Keep Us Strong WikiLeaks logo

Currently released so far... 251287 / 251,287

Articles

Browse latest releases

Browse by creation date

Browse by origin

A B C D F G H I J K L M N O P Q R S T U V W Y Z

Browse by tag

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
AEMR ASEC AMGT AE AS AMED AVIAN AU AF AORC AGENDA AO AR AM APER AFIN ATRN AJ ABUD ARABL AL AG AODE ALOW ADANA AADP AND APECO ACABQ ASEAN AA AFFAIRS AID AGR AY AGS AFSI AGOA AMB ARF ANET ASCH ACOA AFLU AFSN AMEX AFDB ABLD AESC AFGHANISTAN AINF AVIATION ARR ARSO ANDREW ASSEMBLY AIDS APRC ASSK ADCO ASIG AC AZ APEC AFINM ADB AP ACOTA ASEX ACKM ASUP ANTITERRORISM ADPM AINR ARABLEAGUE AGAO AORG AMTC AIN ACCOUNT ASECAFINGMGRIZOREPTU AIDAC AINT ARCH AMGTKSUP ALAMI AMCHAMS ALJAZEERA AVIANFLU AORD AOREC ALIREZA AOMS AMGMT ABDALLAH AORCAE AHMED ACCELERATED AUC ALZUGUREN ANGEL AORL ASECIR AMG AMBASSADOR AEMRASECCASCKFLOMARRPRELPINRAMGTJMXL ADM ASES ABMC AER AMER ASE AMGTHA ARNOLDFREDERICK AOPC ACS AFL AEGR ASED AFPREL AGRI AMCHAM ARNOLD AN ANATO AME APERTH ASECSI AT ACDA ASEDC AIT AMERICA AMLB AMGE ACTION AGMT AFINIZ ASECVE ADRC ABER AGIT APCS AEMED ARABBL ARC ASO AIAG ACEC ASR ASECM ARG AEC ABT ADIP ADCP ANARCHISTS AORCUN AOWC ASJA AALC AX AROC ARM AGENCIES ALBE AK AZE AOPR AREP AMIA ASCE ALANAZI ABDULRAHMEN ABDULHADI AINFCY ARMS ASECEFINKCRMKPAOPTERKHLSAEMRNS AGRICULTURE AFPK AOCR ALEXANDER ATRD ATFN ABLG AORCD AFGHAN ARAS AORCYM AVERY ALVAREZ ACBAQ ALOWAR ANTOINE ABLDG ALAB AMERICAS AFAF ASECAFIN ASEK ASCC AMCT AMGTATK AMT APDC AEMRS ASECE AFSA ATRA ARTICLE ARENA AISG AEMRBC AFR AEIR ASECAF AFARI AMPR ASPA ASOC ANTONIO AORCL ASECARP APRM AUSTRALIAGROUP ASEG AFOR AEAID AMEDI ASECTH ASIC AFDIN AGUIRRE AUNR ASFC AOIC ANTXON ASA ASECCASC ALI AORCEUNPREFPRELSMIGBN ASECKHLS ASSSEMBLY ASECVZ AI ASECPGOV ASIR ASCEC ASAC ARAB AIEA ADMIRAL AUSGR AQ AMTG ARRMZY ANC APR AMAT AIHRC AFU ADEL AECL ACAO AMEMR ADEP AV AW AOR ALL ALOUNI AORCUNGA ALNEA ASC AORCO ARMITAGE AGENGA AGRIC AEM ACOAAMGT AGUILAR AFPHUM AMEDCASCKFLO AFZAL AAA ATPDEA ASECPHUM ASECKFRDCVISKIRFPHUMSMIGEG
