Certificate of Volatility
advertisement
Proprietary Data - When Filled In VENDOR QUESTIONNAIRE Certificate of Volatility The product identified in the following table has been selected by Sage, Laboratories, Inc. for inclusion in an Information System (IS) that will process national security (classified) information. In order to obtain approval from the Defense Security Service (DSS) to process classified information on the proposed Information System (IS), Sage, Laboratories, Inc. must identify all information storage (memory and media) that is included in or provided by the system. Sage, Laboratories, Inc. must also document the procedures used to ensure that classified information processed by the system is not stored on any of the system components should they need to be released from the secure environment (e.g., returned for repair, etc.). Therefore, Sage, Laboratories, Inc. requests that you complete and provide the information below for the item identified. Your assistance in providing the requested data is appreciated. The data will be used solely for the purpose of: a) defining procedures to safely and effectively declassify the subject item prior to changing the overall classification of the system; and b) Defining procedures to safely and effectively declassify the subject item prior to releasing the item from a physically secure environment (e.g., returning the item to the vendor for repair/replace actions). If you have already developed and documented procedures for reviewing the content of non-volatile memory and clearing/overwriting, please provide a copy with your response. The data you provide will be treated as proprietary and will not be disclosed to parties, outside of Sage, Laboratories, Inc. and the approving US Government agency, without your express permission. Should you require a more formalized Proprietary Data Agreement, please contact the person identified at the bottom of this form and arrangements will be made. The information contained on this form shall be considered Sage, Laboratories, Inc. Proprietary Data furnished by the item manufacturer. The data shall be released only to Sage, Laboratories, Inc. employees or US Government representatives as necessary to accomplish the intended task (i.e., obtaining approval to operate a system processing classified data and incorporating the described item). The data shall not be disseminated to other vendor/contractor personnel without the express written authorization of the manufacturer. Proprietary Data - When Filled In Date: Model: 1410-84 Part Number: FP1410-84 Certificate of Volatility Manufacturer: BPM MICROSYSTEMS Street Address: 5373 W. SAM HOUSTON PKWY N STE 250 City: HOUSTON State: TX Zip: 77041 Volatile Memory Does the item contain volatile memory (i.e., memory whose contents are lost when power is removed)? X Yes No If the answer is ‘Yes’, please provide the following information for each type (use additional sheets if required): Type (SRAM, DRAM, etc.): Size: User Function: Process to Sanitize: Modifiable: Yes No Type (SRAM, DRAM, etc.): Size: User Function: Process to Sanitize: Modifiable: Yes No Type (SRAM, DRAM, etc.): Size: User Function: Process to Sanitize: Modifiable: Yes No Non-Volatile Memory Does the item contain non-volatile memory (i.e., memory whose contents are retained when power is removed)? Yes No If the answer is ‘Yes’, please provide the following information for each type (use additional sheets if required): Type (BBRAM, Flash, EEPROM, Size: User Function: Process to Sanitize: etc.): Modifiable: Yes No Type (BBRAM, Flash, EEPROM, Size: User Function: Process to Sanitize: etc.): Modifiable: Yes No Type (BBRAM, Flash, EEPROM, Size: User Function: Process to Sanitize: etc.): Modifiable: Yes No Media Does the item contain media storage capability (i.e., removable or nonremovable disk drives, tape drives, memory cards, etc.)? Yes X No If the answer is ‘Yes’, please provide the following information for each type (use additional sheets if required): Type (Disk, Tape, etc.): Size: User Function: Process to Sanitize: Modifiable: Removable: Yes Yes No No Type (Disk, Tape, etc.): Size: User Function: Process to Sanitize: Modifiable: Removable: Yes Yes No No Type (Disk, Tape, etc.): Size: User Function: Process to Sanitize: Modifiable: Removable: Yes Yes No No The information contained on this form shall be considered Sage, Laboratories, Inc. Proprietary Data furnished by the item manufacturer. The data shall be released only to Sage, Laboratories, Inc. employees or US Government representatives as necessary to accomplish the intended task (i.e., obtaining approval to operate a system processing classified data and incorporating the described item). The data shall not be disseminated to other vendor/contractor personnel without