ML22080A040
| ML22080A040 | |
| Person / Time | |
|---|---|
| Issue date: | 06/01/2018 |
| From: | Jonathan Feibus NRC/OCIO |
| To: | |
| Dabbs B | |
| Shared Package | |
| ML22077A369 | List: |
| References | |
| CSO-PROS-2101 | |
| Download: ML22080A040 (6) | |
Text
Nuclear Regulatory Commission Office of the Chief Information Officer Computer Security Process Office Instruction:
CSO-PROS-2101 Office Instruction
Title:
NRC IT System/Subsystem/Service Decommissioning and/or Transfer Process Revision Number:
2.1 Effective Date:
June 1, 2018 Primary Contacts:
Jonathan Feibus Responsible Organization: OCIO
==
Description:==
CSO-PROS-2101, NRC IT System/Subsystem/Service Decommissioning and/or Transfer Process, provides the process used for orderly decommissioning and/ or transfer of an unclassified IT system/subsystem/service and any associated data.
Office Owner Primary Agency Official OCIO Jonathan Feibus Chief Information Security Officer (CISO)
CSO-PROS-2101 Page i TABLE OF CONTENTS 1
PURPOSE............................................................................................................................................................ 1 2
GENERAL REQUIREMENTS......................................................................................................................... 1 3
SPECIFIC REQUIREMENTS.......................................................................................................................... 2 4
SUBMITTAL PROCESS................................................................................................................................... 3
CSO-PROS-2101 Page 1 Computer Security Process CSO-PROS-2101 NRC IT System/Subsystem/Service Decommissioning and/or Transfer Process 1 PURPOSE The purpose of CSO-PROS-2101, NRC IT System/Subsystem/Service Decommissioning and/or Transfer Process is to identify the process for orderly, secure decommissioning and/or transferring of a Nuclear Regulatory Commission (NRC) unclassified Information Technology (IT) system/subsystem/service and the handling of any associated data (digital or non-digital).
This process should only be used when:
A system is being fully decommissioned or transferred into another system.
A subsystem is being removed from a system or transferred to another system.
A system is no longer using one of its services, or a service is being transferred to another system.
The information in this document is intended to be used by information owners, system owners, and Information System Security Officers (ISSOs).
CSO-PROS-2101 applies to any information system/subsystem/service that stores, transmits, receives, or processes unclassified NRC data.
2 GENERAL REQUIREMENTS When a system/subsystem/service is transferred to another system, becomes obsolete, or is no longer usable, it is important to ensure that government resources and assets are protected. System/subsystem/service decommissioning includes the execution of technical and administrative procedures that maintain the integrity of the information and prevent the inadvertent compromise of data (digital or non-digital). Security considerations include information preservation, proper media sanitization, and hardware/software disposal.
The Disposal Phase of the System Development Life Cycle (SDLC) is where the decommissioning of an IT system/subsystem/service occurs. This phase corresponds to the Retirement Phase of the NRC Project Management Methodology. The system owner must make the formal decision to initiate system/subsystem/service decommissioning planning activities. The system ISSO is responsible for the planning and execution of this process.
For system/subsystem/service transfers, the receiving system owner and ISSO must be in agreement with the transfer and document the approval via email.
Particular attention must be given to preserving the data (digital or non-digital) processed by the system/subsystem/service to ensure the system/subsystem can be reactivated or the system/subsystem information can be used in the future, if necessary. The Information Management Services Branch can provide guidance on the transfer of permanent records and/or disposal of temporary records as applicable.
CSO-PROS-2101 Page 2 Continuous monitoring requirements must be met until the decommissioning and/or transfer process is completed.
3 SPECIFIC REQUIREMENTS For all systems/subsystems/services that are being decommissioned, a Change Request (CRQ) must be created within the BMC Remedy Change Management automated tool using the decommissioning template created within Remedy. For systems/subsystems with virtual equipment, the CRQ process within Remedy tracks the entire decommissioning process.
For a system/subsystem with physical equipment, a CRQ and a Form 30 must be completed so that the Property and Labor Services Branch (PLSB) can account for the disposal of government equipment.
The CRQ(s) must be attached to the submittal email along with the finalized decommissioning and/or transfer plan template. The CRQ decommissioning template accounts for the following tasks:
Notification-server decommission Inventory Configuration Management Database (CMDB) update tasks Remove backup software Remove server from backup checklist Remove server from monitoring Server Removal Activities o Remove server (s) from SCCM o Return IP address o Firewall rule cleanup o DNS cleanup o POA&M closure Update Master Inventory List Validate CMDB update Physical removal The system/subsystem/service decommissioning and/or transfer plan must be developed in accordance with CSO-TEMP-2101, System/Subsystem/Service Decommissioning and/or Transfer Plan Template, and include the following detail, at a minimum:
A description of the IT system/subsystem/service Rationale for the decommissioning or transfer of the IT system/subsystem/service
CSO-PROS-2101 Page 3 Identification of:
All business processes that are dependent upon the system/subsystem/service and how the business processes will continue to be supported once the system/subsystem has been decommissioned or transferred Schedule/timeframe of disposition Information Retention/Disposition System/subsystem/service decommissioning and/or transfer must account for all system/subsystem components (i.e., hardware, software, media) that are to be reused, decommissioned or destroyed. If the components are to be decommissioned or reused, hardware and media must be cleaned of all information, and software must be evaluated to ensure licensing agreements permit the new software use. CSO-STD-2004, Electronic Media and Device Handling Standard provides detailed information on the secure disposal of electronic media and devices.
4 SUBMITTAL PROCESS The NRC IT System/Subsystem/Service Decommissioning and/or Transfer Plan must be submitted by email to the Chief Information Security Officer (CISO) at CISO@nrc.gov for review and approval. The primary and alternate Computer Security Office (CSO) Point of Contact must be included as well. The following artifacts must be attached to the email:
CRQs For transfers, an email showing approval by the receiving owner and ISSO If needed, the revised security categorization of the receiving system to include the transferred system/subsystem If needed, the revised PTA/PIA of the receiving system to include the transferred system/subsystem After obtaining approval via email from the CISO, system/subsystem/service decommissioning or transfer activities may be finalized by the ISSO. The ISSO must notify the Enterprise Architecture POC at: easervicedesk@usnrc.onmicrosoft.com. when a service has been decommissioned or transferred so the NRC-wide inventory can be adjusted.
The system owner must formally notify the owners of interdependent systems and the OCIO Office Director of the IT system/subsystems decommissioning within 30 days of official approval. The necessary information and documentation must be provided to OCIO in order to update the NRC system inventory. System owners of interdependent systems must be provided with all necessary information and documentation in order to correctly update their systems configuration, security, and system documentation to reflect the change.
The system owner must issue a notification message to all system users at least 60 days before the system/subsystem is to be deactivated, followed by a second notice within two weeks of system/subsystem deactivation. Prior to system/subsystem deactivation, system owners must ensure that all system users have been properly notified and that no issues regarding the deactivation are outstanding.
CSO-PROS-2101 Page 4 CSO-PROS-2101 Change History Date Version Description of Changes Method Used to Announce and Distribute Training 25-Nov-13 1.0 Initial release Posting to CSO web page and notification to ISSO forum.
As needed 22-Mar-18 2.0 Revised based on new guidance CSO web page and notification to the ISSO forum As needed 2-June-21 2.1 Added clarification to the Purpose section CSO web page and notification to the ISSO forum As needed