ETRD ETTC EU ECON EFIN EAGR EAID ELAB EINV ENIV ENRG EPET EZ ELTN ELECTIONS ECPS ET ER EG EUN EIND ECONOMICS EMIN ECIN EINT EWWT EAIR EN ENGR ES EI ETMIN EL EPA EARG EFIS ECONOMY EC EK ELAM ECONOMIC EAR ESDP ECCP ELN EUM EUMEM ECA EAP ELEC ECOWAS EFTA EXIM ETTD EDRC ECOSOC ECPSN ENVIRONMENT ECO EMAIL ECTRD EREL EDU ENERG ENERGY ENVR ETRAD EAC EXTERNAL EFIC ECIP ERTD EUC ENRGMO EINZ ESTH ECCT EAGER ECPN ELNT ERD EGEN ETRN EIVN ETDR EXEC EIAD EIAR EVN EPRT ETTF ENGY EAIDCIN EXPORT ETRC ESA EIB EAPC EPIT ESOCI ETRB EINDQTRD ENRC EGOV ECLAC EUR ELF ETEL ENRGUA EVIN EARI ESCAP EID ERIN ELAN ENVT EDEV EWWY EXBS ECOM EV ELNTECON ECE ETRDGK EPETEIND ESCI ETRDAORC EAIDETRD ETTR EMS EAGRECONEINVPGOVBN EBRD EUREM ERGR EAGRBN EAUD EFI ETRDEINVECINPGOVCS EPEC ETRO ENRGY EGAR ESSO EGAD ENV ENER EAIDXMXAXBXFFR ELA EET EINVETRD EETC EIDN ERGY ETRDPGOV EING EMINCG EINVECON EURM EEC EICN EINO EPSC ELAP ELABPGOVBN EE ESPS ETRA ECONETRDBESPAR ERICKSON EEOC EVENTS EPIN EB ECUN EPWR ENG EX EH EAIDAR EAIS ELBA EPETUN ETRDEIQ EENV ECPC ETRP ECONENRG EUEAID EWT EEB EAIDNI ESENV EADM ECN ENRGKNNP ETAD ETR ECONETRDEAGRJA ETRG ETER EDUC EITC EBUD EAIF EBEXP EAIDS EITI EGOVSY EFQ ECOQKPKO ETRGY ESF EUE EAIC EPGOV ENFR EAGRE ENRD EINTECPS EAVI ETC ETCC EIAID EAIDAF EAGREAIDPGOVPRELBN EAOD ETRDA EURN EASS EINVA EAIDRW EON ECOR EPREL EGPHUM ELTM ECOS EINN ENNP EUPGOV EAGRTR ECONCS ETIO ETRDGR EAIDB EISNAR EIFN ESPINOSA EAIDASEC ELIN EWTR EMED ETFN ETT EADI EPTER ELDIN EINVEFIN ESS ENRGIZ EQRD ESOC ETRDECD ECINECONCS EAIT ECONEAIR ECONEFIN EUNJ ENRGKNNPMNUCPARMPRELNPTIAEAJMXL ELAD EFIM ETIC EFND EFN ETLN ENGRD EWRG ETA EIN EAIRECONRP EXIMOPIC ERA ENRGJM ECONEGE ENVI ECHEVARRIA EMINETRD EAD ECONIZ EENG ELBR EWWC ELTD EAIDMG ETRK EIPR EISNLN ETEX EPTED EFINECONCS EPCS EAG ETRDKIPR ED EAIO ETRDEC ENRGPARMOTRASENVKGHGPGOVECONTSPLEAID ECONEINVEFINPGOVIZ ERNG EFINU EURFOR EWWI ELTNSNAR ETD EAIRASECCASCID EOXC ESTN EAIDAORC EAGRRP ETRDEMIN ELABPHUMSMIGKCRMBN ETRDEINVTINTCS EGHG EAIDPHUMPRELUG EAGRBTIOBEXPETRDBN EDA EPETPGOV ELAINE EUCOM EMW EFINECONEAIDUNGAGM ELB EINDETRD EMI ETRDECONWTOCS EINR ESTRADA EHUM EFNI ELABV ENR EMN EXO EWWTPRELPGOVMASSMARRBN EATO END EP EINVETC ECONEFINETRDPGOVEAGRPTERKTFNKCRMEAID ELTRN EIQ ETTW EAI ENGRG