Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
75 APPENDIX F: Examples of SSI and Non-SSI The following table is reproduced from FTAâs March 2009 Sensitive Security Information (SSI): Designation, Markings, and Control, Resource Document for Transit Agencies, page 9, http://transit- safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=968. Table 1. Examples of SSI and Non-SSI Might Be SSI Usually Not SSI System Design and Operational Information Transit system design configurations, including architectural drawings and engineering schematics; critical assets and network topology maps; exposed, unattended, or unprotected assets; critical infrastructure layouts; energy sources; and communications assets and procedures Environmental, safety, or health information Installation and design-related operational information concern- ing critical equipment or components that, if sabotaged, could pre- vent operation or safe shutdown Information needed to comply with laws and regulations Security System Design and Equipment Information Records of vulnerabilities or security deficiencies at specified fa- cilities or locations, or within the transit agency in general Information discernable by casual observa- tion Records of specific locations and design or operational details of internal security devices, such as sensors, detectors, alarms, and barriers Budgeting and cost information Information about the capabilities and limitations of security sys- tems, and methods and times to defeat or degrade equipment, op- erations, or mitigations General information about equipment Security procedures and operations that are of a non-routine na- ture Routine administrative data Information about physical security vulnerabilities and deficien- cies, especially if they have not been corrected Records of past facility and equipment evaluations that do not reveal security-related deficiencies or that reveal deficiencies that have been corrected Information about intrusion detection, alarm, or assessment equipment, including physical and cybersecurity plans and perform- ance of installed equipment Installation records for intrusion detection, alarm, or assessment systems Information about security system design or integration, includ- ing heightened-risk operating procedures Commercial vendor information about secu- rity equipment and systems Data on security personnel assigned to specific transit facilities, including times and locations, where information can not be deter- mined by casual observation Total number of security personnel assigned to transit system facilities, or the fact that per- sonnel numbers are being increased or de- creased Emergency and Emergency Communications Information Some emergency procedures, including heightened-risk operating procedures, contingency plans, and business continuity plans Fire response and evacuation plans that must be shared with all employees Records of assessments, drills, or exercises that reveal system or security vulnerabilities Records of communications equipment used by transit authorities, including emergency management Ridership Data Information about the number of passengers on individual trains or buses or at a particular time of day