From Idea to Solution for (int i = 0; i < list.length; i++) { select the smallest element in list[i..listSize-1]; swap the smallest with list[i], if necessary; // list[i] is in its correct position. // The next iteration apply on list[i..listSize-1] } list[0] list[1] list[2] list[3] ... list[10] list[0] list[1] list[2] list[3] ... list[10] list[0] list[1] list[2] list[3] ... list[10] list[0] list[1] list[2] list[3] ... list[10] list[0] list[1] list[2] list[3] ... list[10] ... list[0] list[1] list[2] list[3] ... list[10]
View full slide show




Closed Area Checklist - Idea Closed Areas Interview Guide ___Is the media in the area marked properly? (classified, unclassified, and system software) ___Are both classified and unclassified computer equipment affixed with a label indicating their level of processing? ___ Review the visitor log. Pay close attention to the visitor’s company name. Did someone visit from an HVAC service? If so, ask the area custodian what they did. Did they put a hole in the wall or make a change affecting the area integrity or the 147? If so, is it greater than 96 square inches? Did someone visit from Xerox? If so, what did they do while they were there? Did they install a new copy machine with a hard drive? Did this get connected to the classified AIS? Did someone visit from a computer service vendor? If so, what did they do? Did they bring diagnostic equipment with them? If so, did they connect it to the AIS? Did any visitors have “keyboard” access? If so, was that authorized? Dispose of visitor logs from before the last DSS audit ____ Does the 147 note “open storage” of AIS? ____ AIS TEAM MEMBER: Dispose of system paperwork from before the last DSS audit (unless it is still relevant) ___ AIS TEAM MEMBER: Look around. Is there any new hardware connected to the AIS? If so, what is it? Does it have memory? ___ AIS TEAM MEMBER: Check the AIS system access list. Are all individuals still active employees? Balance the list against an active employee listing. Bring a list of recently terminated employees with you, too. Are all individuals on the system access list also on the Closed Area access list? If not, why not? Review the Closed Area access list. Do you see anyone who recently terminated? If so, request that they be taken off the Closed Area access list. Were they on the system access list? If so, has their account been disabled? Balance all the lists against each other. Has everyone on the system access list taken the required CBEs? (Verify.) ___ Are there Security posters in the area? ____ Are the FAX machines in the area marked to indicate “for unclassified use only”? ____ Are the shredders marked “for unclassified use only”? ___ AIS TEAM MEMBER: Do the classified printers have a sign “Output must be treated as classified until reviewed ….?” ___ Are the recycle bins labeled “for unclassified use only”? ____ Are the supplies in the area sufficient? (CD labels, classification labels, coversheets, etc.). ___ Does the area have a “marking guide” poster? ____ Does the area have an updated Security points of contact poster? __ AIS TEAM MEMBER: Before going to audit the system, read about what the system is used for and what it does. This will generate questions and help you understand what goes on in the area ___ AIS TEAM MEMBER: Have a user walk you through the steps they follow when they create classified data. What do they print out? Is it classified? If it’s not classified, do they verify that? How do they know what’s classified? (Do they refer to the program security classification guide? Do they know where the guide is located?) Where do they put the classified when it’s completed? Go look at their safe. Are things marked properly? Ask if the data in the safe is for a current contract. If not, explain the requirements for retention approval. (See NISPOM 5-701) Where does the data or hardware go from there? Is it sent to a customer? What is our relationship with the organization they send it to? Do we have DD Forms 254 in place to/from that organization? What is the classification of what they are working on? Is the system approved up to that level? ___ Do they support IR&D activities? If so, explain how IR&D documents must be marked “IR&D Document,” etc. in accordance with the NISPOM (11-304) ____ Are the above-the-ceiling checks being conducted on the required schedule? Look at the records. Dispose of records from before the last DSS audit __ AIS TEAM MEMBER: Review Trusted Download logs, ask people where the removed media is currently located (stored on a computer, CD, printout), and which method they used for the transfer. DSS is focusing on interviews with employees and may very well ask them to actually demonstrate a trusted download. Ask the employee to walk through the steps with you to prepare them for the audit.
View full slide show