ETRED ENDURING ETTRD EAIDEGZ EOCN EINF EUPREL ENRL ECPO ENLT EEFIN EPPD ECOIN EUEAGR EISL EIDE ENRGSD EINVECONSENVCSJA EAIG ENTG EEPET EUNCH EPECO ETZ EPAT EPTE EAIRGM ETRDPREL EUNGRSISAFPKSYLESO ETTN EINVKSCA ESLCO EBMGT ENRGTRGYETRDBEXPBTIOSZ EFLU ELND EFINOECD EAIDHO EDUARDO ENEG ECONEINVETRDEFINELABETRDKTDBPGOVOPIC EFINTS ECONQH ENRGPREL EUNPHUM EINDIR EPE EMINECINECONSENVTBIONS EFINM ECRM EQ EWWTSP ECONPGOVBN
KFLO KPKO KDEM KFLU KTEX KMDR KPAO KCRM KIDE KN KNNP KG KMCA KZ KJUS KWBG KU KDMR KAWC KCOR KPAL KOMC KTDB KTIA KISL KHIV KHUM KTER KCFE KTFN KS KIRF KTIP KIRC KSCA KICA KIPR KPWR KWMN KE KGIC KGIT KSTC KACT KSEP KFRD KUNR KHLS KCRS KRVC KUWAIT KVPR KSRE KMPI KMRS KNRV KNEI KCIP KSEO KITA KDRG KV KSUM KCUL KPET KBCT KO KSEC KOLY KNAR KGHG KSAF KWNM KNUC KMNP KVIR KPOL KOCI KPIR KLIG KSAC KSTH KNPT KINL KPRP KRIM KICC KIFR KPRV KAWK KFIN KT KVRC KR KHDP KGOV KPOW KTBT KPMI KPOA KRIF KEDEM KFSC KY KGCC KATRINA KWAC KSPR KTBD KBIO KSCI KRCM KNNB KBNC KIMT KCSY KINR KRAD KMFO KCORR KW KDEMSOCI KNEP KFPC KEMPI KBTR KFRDCVISCMGTCASCKOCIASECPHUMSMIGEG KNPP KTTB KTFIN KBTS KCOM KFTN KMOC KOR KDP KPOP KGHA KSLG KMCR KJUST KUM KMSG KHPD KREC KIPRTRD KPREL KEN KCSA KCRIM KGLB KAKA KWWT KUNP KCRN KISLPINR KLFU KUNC KEDU KCMA KREF KPAS KRKO KNNC KLHS KWAK KOC KAPO KTDD KOGL KLAP KECF KCRCM KNDP KSEAO KCIS KISM KREL KISR KISC KKPO KWCR KPFO KUS KX KWCI KRFD KWPG KTRD KH KLSO KEVIN KEANE KACW KWRF KNAO KETTC KTAO KWIR KVCORR KDEMGT KPLS KICT KWGB KIDS KSCS KIRP KSTCPL KDEN KLAB KFLOA KIND KMIG KPPAO KPRO KLEG KGKG KCUM KTTP KWPA KIIP KPEO KICR KNNA KMGT KCROM KMCC KLPM KNNPGM KSIA KSI KWWW KOMS KESS KMCAJO KWN KTDM KDCM KCM KVPRKHLS KENV KCCP KGCN KCEM KEMR KWMNKDEM KNNPPARM KDRM KWIM KJRE KAID KWMM KPAONZ KUAE KTFR KIF KNAP KPSC KSOCI KCWI KAUST KPIN KCHG KLBO KIRCOEXC KI KIRCHOFF KSTT KNPR KDRL KCFC KLTN KPAOKMDRKE KPALAOIS KESO KKOR KSMT KFTFN KTFM KDEMK KPKP KOCM KNN KISLSCUL KFRDSOCIRO KINT KRG KWMNSMIG KSTCC KPAOY KFOR KWPR KSEPCVIS KGIV KSEI KIL KWMNPHUMPRELKPAOZW KQ KEMS KHSL KTNF KPDD KANSOU KKIV KFCE KTTC KGH KNNNP KK KSCT KWNN KAWX KOMCSG KEIM KTSD KFIU KDTB KFGM KACP KWWMN KWAWC KSPA KGICKS KNUP KNNO