邢唷��>� ��z�g�i�k��B9 !��#$%&'()*+,-./012345678��C;<�=>?@A��Db�FGHIJKLMNOPQRSTUVWXYZ[\]^_`a��defghijklmnopqrstuvwxy��|}~€Root Entry�� F�"'�~�€&ο~��Workbook��b#Ole ��ObjInfo�� !��#$%&'��)*+,-./0123456789:;<�=>?@��B��@-�F!Cover!Object 1� �� F Microsoft Word 97-2003 Document MSWordDocWord.Document.8�9瞦�鄥燆鵒h珣+'迟0x�� MBD000248A6 �F狸衔~�狸衔~�Ole ��=Data ��81Table��"�,�8DdO ��zp�<�� C�A��€b�48{邔[4y劃桶妳鍸奘�8D7n�8{邔[4y劃桶妳鍸奘�塒NG IHDRO:E伈gAMA眻晿籀 pHYs1�2Nン聳 IDATx滍}霑�8e}{�p#0侀寧纑CG`9��&r"�鰢D�皂耩�3�繩Px龷`EF鼰�.纎啎霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X�埮0�粻▕+��珉啞鹹8餭豸k蝙+紫S鱴鑴�:D玳[Q昙鍓�/[??H→PT橧�5�鲞o劍 Hu詏春禗兵撅1傉郴C �]^Q鼁|籤淰O疧鬭眣�踉黌8n#尸CR6RJU�oZ療�t餢艹亣C剤P觞鲑Z具躈鯚懴a鑯F摷E��T5蜜悇b髇s#Φ鸟局n鵞.ZW�>悪姃9嬸|禰F礁V,﹂€:悷豿斲к/{k>燌qv蒁 h駡"小膦�P�)�)熐F #閯茻鏢澷)�!烥�麨膸澾鄇稘㎎�3+シ愠�Db鞅輒胂5抉臄骈瀗喷擌~C馇Z凩Ca#堆`雖�耖瓬;?瞜囈�芖O奦�!J胢�U�喷K伨龢a埽j\�$軇�=窸9FV�"衚T讙y唍柨�-�jVw鳛!:痡<轀洱聎�烝蔌�x圢罝(顛y函S请zYKz>儯pゎ懄R圢�=X逿*匭U/桀篌�﹞溕o�+T�&i澒J6篌骙K閪龈�=H'?0獦極u�愙7-宄�+�5�羺Gd糖蹴A:鵙啠�c�&~E|轔J訏�*X@贰彶銾怤龀Htc恬>Z髬剢4漁g舀峼/�'~驜丵�1|�.3臩Z鯌�$箝N�588l綉 ��諆懀bjU4�&蛸ⅵ紟x/類1f吤У#窷-秓緩lKu!,塐簶[�豳\g�(躽鐝熄h:\4遻5q=~�)|�*X鑠镆垩u0z竎7�C�6J踘�5}9AFt矲q倕r�7茇�4潌碚汎秽� �d4毾ｆぷnぐ瑚V祓H �A?� 'b辯劼器峜鵿鈙B&IP轁戛憢6枅姢m鴪}垲甓�i#:'燍社絇�煛f蓍蹸陬�.4N薝蟘3�1㈱斦o僯�!4嶰qf彦3豜踥婿"e綥阍t� W<'a禇M�(>e5v�M�:灯_棲ゎY沅�*牴y]馄�膹胓%藆��=�综詵璉偲W宷BYm饓輂煏Gn崮4<�r褎鍌�;脔劳+Z栖濹壜|V^庫�k啥�=KL)�9#╞�幯嚑M逖鶥H涑驌dG t仨S 洭6�( 譝�<蠔O�3耘豵偔T蚀筟K`�k胚�c岄檇睿 �鹭憰/鈂鯺鑺姫繜��>灚1_O陉翺,�位X%騔�毪跨6�@q軳棅榫駪�昰蠗樳I彗3<=傥憓M�:s�謐說w韛A鯷"摗%盎靷c艝殟�=縴婑�T�輜t|P┾ @Y9[╦O顪骊==控E /`�多�1{込�X �U‰座勋c5q漋瑇亭e+稺b囊Jk墛A筸桯呲詖&<龀r� 勖齺9�'�聘閬筷q�<囶H8}胊8溹煛xJ殚)诪N\}髚敇ヱy򂨎╩Y枹b蟮j �>5拋v峬υ溼�0咅�駵?�0`Owj飔劯k罒峋涍釳X�;仿>驾_�*嶞菼饇餻鲻�郢7Q洽鈘煭&"[m�%€Ls h6>%k^韓{犠;鉂8c,z�'橹F3搟?嫱柴慎疩{騺這?YM|R5晪菀\�殓�讟T}鑔ufx� 炜]"H�!'顦魹�扄鼇娹C�鼅存H)∮楧掀V抜}欩)煍"橭壹�汧榋絃�0�+IO凵1�&f嗮>}OXw钕MZ押Jnr鮰w�2楡塿�&O�7>z��?�瀛l�3bS数]�'�;qｌ�:MyT'f髹E適S� � 杯+�H敌ZO�衷�n�,慒a`鯠�7跷嚹(�-�$襎*�&┙鬅煝埽X阇$祠徚楺�蔌;_Mu鵎€焽茅(ＺU愔�1絬C卻1芚戤麉祼Gb�6ャ睑�(kg3豩橘�疅蟥R壌凎�q"�3n雲捡�%碨R栃bK桹�,Ts~債湜f~姅90C瓊颼�邙齾Q愽羯ㄧ默蔿Y瞜贴T鎠蔐墣熱�,�'思kN劢[r邶笣Lc(燋>�-�ZA �)锋覠FJ立米At！~O[蓗娛蘋�)膅绣A{�'m僡Q缂 a獴�3r儖#鍿塹�#嘎r袨5$鎼Pb=6 刚叺躗��v鰦押EfD�+罂�1E难綝T $姱莣蚪�荲{c耪Dy飯hK謿&{�)弔瓆5 貳yTV\∵v靾耜曽�j.鍜AsT簉穸菡� ;21豓豰殀�h崍Y屡%徻!�#磏�>粠呻q╚��: 娎nI� 鮷N嬏4}�&彭8�Zè瘚灾饯軞6H啡栜姇�)*�嵻�# z玞鄱�椈�愐壃�7o= 刈罨1蛕�烇圗��@辧>…}尢= 庅�冀讓��匐�耒7EBe梭娄�c憕螾仒� 壜踸�9愛dke�5�-䙡眃伧B鼨瞳7E濹鑝]穪奶譭U0宬l赲�罡%~叱衵趌Lr酖轄�傐5蘤q~脢殎 Mb喈�諝�;v�pl_悴殂3匩�( 壞腶5隠简fH>�&Qb献0��'=得fbL歼O　&邇硊Y+羯彲訶PE笊JW]┚3L豅L� 猆鰱J o阮轮Y佅賡鉴_M鎿'�6�(腓椡$�>歀Y嬠c躌3�1[mU埆 %嘒�9襆'0�.誜指�*vK尹匷�攉癔Z駞?騈FD>觹庞2夳絽>wV暓�� 裴_U�7�灞鵔 <漒翊YhN嘞h1U憹搭�=H�' �x?烞тk�|b�條峺j鋈�r珼TP�,�8pC疽wq續悲鎿?犮d娽駪慰"鍮购璤韯裌鋏P]嘹€問k{鬳柺'餆玝鷉��燆0輵]�'廿��)桢援筇Zg挔�:魔0鱪Y-藣仸:*�1ㄧ R薺V峎�硢�A玁�$(粪薞T釦镢W&�iP?貄o�pO閖�=@Z�=嶓壦N��x>;腼�&邙毼=睈V糗Sj'嫔伸庅鶌馀4 �&*NwC瑘堺v幌�5\4c�=�:獰_妪�8縹T�`w C詉�?�?娨峿�娇俶kP渾�3ZGuxk屝�-漲� 岢K郸撊@笐� �$挈袵钲�溏青甗褠Z闖蕾丿qㄐ€au彜粐龓鷸|'絜珪赙_€嫱�v�*鰈' 燐xZ3叙佸揘ｑ儙X:D�2m疚�-Dzw醟�屭1√犒@瀟_竫U苴弢-U鷽額镳堣巐�LK賵臑唿诒e圝�?� /v坾钶��v柢坘�,圻�'|`L⒏雚憉靈閍�0Q鑰T�'{橩籈!鮏�$,梜重稕䦟溇鋿'�8N�諃𘲊孙�澊dR麎d韞�:鴨尣7pb鄊d?uP�€煟搒呞7阛,z騢�4@∑鐣鰰2,焲埤u＼� 胢�16j€�=拊y住hg�9Ms��5從'�.蛉)lp*,€G膞st九%U鮣�婤笙遳�瘗 �3疁��gg�絯窒豩xy變$嬘€煇.�滊梍蒇�)$/掽]�辵QI姞蜔峒�&O:麫绪9�T�'�>妕榽萴 4~€@贺s齌髢痮綋d慫旀彞�&"�_� [�$)�(z�鐄漁鬿髖鼏q誗n�?鞣魔償yx++鏦"熋�%EUO{/竦`,P�'閹^qbN� �-�=8縍�/]氦绵島F�<�'P煬埨噆V�i蔋鰃u顠厩D峷Tq=4~�9卡E[:=佸S{滍�u琮�r�傛堹N2愵o�3墟濩U%媈M瀟�釱s瑸糕^菝y谿-蒝K�2�6��瞮Y掯喃遷�沢�3衻RuJn賶|�+Z斚L'm哽)繋D�9,,惜靓�詗謮躆∩搉䲟⊿�.!#唴遴�1劍枮烴�卺�)rt��#泷|爴燕nDX嫷~冶D�x:} hG"霠8訢D�乡5洍∮讇褹OI鈆 C*�↓T遍 ^圢�寓�#qoWD羄襅錷^圢�J浵┒ �4擣艝B嘤�翄曩hz摚�4わ泗灉鄠减髖�.4y覞��4焏窱吀B��,瓛韃怤�頊,桉腰膇坙襵s伮貳瓞续凉b益揇C臚旞L療E[% aQ嶯瘴茝�*偶澞gQ% *卥��<�告s&灤�T�q~)qg鍷櫇��#豸梄蒼裍坾︔L��)4爐顂舵閘�(%�9y�3趶�潀趹hz鶮n%鱣|S&�)\>梳谞搊@悋3韮(倖�[鹛锨W宣楊娢`袔D佑_�$ W躋皹`倗翔-籑l腫C�徧 *謀櫡郉靚觉Ｈ 胇0Cxj}犍螦�-.倧O5扪轆f7鍶ht餣煷?掓韷`搋蚙�|澗綆?闇�}鐷$=鼸击盵]卷扑g�?N灎>峻<$�*h鼆n瞑鵜 !*��2�S荦>||较钧"才緀y��稌?\陭啅良驝嚕X斢A錏�)q競匂國O_貅豉E劁P=�)N� r 方罘駷诒嶇纷WoK]娻缆>�,烓钖g鋼縭�wo?蹚U\�2!窺A�移p4垴._€饉0〈HhSBY2@�"X�bj黌衩齯E+N�;瓄鸼�7腴鵒y� �邾1�媨i爠3;�断ir郈歅q�?w傉頵|`*gBQ� 皫ō颗m�鵊瞌�獵v蛀E恰2C麅驞:Sqx聇d忐溻┾鬅�?r浇�/J,P�'悰O�0[窟会l鱝魜飯浩<芯@籧鞨枞'�濋0鱿o檳�1胗漢€绡焴��7乧=KY}H9廝Q礂�鈗|� ?�/挟燆願鞊蝫Td輒€僱&=挴得�嚤驃,贷3砑Yf碱*}7剸兗�3l颓滯J<捻[饄�|亝OOm矁:*殶覭D貎╃�0�>g�/困C淢榬wDSt,鵿&詓�on�u�!鋆�憳恵鷜CD�P��`�;葜4}�嚚勌溸toS^侽�鮳G/�1�3琦侑啮*嚐N.@~H檔l綊鶖硪饇韒鏘}爨E�5I �3�$頛N剑W澌`阁U裍BowN��?v海NLD簑燏圎撶�遼.莳8荍:*Vn餩1狀镤� a7 �?昭A)wk鋱*B6s鱔�.輙p讬宧靊嘘袕AD絞O珰[伙侵螿�?{l��5L巻�<膳7爭簱�6ァ烆捓蛸�孪$U�o坊lF諰悾顬鎠 )9i"鲧p窏傝 ]絤鮿噑邂P�'椉6�/l�6j;B团坖 �k钇冬h�越3侇湚� 嘪�複R狁裌v]Na媡嶂;钗卋PWU堳9�s�5劔z�8%w_DDG輷D:卑殍鵍嗆r谭膼旙}夓彐甡湨ぬDh.禆_�彸塆.〦>餓睩.b=蒡#>ｆC樺�庭'�1橾噑嘩禣曮�?9�:扡�$(q烫TO񯎟h兌*環�0S瓍矏禞葾V尒�焅:Dh勬肄=発郶訸慘�4N4嘢oN芅Z舢鑈>��! 慬�]疃�'�*灢R頌摫]0�*歄桺q�潏焦駓{獽/I铀T[鎔燅篌庽�.�"Onn|�倁l}^剑-a矫"4b亦yr惚�a銖b碗�/�<^�)瘎鸓鄑7n�F陰`杓�e"玆氐� 遜5t赱2�箒DNl鴦訃衰沘>S嵪A劭菿斱�#昊�s箳U?=練x嗉抑7墙A�胎G~u襔.煱惵w鴣甸灃满�1EL\/綷f<勨旬04髾院z厺剒歄篻佼�1齣犏{u鉤,腤��F]\8桊児5PE暻B待9b荵i�阌�5l]a~I黰恫�9囇e%它d莿佐�!熁`攂K厤��詄柯w鴣t覴鱽摝衞嶰�+�V皪O�2.安e劍步 O歄飸�?�鋦�e壕盘|霰�鍿x颦瓅�$+c止B}稻橲躯毖=Rxヅ#奨熤�c%欿|�欱輠C�7c氰詿}@T�X顽@＇罾bn"垯藡Zv鬏Qe�(b^艙i[}⺪滎喗KA∵,�8R处镶獮GK韏#L蔗z䲟�6曱7 齠關S=C#�v�Q7+姕w欺B&o竆詞鵯姕ⅱE}表桊� 贍笵翙�憇`/'讘墰�4Qr)qik )奺-1鉈薥猸戎席�菗2皘cx{戫颥%糉9!s蟓9Y楼竽r躲1��<)匾妁\[NS蝹邚k椢at~\慏姇�/#涇.0m趁bp<煂�((v`膴/]憔鸡舊鎁鹅x夶矄L,刿筯-卜葛矰q|.�&棴\A铢R糵遤\l苲xb諌Wx覻咍楃>vH5+a�.2_潂k扚煙�&砡堶��'�4��<儧ゆ铻礥lF祑�IEE褟伉葩矮镤�3迖"x蜂屜饕 !孖痆脞�= 吒N枣|檊dd�9健瘐s膳&缕McbT嵯誶麮��1偮3u珚偿�)�\qy慂)鸸`/�2&A�-0�婯瀟幷O%勮幾wV兗�<侇檊��B點x&t涾倎JP蘼p'剼恓1演�0e*氖&巏蝋%_恶 u]�2c奡坩lM�8壪D単坟肹m�"茣�肸sa鼚I$擎g鷒鐑p9携/駲6滗荅起�'L讏e3f�T*R漮z'<"�)=<� >�3>�>欝�"燅s":Y#闵焻攡珕�瀟 N笕疱鹜)3�*��#5�V啣衖夏掇楿x鐓鄙猹;�諄pn_徏�渎砿w�<�*覇Sx陏�fM�:讶諳' .�mj� �r鍔>抟�"踤*N湴T�4pN c 祴喢\髷)�1 瀧o晓n釛臹鄸翝�霛WX沝rq迲曱俐y喍0]遻tVg８藕?*秞夙n�烕瞵耖t刲o趵�:p;F荼�&�-WJ熝]�0壛歕O�X単>.鷰腺)�8堕駏�吜霄锄鶎础吜;族"齿缚�:杫诲驰�=�吓菒虫窎愢瀩驳/熝�"黳厂�+廀慈頴傀酏皤�:来&补鋝辫�&膅霳剢碍�柏鰃�<�8︱慺或e圼�M铓Ц}曵�鴮詘V峁��8$�,;<?w�vG8偞�$纆�蕔-鍄;,*帿�=戝Qx膗壓衊w�*勰逕炜絧厨蓬沥�:賌檲c溘Wqxd]躲Y儯b畴烶T鎬歸翿fE"z勐a0Z1褬�ю娖a4嶶犽杮IM吁灧�褏鶎矪I*跺迨罰E膓�,.蟗Plv釲M哯zm噳�;Q|FJL��〓#qL 豾bKzo尮�6\�#|3誫刳/疐鸟c啋嶧3懾V淯xd�1醍醖y�驺#U睟|蠼q|F,~`C�5>鵩G11]銖藶�#瑈�=~h宎ucX!�-q|毀�诨剌>=':B釞~[h�*NV|=M△彆骚92Y� 瓨(傃苘罞* 烆��蛌蘤x� �%�吝瞪 $+兂鬺単歰a熡B単氿趰1�8M@T鼀�-q 缋=k挛肠;p�1N�/J㏄餓eU躃煢況k�燂�/倯P雌G"釞篨E7@ ?煿顖)8謰阚(|&� 浄嵊<]_Em矱�#屆V╘l迗相bS�待M/2(載|�駃zy�8�y嫑燕糴燉給�'沣+-kF3X@i�烱;钡�-^�(氎綕€蚬�#裮6y羸�軘O�"7?T悧�,G/Qd艒鵏隁僱cL氰税�|F3P6戲"逮ヘ|>嶉蒢力惭懬.皫(洱嵽#下�1骋镯血顡�)滨诸锄�夏�1η飞叠�濒椯坱�牗炢弈緃�1迟忣)杀触�?<>齿釰欰驰<+�狒� �?蕋/d冕瘅狘C梂OC謇丑鶝#�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬��W�铒棼Q~?|q^R皭�2j砠�%餐"錏仒h鍢缗蔳^瑋媾蔳^瑋媾蔳^瑋媾蔳^瑋媾蔳^瑋鎱g>$轻p偛xW.>體�徯@Y攐磰J�褲狘S魟qzx:饤雝棹蝞�4╓%s馱洹紽1k鰕m袎糍�嗨鲌O�2g�?Y�3:镉踏�&錬舠U匽�烓�|b`�,纴鸙€服骧l饓乌鄈�& W(舳|2\詉|�赲焳1�婉筛墩K^�9�(vS>貰� |�9 >吊7莽�6Nc嬷BB�"|釾g▁>8��.熤45千p|粺�烇瀃Q噌骿{ヽ�褞e�鬴u�;)X�&~J颧浭5垈'|茽笗#2揲C 翧姲�餞.�g€臃t獬媽��偸s滚鬘妧 p�烠茈v┖m盁暱�煁钀>x揪~謑遒 bj;T躛x綶T?穃M荚瓖应叹1=枙qｚY溗P�)<弓�<衿 辱撔禍樽l�=湳P<溹缌簅�7贠O�<骲8�IQg檔泪$剞E絈垒�汸� 聿}8玲褝c父炏耜�2=sTr`�:�+踫Dv历&�飨 �┤4� 攦t钕�流E{終0�頙溷s嗀�砄齘0uX扉岑tヲ�%蚝庶縸停�6^磣^ }U赆C詈餺醩�/R灨� �庻�!籇佄�;��,�iO蘴輋讱OW�€_L遳RluEN_魻鮭崡鋼樶炫卜�).椷6忖%踅P/曮�.Z旾驄稛競蠒1栉#�畷|�%��5?ruY�板鵡 H瞥窡烰8=T谤祧瞋�鋉`^╓E騏=~殷煣氛珶�*(6{7靚�SU�6欩�.�^�麸蟴�^o�旔竪+畹#�緸'K�-X F�=焑'嚛O�=p岁E顊t琬^o^罯叆�=熮y�/?bZ琈S蹅�N鸏抩呖ko(賁葼�.伩穔?n惜�*k1�脃6*.^z葡`� 航镰1b嵶委�)絞喑臬k窣z沒�`S裣泈h<区h[y兯謈]鞣�牘b瀡蓃焑假鳸矩I� 鮑黯擨=U概L/=哮�櫩q膂夞杀i�/坊$�:Q設%櫌I薇韫O +�><耩齛x骝;蛹O瘭(I磢癅镛�?� 呗c€後�%T轺.�%�勭紵雙俴%骳钘�雧gy�/^忹%彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�騸癮/б9梊~+入G轁?eY咀穂妄穊9�Plz鲽}qU鹹诳䴗緀攴频贩]巄�6负铞婑� 兘魆�'惯9煜廋!� r饄鷾A萶�,悖嘯x庿w"蟲篾se�蝠賓戲; �<卒qx茔搬�缦堢髸�宄膻> (U�)s鬙噒佪�ナ虻噉x劽蔅綊镂=/b�叮Ir姊v�t尃ll晴O(淀跑蘈暥@�G q)�c诠屋5�*>潒糢狈虫础頟�儅箩専翱儷�虫瑱赟�7竐;调奥坷谤?�别疧(触奥存埦鑦娊赌翱鳇塲蝰夊蹃�劈贰駚＇9耻5?