the express written authorization of the manufacturer. Proprietary Data - When Filled In At this time, we will not be able to provide the name and size of those memory components since the information is considered proprietary. Programmers designed and manufactured by BP Microsystems, have several memory devices located on the motherboard and the technology adapter board. We would like to inform our users that at no time is the customer file data stored on any of the non-volatile memory components. In addition, there is no way to erase the data on the non-volatile devices via the programmer operating software. Only the DRAM devices are ever exposed to customer specific information. Of course any data on the DRAM devices is lost at power down. We hope you understand our decision and continue using our programming products. Sincerely BP Microsystems Vendor Representative Information Name: JAMES HOLAVA Title: NATIONAL SALES MANAGER Office Phone: 713-351-5623 Fax/Email: 713-688-3933 Sage, Laboratories, Inc. Representative Information Name: Sharon Blazich Title: Facility Security Mgr/ ISSM Office Phone: 603-459-1693 Fax/Email: sblazich@sagelabs.com The information contained on this form shall be considered Sage, Laboratories, Inc. Proprietary Data furnished by the item manufacturer. The data shall be released only to Sage, Laboratories, Inc. employees or US Government representatives as necessary to accomplish the intended task (i.e., obtaining approval to operate a system processing classified data and incorporating the described item). The data shall not be disseminated to other vendor/contractor personnel without the express written authorization of the manufacturer. Proprietary Data - When Filled In Example Form Date: Model: Fake 123 Part Number: 135XYZ Certificate of Volatility Manufacturer: Acme Manufacturing Company Street Address: 987 Bogus Avenue City: My Fair City State: OH Zip: 34567 Volatile Memory Does the item contain volatile memory (i.e., memory whose contents are lost when power is removed)? Yes No If the answer is ‘Yes’, please provide the following information for each type (use additional sheets if required): Type (SRAM, DRAM, etc.): Size: User Function: Process to Sanitize: DRAM 32 Modifiable: Program Storage Remove power for at least 5 Kbytes Yes minutes. No Type (SRAM, DRAM, etc.): Size: User Function: Process to Sanitize: Modifiable: Yes No Type (SRAM, DRAM, etc.): Size: User Function: Process to Sanitize: Modifiable: Yes No Non-Volatile Memory Does the item contain non-volatile memory (i.e., memory whose contents are retained when power is removed)? Yes No If the answer is ‘Yes’, please provide the following information for each type (use additional sheets if required): Type (BBRAM, Flash, EEPROM, Size: User Function: Process to Sanitize: etc.): 32 Modifiable: Real-Time Clock & Overwrite using system: BBRAM Kbytes Yes Environment Data command. Verify using No printenv command. Type (BBRAM, Flash, EEPROM, Size: User Function: Process to Sanitize: etc.): 1 Mbyte Modifiable: Boot Code Storage Overwrite with know "clean" Flash Yes image using vendor provided No maintenance software. Type (BBRAM, Flash, EEPROM, Size: User Function: Process to Sanitize: etc.): 32 Modifiable: BIOS Not applicable. PROM Kbytes Yes No Media Does the item contain media storage capability (i.e., removable or nonremovable disk drives, tape drives, memory cards, etc.)? Yes No If the answer is ‘Yes’, please provide the following information for each type (use additional sheets if required): Type (Disk, Tape, etc.): Size: User Function: Process to Sanitize: Disk 9 Gbyte Modifiable: Program Storage Cannot be sanitized- destroy if Removable: Yes failed. Yes No No Type (Disk, Tape, etc.): Size: User Function: Process to Sanitize: Tape 4 mm Modifiable: Backup and Archival Storage Overwrite and/or degauss. Removable: Yes Yes No No Type (Disk, Tape, etc.): Size: User Function: Process to Sanitize: Modifiable: Removable: Yes Yes No No Additional Information: Vendor Representative Information Name: John Doe Title: Chief Engineer Office Phone: (330) 555-1212 Fax/Email: John_doe@acme.com Sage, Laboratories, Inc. Representative Information Name: Title: Information Systems Security Mgr Office Phone: Fax/Email: Example Form The information contained on this form shall be considered Sage, Laboratories, Inc. Proprietary Data furnished by the item manufacturer. The data shall be released only to Sage, Laboratories, Inc. employees or US Government representatives as necessary to accomplish the intended task (i.e., obtaining approval to operate a system processing classified data and incorporating the described item). The data shall not be disseminated to other vendor/contractor personnel without the express written authorization of the manufacturer.