KISLAO KTPN KSTS KPRM KPALPREL KPO KTLA KCRP KNMP KAWCK KCERS KDUM KEDM KTIALG KWUN KPTS KPEM KMEPI KAWL KHMN KCRO KCMR KPTD KCROR KMPT KTRF KSKN KMAC KUK KIRL KEM KSOC KBTC KOM KINP KDEMAF KTNBT KISK KRM KWBW KBWG KNNPMNUC KNOP KSUP KCOG KNET KWBC KESP KMRD KEBG KFRDKIRFCVISCMGTKOCIASECPHUMSMIGEG KPWG KOMCCO KRGY KNNF KPROG KJAN KFRED KPOKO KM KWMNCS KMPF KJWC KJU KSMIG KALR KRAL KDGOV KPA KCRMJA KCRI KAYLA KPGOV KRD KNNPCH KFEM KPRD KFAM KALM KIPRETRDKCRM KMPP KADM KRFR KMWN KWRG KTIAPARM KTIAEUN KRDP KLIP KDDEM KTIAIC KWKN KPAD KDM KRCS KWBGSY KEAI KIVP KPAOPREL KUNH KTSC KIPT KNP KJUSTH KGOR KEPREL KHSA KGHGHIV KNNR KOMH KRCIM KWPB KWIC KINF KPER KILS KA KNRG KCSI KFRP KLFLO KFE KNPPIS KQM KQRDQ KERG KPAOPHUM KSUMPHUM KVBL KARIM KOSOVO KNSD KUIR KWHG KWBGXF KWMNU KPBT KKNP KERF KCRT KVIS KWRC KVIP KTFS KMARR KDGR KPAI KDE KTCRE KMPIO KUNRAORC KHOURY KAWS KPAK KOEM KCGC KID KVRP KCPS KIVR KBDS KWOMN KIIC KTFNJA KARZAI KMVP KHJUS KPKOUNSC KMAR KIBL KUNA KSA KIS KJUSAF KDEV KPMO KHIB KIRD KOUYATE KIPRZ KBEM KPAM KDET KPPD KOSCE KJUSKUNR KICCPUR KRMS KWMNPREL KWMJN KREISLER KWM KDHS KRV KPOV KWMNCI KMPL KFLD KWWN KCVM KIMMITT KCASC KOMO KNATO KDDG KHGH KRF KSCAECON KWMEN KRIC
PREL PINR PGOV PHUM PTER PE PREF PARM PBTS PINS PHSA PK PL PM PNAT PHAS PO PROP PGOVE PA PU POLITICAL PPTER POL PALESTINIAN PHUN PIN PAMQ PPA PSEC POLM PBIO PSOE PDEM PAK PF PKAO PGOVPRELMARRMOPS PMIL PV POLITICS PRELS POLICY PRELHA PIRN PINT PGOG PERSONS PRC PEACE PROCESS PRELPGOV PROV PFOV PKK PRE PT PIRF PSI PRL PRELAF PROG PARMP PERL PUNE PREFA PP PGOB PUM PROTECTION PARTIES PRIL PEL PAGE PS PGO PCUL PLUM PIF PGOVENRGCVISMASSEAIDOPRCEWWTBN PMUC PCOR PAS PB PKO PY PKST PTR PRM POUS PRELIZ PGIC PHUMS PAL PNUC PLO PMOPS PHM PGOVBL PBK PELOSI PTE PGOVAU PNR PINSO PRO PLAB PREM PNIR PSOCI PBS PD PHUML PERURENA PKPA PVOV PMAR PHUMCF PUHM PHUH PRELPGOVETTCIRAE PRT PROPERTY PEPFAR PREI POLUN PAR PINSF PREFL PH PREC PPD PING PQL PINSCE PGV PREO PRELUN POV PGOVPHUM PINRES PRES PGOC PINO POTUS PTERE PRELKPAO PRGOV PETR PGOVEAGRKMCAKNARBN PPKO PARLIAMENT PEPR PMIG PTBS PACE PETER PMDL PVIP PKPO POLMIL PTEL PJUS PHUMNI PRELKPAOIZ PGOVPREL POGV