硐翱幰颈别奥顿菓渖>櫹宽�植舷辞%痯��?�D础直携馒辩蕓笓�.铺�1塃请!<圫>蒇=~磹螦 8减伥熻na�g�(33緘8繅較淞捭魬萛わ腝Rs ]�0v1窩��贉&浊亁S3潶镓�2气孀鑬GTG�彳�98\*>E鳣�8;BJ�坄a壏�IF|鞙熼|鰓詶灳Bg吗▲�抨�>醟�1#!�C圢R膆}鱝�'Q鮹嶜兮泉Q徴洁b╉齆鉭漾~iR�隥�4�E謘>/�书l?恹xjc�1G^��2�Q襰杀�&歄澥'鉅x2喒E∠顽犣t┐革筎袏媗驩T`�T,熍�%珀擓灶醚LF忕�2褓操L烳瓜L\z骿h耣釥 z橡y甁,篑|" � Būj9禊�€炍wF鑭w��0齩Js\亝H壶TT蠲伷�潂熂忄�k-熣嶩橗�L�>�!抨�?y漎�+$�)訷:zo虳� V觃〒�>桴|謈+嚌@2�8�€3c栳\甊1o皹 �9f桎+�<�甽?媣J=荵惩杲-a򺜊v$r1v�#孔髚螘鮯;辖湤w轡n; oR|⌒湷L 蠓2p笸\_)鼉誤l�8�[氹0D菧啐J>-l��*末毽縪頍2KV零诙m憥耡I灻錩4鷠柕揉{鼯0�駖疽Zk<|帐{妣芟@�6饄07M夲N唢褍镎�;�6`�锺1粅峨.纜挬B;馜:9壡*馀恴搛摫箹賌"L=扚�#跴巚編�嘶�5亇伷橭颐�#策?tg帵�4 �$|閤�p{骐泓韞,聱嗚覃e詬囕众&.�,ki簽饘/€5o姧H莥v吭Z譽#屧Ｆ飼1�馵灯�9o橑OLE+缔�p�0橭B聊�R鄖v媓� 蕾祫_r*6�'轡�'鞂�'Me薗0O龻Vo�磤�g=U(睺�1鎖嚧zg澧�4+�艽�髣i揈酥(牒n[�9蚙AZ盁亅薸亸d厦耷E_�UQ� 壒d試儱p鍯�)蝩磗 i匔�.*�9銓腒遲|�2n 詭昢?┞7cP惩愒銎妃+uL珶袋ZIl�/倏D驑雥屋%窇堩伃葴餞卐N|襺�N憲餓ka��舒�l<恬OY%F鶎|� -烄�.�镯p稖T烉匧簨:狉崗9�)16燖�'勹�:t.蹮Lr(靦Li�!p緺崞w曘肩賫铄撾讹� �#敖鐖燧�.鈸v�O覇o癘贪co�靱拦锽}J^爃� 佚��鶨|R呑N襝�4:j瞬槎怬|斻�X�HR误濪m�鬱W鑶朤鰓亀 �喃≦7t徶趻*遧膙菥�嫅栮漹v委q顧 �q櫶V�?K曃篏k�.甙�97蹒�$夊窹烮帙癢�6�Z尠迯��?X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫈�2輞Q�,�仲OㄔK�Ⅸ�E鵡莑鍆.t惹蒽l銠苗i�齹u�?_�坔?考M揪伙!萭鱖�? 卟栨邚焈�_痖s��>?闯綥'�;瘃y�$*庼�||F遝鰑萈掃烗煣�-;葀;貃�Rw蒮剣蟧�y眣佒[禊�?焪zP�G鯠羨�)∮咥o�$�E櫤奋苗�酗r>秙谤溌辞��"0<<� U鶠劬镛A�5滝?'ǹ纞@芽�?�)� �e鐥侯�:埜P弭�8;_(树茈I��鍼Lm�9�-/9">^w酁嫂嶅m筬�:霤e=>BH埠莋�6蘟!*2咷偪J绋`百魾�)s�岢�恈l鰅/鹲o葢讨艇崾Ｘ� 絣谷)�?m� f#TL�=窀scb>[�=萳逤c[鱺>妍L衋fOT徼A�?U祂盆3紈N哥a1熓渒�搡f=2l棾懰��哳(�d>_jS穊� 潏P魔蚠m�y珟荮>溅盞h缞.#曺��*稭繉N桺魔�C{べ鲘綇�GE/晢來�!漁�^n姑�� 6喲戦�-u/崌� G�'�撛尊Y呕'|�1涕ERYU嫀课責訇辺鳯屺"甥&�逦i�嶉1荱L缱霓期diqq麴Y呥`t�亱鹃檽黝刽4>#�誺韱5漤历蔄>蔂鈷訰魇葇2甽斊Ov,�喜p@?娤H沄穱r熅&2H珗j�-//o榆z┫�=U鯎┧y籟萭旝#� E%�,~滟o虬��8+糢豳;N.|捼絘?o霞k=裉98夋3�E瓖漭c"氱吃ZO#f�{DH磲撠J齓&R�揙;u夆�0喯XB/v6v09薃�祮酳��ig躾讃�$s |q秵洞3烪H`�豲蛹耢f橊頁�>s縃馿W╠B弛叻嶴q颰Z噡O7澡烬x戋��缷kh�襳髐�鸬狎锱B)ⅱE彐旐(昼Z}繳aR輜阑�}~傦曦儉怶\�5茦� 爬蟆艚≠�8;[萸顏誻"渐褿梃Ⅺ蓨�_桵�樽_1`F玿脶w[7+煱攠裎橗1ｖ'战i澷侴H釹娛嶠憑厦`�;馝昴�/O齄樠麚�8咷晔掚fJt�#礴鷫顰~y$輳P�p鑯t4坹�窯瞶笵洗蟺0熋旋666666666666666666666666666�6666666666�666666666666hH66666666666666666666666666666666666666666666666666666666666666666�62�� 0@P`p€��2(�� 0@P`p€�� 0@P`p€�� 0@P`p€�� 0@P`p€�� 0@P`p€�� 0@P`p€�8X�V~_HmH nH sH tH N`�NNormal,ndhCJOJQJ_HmH sH tH @"pHeading 1,1 ghost,g,Ghost,ghost,g ,1ghost,Ghost +,h1,Chapter Number,Divider Page Text,og,Heading,Ghos,g1,Graphic �@&CJ*@2*�Heading 2,2 headline,h,headline,h2,h headline,Heading 11,heading 1,H2,heading 2,Heading 12,oh,Header1,Heading 121,h g2,Heading 1211,Heading 12111,2 hheadline,01 Headline,Heading 13,Heading 121111,Heading 1211111,Heading 12111111,2 headline1,2 headline2�@& �#@5�;�020�Heading 3,3 bullet,b,2,bullet,SECOND,Bullet,Second,4 bullet,h3,BLANK2,B1,b1,blank1,3 dbullet,ob,bbullet,3 gbullet,dot,second,3bullet,Bulle,bdullet,heading 3,Bullet 1,3 dd,3 cb,3 Ggbullet,02 Bullet,bul,B,Heading 21,3 bbullet,Heading 211,3 bulle�,h 2,Dot�#凢勢鼲&]�#^凢`勢�`B`Heading 4,4 dash,d,3�8刐勢鼲&]�8^刐`勢�nRnHeading 5,5 sub-bullet,sb,4刐剘勢鼲&]刐^剘`勢�fbfHeading 6,sub-dash,sd,5刾創勢鼲&]刾^創 `勢�F@F Heading 7$$@&a$CJ$OJQJN@N Heading 8$$勑@&]勑a$5丆JDA`��DDefault Paragraph FontVi@��V 0Table Normal :V�4�4� la�(k ��( 0No ListJ﨩�Jcenter bold,cbo$dha$5�@�@center plain,cp$a$b﨩bcol text,9 col text,ctd� ��@CJ.�".|col bullet,cb,Center Bold,col bulletcsb,u,cbbullet,C2 Col Bullet,cb 10pt,col bullet1,cb1,c,Center Bcbold,6 chart,Chart,chart ��@劵凟�^劵`凟�N�!2Ncol dash,cd � ��k@劸匌⺗劸`匌�J﨩BJ�col heading,8 col heading,ch,Col Heading,8 col heading,8�col�heading,9 col heading,e,ColHead,C1 col heading,8�col�heading,C0 Col Heading$d�a$ 5�;丆JZ�!RZcol sub-bullet,csb ��勑勵⺗勑`勵�L�QbLcol sub-dash,csd勁匌⺗勁`匌�F﨩ArFcol sub-heading,csh;�B﨩�B first,f,1�#勢齘�#`勢�CJ> @�>Footerd� �P�2CJJ&��JFootnote Reference6丆JEHH*T@�T Footnote Text刪剺�d�^刪`剺�6丆JP﨩�Pfootnote,fn刪剺�d�^刪`剺�6丆JL﨩�Lharvey ball$��a$CJOJQJ>@�>Headerd� �P�2CJB﨩�Bnote,no�#勢齘�#`勢�6丆JR﨩Rnumbered text,nt �#勢齘�#`勢�5�;丯�Noversized graphic!剺�剺⺌剺⺗剺�@�"@paragraph,p"�#d�`�#T﨩2T source,so # ��剫剈�d�^剫`剈�6丆J>﨩B>step,st$�8勅鸮�8`勅�5�<�﨩!R<�sub-heading,sh%;�F﨩bFtable title&$d�a$5丆JZ�!Ztrailer,7 trailer,t'#$勽�劆2/劵.劵.)��.Page NumberJ﨩�JTitlePageBottom)$d�a$CJXT@�X Block Text*$剏凜]剏^凜a$5�;丆J$OJQJJ��JFile Name in FooterCJOJQJ^﨩��^facing page #,fp,&@#$匋�勽�劆2/劵.劵5丆JPK!檗�[Content_Types].xml瑧薔�0E鱄鼉�-J湶@%閭菐洽|廊�$韶钵UL襎B� l,�3鳛;鉹�得槣B+$�G]ミ7O侪V墎$�┇最�!)O赹齬虲$駓@摪磔�/瓂H*�橊劥�)戅祶鬟粖譛Db俙}"譹蹕擩讞枻肵^�)I`n蘀�紛p)�杵li筕[]�1M<斷绒彥O蠵擊6r�=瘔抸纆b營g吜u崘S賓b嘱€O缽嗕掘肦罝郢櫉反qu 痝嫎Z岸串o~俸lAp發x妏T0�+[}`j纂鹾絲A�帮儲V�2虵蒳朄鰍瀡分�5\|夻蕼汰Nвle瞂�ds趈cs倭惻7琊嵨f坊赅肉W琊�+唻7爤唁`�陲g�葮稠J�雷j|唫h(�驞-姷咩� dX�﹊J曝�(钼x$(��:隶;渌�!�I_蠺到S1ｗ犍鳢�?E��?勉?ZB为m渼錟/魁煜��?瀪篁�誼Y�'奎鼀5襣&螊/燑鲮蓩�>籊餗丟e鴲艱�眢3Vq%'#q��域娡$�8翚K秊�敉)f檞9:牡�澹 x}r�x墘�渨⒇顁�:\TZaG�*檡8I耲鎎R祈c|X呕�强絀 u3KG駈D1�NIB襰鼆� 眍R曦u楘侹>V�.EL+M2�#'歠嫸i~橵�l硔u8z�篐� �*�鏄�:�(W�鈽� ~J攘T鴈\O*餿HG絸HY垫�}KN吡P�*菥甩眿�T鸭�9/#辐A7聁Z��$*c?��韖U咤n嗚w�N蝴%幓O�穒鑸4=3炯N�績)cbJ u�4峦(Tn酸� 7斒_?異鹠-贈皗U逄鰤B�w�襷消╪湐鞘�"Zx娬J躗氺p;嫇熟劐辿/�<�P;檸,)''K蠶踜5棝騫邛苝N喦8疜軬b耬摨� 鸖撡d洯\17 阷鮝�>ОSR!�枒 3晠K4'+�r蘻Q TT３I辈琉疘vt]K芻猥渤K#趘�5+D�眽厍鄜獱O@%\w槉燺鄋N[跮古9K候崢临q桃g錠炆n R!儁+�篣蕁�;�*&�/H時�蟃邀 �>��>\ 宼Υ=.T摹 �觖S; Z鄜�!ㄠ傏�銹��9gi槾咰ぺ�!�# B鰻,欒;匵=刍,I�2UW�9$l╧嗒捋=Aj挄�;顊朅79鍇s*Y摈�;浱爺[嘙C撣�県f华]o栫{oY=1k�yV骋V惺隐5E8鏥k+譁扑蚛8疴计0X4D)�!!��?*|f縱� u洒《"鴛A谸T_矋��帬q矁6�4)k诂u襐�7�顃�'尛%;嬁蟟膦9s�9箈懫�,熵趲-45x鰀娐�8?�菢蟙�/Y|t��&LIL饾J`琛& �-G硉�/��PK! 褠煻'theme/theme/_rels/themeManager.xml.rels剰M �0匃倃oo雍�&輬协�勪5 6?$Q祉 �,.嘺緳i粭澤c2�1h�:闀q毩m胳嶡RN壻;d癭値o7�g慘(M&$R(.1榬'J摐袏T鶂�8V�"＆A然蠬鱱}狇�|�$絙{�朠�除8塯/]As賲(⑵锑#洩L蔥汉倪��PK-!檗�[Content_Types].xmlPK-!ブх�60_rels/.relsPK-!ky��theme/theme/themeManager.xmlPK-!0軨)��theme/theme/theme1.xmlPK-! 褠煻'� theme/theme/_rels/themeManager.xml.relsPK]� $�� 8�@��€€€�饞��0�( � �養 �S�� ?� �#�2 �刪剺��h^刪`剺﨩JQJo(ю�#�2��bc�0f]�@ @��Unknown��G��*郃x� �Times New Roman5�€Symbol3.��*郈x� �ArialA��Book AntiquaY� Harvey BallsCourier New;�€WingdingsA�Cambria Math@ "�垬鹦hJK啨f鵬K&,cY��€�0アS�K��哌��HX �$P��bc2!xx��Michael CarusoMichael CarusoCompObj ��rObjInfo��WordDocument ��:SummaryInformation(��欹�y� ��bjbj�� 0遻遻 ��$�$�$�$�$��%%%88%D%%�'�P%P%P%P%P%+&+&+&`'b'b'b'b'b'b'�)�I,bb'�$+&+&+&+&+&b'�$�$P%P%�w'�&�&�&+&:�$P%�$P%`'�) �&+&`'�&�&'('P%��囵$(xx��e&:'L'�'0�' '�,�&�,('�,�$('$+&+&�&+&+&+&+&+&b'b'�&+&+&+&�'+&+&+&+&��,+&+&+&+&+&+&+&+&+&� �#: 黧黠黠黠黠�h0f]h�jh0f]U ��d�.:pbc办班=!�"�#悹$悹%�靶靶愋 (4@ LX`hp�Michael CarusoNormalMichael Caruso44Microsoft Office Word@蕳1@K詇M�@嗗鮂J�@�lx��胀諟.摋+,0�hp�� BOOZ-ALLEN & HAMILTONDocumentSummaryInformation8�� ,MBD00195981�� F狸衔~�繹椅~�Ole ��=Data ��E�8Title-�F!Cover!Object 1� �� F Microsoft Word 97-2003 Document MSWordDocWord.Document.8�9瞦�鄥燆鵒h珣+'迟0�� $ DP\ ht|��8DdO ��zp�<�� C�A��€b�48{邔[4y劃桶妳鍸奘�8D4n�8{邔[4y劃桶妳鍸奘�塒NG IHDRO:E伈gAMA眻晿籀 pHYs1�2Nン聳 IDATx滍}霑�8e}{�p#0侀寧纑CG`9��&r"�鰢D�皂耩�3�繩Px龷`EF鼰�.纎啎霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X�埮0�粻▕+��珉啞鹹8餭豸k蝙+紫S鱴鑴�:D玳[Q昙鍓�/[??H→PT橧�5�鲞o劍 Hu詏春禗兵撅1傉郴C �]^Q鼁|籤淰O疧鬭眣�踉黌8n#尸CR6RJU�oZ療�t餢艹亣C剤P觞鲑Z具躈鯚懴a鑯F摷E��T5蜜悇b髇s#Φ鸟局n鵞.ZW�>悪姃9嬸|禰F礁V,﹂€:悷豿斲к/{k>燌qv蒁 h駡"小膦�P�)�)熐F #閯茻鏢澷)�!烥�麨膸澾鄇稘㎎�3+シ愠�Db鞅輒胂5抉臄骈瀗喷擌~C馇Z凩Ca#堆`雖�耖瓬;?