Re: System Staff policy guidelines

Michele D. Crabb <crabb@amelia.nas.nasa.gov> Tue, 10 April 1990 18:42 UTC

Received: from amelia.nas.nasa.gov by cert.sei.cmu.edu (5.61/2.2) id AA17563; Tue, 10 Apr 90 14:42:50 -0400
Received: Tue, 10 Apr 90 11:42:24 -0700 by amelia.nas.nasa.gov (5.61/1.2)
Date: Tue, 10 Apr 90 11:42:24 -0700
From: Michele D. Crabb <crabb@amelia.nas.nasa.gov>
Message-Id: <9004101842.AA15856@amelia.nas.nasa.gov>
To: ssphwg@cert.sei.cmu.edu
Subject: Re: System Staff policy guidelines

Hi -

Here where I work I managed to get approval on a policy and a set of
guidelines governing the use of what I term "Special Access".

At NAS, we have over 35 Special Access accounts and over 85 people with
some combination of the special access passwords.  Due to the scope of
authority it was necessary to have a policy to enforce the rules.
To back up the policy, I wrote a set of guidelines which everyone
must read and sign before receiving their special access passwords.
If they refuse to sign the guidelines agreement, they do not get
their special access and must find some other type of work to due.

While the policy and guidelines won't stop everyone from abusing
their special privileges, it provides our management a way to deal
with those who do abuse their access.  Also, it nullifies the old
excuse "I did not know".

I have placed text versions of these Frame documents on amelia.nas.nasa.gov
and they are available via ftp anonymous.  The two docs are located in
in the ~ftp/pub dir and are named: sp_access.guidelns and sp_access.poli.

If anyone have comments regarding these documents, I would like to hear
them via Email to crabb@amelia.nas.nasa.gov.

Also, along with the policy and guidelines, there is a speical form I 
developed which is used to request special access.  I can place a Postscript
version of this on amelia if anyone is interested.o

Michele Crabb
NAS Security Analyst
Computer Sciences Corporation
NASA Ames Research Center
Moffett Field, Ca 94035
(415) 604-4337