PEREZ POWELL PMASS PDOV PARN PG PPOL PGIV PAIGH PBOV PETROL PGPV PGOVL POSTS PSO PRELEU PRELECON PHUMPINS PGOVKCMABN PQM PRELSP PRGO PATTY PRELPGOVEAIDECONEINVBEXPSCULOIIPBTIO PGVO PROTESTS PRELPLS PKFK PGOVEAIDUKNOSWGMHUCANLLHFRSPITNZ PARAGRAPH PRELGOV POG PTRD PTERM PBTSAG PHUMKPAL PRELPK PTERPGOV PAO PRIVATIZATION PSCE PPAO PGOVPRELPHUMPREFSMIGELABEAIDKCRMKWMN PARALYMPIC PRUM PKPRP PETERS PAHO PARMS PGREL PINV POINS PHUMPREL POREL PRELNL PHUMPGOV PGOVQL PLAN PRELL PARP PROVE PSOC PDD PRELNP PRELBR PKMN PGKV PUAS PRELTBIOBA PBTSEWWT PTERIS PGOVU PRELGG PHUMPRELPGOV PFOR PEPGOV PRELUNSC PRAM PICES PTERIZ PREK PRELEAGR PRELEUN PHUME PHU PHUMKCRS PRESL PRTER PGOF PARK PGOVSOCI PTERPREL PGOVEAID PGOVPHUMKPAO PINSKISL PREZ PGOVAF PARMEUN PECON PINL POGOV PGOVLO PIERRE PRELPHUM PGOVPZ PGOVKCRM PBST PKPAO PHUMHUPPS PGOVPOL PASS PPGOV PROGV PAGR PHALANAGE PARTY PRELID PGOVID PHUMR PHSAQ PINRAMGT PSA PRELM PRELMU PIA PINRPE PBTSRU PARMIR PEDRO PNUK PVPR PINOCHET PAARM PRFE PRELEIN PINF PCI PSEPC PGOVSU PRLE PDIP PHEM PRELB PORG PGGOC POLG POPDC PGOVPM PWMN PDRG PHUMK PINB PRELAL PRER PFIN PNRG PRED POLI PHUMBO PHYTRP PROLIFERATION PHARM PUOS PRHUM PUNR PENA PGOVREL PETRAEUS PGOVKDEM PGOVENRG PHUS PRESIDENT PTERKU PRELKSUMXABN PGOVSI PHUMQHA PKISL PIR PGOVZI PHUMIZNL PKNP PRELEVU PMIN PHIM PHUMBA PUBLIC PHAM PRELKPKO PMR PARTM PPREL PN PROL PDA PGOVECON PKBL PKEAID PERM PRELEZ PRELC PER PHJM PGOVPRELPINRBN PRFL PLN PWBG PNG PHUMA PGOR PHUMPTER POLINT PPEF PKPAL PNNL PMARR PAC PTIA PKDEM PAUL PREG PTERR PTERPRELPARMPGOVPBTSETTCEAIRELTNTC PRELJA POLS PI PNS PAREL PENV PTEROREP PGOVM PINER PBGT PHSAUNSC PTERDJ PRELEAID PARMIN PKIR PLEC PCRM PNET PARR PRELETRD PRELBN PINRTH PREJ PEACEKEEPINGFORCES PEMEX PRELZ PFLP PBPTS PTGOV PREVAL PRELSW PAUM PRF PHUMKDEM PATRICK PGOVKMCAPHUMBN PRELA PNUM PGGV PGOVSMIGKCRMKWMNPHUMCVISKFRDCA PBT PIND PTEP PTERKS PGOVJM PGOT PRELMARR PGOVCU PREV PREFF PRWL PET PROB PRELPHUMP PHUMAF PVTS PRELAFDB PSNR PGOVECONPRELBU PGOVZL PREP PHUMPRELBN PHSAPREL PARCA PGREV PGOVDO PGON PCON PODC PRELOV PHSAK PSHA PGOVGM PRELP POSCE PGOVPTER PHUMRU PINRHU PARMR PGOVTI PPEL PMAT PAN PANAM PGOVBO PRELHRC