瞜囈�芖O奦�!J胢�U�喷K伨龢a埽j\�$軇�=窸9FV�"衚T讙y唍柨�-�jVw鳛!:痡<轀洱聎�烝蔌�x圢罝(顛y函S请zYKz>儯pゎ懄R圢�=X逿*匭U/桀篌�﹞溕o�+T�&i澒J6篌骙K閪龈�=H'?0獦極u�愙7-宄�+�5�羺Gd糖蹴A:鵙啠�c�&~E|轔J訏�*X@贰彶銾怤龀Htc恬>Z髬剢4漁g舀峼/�'~驜丵�1|�.3臩Z鯌�$箝N�588l綉 ��諆懀bjU4�&蛸ⅵ紟x/類1f吤У#窷-秓緩lKu!,塐簶[�豳\g�(躽鐝熄h:\4遻5q=~�)|�*X鑠镆垩u0z竎7�C�6J踘�5}9AFt矲q倕r�7茇�4潌碚汎秽� �d4毾ｆぷnぐ瑚V祓H �A?� 'b辯劼器峜鵿鈙B&IP轁戛憢6枅姢m鴪}垲甓�i#:'燍社絇�煛f蓍蹸陬�.4N薝蟘3�1㈱斦o僯�!4嶰qf彦3豜踥婿"e綥阍t� W<'a禇M�(>e5v�M�:灯_棲ゎY沅�*牴y]馄�膹胓%藆��=�综詵璉偲W宷BYm饓輂煏Gn崮4<�r褎鍌�;脔劳+Z栖濹壜|V^庫�k啥�=KL)�9#╞�幯嚑M逖鶥H涑驌dG t仨S 洭6�( 譝�<蠔O�3耘豵偔T蚀筟K`�k胚�c岄檇睿 �鹭憰/鈂鯺鑺姫繜��>灚1_O陉翺,�位X%騔�毪跨6�@q軳棅榫駪�昰蠗樳I彗3<=傥憓M�:s�謐說w韛A鯷"摗%盎靷c艝殟�=縴婑�T�輜t|P┾ @Y9[╦O顪骊==控E /`�多�1{込�X �U‰座勋c5q漋瑇亭e+稺b囊Jk墛A筸桯呲詖&<龀r� 勖齺9�'�聘閬筷q�<囶H8}胊8溹煛xJ殚)诪N\}髚敇ヱy򂨎╩Y枹b蟮j �>5拋v峬υ溼�0咅�駵?�0`Owj飔劯k罒峋涍釳X�;仿>驾_�*嶞菼饇餻鲻�郢7Q洽鈘煭&"[m�%€Ls h6>%k^韓{犠;鉂8c,z�'橹F3搟?嫱柴慎疩{騺這?YM|R5晪菀\�殓�讟T}鑔ufx� 炜]"H�!'顦魹�扄鼇娹C�鼅存H)∮楧掀V抜}欩)煍"橭壹�汧榋絃�0�+IO凵1�&f嗮>}OXw钕MZ押Jnr鮰w�2楡塿�&O�7>z��?�瀛l�3bS数]�'�;qｌ�:MyT'f髹E適S� � 杯+�H敌ZO�衷�n�,慒a`鯠�7跷嚹(�-�$襎*�&┙鬅煝埽X阇$祠徚楺�蔌;_Mu鵎€焽茅(ＺU愔�1絬C卻1芚戤麉祼Gb�6ャ睑�(kg3豩橘�疅蟥R壌凎�q"�3n雲捡�%碨R栃bK桹�,Ts~債湜f~姅90C瓊颼�邙齾Q愽羯ㄧ默蔿Y瞜贴T鎠蔐墣熱�,�'思kN劢[r邶笣Lc(燋>�-�ZA �)锋覠FJ立米At！~O[蓗娛蘋�)膅绣A{�'m僡Q缂 a獴�3r儖#鍿塹�#嘎r袨5$鎼Pb=6 刚叺躗��v鰦押EfD�+罂�1E难綝T $姱莣蚪�荲{c耪Dy飯hK謿&{�)弔瓆5 貳yTV\∵v靾耜曽�j.鍜AsT簉穸菡� ;21豓豰殀�h崍Y屡%徻!�#磏�>粠呻q╚��: 娎nI� 鮷N嬏4}�&彭8�Zè瘚灾饯軞6H啡栜姇�)*�嵻�# z玞鄱�椈�愐壃�7o= 刈罨1蛕�烇圗��@辧>…}尢= 庅�冀讓��匐�耒7EBe梭娄�c憕螾仒� 壜踸�9愛dke�5�-䙡眃伧B鼨瞳7E濹鑝]穪奶譭U0宬l赲�罡%~叱衵趌Lr酖轄�傐5蘤q~脢殎 Mb喈�諝�;v�pl_悴殂3匩�( 壞腶5隠简fH>�&Qb献0��'=得fbL歼O　&邇硊Y+羯彲訶PE笊JW]┚3L豅L� 猆鰱J o阮轮Y佅賡鉴_M鎿'�6�(腓椡$�>歀Y嬠c躌3�1[mU埆 %嘒�9襆'0�.誜指�*vK尹匷�攉癔Z駞?騈FD>觹庞2夳絽>wV暓�� 裴_U�7�灞鵔 <漒翊YhN嘞h1U憹搭�=H�' �x?烞тk�|b�條峺j鋈�r珼TP�,�8pC疽wq續悲鎿?犮d娽駪慰"鍮购璤韯裌鋏P]嘹€問k{鬳柺'餆玝鷉��燆0輵]�'廿��)桢援筇Zg挔�:魔0鱪Y-藣仸:*�1ㄧ R薺V峎�硢�A玁�$(粪薞T釦镢W&�iP?貄o�pO閖�=@Z�=嶓壦N��x>;腼�&邙毼=睈V糗Sj'嫔伸庅鶌馀4 �&*NwC瑘堺v幌�5\4c�=�:獰_妪�8縹T�`w C詉�?�?娨峿�娇俶kP渾�3ZGuxk屝�-漲� 岢K郸撊@笐� �$挈袵钲�溏青甗褠Z闖蕾丿qㄐ€au彜粐龓鷸|'絜珪赙_€嫱�v�*鰈' 燐xZ3叙佸揘ｑ儙X:D�2m疚�-Dzw醟�屭1√犒@瀟_竫U苴弢-U鷽額镳堣巐�LK賵臑唿诒e圝�?� /v坾钶��v柢坘�,圻�'|`L⒏雚憉靈閍�0Q鑰T�'{橩籈!鮏�$,梜重稕䦟溇鋿'�8N�諃𘲊孙�澊dR麎d韞�:鴨尣7pb鄊d?uP�€煟搒呞7阛,z騢�4@∑鐣鰰2,焲埤u＼� 胢�16j€�=拊y住hg�9Ms��5從'�.蛉)lp*,€G膞st九%U鮣�婤笙遳�瘗 �3疁��gg�絯窒豩xy變$嬘€煇.�滊梍蒇�)$/掽]�辵QI姞蜔峒�&O:麫绪9�T�'�>妕榽萴 4~€@贺s齌髢痮綋d慫旀彞�&"�_� [�$)�(z�鐄漁鬿髖鼏q誗n�?鞣魔償yx++鏦"熋�%EUO{/竦`,P�'閹^qbN� �-�=8縍�/]氦绵島F�<�'P煬埨噆V�i蔋鰃u顠厩D峷Tq=4~�9卡E[:=佸S{滍�u琮�r�傛堹N2愵o�3墟濩U%媈M瀟�釱s瑸糕^菝y谿-蒝K�2�6��瞮Y掯喃遷�沢�3衻RuJn賶|�+Z斚L'm哽)繋D�9,,惜靓�詗謮躆∩搉䲟⊿�.!#唴遴�1劍枮烴�卺�)rt��#泷|爴燕nDX嫷~冶D�x:} hG"霠8訢D�乡5洍∮讇褹OI鈆 C*�↓T遍 ^圢�寓�#qoWD羄襅錷^圢�J浵┒ �4擣艝B嘤�翄曩hz摚�4わ泗灉鄠减髖�.4y覞��4焏窱吀B��,瓛韃怤�頊,桉腰膇坙襵s伮貳瓞续凉b益揇C臚旞L療E[% aQ嶯瘴茝�*偶澞gQ% *卥��<�告s&灤�T�q~)qg鍷櫇��#豸梄蒼裍坾︔L��)4爐顂舵閘�(%�9y�3趶�潀趹hz鶮n%鱣|S&�)\>梳谞搊@悋3韮(倖�[鹛锨W宣楊娢`袔D佑_�$ W躋皹`倗翔-籑l腫C�徧 *謀櫡郉靚觉Ｈ 胇0Cxj}犍螦�-.倧O5扪轆f7鍶ht餣煷?掓韷`搋蚙�|澗綆?闇�}鐷$=鼸击盵]卷扑g�?N灎>峻<$�*h鼆n瞑鵜 !*��2�S荦>||较钧"才緀y��稌?\陭啅良驝嚕X斢A錏�)q競匂國O_貅豉E劁P=�)N� r 方罘駷诒嶇纷WoK]娻缆>�,烓钖g鋼縭�wo?蹚U\�2!窺A�移p4垴._€饉0〈HhSBY2@�"X�bj黌衩齯E+N�;瓄鸼�7腴鵒y� �邾1�媨i爠3;�断ir郈歅q�?w傉頵|`*gBQ� 皫ō颗m�鵊瞌�獵v蛀E恰2C麅驞:Sqx聇d忐溻┾鬅�?r浇�/J,P�'悰O�0[窟会l鱝魜飯浩<芯@籧鞨枞'�濋0鱿o檳�1胗漢€绡焴��7乧=KY}H9廝Q礂�鈗|� ?�/挟燆願鞊蝫Td輒€僱&=挴得�嚤驃,贷3砑Yf碱*}7剸兗�3l颓滯J<捻[饄�|亝OOm矁:*殶覭D貎╃�0�>g�/困C淢榬wDSt,鵿&詓�on�u�!鋆�憳恵鷜CD�P��`�;葜4}�嚚勌溸toS^侽�鮳G/�1�3琦侑啮*嚐N.@~H檔l綊鶖硪饇韒鏘}爨E�5I �3�$頛N剑W澌`阁U裍BowN��?v海NLD簑燏圎撶�遼.莳8荍:*Vn餩1狀镤� a7 �?昭A)wk鋱*B6s鱔�.輙p讬宧靊嘘袕AD絞O珰[伙侵螿�?{l��5L巻�<膳7爭簱�6ァ烆捓蛸�孪$U�o坊lF諰悾顬鎠 )9i"鲧p窏傝 ]絤鮿噑邂P�'椉6�/l�6j;B团坖 �k钇冬h�越3侇湚� 嘪�複R狁裌v]Na媡嶂;钗卋PWU堳9�s�5劔z�8%w_DDG輷D:卑殍鵍嗆r谭膼旙}夓彐甡湨ぬDh.禆_�彸塆.〦>餓睩.b=蒡#>ｆC樺�庭'�1橾噑嘩禣曮�?9�:扡�$(q烫TO񯎟h兌*環�0S瓍矏禞葾V尒�焅:Dh勬肄=発郶訸慘�4N4嘢oN芅Z舢鑈>��! 慬�]疃�'�*灢R頌摫]0�*歄桺q�潏焦駓{獽/I铀T[鎔燅篌庽�.�"Onn|�倁l}^剑-a矫"4b亦yr惚�a銖b碗�/�<^�)瘎鸓鄑7n�F陰`杓�e"玆氐� 遜5t赱2�箒DNl鴦訃衰沘>S嵪A劭菿斱�#昊�s箳U?=練x嗉抑7墙A�胎G~u襔.煱惵w鴣甸灃满�1EL\/綷f<勨旬04髾院z厺剒歄篻佼�1齣犏{u鉤,腤��F]\8桊児5PE暻B待9b荵i�阌�5l]a~I黰恫�9囇e%它d莿佐�!熁`攂K厤��詄柯w鴣t覴鱽摝衞嶰�+�V皪O�2.安e劍步 O歄飸�?�鋦�e壕盘|霰�鍿x颦瓅�$+c止B}稻橲躯毖=Rxヅ#奨熤�c%欿|�欱輠C�7c氰詿}@T�X顽@＇罾bn"垯藡Zv鬏Qe�(b^艙i[}⺪滎喗KA∵,�8R处镶獮GK韏#L蔗z䲟�6曱7 齠關S=C#�v�Q7+姕w欺B&o竆詞鵯姕ⅱE}表桊� 贍笵翙�憇`/'讘墰�4Qr)qik )奺-1鉈薥猸戎席�菗2皘cx{戫颥%糉9!s蟓9Y楼竽r躲1��<)匾妁\[NS蝹邚k椢at~\慏姇�/#涇.0m趁bp<煂�((v`膴/]憔鸡舊鎁鹅x夶矄L,刿筯-卜葛矰q|.�&棴\A铢R糵遤\l苲xb諌Wx覻咍楃>vH5+a�.2_潂k扚煙�&砡堶��'�4��<儧ゆ铻礥lF祑�IEE褟伉葩矮镤�3迖"x蜂屜饕 !孖痆脞�= 吒N枣|檊dd�9健瘐s膳&缕McbT嵯誶麮��1偮3u珚偿�)�\qy慂)鸸`/�2&A�-0�婯瀟幷O%勮幾wV兗�<侇檊��B點x&t涾倎JP蘼p'剼恓1演�0e*氖&巏蝋%_恶 u]�2c奡坩lM�8壪D単坟肹m�"茣�肸sa鼚I$擎g鷒鐑p9携/駲6滗荅起�'L讏e3f�T*R漮z'<"�)=<� >�3>�>欝�"燅s":Y#闵焻攡珕�瀟 N笕疱鹜)3�*��#5�V啣衖夏掇楿x鐓鄙猹;�諄pn_徏�渎砿w�<�*覇Sx陏�fM�:讶諳' .�mj� �r鍔>抟�"踤*N湴T�4pN c 祴喢\髷)�1 瀧o晓n釛臹鄸翝�霛WX沝rq迲曱俐y喍0]遻tVg８藕?*秞夙n�烕瞵耖t刲o趵�:p;F荼�&�-WJ熝]�0壛歕O�X単>.鷰腺)�8堕駏�吜霄锄鶎础吜;族"齿缚�:杫诲驰�=�吓菒虫窎愢瀩驳/熝�"黳厂�+廀慈頴傀酏皤�:来&补鋝辫�&膅霳剢碍�柏鰃�<�8︱慺或e圼�M铓Ц}曵�鴮詘V峁��8$�,;<?w�vG8偞�$纆�蕔-鍄;,*帿�=戝Qx膗壓衊w�*勰逕炜絧厨蓬沥�:賌檲c溘Wqxd]躲Y儯b畴烶T鎬歸翿fE"z勐a0Z1褬�ю娖a4嶶犽杮IM吁灧�褏鶎矪I*跺迨罰E膓�,.蟗Plv釲M哯zm噳�;Q|FJL��〓#qL 豾bKzo尮�6\�#|3誫刳/疐鸟c啋嶧3懾V淯xd�1醍醖y�驺#U睟|蠼q|F,~`C�5>鵩G11]銖藶�#瑈�=~h宎ucX!�-q|毀�诨剌>=':B釞~[h�*NV|=M△彆骚92Y� 瓨(傃苘罞* 烆��蛌蘤x� �%�吝瞪 $+兂鬺単歰a熡B単氿趰1�8M@T鼀�-q 缋=k挛肠;p�1N�/J㏄餓eU躃煢況k�燂�/倯P雌G"釞篨E7@ ?煿顖)8謰阚(|&� 浄嵊<]_Em矱�#屆V╘l迗相bS�待M/2(載|�駃zy�8�y嫑燕糴燉給�'沣+-kF3X@i�烱;钡�-^�(氎綕€蚬�#裮6y羸�軘O�"7?T悧�,G/Qd艒鵏隁僱cL氰税�|F3P6戲"逮ヘ|>嶉蒢力惭懬.皫(洱嵽#下�1骋镯血顡�)滨诸锄�夏�1η飞叠�濒椯坱�牗炢弈緃�1迟忣)杀触�?<>齿釰欰驰<+�狒� �?蕋/d冕瘅狘C梂OC謇丑鶝#�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬��W�铒棼Q~?|q^R皭�2j砠�%餐"錏仒h鍢缗蔳^瑋媾蔳^瑋媾蔳^瑋媾蔳^瑋媾蔳^瑋鎱g>$轻p偛xW.>體�徯@Y攐磰J�褲狘S魟qzx:饤雝棹蝞�4╓%s馱洹紽1k鰕m袎糍�嗨鲌O�2g�?Y�3:镉踏�&錬舠U匽�烓�|b`�,纴鸙€服骧l饓乌鄈�& W(舳|2\詉|�赲焳1�婉筛墩K^�9�(vS>貰� |�9 >吊7莽�6Nc嬷BB�"|釾g▁>8��.熤45千p|粺�烇瀃Q噌骿{ヽ�褞e�鬴u�;)X�&~J颧浭5垈'|茽笗#2揲C 翧姲�餞.�g€臃t獬媽��偸s滚鬘妧 p�烠茈v┖m盁暱�煁钀>x揪~謑遒 bj;T躛x綶T?穃M荚瓖应叹1=枙qｚY溗P�)<弓�<衿 辱撔禍樽l�=湳P<溹缌簅�7贠O�<骲8�IQg檔泪$剞E絈垒�汸� 聿}8玲褝c父炏耜�2=sTr`�:�+踫Dv历&�飨 �┤4� 攦t钕�流E{終0�頙溷s嗀�砄齘0uX扉岑tヲ�%蚝庶縸停�6^磣^ }U赆C詈餺醩�/R灨� �庻�!籇佄�;��,�iO蘴輋讱OW�€_L遳RluEN_魻鮭崡鋼樶炫卜�).椷6忖%踅P/曮�.Z旾驄稛競蠒1栉#�畷|�%��5?ruY�板鵡 H瞥窡烰8=T谤祧瞋�鋉`^╓E騏=~殷煣氛珶�*(6{7靚�SU�6欩�.�^�麸蟴�^o�旔竪+畹#�緸'K�-X F�=焑'嚛O�=p岁E顊t琬^o^罯叆�=熮y�/?bZ琈S蹅�N鸏抩呖ko(賁葼�.伩穔?n惜�*k1�脃6*.^z葡`� 航镰1b嵶委�)絞喑臬k窣z沒�`S裣泈h<区h[y兯謈]鞣�牘b瀡蓃焑假鳸矩I� 鮑黯擨=U概L/=哮�櫩q膂夞杀i�/坊$�:Q設%櫌I薇韫O +�><耩齛x骝;蛹O瘭(I磢癅镛�?� 呗c€後�%T轺.�%�勭紵雙俴%骳钘�雧gy�/^忹%彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�+焬彬�騸癮/б9梊~+入G轁?eY咀穂妄穊9�Plz鲽}qU鹹诳䴗緀攴频贩]巄�6负铞婑� 兘魆�'惯9煜廋!� r饄鷾A萶�,悖嘯x庿w"蟲篾se�蝠賓戲; �<卒qx茔搬�缦堢髸�宄膻> (U�)s鬙噒佪�ナ虻噉x劽蔅綊镂=/b�叮Ir姊v�t尃ll晴O(淀跑蘈暥@�G q)�c诠屋5�*>潒糢狈虫础頟�儅箩専翱儷�虫瑱赟�7竐;调奥坷谤?�别疧(触奥存埦鑦娊赌翱鳇塲蝰夊蹃�劈贰駚＇9耻5?硐翱幰颈别奥顿菓渖>櫹宽�植舷辞%痯��?�D础直携馒辩蕓笓�.铺�1塃请!<圫>蒇=~磹螦 8减伥熻na�g�(33緘8繅較淞捭魬萛わ腝Rs ]�0v1窩��贉&浊亁S3潶镓�2气孀鑬GTG�彳�98\*>E鳣�8;BJ�坄a壏�IF|鞙熼|鰓詶灳Bg吗▲�抨�>醟�1#!�C圢R膆}鱝�'Q鮹嶜兮泉Q徴洁b╉齆鉭漾~iR�隥�4�E謘>/�书l?恹xjc�1G^��2�Q襰杀�&歄澥'鉅x2喒E∠顽犣t┐革筎袏媗驩T`�T,熍�%珀擓灶醚LF忕�2褓操L烳瓜L\z骿h耣釥 z橡y甁,篑|" � Būj9禊�€炍wF鑭w��0齩Js\亝H壶TT蠲伷�潂熂忄�k-熣嶩橗�L�>�!抨�?y漎�+$�)訷:zo虳� V觃〒�>桴|謈+嚌@2�8�€3c栳\甊1o皹 �9f桎+�<�甽?媣J=荵惩杲-a򺜊v$r1v�#孔髚螘鮯;辖湤w轡n; oR|⌒湷L 蠓2p笸\_)鼉誤l�8�[氹0D菧啐J>-l��*末毽縪頍2KV零诙m憥耡I灻錩4鷠柕揉{鼯0�駖疽Zk<|帐{妣芟@�6饄07M夲N唢褍镎�;�6`�锺1粅峨.纜挬B;馜:9壡*馀恴搛摫箹賌"L=扚�#跴巚編�嘶�5亇伷橭颐�#策?tg帵�4 �$|閤�p{骐泓韞,聱嗚覃e詬囕众&.�,ki簽饘/€5o姧H莥v吭Z譽#屧Ｆ飼1�馵灯�9o橑OLE+缔�p�0橭B聊�R鄖v媓� 蕾祫_r*6�'轡�'鞂�'Me薗0O龻Vo�磤�g=U(睺�1鎖嚧zg澧�4+�艽�髣i揈酥(牒n[�9蚙AZ盁亅薸亸d厦耷E_�UQ� 壒d試儱p鍯�)蝩磗 i匔�.*�9銓腒遲|�2n 詭昢?┞7cP惩愒銎妃+uL珶袋ZIl�/倏D驑雥屋%窇堩伃葴餞卐N|襺�N憲餓ka��舒�l<恬OY%F鶎|� -烄�.�镯p稖T烉匧簨:狉崗9�)16燖�'勹�:t.蹮Lr(靦Li�!p緺崞w曘肩賫铄撾讹� �#敖鐖燧�.