I used a third approach with two different LUGAs (Large Unnamed Government Agencies). I drove to where the agency's computer center, a cleared government employee met me at the entrance as I was not cleared, he escorted me to the computer area, sat next to me at his desk while we both looked at storage dumps, and escorted me everywhere I needed to go within the building. One of these two places even had a revolving red light that began flashing whenever I entered the computer room.
Bill Fairchild Programmer Rocket Software 408 Chamberlain Park Lane * Franklin, TN 37069-2526 * USA t: +1.617.614.4503 * e: [email protected] * w: www.rocketsoftware.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Thursday, June 07, 2012 4:31 PM To: [email protected] Subject: Re: Dumps to vendors with sensitive data On Wed, 6 Jun 2012 12:57:19 -0400, Andy White <[email protected]> wrote: >We recently have a DOD (Department of Defense) account on our systems. >Question if you are sending a dump to a vendor e.g. IBM and there might >be a slight change it has user data stored in common storage. Do you >have a DOD approved person within IBM you send the dump to? Or an >assigned group to your account that deals with GSA/DOD type of issues? > >We haven't sent any dumps to a vendor since taking on this new work but >wanted to know how other companies handle this? > It may depend on the sensitivity of the data that could be exposed, but in my limited experience with classified systems two approaches were taken: (1) The dump never leaves the customer system. The customer would contact the vendor support analysts who would ask the customer system programmer to read them some data from the dump, and if the data was appropriate he would do so. Then the analyst would transcribe the data, examine it, and ask for the next piece of data he needed. Cumbersome, but safe (from a security perspective). (2) The vendor provides a separate data facility with security as required by the classified customer, and vendor personnel with appropriate security clearances who will work there. At that point the customer can send the data to the support facility by an appropriate secure mechanism, and the cleared personnel can analyze it in their secure facility. Of course, the cleared personnel could also work at the customer facility if that's appropriate, since they have clearances. And in either case, if the cleared analyst lacks enough education to do the complete problem analysis they can consult with uncleared vendor analysts, ensuring (just as the system programmer would) that no inappropriate information is given to them. Approach (2) can result in faster problem determination, if the analysts have appropriate training, but it's an expensive undertaking. I know that approach (1) was used in some cases within IBM, and I know of cases where approach (2) was proposed. But I do not know for sure of cases where approach (2) was actually implemented. But it's important to note that for approach (2) to work you need both the appropriately cleared personnel, and an appropriate facility for them to work in. You can't send classified data to the standard IBM Support Center, in my experience. For the final analysis I think you really need to ask -your- DoD Security folks how to handle things, beause only they will fully understand the requirements that apply in your case. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
