Guidelines For Asset Integrity Management Free Download ##BEST##
Organizations have two options in conducting a CRR: a self-assessment available free for download from this website, or a facilitated session involving on-site DHS representatives trained in the use of the assessment. The self-assessment tool can be found here: CRR Self-Assessment Package and in the resources section listed above, along with additional guidance and supplementary information. For information regarding the scheduling of an in-person facilitated session please contact cyberadvisor@cisa.dhs.gov.
Guidelines For Asset Integrity Management Free Download
After making progress on the measures above, organizations can use the free services and tools listed below to mature their cybersecurity risk management. These resources are categorized according to the four goals outlined in CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats:
You can customize the SCF online at -the-scf and it will allow you to select only those laws, regulations and industry frameworks that apply. The end result is you can export a customized control set in CSV format that you can edit in Excel. You will be prompted to create a free account that will let you download the SCF, as well as use the SCF customization tool (shown below):
Metegrity is the market leader in pipeline construction quality and asset integrity management (AIM) software solutions for plants, pipelines, and facilities. For over 25 years we have established a proven track record in the oil & gas, pipeline, mining, and chemical process industries.
The Snort Subscriber Ruleset is developed, tested, and approved by Cisco Talos. Subscribers to the Snort Subscriber Ruleset will receive the ruleset in real-time as they are released to Cisco customers. You can download the rules and deploy them in your network through the Snort.org website. The Community Ruleset is developed by the Snort community and QAed by Cisco Talos. It is freely available to all users.
In 2017, the number of reportable release incidents and the volume of hydrocarbons and other fluids released declined from the previous year, due in part to improvements in integrity management and spill prevention programs, as well as the disposition of legacy assets. Reportable incident counts and volumes were all better than targets. The enhanced focus on spill prevention and early detection has allowed the Company to set more stringent targets for 2018.
Husky is committed to operational integrity: conducting all activities safely and reliably so that the public is protected, impact to the environment is minimized, the health and well-being of employees is safeguarded, contractors and customers are safe, and physical assets (such as facilities and equipment) are protected from damage or loss.
Overview: Corebook is an advanced brand guidelines building tool that offers greater privacy controls, customizations, and integrations. Choose which parts of your brand guidelines to share with different parties and easily sync your guidelines with other asset management tools like Dropbox or Google Drive.
As an add-on, Corebook also allows you to upload multimedia content, including videos, soundbites, animations, and more. Your brand guidelines, usage rules, and assets are all easily accessible through your white-labeled custom URL link.
Overview: Lingo combines the organizational benefits of a digital asset manager with the easy-launch benefits of a brand guidelines builder to form a tool that makes branding and asset distribution a breeze. Lingo has a simple user interface, allowing editors to start with a premade template or drag and drop text boxes, visuals, files, and more directly into a custom brand playbook.
Like other brand guidelines builders, you can use Lingo to give specific users varying levels of access, providing the right assets and guidelines to the right stakeholders. Lingo even helps those users convert files to the right size and format automatically.
a. It is NASA policy to:(1) Permit limited acceptable personal use of NASA Government-furnished property (GFP), information technology (IT) equipment, services, and resources (hereinafter referred to as NASA IT) for non-government purposes, when such use does not overburden any of the Agency's IT services and resources and when access to these IT services and resources does not interfere with official Government business. GFP includes NASA assets, including all devices and equipment. The intent of limited acceptable personal use is to provide a professional and supportive work environment while meeting taxpayer expectations that tax dollars be spent wisely. Acceptable personal use is limited to use that incurs no more than minimal additional expense to the Government in areas such as: communications infrastructure costs; use of consumables in limited amounts; general wear and tear on property; minimal data storage on storage devices; and minimal impacts on NASA IT systems.(2) Permit limited acceptable personal use of NASA GFP, IT equipment, services, and resources to individuals during the non-duty time of reasonable duration and frequency of use, including during official work breaks, and when the use does not:(a) adversely affect the performance of official duties; (b) result in the loss of an individual's productivity; (c) pose a cybersecurity risk;(d) violate applicable laws and regulations; or(e) interfere with the official business or mission of NASA.(3) Not allow NASA equipment to be used to download illegal, inappropriate, or unauthorized content and untrusted, unapproved, or malicious software applications or services. Use of NASA IT is prohibited for commercial purposes, "for-profit" and "non-profit" activities, or in support of outside employment or business activity.(4) Maintain that individuals have no expectation of privacy while using any NASA IT at any time, including, but not limited to accessing the Internet, proxy-bypass services, or e-mail. Users have no expectation of privacy even during limited periods of personal use. They have no expectation of privacy even when using personal equipment, services, and applications while connected to NASA GFP, IT equipment, or services.