鈸v�O覇o癘贪co�靱拦锽}J^爃� 佚��鶨|R呑N襝�4:j瞬槎怬|斻�X�HR误濪m�鬱W鑶朤鰓亀 �喃≦7t徶趻*遧膙菥�嫅栮漹v委q顧 �q櫶V�?K曃篏k�.甙�97蹒�$夊窹烮帙癢�6�Z尠迯��?X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫊霞X嫈�2輞Q�,�仲OㄔK�Ⅸ�E鵡莑鍆.t惹蒽l銠苗i�齹u�?_�坔?考M揪伙!萭鱖�? 卟栨邚焈�_痖s��>?闯綥'�;瘃y�$*庼�||F遝鰑萈掃烗煣�-;葀;貃�Rw蒮剣蟧�y眣佒[禊�?焪zP�G鯠羨�)∮咥o�$�E櫤奋苗�酗r>秙谤溌辞��"0<<� U鶠劬镛A�5滝?'ǹ纞@芽�?�)� �e鐥侯�:埜P弭�8;_(树茈I��鍼Lm�9�-/9">^w酁嫂嶅m筬�:霤e=>BH埠莋�6蘟!*2咷偪J绋`百魾�)s�岢�恈l鰅/鹲o葢讨艇崾Ｘ� 絣谷)�?m� f#TL�=窀scb>[�=萳逤c[鱺>妍L衋fOT徼A�?U祂盆3紈N哥a1熓渒�搡f=2l棾懰��哳(�d>_jS穊� 潏P魔蚠m�y珟荮>溅盞h缞.#曺��*稭繉N桺魔�C{べ鲘綇�GE/晢來�!漁�^n姑�� 6喲戦�-u/崌� G�'�撛尊Y呕'|�1涕ERYU嫀课責訇辺鳯屺"甥&�逦i�嶉1荱L缱霓期diqq麴Y呥`t�亱鹃檽黝刽4>#�誺韱5漤历蔄>蔂鈷訰魇葇2甽斊Ov,�喜p@?娤H沄穱r熅&2H珗j�-//o榆z┫�=U鯎┧y籟萭旝#� E%�,~滟o虬��8+糢豳;N.|捼絘?o霞k=裉98夋3�E瓖漭c"氱吃ZO#f�{DH磲撠J齓&R�揙;u夆�0喯XB/v6v09薃�祮酳��ig躾讃�$s |q秵洞3烪H`�豲蛹耢f橊頁�>s縃馿W╠B弛叻嶴q颰Z噡O7澡烬x戋��缷kh�襳髐�鸬狎锱B)ⅱE彐旐(昼Z}繳aR輜阑�}~傦曦儉怶\�5茦� 爬蟆艚≠�8;[萸顏誻"渐褿梃Ⅺ蓨�_桵�樽_1`F玿脶w[7+煱攠裎橗1ｖ'战i澷侴H釹娛嶠憑厦`�;馝昴�/O齄樠麚�8咷晔掚fJt�#礴鷫顰~y$輳P�p鑯t4坹�窯瞶笵洗蟺0熋旋666666666666666666666666666�6666666666�666666666666hH66666666666666666666666666666666666666666666666666666666666666666�62�� 0@P`p€��2(�� 0@P`p€�� 0@P`p€�� 0@P`p€�� 0@P`p€�� 0@P`p€�� 0@P`p€�8X�V~_HmH nH sH tH N`�NNormal,ndhCJOJQJ_HmH sH tH @"pHeading 1,1 ghost,g,Ghost,ghost,g ,1ghost,Ghost +,h1,Chapter Number,Divider Page Text,og,Heading,Ghos,g1,Graphic �@&CJ*@2*�Heading 2,2 headline,h,headline,h2,h headline,Heading 11,heading 1,H2,heading 2,Heading 12,oh,Header1,Heading 121,h g2,Heading 1211,Heading 12111,2 hheadline,01 Headline,Heading 13,Heading 121111,Heading 1211111,Heading 12111111,2 headline1,2 headline2�@& �#@5�;�020�Heading 3,3 bullet,b,2,bullet,SECOND,Bullet,Second,4 bullet,h3,BLANK2,B1,b1,blank1,3 dbullet,ob,bbullet,3 gbullet,dot,second,3bullet,Bulle,bdullet,heading 3,Bullet 1,3 dd,3 cb,3 Ggbullet,02 Bullet,bul,B,Heading 21,3 bbullet,Heading 211,3 bulle�,h 2,Dot�#凢勢鼲&]�#^凢`勢�`B`Heading 4,4 dash,d,3�8刐勢鼲&]�8^刐`勢�nRnHeading 5,5 sub-bullet,sb,4刐剘勢鼲&]刐^剘`勢�fbfHeading 6,sub-dash,sd,5刾創勢鼲&]刾^創 `勢�F@F Heading 7$$@&a$CJ$OJQJN@N Heading 8$$勑@&]勑a$5丆JDA ��DDefault Paragraph FontVi��V 0Table Normal :V�4�4� la�(k ��( 0No ListJ﨩�Jcenter bold,cbo$dha$5�@�@center plain,cp$a$b﨩bcol text,9 col text,ctd� ��@CJ.�".|col bullet,cb,Center Bold,col bulletcsb,u,cbbullet,C2 Col Bullet,cb 10pt,col bullet1,cb1,c,Center Bcbold,6 chart,Chart,chart ��@劵凟�^劵`凟�N�!2Ncol dash,cd � ��k@劸匌⺗劸`匌�J﨩BJ�col heading,8 col heading,ch,Col Heading,8 col heading,8�col�heading,9 col heading,e,ColHead,C1 col heading,8�col�heading,C0 Col Heading$d�a$ 5�;丆JZ�!RZcol sub-bullet,csb ��勑勵⺗勑`勵�L�QbLcol sub-dash,csd勁匌⺗勁`匌�F﨩ArFcol sub-heading,csh;�B﨩�B first,f,1�#勢齘�#`勢�CJ> @�>Footerd� �P�2CJJ&`��JFootnote Reference6丆JEHH*T@�T Footnote Text刪剺�d�^刪`剺�6丆JP﨩�Pfootnote,fn刪剺�d�^刪`剺�6丆JL﨩�Lharvey ball$��a$CJOJQJ>@�>Headerd� �P�2CJB﨩�Bnote,no�#勢齘�#`勢�6丆JR﨩Rnumbered text,nt �#勢齘�#`勢�5�;丯�Noversized graphic!剺�剺⺌剺⺗剺�@�"@paragraph,p"�#d�`�#T﨩2T source,so # ��剫剈�d�^剫`剈�6丆J>﨩B>step,st$�8勅鸮�8`勅�5�<�﨩!R<�sub-heading,sh%;�F﨩bFtable title&$d�a$5丆JZ�!Ztrailer,7 trailer,t'#$勽�劆2/劵.劵.)��.Page NumberJ﨩�JTitlePageBottom)$d�a$CJXT@�X Block Text*$剏凜]剏^凜a$5�;丆J$OJQJJ䁖��JFile Name in FooterCJOJQJ^﨩��^facing page #,fp,&@#$匋�勽�劆2/劵.劵5丆JPK!檗�[Content_Types].xml瑧薔�0E鱄鼉�-J湶@%閭菐洽|廊�$韶钵UL襎B� l,�3鳛;鉹�得槣B+$�G]ミ7O侪V墎$�┇最�!)O赹齬虲$駓@摪磔�/瓂H*�橊劥�)戅祶鬟粖譛Db俙}"譹蹕擩讞枻肵^�)I`n蘀�紛p)�杵li筕[]�1M<斷绒彥O蠵擊6r�=瘔抸纆b營g吜u崘S賓b嘱€O缽嗕掘肦罝郢櫉反qu 痝嫎Z岸串o~俸lAp發x妏T0�+[}`j纂鹾絲A�帮儲V�2虵蒳朄鰍瀡分�5\|夻蕼汰Nвle瞂�ds趈cs倭惻7琊嵨f坊赅肉W琊�+唻7爤唁`�陲g�葮稠J�雷j|唫h(�驞-姷咩� dX�﹊J曝�(钼x$(��:隶;渌�!�I_蠺到S1ｗ犍鳢�?E��?勉?ZB为m渼錟/魁煜��?瀪篁�誼Y�'奎鼀5襣&螊/燑鲮蓩�>籊餗丟e鴲艱�眢3Vq%'#q��域娡$�8翚K秊�敉)f檞9:牡�澹 x}r�x墘�渨⒇顁�:\TZaG�*檡8I耲鎎R祈c|X呕�强絀 u3KG駈D1�NIB襰鼆� 眍R曦u楘侹>V�.EL+M2�#'歠嫸i~橵�l硔u8z�篐� �*�鏄�:�(W�鈽� ~J攘T鴈\O*餿HG絸HY垫�}KN吡P�*菥甩眿�T鸭�9/#辐A7聁Z��$*c?��韖U咤n嗚w�N蝴%幓O�穒鑸4=3炯N�績)cbJ u�4峦(Tn酸� 7斒_?異鹠-贈皗U逄鰤B�w�襷消╪湐鞘�"Zx娬J躗氺p;嫇熟劐辿/�<�P;檸,)''K蠶踜5棝騫邛苝N喦8疜軬b耬摨� 鸖撡d洯\17 阷鮝�>ОSR!�枒 3晠K4'+�r蘻Q TT３I辈琉疘vt]K芻猥渤K#趘�5+D�眽厍鄜獱O@%\w槉燺鄋N[跮古9K候崢临q桃g錠炆n R!儁+�篣蕁�;�*&�/H時�蟃邀 �>��>\ 宼Υ=.T摹 �觖S; Z鄜�!ㄠ傏�銹��9gi槾咰ぺ�!�# B鰻,欒;匵=刍,I�2UW�9$l╧嗒捋=Aj挄�;顊朅79鍇s*Y摈�;浱爺[嘙C撣�県f华]o栫{oY=1k�yV骋V惺隐5E8鏥k+譁扑蚛8疴计0X4D)�!!��?*|f縱� u洒《"鴛A谸T_矋��帬q矁6�4)k诂u襐�7�顃�'尛%;嬁蟟膦9s�9箈懫�,熵趲-45x鰀娐�8?�菢蟙�/Y|t��&LIL饾J`琛& �-G硉�/��PK! 褠煻'theme/theme/_rels/themeManager.xml.rels剰M �0匃倃oo雍�&輬协�勪5 6?$Q祉 �,.嘺緳i粭澤c2�1h�:闀q毩m胳嶡RN壻;d癭値o7�g慘(M&$R(.1榬'J摐袏T鶂�8V�"＆A然蠬鱱}狇�|�$絙{�朠�除8塯/]As賲(⑵锑#洩L蔥汉倪��PK-!檗�[Content_Types].xmlPK-!ブх�60_rels/.relsPK-!ky��theme/theme/themeManager.xmlPK-!0軨)��theme/theme/theme1.xmlPK-! 褠煻'� theme/theme/_rels/themeManager.xml.relsPK]� ;�� 8�@��€€€�饞��0�( � �養 �S�� ?��#�2 �刪剺��h^刪`剺﨩JQJo(ю�#�2�� *�5�V� sQ)��蚦�€N�wl�06�<��@�@��Unknown��G��*郃x� �Times New Roman5�€Symbol3.��*郈x� �ArialA��Book AntiquaY� Harvey BallsCourier New;�€WingdingsA��$B�Cambria Math@ "1垬鹦hJK喼泫f鵬K&0cY��€�0アS�K��哌��HX �$P��2!xx��Christian, Michele [USA]Christian, Michele [USA]��欹�y� ��bjbj�� 0遻遻 ��$�$�$�$�$��%%%88%D%%i'�P%P%P%P%P%+&+&+&'''''''C)��+�'�$+&+&+&+&+&'�$�$P%P%�#'+&+&+&+&�$P%�$P%'9) +&+&'+&+&�&�&P%��0�~��+&�&�&9'0i'�&,+&,�&,�$�&D+&+&+&+&+&+&+&+&''+&+&+&+&i'+&+&+&+&��,+&+&+&+&+&+&+&+&+&� �#: 黧腌腌腌腌�hwl�jhwl�Uh<�jh蚦�U ��d�.:p��) 班=!�"�#悹$悹%�靶靶愋�Christian, Michele [USA]Normal.dotmChristian, Michele [USA]48Microsoft Office Word@蕳1@K詇M�@嗗鮂J�@��~��胀諟.摋+,0�hp�� BOOZ-ALLEN & HAMILTONDocumentSummaryInformation8��,SummaryInformation( ��"XDocumentSummaryInformation8��(CompObj��AkTitle�鄥燆鵒h珣+'迟0( PX�� 8Safeguard Computer Security Evaluation Matrix (SCSEM) Internal Revenue Service (IRS)Christian, Michele [USA]Microsoft Excel@k’ux�@€梫)尵�@€X�~� f2�蓘��\pChristian, Michele [USA] B�a�= �ThisWorkbook��=}(��+�&8�@�"��1��Arial1��Calibri1��Calibri1��Calibri1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Arial1��Calibri1� ��Calibri1��Calibri1�4��Calibri1� ��Calibri1��Calibri1��Arial1��Calibri1,>��Calibri1>��Calibri1�>��Calibri1�>��Calibri1�4��Calibri1��Calibri1�?��Calibri1h>��Cambria1��Calibri1� ��Calibri1� ��Arial1� ��Arial1@ ��Arial1 ��Arial1� ��Arial1� ��Arial1��Tahoma"$"#,##0_);$"$"#,##0$!"$"#,##0_);[Red]$"$"#,##0$""$"#,##0.00_);$"$"#,##0.00$'""$"#,##0.00_);[Red]$"$"#,##0.00$7*2_("$"* #,##0_);_("$"* $#,##0$;_("$"* "-"_);_(@_).))_(* #,##0_);_(* $#,##0$;_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* $#,##0.00$;_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* $#,##0.00$;_(* "-"??_);_(@_)�0.0 �0.0%�"Yes";"Yes";"No"�"True";"True";"False"�"On";"On";"Off"]�,[$� -2]\ #,##0.00_);[Red]$[$� -2]\ #,##0.00$�� 攆f�� +� �� )� �� ,� �� *� �� P � �� P� �� €� �� !� �`� �"� �� #� �� $� �� %� �a � �&� �� h �"x �x � x �*x �x �x � x � @ � �X � � � � �x � �X � � x � �x � �x � �x� �� x� � x@ @ �&x"@ @ �&x"@ @ �&x "@ @ �&x"@ @ �&x""@ @ � p� � p@ @ � x@ @ � �� t!