аЯрЁБс>ўџ :<ўџџџ9џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџьЅС% №П !bjbj%ч%ч "8GGБWџџџџџџl,ИИИ8№ 4,žАD D (l l l G G G ЙЛЛЛЛЛЛ$N n’пG G G G G пЏ l l лєVЏ Џ Џ G dl l ЙЏ G ЙЏ XЏ  :U,Йl 8 рќкVT`Ч,ŒИЋ ˆ ЙJTž‹.3 |ЙЏ ,,йNOAO Information Sensitivity Policy Purpose The Information Sensitivity Policy is intended to help employees determine what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of NOAO without proper authorization. The information covered in these guidelines includes information that is either stored or shared via any means. This includes: electronic information, information on paper, and information shared orally or visually (such as telephone and video conferencing). All employees should familiarize themselves with the information labeling and handling guidelines that follow this introduction. It should be noted that the sensitivity level definitions were created as guidelines and to emphasize common sense steps that you can take to protect NOAO Confidential information (e.g., NOAO Confidential information should not be left unattended in conference rooms). Please Note: The impact of these guidelines on daily activity should be minimal. Questions about the proper classification of a specific piece of information should be addressed to your manager. Questions about these guidelines should be addressed to the CIS Departments. Scope All NOAO information is categorized into two main classifications: NOAO Public NOAO Confidential NOAO Public information is information that has been declared public knowledge by someone with the authority to do so, and can freely be given to anyone without any possible damage to NOAO. Examples of NOAO Public Information include employee names, email addresses and phone numbers (complete NOAO phone directories are not NOAO Public Information, however). NOAO Confidential information contains all other non-public information. It is a continuum, in that it is understood that some information is more sensitive than other information, and should be protected in a more secure manner. Included are information that should be protected very closely, such as trade secrets, development programs, protected personnel information and other information integral to the success of the Observatory. Also included in NOAO Confidential is information that is less critical, such as telephone directories, general corporate information, etc., which do not require as stringent a degree of protection. A subset of NOAO Confidential information is "NOAO Third Party Confidential" information. This is confidential information belonging or pertaining to another organization that has been entrusted to NOAO by that company under non-disclosure agreements and other contracts. Another example of NOAO Third Party Confidential information is telescope observing data that we hold in trust for our observers during the data proprietary period. NOAO personnel are encouraged to use common sense judgment in securing NOAO Confidential information to the proper extent. If an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their manager Policy The Sensitivity Guidelines below provide details on how to protect information at varying sensitivity levels. Use these guidelines as a reference only, as actual NOAO Confidential information may necessitate more or less stringent measures of protection depending upon the circumstances and the nature of the NOAO Confidential information in question. 