Browse by classification

Community resources

courage is contagious

Viewing cable 04THEHAGUE799, CHEMICAL WEAPONS CONVENTION (CWC): VIS ENHANCEMENT

If you are new to these pages, please read an introduction on the structure of a cable as well as how to discuss them with others. See also the FAQs

Understanding cables
Every cable message consists of three parts:
  • The top box shows each cables unique reference number, when and by whom it originally was sent, and what its initial classification was.
  • The middle box contains the header information that is associated with the cable. It includes information about the receiver(s) as well as a general subject.
  • The bottom box presents the body of the cable. The opening can contain a more specific subject, references to other cables (browse by origin to find them) or additional comment. This is followed by the main contents of the cable: a summary, a collection of specific topics and a comment section.
To understand the justification used for the classification of each cable, please use this WikiSource article as reference.

Discussing cables
If you find meaningful or important information in a cable, please link directly to its unique reference number. Linking to a specific paragraph in the body of a cable is also possible by copying the appropriate link (to be found at theparagraph symbol). Please mark messages for social networking services like Twitter with the hash tags #cablegate and a hash containing the reference ID e.g. #04THEHAGUE799.
Reference ID Created Released Classification Origin
04THEHAGUE799 2004-03-29 13:33 2011-08-30 01:44 UNCLASSIFIED Embassy The Hague
This record is a partial extract of the original cable. The full text of the original cable is not available.
UNCLAS SECTION 01 OF 03 THE HAGUE 000799 
 
SIPDIS 
 
STATE FOR AC/CB, NP/CBM, VC/CCB, VC/VO, L/ACV, IO/S 
SECDEF FOR OSD/ISP 
JOINT STAFF FOR DD PMA-A FOR WTC 
COMMERCE FOR BIS (GOLDMAN) 
NSC FOR CHUPA 
WINPAC FOR LIEPMAN 
 
E.O. 12958: N/A 
TAGS: PARM PREL CWC
SUBJECT: CHEMICAL WEAPONS CONVENTION (CWC): VIS ENHANCEMENT 
PROJECT, IMPLEMENTATION OF ISO 17799, SECURITY AUDITS, AND 
OTHER IT ISSUES AT THE TECHNICAL SECRETARIAT 
 
This is CWC-43-04. 
 
------------- 
Status of VIS 
------------- 
 
1.  (U)  Del reps met with OPCW Chief of Administration Herb 
Schulz, Chief of the Information Support Branch (ISB) Greg 
Linden, and Chief of the Office of Confidentiality and 
Security (OCS) Rob Simpson to discuss issues related to 
Technical Secretariat (TS) work on the Verification 
Information System (VIS) Enhancement project on a number of 
occasions between March 2-26.  Del reps stressed Washington's 
dissatisfaction with the speed of the TS implementation of 
the VIS effort.  Linden and Simpson reported that the Deputy 
Director General heads the VIS project review board, and 
assesses VIS project status every two weeks. 
 
2.  (U)  In summary, efforts to ensure the security of the 
Secure Critical Network (SCN) in parallel with development of 
the VIS project will cause a two-month delay in VIS 
deployment.  But TS officials noted that if delegations need 
assurance that the SCN will appropriately protect their 
classified industrial data before submitting electronic data 
declarations, it is well worth the two-month investment. 
 
