV for details) satisfies this requirement. And in terms of side-channel attacks (at least for what concerns side timing-channels), the ECC hardware implementation adopted in our prototype employs the Xxxxxxxxxx ladder [6] algorithm (see Section IV) and thus guarantees that the time needed to pe...
Security Considerations. Whether SLA guarantees are enforced via such policy-mapping or not, the negotiation of SLAs is easily seen as a form of distributed policy management. As such, work needs to be started to get SLA proponents involved with existing security standards activities. With the Global Grid Forum, the OGSA working group is chartered to guide narrowly-targeted groups providing OGSA-relevant standards. The OGSA- SEC working group is specifically chartered to develop approaches comple- mentary of basic Web Service standards coming from other communities such as W3C and OASIS.
Security Considerations. This draft is about making it possible to select between various SIP security mechanisms in a secure manner. In particular, the method pre¡ sented here allow current networks using hop-by-hop mechanisms to later securely upgrade to end-to-end mechanisms without requiring a simultaneous modification in all equipment. Also, the presented method allows SIP entities to request that the complete path through several proxies is protected with lower-layer mechanisms such as TLS. Cur¡ rently this isn't possible. The method presented in this draft is secure only if the weakest pro¡ posed mechanism offers at least integrity protection. Therefore, we recommend that HTTP Basic authentication SHOULD NOT be used in con¡ junction with this method. We also recommend that HTTP Digest authen¡ tication be upgraded to support the integrity protection of larger parts of SIP messages than it currently does [8, 9].