(5) Maintain that non-compliance or unauthorized or improper use of NASA IT may result in the suspension or revocation of access to NASA products, networks and services, disciplinary action, as well as civil and criminal penalties. Unauthorized and improper use is defined in Attachment C.(6) Maintain that Authorizing Officials (AOs) for mission systems may impose stricter security controls, user privacy controls, and restrict applications for their systems due to mission criticality or unique mission requirements.(7) Maintain that the privilege to use NASA GFP, IT equipment, services, and resources for non-government purposes may be revoked or limited at any time by Federal or Agency officials. NASA Centers and contractors may invoke stricter policies or implementing guidance.2. APPLICABILITY a. This directive applies to NASA Headquarters and all NASA Centers, including Component Facilities and Technical and Service Support Centers. For purposes of this directive, NASA Headquarters is treated as a Center. Further, all stipulated Center requirements apply to NASA Headquarters.b. This directive applies to contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the contracts, grants, or agreements. This directive is applicable to the Jet Propulsion Laboratory (JPL), a Federally Funded Research and Development Center (FFRDC), only to the extent specified in the NASA/Caltech Prime Contract.c. This directive applies to all unclassified NASA information and NASA information systems, including those that are contracted out, outsourced to, or operated by:(1) Government-owned, contractor-operated (GOCO) facilities;(2) partners under the National Aeronautics and Space Act; 51 U.S.C. 20101, et seq;(3) partners under the Commercial Space Launch Act, as amended, 51 U.S.C. 50913;(4) partners under cooperative agreements; or(5) commercial or university facilities.d. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.e. This directive applies to NASA IT User acceptable use of NASA GFP, approved non-GFP, NASA IT, and personally owned IT devices (including Internet of Things (IoT) devices) when connected to NASA GFP, IT equipment, services, resources, and NASA data. Additional policies and procedures on contractor-accountable, NASA-owned, and Center-accountable property can be found in Federal Acquisition Regulation (FAR), Government Property, 48 CFR pt. 45; NASA FAR Supplement, Government Property, 48 CFR 1800, pt. 1845; and the terms and conditions of individual contracts.f. In this directive, all document citations are presumed to be the latest version unless otherwise noted.3. AUTHORITY a. Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551.b. Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems.4. APPLICABILITY DOCUMENTS AND FORMS a. NPD 2810.1, NASA Information Security Policy.b. NPR 1382.1, NASA Privacy Procedural Requirements.c. NPR 2810.2, Possession and Use of NASA Information and Information Systems Outside of the United States and United States Territories.d. ITS-HBK-SCRM.2810.v1.0.0, Information & Communications Technology Supply Chain Risk Management.e. NASA Advisory Implementing Instruction 1050-3B, NASA Partnerships Guide.5. RESPONSIBILITY a. The Office of the Chief Information Officer (OCIO) shall:(1) Implement, manage, and maintain this directive, and ensure this policy is disseminated to all NASA IT Users.(2) Ensure sufficient controls at the Agency level and procedures for NASA IT Users' awareness of proper personal use of GFP and non-GFP (including personally owned devices) when connected to NASA networks, IT equipment, and services and are responsible for developing cost-effective controls for monitoring or preventing abnormal or inappropriate use. GFP controls include blocking of inappropriate websites and phone numbers, flagging abnormal long distance or other phone charges, and monitoring network traffic for suspicious traffic or inappropriate use (see Attachment C.2 for definition).b. Information System Owners (ISOs) shall:(1) Ensure that current NASA interns, partners, grantees, and other users covered under Space Act Agreements or other official NASA agreements are knowledgeable of Federal and Agency policy before using U.S. Government property, data, and services.(2) Authorize limited installation of software necessary for mission functions with the documented approval of the system AO.(3) Ensure that software authorized per 5.b(2) above:(a) meets supply chain requirements identified in ITS-HBK-SCRM.2810.v1.0.0, Information & Communications Technology Supply Chain Risk Management;(b) is licensed for NASA use; and(c) is obtained from a safe and authorized source per the procedures described in ITS-HBK-SCRM.2810.v1.0.0.(4) Request the minimum software installation necessary for mission functions, in coordination with the Center IT Asset Manager (ITAM). A list of ITAMs is available at: Current NASA interns, partners, grantees, and other users covered by Space Act Agreements or other official NASA agreements may use NASA GFP, IT equipment and services consistent with their agreements if explicitly authorized by the applicable ISO.d. Contracting Officers, as defined in Federal Acquisition Regulation 2.101, or Agreement Managers, as defined in NASA Advisory Implementing Instruction 1050-3B, NASA Partnerships Guide, shall:(1) Ensure that contractors are informed on the uses of Government IT resources, approved/authorized non-GFP, and personally owned devices as a part of the introductory IT security training, orientation, or the implementation of this policy as part of a NASA contract.(2) Ensure that contractors address allowable use of Government IT resources in System Security Plans, IT Security Plans, and IT Security Management Plans.(3) Ensure contractors who process, store, or transmit NASA information on approved/authorized non-GFP or personally owned devices, IT equipment, software, and media do so only when the contract under which they perform specifically establishes terms and conditions for such use, that necessary approvals have been obtained, and that the contractor otherwise meets and complies with NASA security standards and policy.e. Supervisors shall:(1) Permit the allowable use of NASA IT equipment, services, and resources.