1. DRAFT DRAFT
Policy for Compiler and Interpreter Usage
Within Tier II Production Centers and Platforms
In Compliance with IRM 2.1.7, 2.1.8, 2.1.10, and 21.2
2. DRAFT DRAFT
TABLE OF CONTENTS
1.0 INTRODUCTION 1
2.0 PREMISES 1
3.0 REFERENCES AND AUTHORITY 1
4.0 MISSION 1
4.1 THE ROLE OF DSMB 2
4.2 DSMB RESPONSIBILITIES 2
4.3 UNIX SECURITY 2
4.4 IRM 2.1.7 3
4.5 IRM 2.1.8 3
4.6 IRM 2.1.10 4
4.7 IRM 21.2 5
4.8 IRS DOCUMENT 9627, INFORMATION SYSTEMS SECURITY PROCEDURAL GUIDE 5
5.0 SECURITY 6
6.0 POLICY FOR COMPILER AND INTERPRETER USAGE WITHIN TIER II PRODUCTION
SYSTEMS 6
6.1 PERL AND IRM 102.1.4 6
6.2 INITIAL AUDIT OF TIER II CORPORATE PLATFORMS 7
6.3 USAGE OF INITIAL AUDIT REPORT 7
6.4 FUTURE USAGE OF COMPILERS AND INTERPRETERS ON TIER II CORPORATE PLATFORMS 8
6.5 SECONDARY AND PERIODIC AUDITS 9
7.0 CONSEQUENCES RESULTING FROM NOT ESTABLISHING THIS POLICY 9
3. DRAFT Page: 1 DRAFT
1.0
Introduction
In accordance and compliance with the standards detailed in IRM 2.1.7,
Information Systems Operations; and the directives detailed in IRM 2.1.8,
Information Systems Operations Support, and IRM 2.1.10, Information
Systems Security; this document will:
(1) Define the policy for the usage of compilers and interpreters within the
Tier II Production environment at the Computing Centers and
Campuses.
(2) Outline the tasks required to fulfill that policy.
2.0
Premises
(1) All Tier II systems operate in a trusted environment.
(2) The Distributed Systems Management Branch, M:I:SS:DS (DSMB) is
responsible for all Tier II platforms.
(3) The Distributed Systems Management Branch, M:I:SS:DS (DSMB) is
responsible for Configuration Management (CM) on all Tier II corporate
platforms (SUN, NUMA-Q, EMC).
(4) Without the establishment of the policy listed in the previous section,
the Tier II Consolidated Environment is at risk for the compromise of
system and structural integrity.
3.0
References and
Authority
The following documents are cited here as references and authority for this
Policy:
(1) Memo of June 7, 1999 from Paul J. Cosgrave, CIO, on Tier II Systems
Management.
(2) IRM Handbook 102.13, Information Technology Systems, Chapter 5,
Basic UNIX Security Requirements (BUSR) Handbook
(3) IRM 2.1.7, Information Systems Operations, dated November 1, 2000
(4) IRM 2.1.8, Information Systems Operations Support, dated November
1, 2000
(5) IRM 2.1.10, Information Systems Security, dated April 30, 1998
(6) IRM 21.2, Customer Accounts Services, dated March 3, 2001
(7) IRS Document 9627, Information Systems Security Procedures Guide
(8) IRM 102.1, Standard Systems Profile, Chapter 4, Software Engineering
Services
(9) Tier II Systems Support Organizational Roles and Responsibilities
document, Release 3.2, dated October 20, 2000.
(10) Policy for Security and Access Within Tier II Centers and Platforms.
4.0
Mission
(1) The following sections outline the mission and responsibilities of DSMB
for Tier II Management and Technical Support.
4. DRAFT Page: 2 DRAFT
4.1
The Role of
DSMB
(1) As stated in Reference (1), management responsibility for all Tier II
systems has been assigned to the Systems Support Division (SSD).
This responsibility includes Management Policy, Configuration
Management (CM), standards, and technical support including tuning
and troubleshooting assistance. Within SSD, the Distributed Systems
Management Branch (DSMB) will have primary responsibility for this
activity. This branch will provide technical guidance and support for the
operating systems, database management systems, system utilities,
COTS products, and telecommunications interface software running on
all Tier II production, D/R, and PDS platforms. DSMB management and
technical support includes version and update control, distribution and
problem solving of and for operating and data base management
systems and configuration management of these platforms.