----------------------- 
VIS Enhancement Project 
----------------------- 
 
3.  (U)  Personnel from ISB, OCS, and the Verification 
Division are working closely on the VIS project.  The 
prototype will be developed on an unclassified platform after 
documentation of the technical details, security assurances, 
and information flows are completed circa March 31.  This 
definition and design phase is the critical underpinning of 
the effort and requires about 25 documents essential to 
understanding the project from the ISO and programming 
perspectives.  The key VIS elements will be programmed over 
April/May, the remainder over the summer.  Industrial data 
declarations are due April 1; the Verification Division and 
the Secure Critical Network (SCN) will be devoted to first 
entering and then assessing declared information received 
from around 50 States Party (SP) until late May. 
 
4.  (U)  With the assistance of the Verification Division 
staff, ISB will assemble declaration data to test the VIS 
prototype capability in the June/July timeframe.  Linden 
expects to be able to demonstrate the VIS prototype to users, 
both TS and SPs, by the end of the summer, even allowing for 
the annual and home leave plans of ISB staff and contractors. 
 (Note: On January 1, 2004, ISB was approved a P2 position 
and has hired a programmer for the VIS project who will begin 
work in June.  To supplement its VIS effort, ISB used a 
temporary hire to fill in.)  In case of problems, Linden has 
programmed a two-month slip time (August to October).  The 
enhanced VIS is expected to be fully up and running on March 
31, 2005, for both the TS (80 percent of the users) and SPs 
(20 percent of users). 
 
5.  (U)  Linden reported that a small number of SPs have 
approached him and asked to be allowed to submit their 
(redacted) industry declarations electronically in October 
2004.  Linden reported that the TS is considering how best to 
support this.  One possibility under consideration (and will 
probably be approved) is mounting the Common File 
Transmission System (CFTS) interface and the chemical 
identifier database on the OPCW website.  SPs who choose to 
do so can use the CFTS interface to format their data for 
submission to the TS. 
 
---------------------------------------- 
Implementation of the ISO Standard 17799 
---------------------------------------- 
 
6.  (U)  Simpson, who oversees the work of the Security Audit 
Teams (SAT), reported that the charter and mandate of SAT-IV 
directs the auditors to assess security functionality. 
SAT-III recommended that the TS implement ISO standard 17799, 
which addresses the security management of system operations, 
which OCS is now working to implement.  OCS has decided in 
principle to implement ISO 17799, but has yet to determine 
the cost of doing so.  This will be reported to delegations 
in an upcoming DG note, which will include a recommendation 
to the EC that this standard be adopted. 
7.  (U)  Simpson reported that at this point, the costs of 
implementing ISO 17799 will be minimal, mostly the result of 
training new staff members.  Simpson also reported that this 
effort has been reported to the EC on a number of occasions. 
He also was surprised to find that a decision document 
regarding the ISO 17799 implementation had never gone to 
EC-29 as planned.  This will be rectified, hopefully by EC-37 
as one of the first elements emerging from the upcoming 
consultations on Confidentiality chaired by Del Rep. 
 
8.  (U)  According to Linden, OCS decided on July 7, 2003 to 
accept the ISO 15408 standard or the "common criterion" which 
addresses security operations in a classified environment. 
There are five levels (EAL 1 to 5), and OCS wants to achieve 
EAL 3 from its starting point of zero (Note: EAL 3 is the 
standard set for secure U.S. Government systems).  Linden 
noted that earlier SATs were not asked their opinion of the 
common criterion, nor has senior TS management been brought 
into the decision.  (Note: This is a policy issue which needs 
senior level attention because of its cost and requirements 
to realign certain business procession, in particular the 
need to implement stringent documentation requirements.) 
 
