Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 4
4 LIKELY QUESTIONS CONCERNING MANAGEMENT OF SECURITY INFORMATION Many transit agencies are not familiar with federal requirements for managing security-related information, par- ticularly the technical requirements for critical infrastructure information (CII) and sensitive security information (SSI). Several likely questions, along with sections of the report where the topics are discussed, are set forth below. 1. What are the statutory requirements that cause information to be considered protected CII or SSI under federal law? Are the two categories of information equally relevant for transit agencies? See Section II.B, Critical Infra- structure Information/Sensitive Security Information. 2. What are the major SSI-related issues of which transit agencies should be aware? See the introductory portion of Section II.B, Critical Infrastructure Information/Sensitive Security Information. 3. Are transit agencies required to maintain the confidentiality of infrastructure information the agencies them- selves submit to the federal government? See the introductory portion of Section II.B, Critical Infrastructure In- formation/Sensitive Security Information; discussion of the Critical Infrastructure Information Act of 2002 in Section II.B.1, Federal Legislation. 4. What is the relationship between Federal CII and SSI requirements and state disclosure requirements? See Sec- tion III.B, Public Records Laws--Security Exemptions and Section III.C, Public Records Laws--Other Exemp- tions That May Protect SSI and Other Security Information. 5. What steps should transit agencies take to protect SSI and Restricted Security Information (information that does not meet the federal definition of SSI but is nonetheless worthy of protection from disclosure because of the transportation security ramifications of disclosing it) in the procurement process? See Section IV, Transit Agency Practices and Section V, Applying Security and Contract Management Requirements to the Competitive Procurement Process.