Additionally, the branch will have direct responsibility for corporately
managing Tier II systems software components, such as the Sun and
Sequent systems installed in the Service's Computing Centers and
Campuses, respectively.
4.2
DSMB
Responsibilities
(1) As stated in Reference (9), the DSMB is responsible for technical and
programmatic management of all Tier II systems service wide, to
include acquisition, use, management and disposition of Tier II
hardware and other system resources, including asset management
and reporting. The mission includes setting, and enforcing standards
and strategic direction for hardware and system components, including
DBMSs. DSMB may delegate responsibility to subordinate
organizations to accomplish this mission.
(2) Within the context of the DSMB mission, the National Office (NO) has
the primary responsibility for both Configuration Management (CM) and
Controlled Access Protection (C2).
4.3
UNIX Security
(1) As stated in Reference (3), The IRM Handbook 102.13 provides basic
security requirements for Internal Revenue Service (IRS) UNIX
computer systems and networks based on C2 functionality.
(2) Chapter 5 of the handbook specifically addresses the Basic UNIX
Security Requirements (BUSR) for IRS Information Technology
Systems.
5. DRAFT Page: 3 DRAFT
4.4
IRM 2.1.7
(1) Section 2.1.7.1 (11-01-2000), Information Systems Operations,
states:
(1) This section provides general standards and requirements to be
observed by all personnel throughout the Service in carrying out their
Information Systems (IS) Operations responsibilities. This information is
applied to all Systems including those not directly controlled by the
Chief Information Officer (CIO).
(2) Section 2.1.7.2.1 (11-01-2000), National Office IRMs and
Handbooks, states:
(3) General standards must be established at the National Office level
to ensure that activities are properly administered at the local level.
(3) In accordance with the above statements, the DSMB will establish all
standards, policies, and procedures that will guide all aspects of Tier II
Computing Centers and Campuses. This includes Configuration
Management (CM) and Controlled Access Protection (C2).
4.5
IRM 2.1.8
(1) Section 2.1.8.2 (05-11-2000), Systems Control Point Overview,
defines the concept, responsibilities, and duties of the Control Point
function.
(2) In the context of the Control Point function, and for all Tier II Computing
Centers and Campuses, the DSMB will function as the high-level
Control Point for standards, procedures, policies, distribution, and the
SSD Configuration Control Board (CCB). The SSD CCB explicitly
pertains to all installation, upgrade, or maintenance activities for
operating systems, database systems, and COTS software across all
Tier II Computing Centers and Campuses.
6. DRAFT Page: 4 DRAFT
4.6
IRM 2.1.10
(1) IRM 2.1.10, Information Systems Security, provides policies and
requirements to be used by IRS organizations to carry out their
respective responsibilities in information systems security. Among the
subject areas covered in this IRM are the following:
10.1.3 – Information Systems Security Regulations
10.2.4 - Configuration Management (CM)
10.4 - Security Guidelines
10.4.1.8 – Information System User
10.4.3 - Controlled Access Protection (C2)
10.4.3.2 – C2 Security Features
(2) All activities of Tier II Computing Centers and Campuses will comply
with all subsections of 10.1.3 – Information Systems Security
Regulations.
(3) For all Tier II Computing Centers and Campuses, the DSMB functions
as the high-level Configuration Management (CM) authority. This
explicitly pertains to all installation, upgrade, or maintenance activities
for operating systems, database systems, and COTS software across
all Tier II Centers and Platforms.
(4) For all Tier II Computing Centers and Campuses, the DSMB will define
and enforce all policies and procedures pertaining to IRM 2.1.10.4 –
Security Guidelines. The specific sections that apply to this policy are
listed below:
• IRM 2.1.10.4.1.8 – Information System User. This states the
following:
• protect access IDs and authentication codes (e.g., passwords,
personal identification numbers (PIN), encryption codes, etc.)
