Hardware Protection Hardware security is defined in the Department of the Navy Automatic Data Processing Security Program, OPNAVINST  5239.1,  as  “Computer  equipment features or devices used in an AIS system to preclude unauthorized,  accidental  or  intentional  modification, disclosure, or destruction of AIS resources.” DATA PROTECTION MEASURES FIPS  (Federal  Information  Processing  Standards) PUB 39 Glossary  for  Computer  Systems  Security defines data security as “The protection of data from unauthorized  (accidental  or  intentional)  modification, destruction,  or  disclosure.”  We  are  always  concerned with the integrity of data; is the data the same as that in the source documents? We want to ensure that the data has not been exposed to accidental or intentional modification, disclosure, or destruction. Depending on the type of data being processed, the other users with access to the system, and the technical features of the system to provide the needed safeguards, the system may have to operate in a specific security mode. If  your  command  processes  classified  and/or sensitive unclassified data, it must abide by certain rules to protect it. In the central computer facility (where the host  computer  is  located),  the  physical  security requirements will be equal to the highest classification of data being handled. If  there  are  two  or  more computer systems located in the same controlled area, the systems should be separated to limit direct personnel access to a specific system. In remote terminal areas, security requirements are based upon the highest classification of data to be accessed through the terminals. Each remote terminal must be identifiable through hardware or software features when it is connected to a computer system or network processing classified data. The system or network must know who is logging on. If the computer system to which your remote terminal is connected is processing classified data and your  terminal  is  not  authorized,  controlled,  or  protected for that classification of data, it must be disconnected. The disconnect procedures may be by a hardware measure (such as turning off a switch at the host computer) or a software measure (such as deleting the ID of your terminal during certain processing periods). Because each data classification has different security requirements, we cover each separately. Classified Data Handling  requirements  and  procedures  for classified AIS media (Confidential, Secret, and Top Secret) are the same as those for handling classified information. Anyone who has possession of classified material is responsible for safeguarding it at all times. You need to be familiar with the four security modes that provide for processing classified data: system high, dedicated, multilevel, and controlled. SYSTEM  HIGH  SECURITY  MODE.—  A computer system is in the system high security mode when  the  central  computer  facility  and  all  of  the connected peripheral devices and remote terminals are protected in accordance with the requirements for the highest classification category and type of material then contained  in  the  system.  All  personnel  having computer system access must have a security clearance, but  not  necessarily  a  need-to-know  for  all  material  then contained in the system. In this mode, the design and operation of the computer system must provide for the control of concurrently available classified material in the system on the basis of need-to-know. DEDICATED SECURITY MODE.—  A com- puter system is operating in the dedicated security mode when  the  central  computer  facility  and  all  of  its connected peripheral devices and remote terminals are exclusively  used  and  controlled  by  specific  users  or group  of  users  having  a  security  clearance  and need-to-know  for  the  processing  of  a  particular category(ies) and type(s) of classified material. MULTILEVEL   SECURITY   MODE.—   A computer system is operating in the multilevel security mode when it provides a capability permitting various categories  and  types  of  classified  materials  to  be  stored and processed concurrently in a computer system and permitting   selective   access   to   such   material concurrently by uncleared users and users having differing  security  clearances  and  need-to-know. Separation of personnel and material on the basis of security  clearance  and  need-to-know  is  accordingly accomplished by the operating system and associated system   software.   In   a   remotely   accessed resource-sharing  system,  the  material  can  be  selectively accessed and manipulated from variously controlled terminals  by  personnel  having  different  security clearances and need-to-know. This mode of operation can  accommodate  the  concurrent  processing  and storage of (1) two or more categories of classified data, or (2) one or more categories of classified data with unclassified data, depending upon the constraints 4-10