3.1 Minimal Sensitivity If marking is desired, the words "NOAO Confidential" or “NOAO Proprietary” may be written or designated in a conspicuous place on or in the information in question. The material may be accessed by NOAO employees and contractors with a business need to know. The material may be distributed within NOAO by Intranet sections of NOAO web sites, interoffice mail, electronic mail, and electronic file transmission methods. The material may be distributed outside NOAO via U.S. mail and other public or private carriers, electronic mail and electronic file transmission methods. Keep material from view of unauthorized people; erase whiteboards, do not leave in view on tabletops. Machines storing material should be administered with security in mind: electronic information should have individual access controls where possible and appropriate. Outdated paper information should be shredded; electronic data should be expunged/cleared. Reliably erase or physically destroy media. 3.2 Maximum Sensitivity If marking is desired, the words "NOAO Internal: Registered and Restricted" or “NOAO Eyes Only” may be written or designated in a conspicuous place on or in the information in question. The material may be accessed only by designated individuals (NOAO employees or non-employees) with signed non-disclosure agreements. The material may be distributed within NOAO by direct delivery, signature required. The material may be distributed outside NOAO via direct delivery, signature required, by designated carriers. Material stored electronically must be strongly encrypted. Machines storing material should be administered with strong security: individual access controls, physical security and strong encryption. Outdated paper information should be shredded; electronic data should be expunged/cleared. Reliably erase or physically destroy media. Terms and Definitions Expunge To reliably erase, overwrite or destroy data on a PC or Mac you must use a separate program to overwrite data. Otherwise, the PC’s or Mac's normal erasure routine keeps the data intact until overwritten. The same thing happens on UNIX machines, but data is much more difficult to retrieve on UNIX systems. Individual Access Controls Individual Access Controls are methods of electronically protecting files from being accessed by people other than those specifically designated by the owner. On UNIX machines, this is accomplished by careful use of the chmod command (use man chmod to find out more about it). On Mac’s and PC's, this includes using passwords on screensavers, such as Disklock, and setting file access permissions specific to the operating system. Encryption Secure NOAO Sensitive information in accordance with the NOAO Acceptable Encryption Use Policy. International issues regarding encryption are complex. Follow corporate guidelines on export controls on cryptography, and consult your manager and/or the CIS Departments for further guidance. Physical Security Physical security means either having actual possession of a computer at all times, or locking the computer in an unusable state to an object that is immovable. Methods of accomplishing this include having a special key to unlock the computer so it can be used, thereby ensuring that the computer cannot be simply rebooted to get around the protection. If it