from any misuse and improper disclosure;
• access only authorized data and applications necessary to
perform management approved responsibilities. However,
access capability does not equate to authority (e.g., browsing of
taxpayer data is not permitted)
• IRM 2.1.10.4.3 - Controlled Access Protection (C2). This explicitly
pertains to all installation, upgrade, or maintenance activities for
operating systems, database systems, and COTS software across
all Tier II Computing Centers and Campuses. The specific section
that applies to this policy is listed below:
• IRM 2.1.10.4.3.2 – C2 Security Features. This states the
following:
• To maintain baseline security requirements for sensitive but
unclassified (SBU) information systems and networks, C2
requirements shall be maintained. Controlled access
protection provides the following security features:
• ensure individual accountability through identification and
authentication of each individual system user;
• maintain an audit trail of user security relevant events;
• control response to a user request to access information
according to the user authorization; and
7. DRAFT Page: 5 DRAFT
• prevent unauthorized access to a user's current or residual
data by clearing all storage areas (core, disk, etc.) before
the storage areas are allocated or reallocated.
4.7
IRM 21.2
(1) Subsection 21.2.2.3.2 references the Taxpayer Browsing Protection
Act. This subsection states that “All IRS employees are required by law
to protect the confidentiality of a taxpayer's tax matters. You must
ensure you are dealing with the taxpayer or someone properly
authorized to receive this data before giving out any tax information. “
(2) The provisions of this new law are listed below:
a. Willful unauthorized access or inspection of non-computerized
taxpayer records, including hard copies of returns - as well as
computerized information - is a misdemeanor, punishable, upon
conviction, by fines, prison terms and termination of employment.
b. Taxpayers have the right to take legal action when they are
victims of unlawful access or inspection - even if a taxpayer's
information is never revealed to a third party.
c. When managers or employees are criminally charged, we are
required to notify taxpayers that their records have been accessed
without authorization.
d. In short, the new law closes the loopholes in the existing statutes
on willful UNAX or inspection. It makes all cases of UNAX -
electronic and paper - a crime that carries with it penalties ranging
from loss of job to fines and prison terms if an individual is
convicted. And in all substantiated cases of UNAX, the
appropriate managerial response, absent any mitigating
circumstances, will be removal.
4.8
IRS Document
9627,
Information
Systems
Security
Procedural
Guide
(3) The purpose of IRS Document 9627 is to provide standardized
procedures to be used by Internal Revenue Service organizations to
ensure the protection of sensitive but unclassified (SBU) information
systems, applications, and networks. Document 9627 includes "how to"
guidance for certain items addressed in IRM 2.1.10, Information
Systems Security. Document 9627 is not meant to cover all procedures
for all the various security processes. Additional procedures are being
considered for inclusion in the future revisions of this document.
(4) Document 9627 provides procedures for:
• Computer Security Plan
• Risk Assessment
• Virus and Malicious Software Prevention
• Controlled Access Protection (C2)
• Security Compliance Review
• Security Exception
• Security Documentation
8. DRAFT Page: 6 DRAFT
5.0
Security
(1) All established IRS security procedures would be followed. The IRS
form 5081 will be used to request access for primary and alternate
DSMB staff to fulfill their mission. In addition, all applicable sections of
the UNIX Security Standards, Reference 3, will be strictly adhered to.
6.0
Policy for
Compiler and
Interpreter
Usage within
Tier II
Production
Systems
(1) The following section delineates the policy for the usage of compilers
and interpreters within the Tier II corporate platforms. This policy will
apply to all Production Tier II corporate platforms at both the
Computing Centers and Campuses.
(2) This policy will ensure that the Tier II environment complies with all
applicable standards, policies, and regulations for Production IRS
systems.
6.1
PERL and IRM
102.1.4
(1) Section 102.1.4.3 addresses Special Use Languages. In particular,
this section of the IRM states that: the languages presented (i.e. C++,
4GLs, and PERL) are not approved for the development of
production systems within the IRS. If adherence to this standard is
either impossible or not in the best interest of the IRS then an approved
waiver must be obtained. See IRM2.1.11, Systems Standards Profile,
Section 1.6, SSP Waiver Process.
(2) Section 102.1.4.3.3.2 Guidance states that: PERL is not a mandatory
Federal Standard, but has been selected for use by the IRS for the
following reasons:
• PERL as a de facto standard is being widely accepted by industry;
• PERL is a leading component for Internet/Intranet development;
• PERL’s process, file, and text manipulation facilities make it
particularly well suited for tasks involving quick prototyping, system
utilities, report generation, database access, systems management
tasks, and lnternet/lntranet programming.