@ @ � � p@ @ � � p@ @ � � x@ @ �*p@ @ � � x!@ @ � � p!@ @ � �*p!@ @ � � x!!@ @ � ��x� � "!@ @ � �"x""@ @ � ("@ @ � � *x � h �!x �x@ @ �)x@ @ �!x @ @ � h@ @ � €��$��Percent� ?Title� ��Title� @Total� ��Total�AWarning Text�.��Warning Text�X��TableStyleMedium2PivotStyleLight16��8��€€€€€€€€€览�€€€�忉�=棷�,览�稊����忉�=棷�,览�稊����櫶��櫶虣��虣3f�3烫櫶��fff�枛�3f3檉333�3�3f33�333\��S8�)宸�>OYW糄硚��€Jonathan Isner - Personal View�U8�靛�5H籇�)� 発�?��€ Maqsood, Sajjad - Personal View`� (�Cover��Purpose�D� Dashboard�\#Evidence�~. Test Cases�劍Tumbleweed Appendix�&忸State Run Data Center Appendix��Web Portal Appendix�0IVR Appendix�Y[MFD Appendix�Data Warehouse Appendix�覇Out of Scope Controls�3�Legend�嫁Sources�Q� Change Log��P ! ; ! ; ! ;S ! ;! ; � _xlfn.IFERROR OLE_LINK1< OLE_LINK1< OLE_LINK2< OLE_LINK2< ; ;" ; ; ; ; ; ;k ; ; ;S ; ; ; � ;� ;� ;� ;� ;�&ValidEntries;%ValidInputs;&ValidResults;J0 Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.Cols;��P6 Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.FilterData; P6Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.FilterData; P6Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.FilterData;S P6Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.FilterData;P6Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.FilterData; O5Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintArea;O5Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintArea; O5 Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintArea; O5Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintArea;O5Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintArea;S O5Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintArea; Q7Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintTitles; �Q7Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintTitles;�Q7Z_E57F29D0_C1B7_4F3E_AEF9_5957BC44B37E_.wvu.PrintTitles;�J0 Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.Cols;��P6 Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.FilterData; P6Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.FilterData; P6Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.FilterData;S P6Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.FilterData;P6Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.FilterData; O5Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintArea;O5Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintArea; O5 Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintArea; O5Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintArea;O5Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintArea;S O5Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintArea; Q7Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintTitles; �Q7Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintTitles;�Q7Z_E5B51DC2_C30F_4835_BB44_B129B009B06B_.wvu.PrintTitles;��8fnf餢�8@��€€€�� 饦�饃8N G7 /鹨€�$�"馂€V0�&璊Z錱�H y?^�z€@=餽€V0�&璊Z錱�H y?^溏<�跈�@€䎬紉uT訽拂�%-潚侶HHw蝷tI囈]Hw7#��㈣休滳5�;茺鼮甾鳢鳢w<s鯺kf鄝�?腷椮�<>�(�6禥/恘�匋�4�$�3H��;峌�v茶d孒咏@態�"e"$P壓鎽P冘�彵艸h ��$�x倲塣邕22�?v^)�蕝\帳彃悉剥鞢�黐&Gz譖"亱�R BB�$`E蕪�葎�S&鶙◤y㑳闧れ�4>跁愳邤鬶D�&Y€9蜣�,n蕊�"�"(�*p墠茣+湙Z�?陮软s�:曹�8のR.惪v4待�� ６ �:�蹰馧劯O咼垇妸妿唺䜣 X}� 霍��y�哈F顥!kk䎬椚頄睉u�8X浻"Z$XF帐€溙�翮q�讼惥莁z${�cめ9碒(�)�>析銀垳儀�<襝\�0P壞鉒rJ,H%忬鲽鵲麲茤`0"銦"�8�� d�柩�T那G|e%9��+鞍肈鍍�#涵春4P暈uV娫q\��綤��迵0斿さ}r鲇鐓I��/\榶i僿便很衑虳P鐖挗lb沸√壮『1%癣\D蕬攃�?�8<9午_'Gy讠鶷脟燹諰^�捝蒎�m覩渠?皣�1尐~捃囍襄1/bn&拂# n|呴�-舷霴/ΑZ�>;补5刍贵歿尘浹�$颈骵<�+W�!9|粨(們耛t€F6G;dPШ�$檡7l箔E�7搜��ゼ娠K萚^橑Ee�E蓮鹾b9嬎贓莭╜荌_谥n維�v�Y犾跔a槡�9s悒Y璃}�;殦莳\�Z娠鰬cz�蔸g*綆WOtR辂繁T�w躤�/}0nbY��7丏t+楩斓|#�2:痏^=鵃щMw�L代冐bn鉣弚'D簀�*欆' �-�镗R�5革g犼�&Z銻K.},葊婋/ks唊牮炖鄍猂�/C斉┪�/礇剞�5喢��M釰鞉糭巢@�!TIsB/7氇^T w�+Z �J�"t#娖)-iKR*o辶K 曬�N}�夁7t拃uJ詵�'嗮匕�<愴Xy�O& { \&X3�|⻊浛_损<鶂��v竔jO��!�M.缠�#P�莢:[X跂嗝CK獬 �-k`n緇t頗tP酩y� j�2*�5� y距嫳�-�5X�tD/�7r觑�嵧弞蝥5Y P师縑櫡=翑V 节皎Sp wKZ�葖8溙耿h]槔匰Y 銨嫸姧潑kZ.u帟p�)�%鉷�-朶藌聑.�-�5w6e嵟冀/h杀�3�鎍{嶉T餀E�!颉韛峵"H佂忸傡� 媅鳾j�妍b�6�鷄龣@日ft�芼迿x鋫珊Cm}�#GO寪菁!S介箘禒鈮鷰h脌ifE1蘞}髎�/柹贎0^_"]�-雘O膿�*查鶋�*鍚Tl�8W 谦算鐴tH孩觠�盕掚痭x�!mof匣@7|:皭瘔�謢梡悈b?訶#芉'耚n慏�0鵜}s鬦F塪ｎ4認遚鎼V鏢咫殓赣z槶b袑��D�岆轃搀�*韄跬F猣}x鲈!詵q毁VFX�1眈Lr:蠚衽粷槝�瑻"總娤4纷釨縵蚍U燉�B盻芄齴U蕌�C痕q�M抧吞ZV捃�燒��*J磙F1e?i銄�%}a膭梈繸觶b贌��/揲{龥"驿幄�X闼緮罶ｒ zX钪灨x鐚<礩1!V鉐!)�抇鐑>�%璑窿��4产绰搁�5翱芬鏞滨�锄皑肠*鲅1彝几3橨ㄋ蝉镑翱倌.贶辩鎨辞晤侲曩婶歷�;鱘飞冲�""补闯�芥鹿+�4曒闭庨触窜烁湒鲍谤廑餵顿杠懫赌"Ｐ摒�.!��颴:懟:�词� <蓵勷檨佳?躄y�5賥AV;>-�践�#讯丑锄螴鸖�触靣辩仌础3冲!�9齿告゜+昬2⑶惫B"{繝�汀�$ME饝磠蕟惑栾}� oHR�({]瞺x輬迻�}w�� /K]z eｄ't�o;!�&gz�1b 阪襳A鋨B� 孖釙� 92嫞缓譒�8*哳`疠~板N﨣-: �€s礢眂齨厂�馔枫雇�5濠Y>嘰J$刻�0斊馽kK⒁]�;-嶁QT@2 岡5"彖�贁�bw5'臆n忙�7瘣鍂峞抟妚E�"`n辍p#�d貸褸�拓4薨`楩ZX軨陁;�"o#左�4轞�'�7�!�S=鑮邺墧`P走�R広�(娞.Hu*囃�#��*@�焌V轜[椫竊匐阣/�&錍Q鱢姶籿�蘒汊�銢W|3򒉿�#L圾(優~帜筭鮊!� C屣萊 E馽簻�p鹣齺泵Ml龂�'D�]邋毡Sd砼9D瘯~X圛哙囔�/t3搤渐烤�%瘾皽o<$蝜�$M#姰lr菨檰凋嬇{�(�?姃熋(H-9HT, 嬨�%摊S兜O莡＠ゞ骰監秴鋏�脅J!臇�#蓙P嵿�,瀥�C懁y+�"o隥l羅/锪礦3�2焚*勪�5wM~� O[隲忨⑶�;|�3.⒓瓈5扁.讔9\_┕�*.~N��秖鞃了 �'U稾�4櫝k优羣�:8�?函蟎p_訤I"丮��濇茛韊o璧盤k[ 貣C�< ^� �'VO鑛�柿嘓U鬖総餭┩ī-鄜展萈at� 霗B5單悍]櫔oゲЫ.|幒繐鶉錠=G� v農�-?u'_e嫅#礜T耪k埲�;�)€泃R猧崋覭u�榖光ぺ�$\�( �� '1�?�*��=\傗k!》nz}'�誘/\h€h��#杇|RO@g`�(瓳眸t掦阛疋J]鞂絟>�櫜 r鸕-趍l芭9U硷�2穻�7鑞時�Y\#卖.�c斵甝幍誟⿸熥焃努�$�韉趻n�2=折爸0Y欫慳�f濕孆Ra亊m觼濷9錧L6筨�)APQ'r靗N|�b佴|��+憬t2 {�;/窽�3儻|�<忨盹酣駔玐uMh�繯栫?V�縰笛驻幹踟Π遦PI蝷�\@�h3派靴嬆汜芽 €ST>o鰪z必P绠俽䦅�&Q霝-h}`�:燢楪默�嗄瞦絜+＂n糧偲栱�(�3⒋榑!w3聺佢邏碳馿'辸JJ茖�\S秝�8趉銯尿*z菎兢b萻=胅Sm(M�)諗芚牟w;�浵犂圬\鵩4歞抚�5;S鞿>�榆3睒樃5�.�:涛衝]懢穄╪鷔隣4慦3ge蛥;淦菒�8x3Xt殸/*时鉶菿9?o奤{4闔姼9JR緜峤﹟�&潊笵p扁K潾孔焋丟莌Q; P45乍砆}穝抵Q*洘%7yh舰腊艊nB瘽�(�>e (;豅i�5袤纋诇▽W搢�#凍<�秊硈�1甃櫰O赭q�挫;耇斃采�)�驴彧h蜿轉c[鶱�]E膤'r盭q磼鬌荆愾觸�QШ囅頇s鶟趗 � 队/襙裺A荔w濫薶4庅|�?|�_氿�.俺�Q莗_'L欤g�.览}鷵兪羺撾煆;:�]G?+ノ鬼 V]鲕A�s尷l�薽%ｈ贫-静荨舕鳛偽�鶒鵑�材��$q?漕3d�.蝊q梆ぼ毺P/yj*莬�Ym+c夀J峔娷R�'cj揁�K膞恊⺶�黊�.�2銅� 璿nO礘6L跩,�乪趩c斍�BK>卂荻'f杼顊�:︰f庠II-I墆�,4妥缗媘=&H�執熺ち孠銙}7釢�p侎�-q嵛穡<&-沤+駷 'b耢 HeTAそ頮Ⅶh繑.l=a)價馸诋��#"濆魓騀饬沍�$箛艛炢wtK樑瞡4#X![Q桌WDI0鏑瓅Y重w犍刱曺Mk�{肃�3�/噒U�傀LNG@W1�萦€0鍦n賩応搈 �惹窞*N逞`价75唅P5v清幬9耂..,h貳)倆聓*zA絗(臻>礬珋;瓒�sD 猬�/�4#炷榌p髕(b^?c�cV.Q|N]q恨椨弇珪[F�! 婪Sd�,齫Lぜf�(藱CTp粙�. 竼9QX遂戡'nLu�iJ腜�坃(惁袩!�2^囇�7[殕m囨國慫DP(P|磣枱�襳髋舒�藍8€X5)�7Q蕯]q慦�綤枹�q頊庌鼋弐�髊睢罒�?�龟n�跩晎"郫恦 �7b-�5譒N�H阰穗痴d佩�@s膙M[頻� l鞦€k 嚝頄jvyf=3聩Y�>龺莹~竧Q�o凜喑探qk揍�9*kL悎�=�\"!鄆'jm.傥颶諌胍�0桒�:�9誝*()�0魕H�窖�0tPo�&笞宖$An|�4�GoA�&�,$后睻荨螲v+q焥蕵0�茒軄 y莥袿茈J嫁w疾>�Pi拤椳!� :隶�%i♀�-慧廲H絛手a�褚�胮尗p^G{備n.J=J缼孁潀雃瓚I轻纎[鈀I`龷墡{1�N慧廚蹁皉��3�酐笏WMAZw`p;淬� 桨鷞?A嚨飾 B聖�tI憬貓年祟6竘d憕诟籀�4&噆SH谽���!?矨瓉*芾wＦ�鹮扥0W魁cZ蟉�$fカGb�+睋aK祽陂v廁磙踄r>Q区双gM氁袪�侚nZ2訌莵�鮆eP;� 僕R慙鷄�n Oz嫴�<錩逿X|%盹"@兢W�%�%|7d炳�?囻哌Vn搅:$l劸'q+U_懲褷q綉�檮賭�8me4�3�$擶u�;,�!ae嬝瞊S7騼痙oB鄏>=V�k_骤 ��%葳踓xT妊�4*負>丠Rx嶈;梉W.蚾紫倧Z腇:-晇~茬撶�跨%箑:gG7箜徲遒�D>^釳� [姭(�$jh謌V傆%耜yF続N康耣R�zk[-:"_&C啬o~�4魱鉋譃茽p者��=1癮戳8K�劼2B�&��孓珗��>€兠A 秋、$�9恞U箼�/弁�tO$l框t晳随猤箉藭蔾yp!来l顦!X蜰(�(灔�6L庑挸掽瘆e迨�4蜨h桕煔U糦��&�,θ]隼�;p謟狤9鱒�>錣疠M嗴o#nOg塌.8#!@:n〡'圅D卺�1钚q[鵬懒婞厾2~9�9L H譤し仩5k傠岅�8{前﨟z�珍Z純讘7┷p`探鳸xPE擲组財�3靐�3幑n涗洙4嚪鼺k鱇齙軏.淤qv#{#壱r矶爦bＶＡ)ㄦ袱棵o�#A祘蛣騯薄~∠ -�9疜騛)]С馎b>=P�6�� SjIE包-wF戺L��.?2Cv旭QL(�厦"�7专5始3�3踍楎8燨傀餏鍻��/X霭伷J籦虊v㤘Mn7R�[u3韍累論Q=/l�9a珿丈暝剡pj =潹s�2J�>涟縭aVoS99排T9掩気凧腂A饛兢4x@袅嬷7雏{傑意a9;顔r觟饽篽E�/�鞘��-腒,O�%姸d�6�敯揰騟汥篏�5傄彷�"散)j堿OX灮k兙� 豎c�6抪V倥騐宨U�OjT捴艌�嬍賲m�-塤�_yGx31a槵Z/堅"u 暇龛K脽�'厯��撠�9罂�=蘋�5猃艡试p臵媕o>衽鬐㏄錛�璵磂�r�'\顂S�3仠溊�!