Office of the Chief Information Officer

United States Department of Agriculture

Departmental Regulation 3140-002

Author: 
Office of Information Resources Management, Agency Technical Services Division

USDA Internet Security Policy

1 PURPOSE

This regulation establishes minimum security requirements for the use of the Internet network by U. S. Department of Agriculture (USDA). This regulation is not written to restrict the use of Internet, but to ensure that adequate protection is in place to protect USDA data from intruders, file tampering, break in, and service disruption.

2 BACKGROUND

In the late 1960s the Department of Defense (DoD) designed and implemented the ARPAnet network for the exchange of defense industry research information world-wide. TCP/IP was the protocol developed and UNIX was the platform.

The National Science Foundation (NSF) needed a network also to interconnect their supercomputers and exchange academic research information so they built their own, but followed the DoD standards. They called their network NSFNET.

The Internet consists of many, worldwide, independent networks that allow interconnection and transmission of data across the networks because they follow the same basic standards and protocols and agreed upon Internet etiquette, " No central authority." Each user organization pays for its own piece of the network.

Motivated by developments in highspeed networking technology and the National Research and Education Network (NREN) Program, many organizations and individuals are looking at the Internet as a means for expanding their research interests and communications. Consequently, the Internet is now growing faster than any telecommunications system thus far, including the telephone system.

New users of the Internet may fail to realize, however, that their sites could be at risk to intruders who use the Internet as a means for attacking systems and causing various forms of threat. Consequently, new Internet sites are often prime targets for malicious activity including break in, file tampering, and service disruptions. Such activity may be difficult to discover and correct, may be highly embarrassing to the organization, and can be very costly in terms of lost productivity and compromised data integrity.

All Internet users need to be aware of the high potential for threat from the Internet and the steps they should take to secure their sites. Many tools and techniques now exist to provide sites with a higher level of assurance and protection.

USDA agencies should acquire a copy of the "Guide to the USDA Internet." This document is published by the Office of Information Resources Management. This guide defines the USDA Internet Access Network. You may acquire this guide by contacting the Director, Office of Information Resources Management, room 414-W.

Downloads: 
AttachmentSize
PDF icon DR3140-002.pdf188.46 KB
HTML icon DR3140-002.htm29.76 KB