(3) While PERL has been selected for use by the IRS, its use is prohibited
on Tier II corporate platforms due to the lack of security inherent in the
language and lack of product support by the platform vendor. In
particular, it will not reside on any Tier II production platform.
9. DRAFT Page: 7 DRAFT
6.2
Initial Audit of
Tier II Corporate
Platforms
(1) DSMB will conduct an audit of all Tier II corporate platforms at both the
Computing Centers and the Campuses.
(2) This audit shall be used as a baseline to identify the existence and
usage of compilers and interpreters on all Tier II corporate platforms.
(3) The audit will be conducted in one (1) of three (3) ways:
• DSMB will audit directory listings when doing site visits in
accordance with Reference 10, the Policy for Security and Access
within Tier II Centers and Platforms
• This policy details the access accorded DSMB personnel
• Access will be provided in accordance with it
• By DSMB's use of infrastructure management tools
• And by DSMB's coordinating with TIGTA and SPO to ensure this
topic is covered in their audits
(4) This audit will generate a detailed report, for each site and system,
containing the following information:
• Center or Campus
• Platform
• Operating System and Version
• Compiler or Interpreter name
• Compiler or Interpreter release/version
• Date installed
• Date uninstalled
6.3
Usage of Initial
Audit Report
(1) Using the audit report, all identified compilers and interpreters will be
removed from every Tier II production system at both the Computing
Centers and the Campuses.
• All compilers and interpreters will be archived to tape.
(2) The removal process will generate a detailed audit report, for each site
and system, containing the following information:
• Center or Campus
• Platform
• Operating System and Version
• Compiler or Interpreter name
• Compiler or Interpreter release/version
• Date removed
10. DRAFT Page: 8 DRAFT
6.4
Future Usage of
Compilers and
Interpreters on
Tier II Corporate
Platforms
(1) Future usage of compilers and interpreters within the Tier II corporate
platforms will be initiated and tracked through the Change Request
(CR) process. The CR must include a justification to DSMB for the
proposed usage of the compiler or interpreter and approval shall be
granted by DSMB.
(2) Normally, DSMB Transmittal procedures will provide the authority for
the use of the compiler.
(3) The following policies will apply for the future usage of all compilers
(e.g., COBOL, C, etc.) and interpreters (e.g., PERL, BASIC, etc.) on
Tier II corporate platforms.
(4) Compilers are pre-approved only to be used for compiling the UNIX
kernel. However, these compilers shall be uninstalled when not
required for use on the kernel.
(a) The following process would be followed:
• An audit trail will be initiated.
• The compiler would be installed.
• The kernel would be compiled.
• The compiler would be removed after the compile.
• The audit trail would be closed, and the audit report
generated.
11. DRAFT Page: 9 DRAFT
6.5
Secondary and
Periodic Audits
(1) A secondary audit (spot check) may be conducted by DSMB to verify
the removal, at the discretion of DSMB. This would be an
'unannounced' type of audit.
(2) The audit will be conducted in one (1) of three (3) ways:
• When doing site visits in accordance with Reference 10, the
Policy for Security and Access within Tier II Centers and Platforms
• This policy details the access accorded DSMB personnel
• Access will be provided in accordance with it
• By using infrastructure management tools
• And by coordinating with TIGTA and SPO to ensure this topic is
covered in their audits
(3) Periodic (spot check) audits will be conducted by DSMB to verify that
no compilers are resident on Tier II production systems
(4) As stated in Reference (9), DSMB is responsible for the Configuration
Management (CM) of the Tier II corporate platforms. In support of the
CM function assigned to the National Office (NO) Systems
Administrators (SAs) are responsible for controlling version updates to
the Operating System (OS).
(5) In accordance with Reference (9), the National Office (NO) Systems
Administrators (SAs) will be granted the necessary access level (Root)
to conduct the audit of any Production Tier II platform.
7.0
Consequences
Resulting from
not Establishing
this Policy
(1) To be able to provide the required controlled access environment,
certain policies and subsequent implementations dictate that compilers
and interpreters should be removed just as certain remote access
commands need to be removed. The requirements for C2, or the
comparable Common Criteria version, cannot be met without setting a
policy to remove or to tightly control unnecessary software such as
compilers and interpreters.
(2) Without the establishment of the policy listed in the previous section,
the Tier II Consolidated Environment is at risk for the compromise of
system and structural integrity.