Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 47
47
completed NDAs and Information and Responsibility United States. Agency E administers the county's bus
Request forms covering security questions. and paratransit public transportation system.
Agency E requires all employees working on vulner-
D. Transit Agency D472 ability assessments, security plans, and security en-
Agency D is a large multimodal transit agency. As of hancement plans to execute confidentiality agreements
October 2009, Agency D was in the process of develop- specifically regarding requirements for maintaining
ing its own SSI policy. Departments involved in the confidentiality of material and acknowledging penalties
development process include capital programs, capital for noncompliance. Agency E's Security/Safety Section
program management, legal, procurement, and engi- reviews only security-related bids for CII/SSI.
neering. The policy will cover procurement as well as
other issues. F. Virginia Department of Transportation475
Agency D does protect information other than SSI The Virginia Department of Transportation's
from disclosure based on security grounds, and controls (VDOT) Critical Infrastructure Information/Sensitive
access to all information pertaining to construction pro- Security Information (CII/SSI) Policy is an internal
jects. To date the agency has only had occasion to re- document. However, elements of the policy are de-
view security-related projects for CII/SSI. However, as scribed in publicly available documents, such as
it develops its SSI policy, Agency D intends to require VDOT's guide to identifying CII/SSI. In addition,
the review of all projects to determine the need for con- VDOT's CII/SSI Guide for Vendors and Contractors is
trolling access to procurement documents based on the publicly available.
nature of the project. Rather than focusing on whether The guide cautions that if the information is custom-
the project provides security, the policy will focus on arily public knowledge or the general public has a need
whether information in the procurement is sensitive. to know the information, then it is not CII/SSI. The
For example, a procurement for a project to place cam- guide is based on the criteria on the safety and security
eras in a visible manner in a public area may not re- exemptions in the Virginia Freedom of Information Act,
quire restricted access to procurement information, which provides that records falling under the exemp-
while a procurement to do structural work on a subway tions are excluded from the mandatory disclosure provi-
tunnel may require restricted access because of the sions of the act, but may be disclosed at the custodian's
need to review sensitive structural information to bid discretion unless otherwise required by law.
and to carry out the contract. This approach allows for The guide lists categories of information that might
the prioritization of security information by the incre- be CII/SSI. These include:
mental damage a threat source would gain by knowing
the information. · Engineering and construction drawings and plans
Agency D controls contractor access to SSI and other that would reveal critical structural components or se-
security information by requiring prospective vendors curity equipment and systems, if disclosure would jeop-
to register with FedBizOpps,473 the federal contracting ardize the health or safety of any person or structure.
Web site database. Registration on this Web site re- · Documentation describing the design, function, op-
quires getting cleared to receive sensitive material. eration or access control features of any security sys-
Agency D is also considering carrying out some secu- tem, manual or automated, used to control access to or
rity-related construction work in-house, which would use of any automated data processing or telecommuni-
avoid the need to manage contractor access to security cations system.
information. · Plans and information to prevent or respond to
Agency D does have a single point of contact in each terrorist activity, if disclosure would jeopardize the
of its major groups for handling SSI. Procedurally, pro- safety of any person, including vulnerability assess-
ject design managers review project information for SSI
and notify procurement of the SSI classification. This 475
requires both engineers and procurement personnel to The description of VDOT's sensitive information protec-
tion procedures is based on a review of several publicly avail-
be trained on SSI classification and management.
able documents: Location and Design Division's Instructional
and Informational Memorandum on Procedures for Protecting
E. Agency E474
Sensitive Information,
Agency E is a transportation authority responsible www.extranet.vdot.state.va.us/locdes/electronic%20pubs/Bridg
for surface transportation in a county in the western e%20Manuals/IIM/SBIIM71.pdf (accessed Apr. 1, 2009);
VDOT's CII/SSI Guide for Vendors and Contractors,
http://www.virginiadot.org/business/resources/const/CII_SSIGu
472
ideV6.0InterimRevisionFINAL.PDF; VDOT's Critical Infra-
The description of Agency D's security/procurement prac- structure Information (CII) Sensitive Security Information
tices is based on responses from the agency to questions posed (SSI) Agreement to Establish a Company Representative,
by the author. Responses are maintained in the author's files. http://vdotforms.vdot.virginia.gov/SearchResults.aspx?filename
473
www.fbo.gov/. =CII%20Company%20Rep%20V5.pdf (accessed Apr. 1, 2009);
474
The description of Agency E's security/procurement prac- VDOT's Guide to identifying CII/SSI,
tices is based on responses from the agency to questions posed http://vdotforms.vdot.virginia.gov/SearchResults.aspx?filename
by the author. Responses are maintained in the author's files. =Guide%20to%20Identifying%20CII%20SSI.pdf.