9.  (U)  Linden reported that the TS is not attempting to be 
accredited for either ISO standard.  For the common 
criterion, there is no one authority that can certify EAL 3 
implementation.  Furthermore, it is very costly and would 
result in major delays in implementation of projects (Note: 
Certification for the common criteria would result in a delay 
of the RDBMS development effort for up to two years and cost 
at least USD 500,000). 
 
10.  (U)  The documentation effort required by the two ISO 
standards has slowed things down, but no initiatives are dead 
in the water.  In part, the effort is a result of the TS move 
from an organization that was not process-oriented to one 
that has appropriate managerial oversight and process 
procedures in place.  Both OCS and ISB agree that in general 
more and better documentation is needed, and both share the 
ISO documentation burden.  On the plus side, the TS has not 
had a systematic approach to documenting its IT efforts 
before.  On the minus side, there is still no guidance from 
OCS regarding how much documentation is enough.  Could the 
documentation effort be less onerous? Yes, the decision to go 
for EAL 3 for security assurance could be reversed.  However, 
without documentation, the TS could not reassure the security 
auditors and SPs that things are as they should be.  (Note: 
the RDBMS contractor analysis of its ability to meet the new 
(and last minute) security standard cost the project one 
month.) 
 
--------------------- 
Status of SCN Upgrade 
--------------------- 
 
11.  (U)  The upgrade of the SCN has been delayed until after 
EC-36.  Taken together, a number of elements created 
challenges to this effort but will not seriously delay the 
SCN migration. Linden reported that the SCN upgrade will be 
completed and fully documented by July 1, 2004. 
 
-- First, the seven new servers due in early December 2003 
did not arrive until mid-February 2004. 
-- Second, data migration from the 24 Microsoft Access 
databases is not technically difficult, and will require two 
days.  This is complicated by a technicality: someone 
knowledgeable needs to map the new capabilities to the old 
ones, making the upgrades effort more difficult.  The 
databases contain all the digitized declaration information 
that eventually will be sent to the RDBMS, so extra caution 
is needed to ensure that it is done right the first time. 
-- Third, the inspector laptops are older models, and the 
upgrade to a powerful new operating system could tax their 
computing capability (tests show this will not be a problem). 
 The laptops will be updated as they come in, circa ten or 12 
a week.  More difficult will be updates of the laptops at the 
CWDFs as they only return every six to eight months and carry 
unique software elements, so these laptops cannot simply be 
erased and reloaded. 
-- Fourth, OCS requires more documentation to meet the ISO 
requirements, and ISB is preparing 30 documents.  Because OCS 
needs time to review them, this led to a decision to delay 
until April/May. 
-- Finally, Verification Division receives declarations in 
early April and produces the Verification Information Report 
in June, so it requested an additional delay until July. 
Upon reconsideration, Verification Division allowed that the 
upgrade probably could take place in early May, or perhaps 
even in late April. 
 
------------------------- 
RDBMS and Security Audits 
------------------------- 
 
12.  (U)  Linden reported that the RDBMS specifics will also 
be fully documented by late June.  Although ISB does not set 
the agenda for or time of audits, Linden suggested that the 
relevant RDBMS documentation could be put on a CD-ROM and 
distributed to SAT-IV for a remote July audit exercise.  If 
SAT-IV sees itself as critical to the eventual acceptance of 
the Enhanced VIS project, the TS needs to know what SAT-IV 
perceives as its role and how it would exercise that role. 
 
13.  (U)  In Linden's opinion, waiting to audit the RDBMS in 
December 2004 would be a mistake because the coding would 
have been completed by that time.  Linden preferred to have 
SAT-IV assess the RDBMS documentation in July and to comment 
on any security concerns.  (Note:  Simpson/OCS also supports 
the idea of a remote Security Audit of the RDBMS design in 
the July timeframe.)  Linden reported that the TS requested 
SAT-IV to provide by March 31 a list of tools (i.e., 
evaluation requirements and processes) they would like to use 
to assess the security functionality of the RDBMS development 
plans. 
 
14.  (U)  Javits sends. 
SOBEL