濿�镖媈毞�2 X尛慂涵譶a洴'bX咤亰絒啜谎X�r�#R豄0踚;〕f獂;觩胃l%�1g舄4�/Zs�小U豿滹扥�Z馪轾螣猧sww{�瑷钔):掆9>+mcSB冺x覘悦%妬�c嗆悮�铽鄦蔹尀雤>测5肠�肠卑笛辞�痨�筐<�0�P嬳�7咻k O嗸w\}zM4唁 &坡;恰蛨bA A欪;婣凎冂銔4�&鎭史帊呦E"G璝遉哴N熭=兇殽Yㄒ嚽C衙 '�;�(Q魼{淶:鉁:|A袇�臸筝:{;.(t斳,鶕攂(#A〔n殍_証訐oi鶞VU伩凹皽j� h鐯�酥剂�隨蚁�橺枚$b蚎?戌�,6� YR頯N@ご#�lK暳�,mNLQ倏c �.5�3焄茧Oexop飻媓W�.X鎮�%�/叜}蚖T=麫卢F>箠鍂煔�:齖ㄢ魑讯�%.藴亣陁叀)�"&獅`^喭股x"鸷�搵8(,�牘=�9F;聶,诐�4�"佥寚}:9悁��+醷{F�霔|�2繊转~N慉�;�S_諃-}鼡O+Y�D灩郩"=%�>菲u緘*騳1帣盡剄灞怹雘萺鎋s廆鉪箻魚f釵芗d巙絼.榖惛嶇辖� 睑bxL�;贘鹠秚|綠╭吞7劢ｉ窷�梯螙Y踉X� {踗滁霖a老莃2Z蠂v� �-_%嫀U赴y簐桪$册L�w&zQ骢!Hx錻Z`ED8�p€馃菦�8H鶉8酺嬏倕睾%#飍岾Y:>坩礐k_邔覯�8�&遁荑﹕魡娬q嶦h鵱≮��9b轻.�B屮1痦蕀3Fbi,栭)榧'0稦籟�坥売裬O阖鉩眺w嗈9璮隹胅设�+x矡Ё�墒蛈)9朕7�1埛j察铩k[訢圻B&壡勹CF:{�4C��<脔s t>餁uy礨厶耳RO�2j移轁cZフ窌嗑N佄r<幬� >�<$ 飭^�!�っ贿Lo2钃� 媐鳽詩�>嵦�L蝙憫磼`�璫簎押Y:B%{憖� 愁�?�;,赨螰`踞�2謌{婸齅]3sa; V)\z歭觶je剸啣緭S�悀憜u7幔悔孉褍Rq'\晔驀雿%7跭Q8仴硕掵W浪M�7A\� 蓻�>}炑-#f轪淴髛4悆蝪院珇Xwq欒旎�(藣y=W+撈u冃"嫼}垎鲋�餅�6騆~=婕詥|P瓴銟s�潾_臒�3鼤涨象$訊�#怅d�977uk洒�_苢qC-瀓8xQ狦�9FF蔷�+]Sn P�3华崽x[9�5/�6^b驩谖恬T+魸PYF�$(�'翔骊鳻-驖[凋}簞返维骫ow+p毶F J lL�鏦3W鷑�谂檣{Z�?[z夑 �)鸏7讑3�(!�.*硽hd酌 �%嫬�\&朂鑫.︻�3沾7 匟�,ei{li#I蜇藮J撃僁咊匾dkyB懘蠦Z%B∫O�3蛂锕w︱睇}~钏哥瀧午|嘻|蝪�97u礛澛�*溔�=襆⌒��炿黲揿qJ�:嵭<酔a潆裷⒓Sg潓h�>eq輋鮾.tn�筽鮞搉绀9堵鍓ZV/3�"5偏鈱\~u獓m(o扅d^椈yR蒢� ��(樄o惜v稍絥=_r瑽�#呻3稯8:�磒梼A駠塟'飣�gjm��0靘┾?蟃4+z骂�&膛%N稸橁溧2碓酧�+�2gu�槗y搖_e D�W墨+詴呏往KQ�俆鋺l�,襱挮売脤謯m葭攺邕>迟菽%�4础濒<З潚駰NnTPj.竢鈽陒S�,邔�1闩=�+韸麋濔眈=qY蚡艎ro┷�S俆�V閛,鵣erty兄�?j鱨:睁i镪踋�7宦瘨w介锤 �鏘[藩夷葶铦擸脍韝u玩繘恤エ嬶钕挺Za�れn�23髈雫��Wd醢~�(y呯Ag迨釴dZu蘉iY}蟧gx娕v�935蹴氙羽h政5瑶d桧Z秸冨'+&仞育^n~詐姥d秿嗙脘 O傼暕-鉕򜗯彄谛祌c彪k飌腔{�-My�.L嘶s宥kY嚛'_D嚳�=鎢;℡f蝾0睞坬肑笱肟�8d鮁擹_忖c琛謸揀憿kb7掫d,椨∑怨K+.黷嶺騏�2X9�QE4窓轫徯髼?��6鍻捺頨遷鼠凋�1j ")嵰崠G淸妦韡頕鲼珂詿q6�3JJfM高:莏�[F薖Wi寏�<谴Q狷赘浨b傚橱蟱坞瑧黺欬c��W尥諻^�;俪冒犏I� �+2�;D)�0�眎蕮辿箶壁灂�7K�\}1U)躃醝廹�险恓缚�'燉�)h_�鍪}鼖6剑q玊妝�JK祓輂#�=�*�7諸呝遦*��3v5哦鳓w'讣絊2唪�1S!楑UEK隻�l婌覕G� 鱵齶;2诽P峢W觎�1栦7鳄{>_'oH�;nfXxxa=#3仏€鲆煻2濿J}��$?幝]ST篟8扛x谙8ce遞鐼騠邥M鐬R硘U'Td薀t}枸]C�2-�?f炍■鲊7 � 啑u� 疕増S p礚p�5瓘褪G暁uel7� 逘状^霕棼f譏誀◤≡3臋8咘G��K\肪嚊晹R煩敫j憱幀#觞2�6杆褞酬"�掆齡琂槼Qny�諀茩� 鋖瓋UzuG彭藍eMmL_惢熀�.p蜽仲郭彪緸x)n詄x搔0潦F!o]Z纖%��(+�YAM3�&9O�?S婶HJ講孜癇1壺�Twz~�kQ尦��j5>z駪劬夥痥毯嶝菁W3祡�鐡焩m� 灿哚�!蠹鲺窆+嶟咕3耱J焉啿蔤Y�="�l]玔�6緙d侃鮨j暼"�59鋓譶�,xTCk槙�-�)圬谐C�)栩�& �仙崄 +'>q _\_*V鴕顇QQ�4撌6iノi廪��?化l賅穳7p镐n紽�;A陣玳詅懡轠J沷�,鮞p{閗韐Y� 祩��ge壽L;$>)鲍賿翱�.;7尽硷厂"狈*耻调%痴/祕拨�:睃痁菫袄萙"拣�之ū�<@疺v鬔Y紵ゐ��.�<捂泿-}QP役r1m胼鶺k众 n+VqP峖zC2�:U&蠌4齭獩n�7雜R�|�8猳�朝枸U鯀[gJj氲/頬�1JJ� 秓贷�gV�.г鳴+)箔�9W'閱碮糽刚�焅%痌d5蜟U~ra┗掩W{]趘$蚗笥懦+�8頍5�憔�╉1*比�其澢9腭蚫拥�"&畅蒓奥鵷湓%别.�.�5�=�3ぎ幧�6斄尘=壹�3诲锼��剰诲58?4樰蹾�"�"�鼒焭惭�词荞摆惫䴔巜朩笔鵞�-*=6惫搁摆軳涩鄫尘7崃櫾%攻4筌鵴坏漭�>７\疺Y栮W豤�=n�5避踺蘔!諄 6礣5猹?_攖�騮�E瘲;V�'暀�閠�;燊齢[嘕攈#%f+蚎攺镚藌縠� ��78�,X}队H又4b湣絆p讛粷媵d綃瀯� ^Ｕ7徬縧N讉^颷滅>秇雚砺擋痡xM樋龖k}ｊ敡�J墧K!狐!=嵥M艔"�,N緋甄Q踢抮y$ �.-菑j�j戾飖[$�嚣yn.n)抮衘z�:�2结^丄� 嘜:箟飙9氦恢yvc玳娖.��3鶡綥W蕼muw靛冴X迒笫晴賦�闔uvH荣包鶞;)蹙�)稤P饭贔6詻Y�'r鸬�5差媁7飘靝no稾b^鋉f噁慰>办覍汅13痴沢琎!�黫骵鼡鉟�窜��<T齛y嫔嫴垲sg]$E�媫�2>�猚lyv髵歪T7J啣涽瞵T=矻恸5M耮cB;v鐪9y餇葟ゥ矈檱熦塝瀂zSi�鯍蟑V赟r�鐇鶜陝糪八X糁﹫�rZS勈:g�6�>�菁谤黿臌<蕐藲甐摍?M4辎{瓟蹆4�揝鍲旝.迀F�4�1┋wL鷱 q垫汧颚i�;蜸N婉�)V*挩�=徬目釘旃EM炥杲姫篑�$練慦q^b懡襑!�{C� '仙%�奟}K灄绻詴鵗?&�.W頭�R┴轻扅M8欚&|桵宍捅顖臉J莅J觻窖糱�=]竜c;�(kO}6z�+i睥}�+焇 S.梮Il友粹emf�昌�<-�7揉*N�m谊桄(�;N鰗―饸鲛熅\歒h!?�w�"哌U7檃秛譢卶醹蹲撄yCg�週橧柄V�� 脈��,w順赹u�,跇候{G鴨桖ⅰ竿缑�/�� 2xn+�/7;瘔�=z亰��妥僺V]婀�1QVVB4蘸歙拀Zj~島傻QI鍠}=�'� �1�?�;謢疦麦�7搏乔�熣w哅N砲圮�#勲鶿�呣$猋縔C飛WQ级嶢坚M泸銄骓菹臰-�祖啨仪E�/礶�4�=ξ鬸磴�毞N3綯入逤 �7鐬嘑殐F.�8c�=澤瞴%睃腮搛鰎稯[j:ZtD末�2G�=鬧椊p靻謀釵/ 1抽澥#鉍曰�-┘颹�!恣v圏^�� 泜S言�$ �__�$t委U�8湊xlqvB甆嶁=�Y篁+眜T�"鱤悴枂�f 閙擢W~桗al竉繩=x帿矤�mYS秋C<琐庆駳�(炔f┕柖願潜�镦抠1n騆W涤�'蕛敷饴髜阇擳嵆+$E7l"$?汚馮}S楠穠愈劬wy%d鍾螵溭媯�顫}�5絘|Y&I�2u�?u灂� 菛~U 涷e伐璵K忙S呟睇芪臰^骾珛i櫕-7椋描谟驤k駢濋K確_蔣蹡濬Q{h}9呾0槵�離d璸今g詸C曾閖+B�'頺潱琹筢蹜鯳!Y綝鷦d8?蹝fq筂>袄贬辞谕偾闯髄毬%词贬�.滜触皑蚕瀱�逡椄:6驰檄雌�4綫冲虫銮�鴓础�灔/徣貺栠蝉婄璨礒>�=洣#鉉�#蝉鴏辩笆楝嵑��罢�3栜搲<]搭O壃ヅ�#煆禣祿Ｘ>=��+剁幭爹鸺眆险芞�尘粍嶆倃&铁触)岒窜驳摆辞铲�1騻湂�'袄鲍笔飞族眖畨绗鲻絯丑><蓾�Y�4z\}伯"絷╈嚝藻Z匫鍥]罪X涳葲�,b襤梒'戢rO堪a蟳)W銋跭沷峣壔昗睵cK~j澺G�)q鬓隬T茴z響+x]朱赎F\錱3枕薈潽��,楨快2�1骿応澲�>芛尢>】滸篻锱I跜4酹^漌&蟠鮚皖驂鋉8翊~U�0頡�鹢虻鍧g霔s灇飉�7頯�1钗桬Ⅴ塝桋$敫 5閉忔茷�圤诖>鲢�闝农棍u4(Y�]�鲝?6Wd敧梞 �#燪o�<祥3�O�;再d鈰器N_.矾禶yOvQ`c掙膍J-!籌儇吉萖忭鳔駍悸9��-�6�溈- "by餤P鸹�$镵h抭驰Ib普�:湬簪u跗慑甹鵴%.庋嵀鱬b矈嫩欵x>鶷ヮ柌�,箃6杜C'ょ�--�m遨f諈夏筲r动赢Of关杦⑤+ xI*?鸶呛鶾.嘊摛q k饵T谚惄LY�~� [_�)Oz纵<抽シ�.vf^I1輄�夘S%Z3n]谳%(鲛羱�醐勻r⿵漨_穷縮�9R~u�_ 棆no�*d$u萁�:挺狢g摆ㄏSdr6EM隦驨隁6洑Rr噢l^僮]K795疎� 0)齔钲瘌孜�,H釠4?恗辔/�+祂蕧硸7朁蓺?組泛nx�2缥鵣a�/S妎d嗩T�=R槖=Q菬黕拮(8Zg陫K觙躒数jw┿黅升kEf��㈧L檂S袷鈆撺m�*�<睨餠u&籴纡Fs冿m+E鮁鵀;冁陂(p(蕒;遟颳晓�鹔g寬?�鰷临覅/労|蕻)H簎蛎ㄩ'葀�'箢9�/x鑁区�郝T#锘�銂氝椡xc)L\�&?1﨏埔尪&Oh梍袡I^�;e哉�鮏([泱2^O∕x栶亥虀[*!鵊苈竦繜S択�?栲勻�<曛朒绩�%+榐舂"瞩t砓Y梓�暩ゐ€婈鏕�殍=r韢莚v灡染碥铆�3Z鯬w� 溹b� s!s /-鞇^屆A�ps��'BG齱011f1蟕�5?3t鎳還軀皗4'J7>枸8饍$喂��Xu@驽鉟€)湱�亣S,^@}F$"`啶岆�畣�0m�?€tq欋D皦驁3 螤陘蘇恿長 !�鈽Dy��BC桞�C酙洏�W��BU|�穠亻繺hＧ`V佱�CWtX 悡D€協8鵋�0�+,翽x"-^&rr闵薡�.坬��:2}謺藚鍊�%x儏宂_豶`Z �'H�$d猏x�秔<�燶肂B`猚醾鼆z�5檦5�幠謏躉剃8x炄迗&]�9'瀮�-czZ矆b劔酗瀭鯾�猿觿�& t丁疩乂�4蠥�{#(a腍�螦�cn姞錗�:0�衽�屉AU\O "�8Ai宖灆:x剖,糋�3�e�$qh�攏*@be︖!膼��獕浅j*xH敃踤�侜厂吚婣竽��:6O擴鼢�€2t軦 l;頿[@帉k袪炐敺咯E�桎X喳鹁歍冢f��4X炶迗�萌iy契闝IM%絧�#被Xㄖ3T缥挦��?��)@f 愲秣繠€譎�4��=yV咸�'X飕Y?4璯[Z秠b*窝�q幸p8d(芒�"P��Uo鸎搮�O靶YC$=Z銖$<槞6RX潄�!戫$矴f-z�@潯ア塄bA厾{€禉蓧輗€!鑧愒燞戽淽��嵀'邊渘@㧏�'�輵�惏iahraY'ō鋚0� �'XN�豼�'J:H蘾2E髎P湕揿♂<� 軪{><�A!舵椿XO漢轑e>3�>T巵贷/Q験y娩 z2z)�4X"tp)Hr6n瀊黗Y襏€�7J�!�沞�4V�ⅲg酎_�4鍐�'艷"眘w掩�O皁刟b 萡~t5�@f湲y 榝蒬Jk喞揳X�X﹥]/`O�鷐囫谢5&7Ng ��(孎艙�� 鉧��'j繦.滈&ai夐嚗"S _蝪rr駡"1z蟺�>�''灛懎葴k槼iL瀈Ln�'资嚾[3,�#,O�囎}�$槪�!+吺1l埼T鞃牎0 �'癪h襘/C揰>丑笔腍尝�麙驰侺鮻�<�间'盓qq鯊'i雊��2鉆召⺶P<乮 f宼汛.V�E0y釯pe 7k倞�6意L土nc€R�?c滯G&ㄇ綿4c`兣� 餯g�犼迟厂奥辞眏62<緮� � t罼`裁�&�礋'�盀`马朧 8馜絜C牑_�, 0P� 歎�8a撴tc狸.,坋�OFA=7�2�'�,栀m嘄�V醝6藟'�� t痛x╙%a蹻z必s榴8苼K溷TR\Wㄑd繹t$O男櫘:h2焯�*< 2G烉�?<L7虨5~�-呫-攎臬 B$扒fX� � 鋩嘍銐�鯼^�!_�<��佁�<}&p�6恆艪濋�)P�4ろ信�碱娙('�>馜�致�*<4&渎蟚9*'/J傖�玱i湊G�v呮蓗�# 睩氚Ht�,瘈R`�鄚i<赁�5(勵罽媟鍓满d嶢渉2 �'麓栀!騭hEE]5�)r�7�蔡刲J�aWw�炄�'$K祯�T孓�1h怦測耓(:毰0� f蕠6�0V簦x瞜��!哏�+氟N譟湒"l樍蘒�Z`�102*7灗䴘莨鈶�"l3遽'掕錊鸒剤�,┞脄*Fs蠱@€�蚗w�勻及恍;X鋪Uo棼廻篅玤+�� 3$!N祼來鈒熰��0�～�.2逵wEAOm�欮棵櫠 z廢2\早�滊裋�X�?~G`\�-.骋虫/佱�6产�#<嚄鲤J毕邎'窜泇q�4�2柾揁1歳C{U薖€硦滍�儢&齹g偖 ���'[m径镁F &傦�诎 �/M*�H"寎ㄈ爃蘠�%B倶,胳桝頴亇�棍� r��%s崕� 糄貭k�8P荺\熉L��/吹 �:兙/ XP�#垐繦c g聯诫姪B2�O纅ySSt嗭豣!�,恗F0!悡Y矩景mc�hI翐�7揇)麷<两Q坥ms[悋�0厓鮵;骤�'�6="qp鐗趚�P.<箎3 茯�+<�?`f呣e內�8岁�d岚�0o碏歩!圱港'ks, �4�>轨Fヅ对� O42v藞�#訖��轋串�,�5(�W�忰雲棱壾 �D緽�灗螁�=茤K�L僢 ⒑C磐n�,阚+葎�a鷅t-萷�撶€8��'P3犇Y埿枊R$K鏯6D��dB躼ⅤG匹_1y傟aE麺廮鄩偲闐0趛岕U�9逆p寔! 颌飺E掴苨PB<1�dR�>d坷Ud紾�4�^パ蔑B巉嗜敻馜'墝K筷G48a鮺磕eQ瑥�M!4 謆鄕緡Mv%��H勚F �O攣C雺】$ ≯'狪c陰卩挖�paE励�>鹣壭q壁V犐〉课*@QT潱�'�2怷9萩}闣�;盛樄+墤[�3飿B賕�� 茴萵ZY�,讧★襼�'�9G I殇懒{p蘎 RL坷て�伒悵:瀼觃坋倖觍��涇C晭跆？h�赶7=�綃a�C6�x�瑐gZtr}GY寝薇繰�;Y�Я鷬 X�1Qn竸!馾詀R�詭U楔馁C� f抅=� � vB�.�鸈0�4X麃!�:3,�/`�濦C�M�#q蹲Py俥�+狕}v"淺6赜[4餭Bl浢枂E籙沛夅 �3眜€|囀eQ�q疮鯾Lm繤嬃�1?挵匒敬&缈�瑠麸c*羓髥虛勗涊擀�!/�<丵+P騞軫9h��9酊巃烪戃畼� �>Q諠Q7� >�8翱皝诲颈�/迟�碍炩�,(媌廰焳&翱缚罢办闯鐲􇽲隈诲弻迈⒊哾幂��镑�5絈祭�'调$�騞鮂颁╋屩恅�锄测��<�_{卟c伙v麝罱;�38�3�)C$~渻巘��1�%榿O论�<乇玕U遟'Y+莼鱫gI輖�.煫蕳$Nk_jK&s7<熪牻邟唚飗鼫�0B拺諔t9�&９ょI鮅.7厦湹┼嶖yjK鸬孟'kk嗎H抜襯�"摓-%ri_�笲nA� 邱=w謟慬�4麇Cs6垘[Z3榑F狌Hs\bKT4粲蓹陷坓敾蛷俴I�%1n荢7�齫�3跭宧嗤J� `Fc籴冊峘纒V�#'[咜軑x欓4<锰﹗飡�)!匎EB郣筄^踪鶽^瀜nR嚘xOe餭L�Yれ�>虯殰�砺.x誓6礆.g匑Y�[渆殟�)0彥|舦�菑橦鸚钼�)礰菡闤npxm袗oo囔囡i亲馆鉙,�>(Uai型斅�C牁�0e倕{儾う鐕�0贲 C甤盗Bほ �"WFa<鍐狈 預�=焙踏癲!泮SYvd碘 �5~�9t1}毝b�炚�紴呶栛锪鬌祍'Kポk90辚bH煊~﹏︱O诘钮MxJ鼹铑%N塕䥇!�*bu�J始�8黒0x枴Ｉ�魘�(種粪y? 葧K錻姠��.eLW Y録筑魝L06赓>赡�41贰8髑晨縠调�8�$别惫橊濒=�仹赌箩�>馈箂��3罢��泫,翱鷘?�狈狈别瘚熎妸觑�?皑迃:伐�.箩缚藆尘笔恒擥焈飞肠鼃笅�窌磐虫倣3疳�$陁虫祁�6颁�辗蚕几稫履芎籾�鲍翣触$豨萝湙鞗奥鄼�掳蝉锄�縔喏�*<銛'?�繃髲K�0-}j驅�+>|�7財y"'�6齄駖蛇jy辜�?Q�嚣~\�'鱤B淴�>�梉彠@菐6~ae?A磢饇�I y富傣.x蔎�龒弡�9镴黲dU}<蒨榉v烚郗测闭↓馑?�'惫尝�>灛魬穭纴�叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟佺叠郛虫苍胟驳�9缚滨犗緸�&般鉲<鉍�)繍-�+,瘲�#}鈡~龹溈a�!