is a laptop or other portable computer, never leave it alone in a conference room, hotel room or on an airplane seat, etc. Make arrangements to lock the device in a hotel safe, or take it with you. In the office, always use a lockdown cable. When leaving the office for the day, secure the laptop and any other sensitive material in a locked drawer or cabinet. Revision History Updated May 28, 2006 Updated July 12, 2006 Updated July 27, 2006 Updated November 19, 2006 Edited February 19, 2007     NOAO Information Sensitivity Policy Page  PAGE 2 of  NUMPAGES 3 $&.ЪхьюіXop6RWj$%ЉПо^`9(1ђ§,>' 8 | — Б В Д Е З И №члчЯчлчлчХДчлЊч›члХчлЊчлчŒчлчЯчлчлчлƒxsss jUCJOJQJ^JaJCJOJQJ^JHh‚4ГFOJPJQJ^JOJPJQJ^JcHdhн›В&OJPJQJ\^J Hhм›В&5OJPJQJ^J5OJPJQJ^J6OJPJQJ]^J5OJPJQJ\^JOJPJQJ^J5CJOJPJQJ\^JaJ-$%&.,-1:ЩЪмхњјјБјјјјјјјјјјF & FEЦ€Э›В&.0$a$Б !§§хь0 1 > ИЖЖoF & FEЦ€Э›В&З№F & FEЦ€Э›В&.0> Q R Л М 9 : ёђцюіWИЖЖЖЖЖЖЖЖЖoЖF & FEЦ€Э›В&.0F & FEЦ€Э›В&З№ WXpАБНОERj$%mn67ОП§§И§§§§§§§§§§§§§§§§§DC$EЦ€м›В&Пжо9щђ§,> ' ИЖЖЖЖЖЖЖЖЖЖЖЖF & FEЦ€Э›В&.0 ' 8 N e | — Б Г Д Ж З Й К М Н !!! !ИЖЖЖДЖЖЖЖЖЖЖЖЖВЖЖЖF & FEЦ€Э›В&.0И К Л Н щ ъ № ё ђ ѓ ї ј !!!!!! !њярерХререрХрМБCJOJQJ^JaJCJOJQJ^J0JCJOJQJ^JmHnHu0JCJOJQJ^Jj0JCJOJQJU^JCJOJPJQJ^J jU 1hАа/ Ар=!А"А# $ %А i8@ёџ8 NormalCJ_HaJmH sH tH <@< Heading 1$@&CJOJQJ^J<A@ђџЁ< Default Paragraph Font<Z@ђ< Plain TextCJOJQJ^JaJ,, Header  ЦрР!, @, Footer  ЦрР!&)@Ђ!& Page Number@ў2@  Balloon TextCJOJQJ^JaJ.U@ЂA.  Hyperlink >*B*phџ 8џџџџ$%&.,-1:ЩЪмхь01>QRЛМ9 : ё ђ ц ю і W X p АБНОERj$%mn67ОПжо9щђ§,>'8Ne|—БГЖЙМ ˜0€€˜0€€˜0€€˜ 0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜ 0€€˜0€€˜0€€˜ 0€€˜ 0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜ 0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜ 0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜0€€˜ 0€€˜0€€˜0€€˜0€€0€€˜0€€š@0€€š@0€€š@0€€š@0€€š@0€€˜@0€€ 0 VVVYИ !х> WП' !!8?AFQSY!4џ•€tџ•€№8№@ёџџџ€€€ї№’№№0№( № №№B №S №ПЫџ ?№ ББГГДДЖЗЙКМН Œ Ÿ D%ЈџkББГГДДЖЗЙКМН 3333^`АББГГДДЖЗЙКМНщѓї џџ Sue HayesX:\information_sensitivity.docѓIvx.дџџџџџџџџџ'}ЎХx5џџџџџџџџџ„h„˜ўЦh^„h`„˜ўo(.0„8„˜ўЦ8^„8`„˜ў56CJOJQJo(.„p„0§Цp^„p`„0§o(..„@ „0§Ц@ ^„@ `„0§o(... „„0§Ц^„`„0§o( .... „H„ШћЦH^„H`„Шћo( ..... „„ШћЦ^„`„Шћo( ...... „P„`њЦP^„P`„`њo(....... „ „`њЦ ^„ `„`њo(........h „а„˜ўЦа^„а`„˜ўOJQJo(З№h „ „˜ўЦ ^„ `„˜ўOJQJo(oh „p„˜ўЦp^„p`„˜ўOJQJo(Ї№h „@ „˜ўЦ@ ^„@ `„˜ўOJQJo(З№h „„˜ўЦ^„`„˜ўOJQJo(oh „р„˜ўЦр^„р`„˜ўOJQJo(Ї№h „А„˜ўЦА^„А`„˜ўOJQJo(З№h „€„˜ўЦ€^„€`„˜ўOJQJo(oh „P„˜ўЦP^„P`„˜ўOJQJo(Ї№ѓI'}џџџџџџџџџџџџ         џ@€Ь€ P@џџUnknownmfleming Steve Grandi Sue HayesџџџџџџџџџџџџG‡z €џTimes New Roman5€Symbol3& ‡z €џArialG€  MS Mincho-џ3џ fg?5 ‡z €џCourier New5& ‡za€џTahoma;€Wingdings"1ˆˆ№аhd,Г&‚4ГFр›В&&Ј 2Hh 4t№ №ДД0d Ао3ƒQ№мHPџџ!Information Sensitivity Policy Cisco User Sue Hayesўџр…ŸђљOhЋ‘+'Гй0Є˜ Ьиьј ,8 T ` l x„Œ”œф"Information Sensitivity Policy osnfo Cisco User iscisc Normal.dot  Sue Hayes 3e Microsoft Word 9.0v@@p7ХuTЧ@и•i‡_Ч@Дд5T`Ч&ЈўџеЭеœ.“—+,љЎ0 hpŒ”œЄ ЌДМФ Ь њфCisco Systems, Inc.2   "Information Sensitivity Policy Title ўџџџ !"#$%&'(ўџџџ*+,-./0ўџџџ2345678ўџџџ§џџџ;ўџџџўџџџўџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџRoot Entryџџџџџџџџ РFаFнVT`Ч=€1TableџџџџџџџџџџџџWordDocumentџџџџџџџџ"8SummaryInformation(џџџџ)DocumentSummaryInformation8џџџџџџџџџџџџ1CompObjџџџџjObjectPoolџџџџџџџџџџџџаFнVT`ЧаFнVT`Чџџџџџџџџџџџџўџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџџўџ џџџџ РFMicrosoft Word Document MSWordDocWord.Document.8є9Вq