ML20053B118
| ML20053B118 | |
| Person / Time | |
|---|---|
| Issue date: | 11/13/1980 |
| From: | Anne Frost NRC OFFICE OF ADMINISTRATION (ADM) |
| To: | Harris R, Puglise A NRC OFFICE OF ADMINISTRATION (ADM), NRC OFFICE OF THE CONTROLLER |
| Shared Package | |
| ML20053B111 | List: |
| References | |
| FOIA-81-409 NUDOCS 8205280073 | |
| Download: ML20053B118 (4) | |
Text
.-.--...
s t
-t-p" ** G ug
+
o UNITED STATES
' g NUCLEAR REGULATORY COMMISSION E}
g WASHING TON. D. C. 20555
%A.'....
t!ovember 13, 1980 i
MEMORANDUM FOR: Angelo Puglise, Director Division of Accounting, CON
-& Richard Harris Facilities and Systems Security Branch Division of Security, ADM FROM:
Asa R. Frost, Jr., Chief ADP Management Systems Branch Division of ADP Support, ADM
SUBJECT:
PAYROLL SYSTEM SECURITY STUDY Attached is a summary of the actions recommended in the Payroll' System Security Study dated August 26, 1980.
Along with each recommendation, I have identified the NRC organization which has primary responsibility for any action deemed necessary.
~
l In order to complete this p'roject, I would appre'ciate a resp'onsi from each addressee identifying the action taken/ planned or an explanation of why no i
j further action is necessary.
I will take action on those recommendations identified as "ADP Support" responsibility. Once I have all comments, I will issue a supplement to the cited report in order to complete the project.
Although not all necessary resolutions may be accomplished for each cited problem within two weeks, I do feel that a plan of action can be drafted in that time frame.
I would appreciate a response along with proposed resolutions / comments by November 28, 1980.
- r f1 d-C M Asa R. Frost, Jr.,
ief ADP Management'Sys ems Branch Division of ADP Support, ADM cc:
W. Glenn, OIA Attachment 820 5 28 0crif
-.m e
e RESPONSIBLE RECOMMENDED ACTION DIVISION STATUS / COMME!!TS 1.
Making guard personnel aware of the sensitive nature of the information being processed on Security J
the Lugenbeel Division of Accounting computer facility.
Badges / Passes should be displayed by all personnel upon entry and exit from the building.
Since the facility and the complement of personnel are small in the 2.
Lupenbeel facility, the guards Security recognize'most people by sight.
However since badges were not always required to be shown, it would be fairly easy for a dis-gruntled former employee to gain entrance to the building.
4 Smoke and/or thermal detectors should be placed in the computer room.
In the event that a fire started in the room when it was ADP Support unoccupied, a very good prob-ability exists for the computer equipment to be completely destroyed before the fire was detected.
3.
A security alarm system should be installed on all windows on Security l
the second and third floor levels.
4.
The alarm system should be act-l iviated at the Phillips building when guard personnel are not Security physically at the Lugenbeel building.
l Program listings should be kept in locked file cabinets located ADP Support outside of the computer room.
Payroll tapes at both the Lugenbeel and Phillips building should be kept in a combination lock-type fire resistant safe.
ADP Support These safes should be locked at all, times when the tapes are not in use.
O h
i
~..
k
~
O O
4 RESP 0f1SIBLE RECOMMEf1DED ACTION DIVISION STATUS /COMMEr4TS Lockable tape transport cases should be provided for movement ADP Support of tapes off-site.
Handcarts should be available to remove essential listings and Accounting 4
i tapes in the event of fire or i
other emergencies.
Locks on all computer room doors should be of the tamperproof
{
dead-bolt type.
Broken locks ADP, Support (Landow Building computer room door) should be replaced.
All persons not known to office or computer room personnel should be challenged. This is part-icularly applicable to the Landow facility. Test team mem-Accounting bers twice entered this facility, once with Division of Security Personnel, without challenee or s
obstruction.
~ ~^~
5.
A security training program should be instituted for all personnel in the Division of Accounting. This program I
could be a half-day course
~
l wherein the provisions of the Accounting Privacy Act of 1974 and the attendent penalities for un-lawful disclosures of personal data (sensitive) would be explained to the personnel' who handle such information.
A safety training program be instituted for all personnel in both the Division of Accounting and Division,of ADP ADP Support Support in regards to fire evacuation routes, proper handling of fire extinguishers,
~
etc.
Fire evacuation routes and the cor, rect locations of all fire ADP Support suppression equipment be clearly __.
e ry-ysi-ty w-i r-g-
+
m+
5
-w+--
7=gg
'~,*-4w q
--,y---.i.m 9
-g
--,-9
+ - - - ---
w.
2
- +-
t-
}
9 9
, RESPONSIBLE RECOMMENDED ACTION DIVISION STATUS / COMMENTS marked on charts and prominently displayed.
(The charts now displayed do not show all_ locations of fire extinguishers nor the type.)
Emergency fire, local police and building guards telephone numbers should be prominently displayed in all work areas, preferably a sticker ADP Support with these numbers could be printed and displayed on each telephone device.
Keys to the computer room, the payroll section and other areas which contain any sensitive information or listings should be kept in a locked wall-mounted Accounting key cabinet. The key to the cabinet should be strictly controlled by the Director, Division of Accounting.
6.
A system of property slips for the removal of materials (tapes, disk packs, etc.) should be established.
These property slips should be authorized and signed by the Director, Division of Accounting. At the present-time anyone can remove these properties from the building Security unchallenged by the guard personnel.
A sign should be posted in the lobby area informing.all NRC l
personnel and visitors that packages I
and briefcases of persons entering and le'aving the building are subject to search by the security guards.
~
O