Spring 2018 VRS SIP Interoperability Conference

Subscribe to Innovation@MITRE

Want to learn about the latest advances from MITRE's researchers?

Subscribe to our monthly email newsletter, which highlights innovative technologies and concepts across our wide-ranging R&D program. We won't use your email address for any other purpose.



 

 

Supply Chain Summit

Register for an ISAC Account

ISAC - Information Sharing & Analysis Center

Please complete and submit the following form to request registration for the ISAC. You will see a confirmation message and receive a copy of your registration via email after you have clicked "Submit Request".

Participant's Area Rules of Behavior for Partner POC

ISAC - Information Sharing & Analysis Center

MITRE Holistic Analytical Environment (HAE) Rules of Behavior 1.0
for ISAC Trusted Point of Contact (TPOC)

These Rules of Behavior (RoB) apply to ISAC partner staff using the MITRE HAE in the role of Trusted Point of Contact (TPOC).

ISAC partners use MITRE’s HAE to accept and analyze partners’ sensitive Information and to share analytic results.

As an ISAC TPOC, I will:

  1. Sign and abide by this RoB.
  2. Fulfill responsibilities of the TPOC including:
    1. Meet in person or by videoconference with MITRE ISAC Project Lead or designee, if necessary, to initiate the relationship and validate my identity with government-issued identification.
    2. Facilitate the execution of any required legal agreements (e.g., Participant Agreement, Data Sharing Agreement, etc.) with MITRE prior to accessing the HAE or sharing data.
    3. Work with MITRE ISAC Project Lead or designee to manage my organization’s list of authorized ISAC users who have a business need to access the HAE:
      1. Validate the identity of my organization’s ISAC users.
      2. Provide the list of validated users from my organizations to MITRE ISAC project lead or designee for requesting access in the participant’s area. Provide updates to my organization’s list of validated users periodically as needed for the duration of my organization’s involvement in the ISAC, or until my organization designates a new TPOC.
      3. Immediately inform MITRE ISAC Project Lead or designee when individuals leave my organization’s employment or no longer need access to the HAE.
    4. Work with MITRE ISAC Project Lead or designee on any security or privacy issues that arise between MITRE and my organization or its staff.

In addition to serving as the ISAC Partner’s TPOC, I will abide by the following policies and procedures when accessing MITRE HAE for purposes of contributing data and receiving analytical results:

  1. Understand and comply with all applicable policies and procedures.
    1. Read, understand, and comply with my organization’s Policies and Procedures for handling and safeguarding Sensitive Information including Personally Identifiable Information (PII).
    2. Annually complete MITRE HAE Security & Privacy Awareness Training and sign and abide by these Rules of Behavior (RoB) before accessing the HAE.
    3. Only use my own personal credentials (e.g., username, password, registered mobile phone) to access the HAE. Not share my credentials with others.
    4. Only connect to the HAE using a computer provided by my organization on my organization’s network that is patched and up-to-date in its configuration and complies with my organization’s requirements for security and privacy safeguards.
    5. Provide accurate information to the MITRE ISAC Portal Team to obtain access to the HAE, including my name, organization’s name, email, and mobile phone number.
    6. Accept that all actions I perform in the HAE may be monitored and disclosed by MITRE at any time, and for any lawful purpose.
  2. Process (e.g., store, manipulate, transform, transfer) Sensitive Information only in approved environments.
    1. I understand the expectations for the data exchange as documented in the Participant’s Agreement.
    2. If I am involved in submitting my organization’s sensitive information, such as a dataset for analysis:
      1. Ensure the dataset meets expectations for analysis.
      2. Verify the integrity, completeness, accuracy, quality, suitability, and validity of the dataset prior to submission.
      3. Ensure the submission is free of malware.
      4. Encrypt data submitted to the HAE using my organization approved AES 256-bit encryption method, prior to submission.
      5. Submit data to the HAE using appropriate applications  at the direction of the MITRE Project Lead and HAE ISSO.
  3. Not change the HAE hardware or software baseline unless authorized.
    1. Not add external software or modify or remove installed software from the HAE.
  4. Only share sensitive information with authorized users/partners using approved methods.
    1. Access and download only the information in the HAE that I and my organization are permitted to access.
    2. Abide by the Traffic Light Protocol dissemination markings set by the ISAC Senior Executive Board.
    3. Not post analytic results to external newsgroups, social media, and/or other types of third-party website applications, or other public forums unless approved and authorized by the ISAC Executive Official.
    4. Ensure that only authorized individuals can observe my display screen when I am accessing the HAE. If I require assistance from others (e.g., my help desk), I shall close sessions I have open to the HAE before allowing my desktop to be viewed or remotely accessed.
    5. Not use recording devices for audio, still images, or video on HAE systems without written approval from the HAE ISSO.
    6. Accept full responsibility for proper dissemination and destruction of information I download from the HAE or otherwise take outside the HAE boundary.
  5. Report and seek assistance immediately for any problems, suspected or actual, to the, HAE ISSO and the MITRE ISAC Director (idttrf@mitre.org).
    1. Immediately report any HAE-related security or privacy incidents, concerns, or suspicions (e.g., malicious code, unauthorized access, unauthorized disclosure) to the HAE ISSO, MITRE ISAC Director, and my organization’s Trusted Point of Contact (TPOC). If the incident involves sensitive data, HAE personnel will notify the MITRE HAE Privacy Official.