侭~肿q}摃搾濆鹤�_躐m_�"�3 询x�'瞩鶒/�"t�財>>侞�=糒�蹗先�咤��(<�+硌蓡�墅猃柄BN梿鹬沌�惾猢9A邿H咟;伿峹j壽k财穰E迪,谤IS9噬оI阜x>坯詬桄ゥ副耺x2櫼k�鍔�('2灐蛬p璵G/昆岔笭隡xR8游餅嚢("�煁g|�(�9~阌陁m;e帊HQ(墏厃/躝鹘罈腟:v/肛�"滍濡衲蜗KW箱A鰌瘰趃|战蔞馶�c�彺LGi栞5螾XX勳煀g艹⑹VQ紞軘x/咓诚N鬺k�+赓榧)D燩扫[忪嚙彃壣魚>�743氙�'萟0汃腦�6s?拷=O�/忚飮昪�"�烇珑勸実艋澕N㈥|,轻)疶D_�瓞{�凝暘_g��4�?訊iD俟e�?�m型睠�校�婸鯣吝k�2��*軥給N>@盁}漆�呵_OY>蓘茟﹛�6先X鏯��"枫i缪A僠X桩/2蟞&A€x�灡阊@觓鞭�&瀜7蓙,3�e鰩�,8KG豠羑[�k�k峣缸�'l�#+�.<�楽唃\�6舠R�毻6嘂憂 xF注栗哘漸兩�#饂瘜9+�岀&<w跊�Y�,z韸鏿c8i蔬O墣祰闝畍睸菖P2濥Zx�"�#9t⺪顒虉J醶\�3�:鍯伳瘑g螱u艏L⒖�(�. �8刲伖觚#筈璘~啨u庵枤� 郴v)鯰e噿坓跱斮SpJ"鄼k苻驠jxvx�:#<脄埼㈨&嫵掑�荔4}洤.y€c蠼燈軏>/搁颈耻迟#尘2穐�挓�+鏕针釸�<么�惈B黂肻荔T!收皒JO绚��/棖XH噎紒�$o浅蜟�$m囬�,妔�謞t})渥u既B�,fぇ5Q�>笔?&摆涵!�别�狈閺朋攚闯�;唹驳测辫,腢佴辩苍�'臙�麏驠2飹zAy%:祜佦|歡�(�)Y�3FPS@撯tq馟tv荭*違牰DK� V藲S?响饘蜂備門�,�0v廊�#$e゛$莉趻嵋O�3G�5x猝傡和y挠L6喋伏柨d∠贮幻豌%陟)黂臟ダ铜-�N镲z�/�%増ょ�2拹辢灙&"b�>�唋贰樫#触础懖垦鬅椆攮别闭迟1嫦鸺�.3�锄�$/�<鋹婜￣綂��瀜瀥棦憖撌rt@賀虏v�.w蚦)烋秧L�5陷韫钃�7沂斠凐i� ��(珞S3睋痁鴤A&菍~醖7嵯�焺 求顀厜=>=�+^/梥鈘輙I�)v黥栟?�縗�L-�弝"澏粬O瞈3E"�灄隞坨gマ�,曺}<�";撜�"y藴<鸺盷�>歶=]67�.遪留蛚亦�遳x�${�4?W|み憔-壷魚瓫�暻;抴�剕z靘餤二Y�k_�'�卞i蓰鴠Glz⺳?嵇衶i摺pz1鸎蛧o>鄨艥嗶~瓔絆:呻DW段�扬�=覧D镒賨&�'Dt単FH娃戣囒璧�7愐瘶髏�"Zk�魖撫v4敳l�+�2旷F4Tu涢鳀﹦痥澦焑<�!衁(K陧}T痨�7倍仙泙=wV嬎[粄�徛咥B瞋靍0L�5� V笥騀;▉�<芒碍Bz輬<扚 a鳘O胕%#凤2GL艉篱楲� 氼失{攫X�!l翦4踨2蚐蝎%岰,�"鲯vjm腱阛傹鉵/[O椿#鱇幃鑯燤�-〨剁�︗缘'k鹾�?鶥� 佈ik蟒n?b查:�涿|X�3s襗溗k�5騨?蜔欂歪珇8�礋ㄞ燵懰�:BQ;蹋滧ヌl�3�#曛�(€vH諁F�+o幗#&�'|澶J�'&@6gx蜫𛅳*蕘�&偧赹�=z当嫗�>歰;汖玢�*=H,AM�E問7狪墭oy鈶 撦�3�┙们鴺鸟€a稷佴<凲�$}C:DH镳碐︻N熂q1尯�1u噱灤嗭�� F鞱挕aPlInO檍舯\�3辔*�?�1uw+Z袱|�"�:� yK純⊥��晄g%�俍嚐艦楧# 1棒ec+N鍘W揹巍脌>� XV, "�=琦李H1&趥fr婧Ｅ铗崠�喅n笴�%悷媍蟤cP陭率G雭唐浢S謣=爴�:� $木赂譞7]n0璄镔�"摋簽蚜(T磈ER蘪殬Ｗ'{鑄[}兒{�1b坙�$� -Xo� D彰9C偐燇�蔤E峧浕庸�"F臮磱n�=T慁騽赮H灝o祬I�鲪′鬢瑱K嫙眐mB砃&閮椵澑瑂氒u颜)J疗捔魦�榘f?洂�NEb�� o披腜攘A:i鳼&l凤寬痎 .陎慠Z〣醭Nc\錕�&余h�"庪�'Q��G枕�&w�蔫,憸&蚟琨暂{d YRV櫢>慶��mjM�Ｇ�3^�4弯�'"ㄅ咗F\3迸}歷桝榵跈.0懿獢u鲊鲹HG苲澔咻&�嵜─�5聑=濻k�97~6M碍v鱵o翐8v験捤:喘 Rp褯�-xB燳g\��(�濰�=吭L呛訁鏍S毢坏-�累�韑wCbwBE(弿T��2鑽�7铑V�,☆⑩抐鳱葺崊磟.^V鱦<塈!3捗鏘貕溵够[鱇髾f� �蟕uY27V钻#m�瘤-x"e刷Z惾3q拜冔欰�.弭JiQW�5?+0雹品餗丄扐�.檄罺虀&F胃桟訂)�-铑�-G赸jI&1�)��)1抜錝z蚾I 摜�{�))~判↖7R7礎�駂k�$遑檷猔xPR<觱塀搕"床6.h-斠憐7�30櫤d鷎€'1輏Be�O鉨�/1|笡A4!�漂 z搷6#97S4晀癮�"撰丳箃膿燞`N輰咼觕羏* z#諜Xq)[3AwO睾{饃5裐�'� 傯2"嫟塋砽丽謡`黹5RO mFL钘�;€盫f�%迪珖K砇V褑A=樘�((碲h偑1凒H炉1憱�袾lm€蚭)濹紉距颈蛕�财G莤RCq膱Y冱儽媔~告VD>��Zu菳傏*9m|t岀21(�i�7^r駪X�.�9輈P鱾D'H�B綟:3顜坑鹟噀>乽聭冲齿蔼罢曺;銶旱�"�<5ql �%bw'鉝�>2#厖.貑6�杠渮襂腣K藵SЖf�.坨鰔c4� �.BgeL4�z>%;膕n蠾Q) b犡艟庨Ht饃扙Kl羏&[6�q攒�脲骩�,鯒饎a衮󣶔灗氛諏(誇LhcM逿�<$}#烏箙%cc�-A/畔瘼萪 `Ipj�N倱峔x馰麛鮞:Sr粍q隬琐汕諹€w�╕tC莐�[91忌>豕/:�颉醆隲�&h哽諗躔f炰諞把嚕�$>g醨{袸醆称cF鐣8督⒐g耓篠瑸@m嶍d�*T� 鋟餷p�&DZ��(+T�#�r�跉S蒲衳摷Btp鋢Z8q�H`<"譫�ぃ#傊� 8~��5oqc彺8*eh吨悬骟@渡戂酁鲩醆@�4甹祈敾-没谴�3<+伆P埈O皻i扶)�8蓤QF憳,A懩9M匡鐔洍�5\螢抾嫞墹7�p畄x3舀喡3dl断醪牐h+啷6樎kW釯6e_压坖旺夅邐_琠€兿�5湧壍隰ElΛ�~I巁ak阼奾s@衕�{>飽 G� G萪v课�=粀|*8+歹�(嶈犃 �'侫$� �,�1i鲭uO5蛝� �J鮃G迟�/磍犡茂h&篾家勮打DU缢闗`�x娥赆眊� 崿朶亶� 韟╒�,芾閬灚棈顣c觽壭3稸宿砣奀呷蹘嗶X睑箨汲@@衳€6d溸V)奏�4G;3�-敨L燞╮踚�2誓� �P�-B^嫥LpM1� AGL脜KBacV�!蒬裕厨�$翌VO戠韝�讐@Q寍頻路丘aX:^d�3紏(觿重紱G鉪o繥a骟�豷憶t5R.齃些_擻楦巏\Uc尌炟W笄墊⒄H�N鞲煩緲� O>兠峂 ZO起詖)u鐨蓒i3v眱k�-�d痧�娳� 7%皰�叚G�9趼爄+閆�&<晃cG粢砝卮瓕�斡伦K��)�7豳熮嵫�5L奭闝E覯E汋j眒玳醝h惒炏Mxv耮樏C) 摾\纰仹�3-мO趷榅�gP 媡s序D俯2寎�*胤D鷺鯈�嗵wb枅煆Wr�蟦鳿z経�ⅳ廁龇O�.� d6D笛s辊縖�骿襒oAl6涪�邯�-葧i/d7l燏9xB`l妈$=I傌l0��t�蝀"+X甖蚟xr_平OI9國�恵mE滝x衪U.&'}s�抆磒�/殖^_C践�ジ� r/U须S�"湜処綕曅N浜螻杼�*#�緓猈�$@畹曬>贵烙迟�&踬镑漳&豱�8礕搓��8ttX�;>剫俒凪:*zw謐藏颏蟦r�'乓茇4痃�#_URf�T躡/�OC0A粍'艐la壷碩�鳔夤0r�)'闢524躄�+竴鏱<2馷槚� 曩�2莩k齷a魴諚嚹褢亄.h"(兠+嘏c&�!踨櫽捃卶>蘅O﹦gg�易� �%鹂┍峮輨崙@:U�4狠杂r8:�+垖扔纷吓銭<5@k慲跾屸Fr)N耘嵕挃K9?�R縶炜YrA螦Y�哫z�韂p�/梑�袌騬I鍫 fR1K斺柼凘Y�fAm�軿'HO櫜D嵱�*<盦 %蘪C�-鑑賙痨凮蝌k�n!墋苼懩UT�C5Z0"刋諲€^�'Fí辎~桶 $俽�'J麆X鑧OGo(舵ZJ]�'�,髭炎tImZ$浖哹' X某泯�<冾�.�&[�Ad楂q6�5凙怈釦任�=�-6�&戚�=杯p<崷γL\茣�1L6軋'茣.|xa@�6MM巈闻皓燼U涥2 �檖B鵸� �Dm恠;� vG挂熖郅{羐槃\D犳僠腽�盋�%n�5鸊ej�$覬q呦�魆x絙豵子^蓐k}FW€�| #締O2髋峐凲聪!@皍�� 噩∧瓈傌鲌1�4)芕Y癷�珅瀒幢漯畋�.�垴塪魴欞.灡G� 螲蘙_毸浦��3鰽\賻�(|抴cZ峠�偔蝼!灩岜�裑�叵�0|� 苵:閻夂滫{勦沭�-&#埀癸祫\邔'哋墣3m€M:�汧墄a-灎J�/0h晼卲eJh覚e运軐'扔橤��;臘啬n酻鈠孇N5醂�T[恸{泭i2!|唄觿诳D<%畘灺p嵜�3``r+�釗妓Q�x秶勐Yh羘碠e�3詝瞐�=,蚽せ餓"X礯泀(!㏑$淋g泎R鳊]'kz�$厵趱槺|�2y �熼咏箄懑v<6'鴞O#F/ 鈮$妻RＦ�㑇<焏€W8蹃礇$;牫2�<0�EJv萧e.�CA�瘂腣�<醳�3ZL盚yh*=C�陼� 豈x陖椞搻�2鐂椒缿H瓾.mR芼侐�妳[炿赦h@�<嵎'灚哃 ��碤K�卞?**覡2\o拧H1G閂絡┶'鄆�=*矆漜�殠s* 嫁咛Z袦倭驣�2悱姡S@嘥"尯!�%侶y袊�蠊后鯰m哇 �"�2瞬瞶裹8熛蠗鷽f嗘�%(忭�,�(*Yq(t;皫=127玀' 茷隺洴豇3偿熋屦�;k s畽劙翎x矌趲6@迻羫溭�+嚤峍M刮富赒櫶h�c錆矻缘 fe$ T�烳3�鞼姱4鷴aPr<�94呇曨饟堖均I縪u 俦宯-I餿�%�+圇*掩4拥��8传皨)A癧餌/轕e\g灪8ν� d￠�+厰X>q� 擼� W婣]g焢��蟄w=奨螝,k$j�堗�3�$>╖淼�闌艿诘t珽鶮曫n&内�槠#� 駻U炨L 鴖g鈹l #� �-^覝橶3讧a� �&€珏籹<�&R:麮9�9n�D8�!六�1P槴T惾牫mX鵭t袽嗵{坔谧映^氠_.泧魸煼A珙儁x橳渘①M鞄D疉95″蚀mE掺硖諗J!U1岶暵諚lzЙ鄽�v%"�U涡�'潕jQM域v藗E;`�o@虱$舢E竕O]I哌€k**柪乎0i研诺%洜X:輮'镖MGR絢8倔氶Yǎ鶚p湾U埉儆�9�( 咶絫×;栱xZFK+奃历逿瞪€щel9咩�v岒��(恮醸)d�>$洢QR臤�O9m�. W妫僋K旋嫎畍; x妘�5錱マg笀1K呄佀Z槗藒*欟Z�喝/e搁8碯┷韸湺孖悻狈躁厂,�鬎测!豽昄窜闯裩鐾軂,搁赌2贵?惭'姠蠗煝窜颈狈赌谤�2韑�#罢�<蕜MB{5乬篿XE添G儞凢Sf悮隕宴蝼行�佟�O茙A涘娆�$盆X7劏筶瀌戹l�举櫣輦'咉a瑰堯搤>寺~~`"${�塙裑x鴇a(�|�<)溰m"RO�)@K棂侭�N伝梆I�>漴菎崖q�#砊Z�7歅K�q*缬}殪无樕蜴餻鶕3 嵕D:#e鑢MYL"o(��"2�9U哞W掃�潤5L�# 4ca%�(棐觭鬇鑁偰壎Y� 蝢屍~-灙甀蠽N埽奟�"*y霩b捰IOλ簌B(T&A伷攰;)繑p僆xl LE�%扎 QFP笫緰B��剧7.1靤萰荒吂�=K技ryIUm�.溳鯂\�"��QM=�/佤*��目@o豧�!瞟H�PB炗�3Z蛨�讴曼€襍gFMF斋& |蝤茴8衊楔�顱黫� S}8O缱迋c濾鉟珓^啴h螮CA瞱&曑劏佭通憾vC珈#J叒峹N-4襍�&麥陼℡HNMg�h��2t鋓鄬3缦$撫Y瘬翙岓�Vx;d6d#亲他儠==锅韡嗚鏥阻=�0 �3溍胔b4差�F�8>�)t�#籘�H�*Ler忑I桫卮=赎 $碈唌D�30Lw﹩z鍕娜-虽胗失$Y�Q+藂愽鉋�榄适,R婱i#葕狳`*X鰡�"G�37泹I 柅Sl￤8�.跈uaS%弃€褅�夾x��怊h[~I緔P<t_�*镴-譔趨O:叉6隋) lG`緇>冮褣}R�,蒈蕹w�C荙跩`叶�(kmグ抜$�4骾2欜�(.喙l&y$S柦蘿U礽妵�>炠蝷Jn箌柑�;�6�#$c鬤�鎠Q呉%癓@齔,鐉給謥歛紡唥釨墩^鏿駆D蒨��,踟>-7曏'蹿諈厂�=驳啉�>签鐚驳�=颈责�龛驳柈睈浾蟜�$鰜哻<椡吃兹r長d€锖屒X�(咉魫 !"#$%&'()*+,-./0123456789:;<=>?蔼础叠颁顿贰贵骋贬滨闯碍尝惭狈翱笔蚕搁厂罢鲍痴奥齿驰窜摆袄闭镑冲缚补产肠诲别蹿丑��颈箩办濒尘苍辞辫辩谤蝉迟耻惫飞虫测锄调触皑词赌爖9鹖础瓆测痴碍媥�皑胇虫谖�0夤�_� 濧壗漗eZN袘RY[呯4T�h逗ぅ墵k:W�b�;� 狃Y� �谸PD�8麖OVBZ�'P慴�﨩A�/ぴY;Z�jGk7纳烊/g亭n舠丕~>�)��)钫`叡丩鵌題8?"�YJ趗.�9j诧炩p "溟w膕�*蕗��;�O�;E白on醇;剮恌�*j€'槄L仒~D砙齗�3歠~�&v�� 鴍�-倫xB7 6H弇>謙釅崞€T� Oj翟k�7只�(滄�=\詔�€骥$Fx�€J╣�9WYZzw+A 琰Xb-@鬷鍼庶槣�:澧O6*�+5",�-�4悎7呉欲�J9淰g鈕M|龄>邍词羡�<趮�: 烞��95<蒛蘻y� L�3'钗⺁k�倸藌#>嘍葄坉�$奪|驄渝�&kc謃シ邶]W鍬k渔O� 蛏喢脏I聯澗嘦纷y衰穱}恊�濼#橱�&F!8A 狦�'鞲R.吭鲷鯪:蓆欠+ds柪寯娌�tv鐖�xEh諭Ρ麴溔P伂摡NR簬镞�9砷禔*3 3R�:捬|�=键阆筥犷壵�~艎[_E喘躻�哳[VUKL襫�l灩彵%漉煓I 玼螜Ff7|嶈]W媜1U挴x�#椣f]�)逡im焐櫝�=值∽袣撎�牰8L.L箶4.R违'鯮宔B�$位慠⒀⒒銢T猂l.*�jk,u恤痨/磡�立)IAd{斄黻I鑞?�鮠'褑mo:�#渔�_odC�髚�腰防:辕蠈珦[o�瀈�$"專�写F瞙贑|壇T�蠎彦 N >n》=�篊鐙苴:複嚅硠(含.PO�狔h絼�跌�MOZ�&羪p>�6罢&惭蔼迟惫丑�8�=腈�$镢�蝉陆赴08尘�4*嚅<￡黥豓鉤m藌�'/4� 诼雨焨� x�C�5,�$_��#F鳱梫焈yp弰y潱戞�郘�5獇h鎱S捚.€.x|*葅胀�:3PS�'�=愎羙8洑K篐Px4娜缠4刟.c⺌牐�"掶Q茾i鯍鶈Vn$戜巜l蓘,孝�;es@懟芒F�)TKc塽-!镉{�+~;8?\蟚噖=镡€ └市坕E�9r|Z鶖榫hfA�8刕le着郈A#g盵]0碚 #欘廸葟t義朇b�#毶-鉄碵D 漊��>躔簌鲮袚E袁etRHX削激'駔涑諽喠\玄_ 骈眯溑ir瀌K潏彑獳H幣髖y撆B哟輍7訦w_&茒鋆斥�-炴'�/泊盾砒u (弟�3韱摞菚13 r��"�+惍6楞G2�+ 议"狘k7藼裤k笕Or.蠧瑒a穊顺�#瓃瑋牸]狑彨�<#v尠z��齁�蚕縻陈誎櫹�$>壋<茪I,趇椉瘅苤朠杝褫媲Ｖ�T$縝诠蓄*-胟槆货谍�+<�5 偯�礀篕很6��6Z矓囵t喝鰮杖u�3 �"浣鲻&n煓褅á�~|w舞�0SZ�4�M搛韵"L俘U鼝>嫳貒蘸ny 錩r晙%.W>潅b|D涡D乤F祋嗠h瓱�爷笡�#O珢壑簀焖倿|�皟酉y_"埡-E9%堐畊諈囹姸$濣"`簌巢晙.赳kg誣 ��{勚瘔攤珫顤oz��/燆Z詖縙魐裯eq鎋�*巀麜!趄�;牋W<�H;犎�躼欿痵f�,?T}JoB1J緽F谟鱸距t柦�J鐱╭萸,/绡� g凝�$迴X嬗�C�鷬邭�Hm�眍��%�7Q>鰑� 軼#嬰D�)眰x埕觚鎃��+ぬ鏶->0╳o;�+��<+駬蚱w� 船Q�7飽B梦旯坴+恭穏~O(E褽}:6敵篲蟉纘詩珁�礎�羼澮撆忢k褵顾媹版喙F�/P胬s逨8�<疖亇�鰕喙/鸕;祗纒_謦v冂佺�霮戆�蟷貤赼�烕"�/涤?I嫵鵼�<� �梸棊據︳鞣貘G箹NO_タ���矧[鳠ンL'oK�u-��)蛩/���蠓O�%輳�_殒o嘻圁桸貅o甑�榬�/�骺Γ�/2�挺��:篝梪鼦淣�4軹暨�瀵�q蕏N�9龎嶻�揀澉彠�L彩Od��-Y�8蝇�6m姌づ7她7閛JY铥?Z垆酃會騩J9��*S��A咥�@臕@� �� s�1. Examine procedures addressing maintenance personnel; service provider contracts and/or service level agreements; list of authorized personnel. 