(2) Pursue sanctions for misuse of NASA IT, including potential disciplinary action.(3) Ensure NASA IT Users taking NASA IT equipment outside the U.S., whether on official or personal travel, meet the requirements in accordance with NPR 2810.2, Possession and Use of NASA Information and Information Systems Outside of the United States and United States Territories.(4) Ensure NASA IT Users taking NASA IT equipment outside of the U.S. have export authorization, which includes validation of official work requirement for the employee or contractor that necessitates exporting GFP or IT equipment in support of Government business.f. NASA IT Users shall:(1) Comply with the requirements regarding personal use of NASA IT equipment, services, and resources and the Rules of Behavior for U.S. Government property, data, and services as outlined here and in Attachments C (Specific Provisions) and G (Rules of Behavior) to this directive.(2) Have no expectation of privacy whether using NASA GFP or Non-GFP (employee's own personally supplied property), including, but not limited to, Internet access, proxy-bypass services, or e-mail, even during limited periods of personal use.(3) Ensure that the personal use is consistent with Standards of Ethical Conduct for Employees of the Executive Branch, 5 CFR pt. 2635, if civil servants. (4) Conduct themselves professionally in the workplace and not use NASA IT for activities that are inappropriate or illegal (see Attachment C.2).(5) Ensure that the personal use of NASA IT does not create the appearance of acting in an official capacity or that NASA endorses or sanctions any personal activities.(6) Separate official and personal communications to ensure all official communications are identified and conducted to comply with applicable law, regulation, and policy.(7) When using NASA IT, use social media responsibly, safely, and judiciously, whether in an official capacity or for personal use, to protect mission objectives, information assets, program integrity, data, and NASA's reputation.(8) Not alter or change in any way configurations for NASA IT in a manner that does not adhere to NASA policy, specifications, or standards.(9) Not use NASA IT to download illegal, inappropriate, or unauthorized content or untrusted, unapproved, or malicious software applications or services.(10) Not use NASA IT for commercial purposes, "for profit" and "non- profit" activities, or for outside employment or business activity, such as a sole proprietorship.(11) Not download, copy, or install unapproved or unauthorized software applications or data programs onto NASA IT or NASA-approved and authorized networks and devices, including, but not limited to:(a) Screen savers.(b) Computer games.(c) Personal financial management software. (d) Tax preparation software.(e) Free, test, trial, or demo software. (f) "Push" technology applications.(g) Network monitoring software.(h) Video-conferencing software.(i) Virtual machines.(12) Not engage in prohibited activities on NASA IT or NASA-approved and authorized networks and devices, including, but not limited to:(a) Peer-to-peer (P2P) file sharing.(b) Online file storage using services not explicitly authorized by NASA. (c) Online gaming or gambling.(d) Cryptocurrency-mining.(e) Installing, viewing, or accessing the following types of software or websites:(i) Pornographic, sexually explicit, or sexually oriented materials.(ii) Personal services websites, such as dating services where a user registers NASA credentials creating an appearance that the user is acting in an official capacity or with NASA's endorsement.(iii) Hacking-related websites or sites which expose NASA to unacceptable security risk regardless of the known or potential security risks or lack thereof.(iv) Proxy-bypass services, or services of similar capabilities. See Attachment E.(v) Unauthorized remote access sites, software, or services of similar capabilities. See Attachment E.(13) Not install software created or maintained by companies banned by the Federal Government on NASA IT, services or resources, or on any system storing, transmitting, or processing NASA data. See Attachment F.(14) Not connect by any method equipment manufactured by companies banned by the Federal Government to NASA IT, services or resources, or on any system storing, transmitting, or processing NASA data. See Attachment F.(15) Not use equipment manufactured by companies banned by the Federal Government for any Government or non-government business use including but not limited to hardware, telecommunications, data storage, data processing, or video or voice communications. Federal Government has banned the equipment of the following companies that manufacture them: 1. Telecommunications equipment produced by Huawei Technologies Company, including telecommunications or video surveillance services provided by such entity or using such equipment.2. Telecommunications equipment produced by ZTE Corporation, including telecommunications or video surveillance services provided by such entity or using such equipment.3. Video surveillance and telecommunications equipment produced by Hytera Communications Corporation, to the extent it is used for the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment.4. Video surveillance and telecommunications equipment produced by Hangzhou Hikvision Digital Technology Company, to the extent it is used for the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment.5. Video surveillance and telecommunications equipment produced by Dahua Technology Company, to the extent it is used for the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment.6. Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates.7. International telecommunications services provided by China Mobile International USA Inc., subject to section 214 of the Communications Act of 1934.8. Telecommunications services provided by China Telecom (Americas) Corp. subject to section 214 of the Communications Act of 1934.9. Detailed and updated information can be found at This prohibition applies to:(a) All business uses and infrastructure, including those not tied to Government or its data.(b) Any and all Bring Your Own Device (BYOD) programs, meaning