I have read and reviewed the HAE Security and Privacy Awareness Training course. I accept that my access to the HAE (Participant's Area) is covered by and subject to these Rules of Behavior. Further, I accept that MITRE retains the right, at its sole discretion, to sanction violations of these Rules of Behavior through actions including revoking or suspending my access to the HAE. By printing your name in the box below and clicking Yes, you hereby acknowledge that you have carefully read and agree to abide by the Rules of Behavior.

IDTTRF-ISAC
Trusted Point of Contact

Date: November 16, 2018

Image CAPTCHA
Enter the characters shown in the image.

Participant's Area Rules of Behavior for Partners

ISAC - Information Sharing & Analysis Center

MITRE Holistic Analytical Environment (HAE) Rules of Behavior 1.0
for ISAC Partners Users

These Rules of Behavior (RoB) apply to all ISAC Partner staff using the MITRE Holistic Analytics Environment (HAE).

ISAC partners use MITRE’s HAE to accept and analyze partners’ sensitive Information and to share analytic results.

As an ISAC Partner—a member of a participating organization and user of the MITRE HAE for purposes of contributing data and receiving analytical results, I will:

  1. Understand and comply with all applicable policies and procedures.
    1. Read, understand, and comply with my organization’s Policies and Procedures for handling and safeguarding Sensitive Information including Personally Identifiable Information (PII).
    2. Annually complete MITRE HAE Security & Privacy Awareness Training and sign and abide by these Rules of Behavior before accessing the HAE.
    3. Only use my own personal credentials (e.g., username, password, registered mobile phone) to access the HAE. Not share my credentials with others.
    4. Only connect to the HAE using a computer provided by my organization on my organization’s network that is patched and up-to-date in its configuration and complies with my organization’s requirements for security and privacy safeguards.
    5. Provide accurate information to the MITRE ISAC Portal Team to obtain access to the HAE, including my name, organization’s name, email, and mobile phone number.
    6. Accept that all actions I perform in the HAE may be monitored and disclosed by MITRE at any time, and for any lawful purpose.
  2. Process (e.g., store, manipulate, transform, transfer) Sensitive Information only in approved environments.
    1. Understand the expectations for the data exchange as documented in the Participant’s Agreement.
    2. If I am involved in submitting my organization’s sensitive information, such as a dataset for analysis:
      1. Ensure the dataset meets expectations for analysis.
      2. Verify the integrity, completeness, accuracy, quality, suitability, and validity of the dataset prior to submission.
      3. Ensure the submission is free of malware.
      4. Encrypt data submitted to the HAE using my organization approved AES 256-bit encryption method, prior to submission.
      5. Submit data to the HAE using appropriate applications at the direction of the MITRE Project Lead and HAE ISSO.
  3. Not change the HAE hardware or software baseline unless authorized.
    1. Not add external software or modify or remove installed software from the HAE.
  4. Only share sensitive information with authorized users/partners using approved methods.
    1. Access and download only the information in the HAE that I and my organization are permitted to access.
    2. Abide by the Traffic Light Protocol dissemination markings set by the ISAC Senior Executive Board.
    3. Not post analytic results to external newsgroups, social media, and/or other types of third-party website applications, or other public forums unless approved and authorized by the ISAC Executive Official.
    4. Ensure that only authorized individuals can observe my display screen when I am accessing the HAE. If I require assistance from others (e.g., my help desk), I shall close sessions I have open to the HAE before allowing my desktop to be viewed or remotely accessed.
    5. Not use recording devices for audio, still images, or video on HAE systems without written approval from the HAE ISSO.
    6. Accept full responsibility for proper dissemination and destruction of information I download from the HAE or otherwise take outside the HAE boundary.
  5. Report and seek assistance immediately for any problems, suspected or actual, to the, HAE ISSO and the MITRE ISAC Director (idttrf@mitre.org).
    1. Immediately report any HAE-related security or privacy incidents, concerns, or suspicions (e.g., malicious code, unauthorized access, unauthorized disclosure) to the HAE ISSO, MITRE ISAC Director, and my organization’s Partner Trusted Point of Contact. If the incident involves sensitive data, HAE personnel will notify the MITRE HAE Privacy Official.

I have read and reviewed the HAE Security and Privacy Awareness Training course. I accept that my access to the HAE (Participant's Area) is covered by and subject to these Rules of Behavior. Further, I accept that MITRE retains the right, at its sole discretion, to sanction violations of these Rules of Behavior through actions including revoking or suspending my access to the HAE. By printing your name in the box below and clicking Yes, you hereby acknowledge that you have carefully read and agree to abide by the Rules of Behavior.

IDTTRF-ISAC
Partner Member

Date: November 16, 2018

Image CAPTCHA
Enter the characters shown in the image.

Pages