Metron, Inc.

0KGF3

#16

LAPTOP SECURITY PROCEDURES

Laptop use within Metron secure areas presents unique security problems. The fact that unclassified laptops can be taken into and out of secure areas violates the principle that media (in this case, the laptop hard drive), once brought in to a secure area, never leaves.

Laptops have to be portable to be useful. Locking an unclassified laptop in to the secure environment makes it less useful than an unclassified desktop PC. The Department of Defense will allow laptops to be brought in and out of secure areas, but there is a price we pay in return.

There can be no use of modems or connections to any classified or unclassified computers or networks. They can, on a case by case basis, be connected to docking stations, printers or certain types of projectors, but this is an area that should be addressed by security.

It is very important that we protect the laptops when not in use. Why? Because these specialized rules are briefed only to those who use the laptops. The general staff is not aware of these restrictions. An unattended laptop may be contaminated by someone not aware of these rules. For the same reason, when in a secure area you should not leave a laptop in the possession of anyone who has not been properly briefed by security. When you bring a laptop in to a secure area, you are responsible for maintaining control over its use.

Our anti-virus policies are harder to enforce with laptops because of their portability. If you are at a non-Metron site and you need to use media, remember that you need to scan the media prior to use. Make sure that the laptop has an on-access scanner (one that automatically scans every file when opened or executed.) Remember also to report to security any known or suspected virus attacks immediately.

Laptops are high-value equipment. In addition to the cost of the computer, you may also have Metron-proprietary information on the laptop. Because of their easy portability, laptops are a high risk for theft. As a custodian of this equipment, you have a responsibility to report loss or theft immediately.

Unclassified Metron-owned laptops may be used in the Closed Area by cleared Metron personnel under the following conditions:

  • Use of laptops inside the Closed Area is restricted to only those who have received and signed the Laptop Security Briefing.
  • Absolutely no personally owned laptops/computers are permitted.
  • Only a security approved unclassified laptop with no recording devices or microphones may be used. If a laptop has a built-in microphone, the software to drive the microphone must not be enabled.
  • No use of modems or connections to Metron’s unclassified network within the Closed Area.
  • Laptops cannot connect to any other computers, classified or unclassified within the Closed Area.
  • If an unclassified file on the laptop needs to be transferred to a classified machine, remove the laptop from the Closed Area, copy the file to a new floppy or zip disk and write protect the floppy. Return to the Closed Area, copy the file to the classified machine, and then remove the unclassified media from the closed area.
  • The laptop may only be used for a specific period of time in the Closed Area and must be under the control of the user at all times. It may not be left in the Closed Area overnight.
  • Advise Security at the end of processing that the laptop has been removed.

Unclassified Metron-owned laptops may be used in a Restricted Area where classified processing is being done or during a classified meeting under the following conditions:

  • Use of laptops in a Restricted Area is restricted to only those who have received and signed the Laptop Security Briefing.
  • Absolutely no personally owned laptops/computers are permitted.
  • Laptops cannot connect to any other computers, classified or unclassified within the Restricted Area.
  • Only a security approved unclassified laptop with no recording devices or microphones may be used. If a laptop has a built-in microphone, the software to drive the microphone must not be enabled.
  • Advise those cleared personnel working or attending a classified meeting in the Restricted Area that you will be doing unclassified processing on a laptop.
  • Laptops must be shut down during a classified meeting.
  • Advise Security at the end of processing that the laptop has been removed.

User Acknowledgement

This device will be used to process unclassified, non-program sensitive information only. I understand that all portable AIS devices are subject to random review to verify that there is no program sensitive data resident. I acknowledge that modem or data port connectivity from within a Closed or Restricted Area is not authorized. I also understand that this device will not connect to any other AIS with the Closed/Restricted Area and that, while in a Closed/Restricted Area, the use of floppy disks and/or media is not authorized.

______

SignatureDate

LAPTOP AIS REGISTRATION SHEET

CUSTODIAN

Name: ______Employee Number: ______

SYSTEM INFORMATION

HARDWARE / MAKE/MODEL / SERIAL NUMBER / Metron
Property #
Laptop
External Device(s)
(Other)
HARD DRIVE / REMOVABLE or FIXED / CLASSIFIED or UNCLASSIFIED

User Acknowledgement

This device will be used to process unclassified, non-program sensitive information only. I understand that all portable AIS devices are subject to random review to verify that there is no program sensitive data resident. I acknowledge that modem or data port connectivity from within a Closed or Restricted Area is not authorized. I also understand that this device will not connect to any other AIS with the Closed/Restricted Area and that, while in a Closed/Restricted Area, the use of floppy disks and/or media is not authorized.

Custodian Signature______Date______

SECURITY APPROVAL______