NEI 08-09 (Rev. 6)
April 2010
3.19 100B100BConfidentiality Of Information At Rest.................................................................. D-15
3.20 101B101BHeterogeneity.......................................................................................................... D-15
3.21 Fail In Known (Safe) State ..................................................................................... D-15
4 13B13BIDENTIFICATION AND AUTHENTICATION ............................................................. D-15
4.1 103B103BIdentification And Authentication Policies And Procedures ..................................... D-15
4.2 104B104BUser Identification And Authentication ..................................................................... D-16
4.3 105B105BPassword Requirements ............................................................................................. D-17
4.4 106B106BNon-Authenticated Human Machine Interaction (HMI) Security ............................. D-17
4.5 107B107BDevice Identification And Authentication ................................................................. D-17
4.6 108B108BIdentifier Management ............................................................................................... D-18
4.7 109B109BAuthenticator Management ........................................................................................ D-18
4.8 110B110BAuthenticator Feedback .............................................................................................. D-18
4.9 111B111BCryptographic Module Authentication ....................................................................... D-19
5 14B14BSYSTEM HARDENING .................................................................................................. D-19
5.1 112B112BRemoval Of Unnecessary Services And Programs .................................................... D-19
5.2 113B113BHost Intrusion Detection System (Hids) .................................................................... D-20
5.3 114B114BChanges To File System And Operating System Permissions ................................... D-20
5.4 115B115BHardware Configuration ............................................................................................. D-20
5.5 116B116BInstalling Operating Systems, Applications, And Third-Party Software Updates ..... D-21
15B15BAPPENDIX E .............................................................................................................................. E-1
1 16B16BMedia Protection .................................................................................................................. E-1
1.1 117B117BMedia Protection Policy and Procedures (SGI, Non-SGI and 2.390) ........................... E-1
1.2 118B118BMedia Access ................................................................................................................ E-1
1.3 119B119BMedia Labeling/Marking ............................................................................................... E-2
1.4 120B120BMedia Storage ............................................................................................................... E-2
1.5 121B121BMedia Transport ............................................................................................................ E-2
1.6 122B122BMedia Sanitation and Disposal ...................................................................................... E-2
2 17B17BPersonnel Security ............................................................................................................... E-3
2.1 123B123BPersonnel Security Policy and Procedures .................................................................... E-3
2.2 124B124BPersonnel Termination/Transfer .................................................................................... E-3
3 18B18BSystem and Information Integrity ........................................................................................ E-3
3.1 125B125BSystem and Information Integrity Policy and Procedures ............................................. E-3
3.2 126B126BFlaw Remediation ......................................................................................................... E-3
3.3 127B127BMalicious Code Protection ............................................................................................ E-4
3.4 128B128BMonitoring Tools and Techniques ................................................................................ E-5
3.5 129B129BSecurity Alerts and Advisories ...................................................................................... E-6
3.6 130B130BSecurity Functionality Verification ............................................................................... E-6
3.7 131B131BSoftware and Information Integrity ............................................................................... E-7
3.8 132B132BInformation Input Restrictions ...................................................................................... E-7
3.9 133B133BError Handling ............................................................................................................... E-7
3.10 134B134BInformation Output Handling and Retention ............................................................. E-8
3.11 135B135BAnticipated Failure Response .................................................................................... E-8
4 19B19BMaintenance ......................................................................................................................... E-8
4.1 136B136BSystem Maintenance Policy and Procedures ................................................................. E-8
4.2 137B137BMaintenance Tools ........................................................................................................ E-8
4.3 138B138BPersonnel Performing Maintenance and Testing Activities .......................................... E-9