Level-2 Milestone 3508: Certify and Accredit Livermore Computing to NAPS 14.2C

Abstract

This report documents Livermore Computing (LC) activities in support of certifying and accrediting LC’s Secure Computing Facility’s (SCF) NAPS 14.2c compliant Information System Security Plan (ISSP), ASC L2 milestone 3508: Certify and Accredit Livermore Computing to NAPS 14.2c, due September 30, 2010. The full text of the milestone is included in Attachment 1. The description of the milestone is: LC’s cyber security plan accreditation expires March 31, 2010. A new plan must be written to be compliant with the NNSA’s NAPS 14.2c cyber security policy. This new policy requires a complete overhaul of LLNL’s classified security plans. LC will be a major contributor in the effort to create a Site Security Component Library, which will be used as a basis for LC’s NAPS compliant plan. All new security test and evaluation plans will be developed to demonstrate NAPS compliance. Ultimately, the LC Information System Security Plan (ISSP) will be developed and delivered. This milestone is complete when the ISSP and the security test and evaluation plans have been submitted and LC has received interim approval to test. The milestone was completed on August 20, 2010 when a letter from the NNSA Livermore Site Office (LSO) was received by Mr. John E. Lewis, Director of LLNL’s Security Organization, granting LC SCF “Approval to Operate”. The letter is included in Attachment 2. The accreditation as stated in the letter is effective until August 18, 2013.