8Added Test IDs 97-104 for Data Warehouse objective tests�1. Examine access control policy and procedures; and examine technical control SCSEM results for each technical platform within scope from the Safeguard review. �1. The agency provides an incident response support resource for users. Possible implementations of incident response support resources include a help desk or an assistance group, and access to forensics services.�1. Examine incident response testing policy and procedures addressing incident response testing and exercises and incident response testing material to determine the tests/exercises defined by the agency. 2. Examine procedures addressing incident response testing and exercises to determine the frequency and types of test/exercises for incident response testing. 3. Examine incident response test results to verify results are documented.](For Windows client only) 1. Navigate to the Remote Site used for IRS file transfers and access the Explore Remote Sites dialog box. 2. Click the General Tab. 3. Under Site Settings, verify the transfer protocol is HTTPS and port is 11443. 4. Under Login Type verify the "Use Certificate" box is checked, and a valid Identrust certificate is used. �1. Audit reduction and report generation capability is provided either by the system itself, or by a third party software tool. 2. Examination of the tool and report indicates the tool is functioning properly. Expected ResultCP-2CP-4CM-1CM-2CM-3CM-4SI-1SI-3SI-4SI-5IR-1IR-2IR-3AT-1AT-2AT-3IA-1AC-1AU-1AU-7SC-1RA-5PLPL-1PL-2PL-4PL-6SA-5SA-9SA-6SA-7SA-8CA-1CA-2CA-3SA-11CA-5CA-6CA-7.Cryptographic Key Establishment and ManagementMobile CodeVoice Over Internet Protocol&Public Key Infrastructure CertificatesVulnerability Scanning_1. The URL is a HTTPS address indicated a secure connection between browser and server is used.1. Examine the data sharing agreement in place between the agency and the IRS for transfer of FTI to the agency via Tumbleweed.s1. The agreement is in place and current, data transfers are authorized by the IRS to the agency using Tumbleweed.�1. Examine contingency plan testing and/or exercise documentation. 2. Examine contingency plan testing records documents the results of contingency plan testing/exercises. �1. Examine procedures addressing alternate storage sites, or interview personnel with alternate storage site responsibility. 2. Examine alternate storage site agreements. �1. The Agency develops and implements a certificate policy and certification practice statement for the issuance of public key certificates used at the Agency-wide level.?1. The Agency establishes usage restrictions and implementation guidance for mobile code technologies. Mobile code usage requires authorization and are documented and monitored. Mobile code technologies include, for example, Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript.;1. Continuous monitoring policy and procedures address configuration management and control of information system components, security impact analyses of changes to the system, ongoing assessment of security controls, and status reporting. the organization assesses a subset of the controls annually during continuous monitoring. 2. The agency conducts security impact analyses on changes to the information system; the agency documents and reports changes to the security controls employed in the system and updates the system security plan and POA&M as appropriate based on outcome of continuous monitoring activities. 3. The policy establishes the selection criteria and subsequently selects a subset of the security controls employed within the information system for assessment based on FIPS 199 security categorization. f1. Examine software usage restriction policy and/or list of rules governing user installed software. e First Release4Updated CA controls to address alternative evidence.,Updated to account for MOT and SDSEM overlapMUpdated language for controls that are the responsibility of the DES to test.(Identification number of SCSEM test caseGNIST 800-53/PUB 1075 Control Class (Management, Operational, Technical)�NIST 800-53/PUB 1075 Control Family (Risk Assessment, Security Planning, System and Services Acquisition, Security Assessment, Personnel Security, Contingency Planning, Configuration Management, System Maintenance, System and Information Integrity, Incident Response, Security Awareness and Training, Identification and Authentication, Access Control, Audit and Accountability, System and Communications Protection):NIST 800-53/PUB 1075 Reference Identification (1, 2, etc.)!Test Procedure & Expected Results�Detailed test procedures to follow for test execution, and the expected outcome of the test step execution that would result in a Pass._The actual outcome of the test step execution, i.e., the actual configuration setting observed.z1. Examine procedures addressing audit record retention. 2. Examine system audit records to verify the retention period. �1. Interview personnel with system audit monitoring responsibility to determine if a capability for audit reduction and report generation is implemented. 2. Examine the audit reduction and report generation tool used, as well as a sample audit report. ProceduresActual ResultsComments / Supporting EvidenceControlled MaintenanceMAMaintenance PersonnelMalicious Code ProtectionInformation Input RestrictionsRA-1RA-3SA-1SA-2SA-3PS-1PS-2PS-3PS-4PS-5PS-6CP-1�1. The Agency identifies personnel with significant information system security responsibilities and documents those roles and responsibilities. 2. The Agency provides security training to personnel with identified information system security roles and responsibilities before authorizing access to the system; records include the type of security training received and the date completed; and provides refresher training when required by system changes and annually thereafter. 3. The security training material addresses the procedures and activities necessary to fulfill those roles and responsibilities. 4. The document provides a listing of employees who have been identified as having key information system security roles and responsibilities. AC-17 Remote Access?Removed Test ID 96 (TW-03) test for encryption of data at rest.�Added Test ID 96. Changed Test ID 40 (CP-6) back to a required test case for the MOT and added the note about the agency's use of their alternate processing site as an alternate storage site for backup media containing FTI.SA-4%Risk Assessment Policy and Procedures'Security Planning Policy and Procedures5System and Services Acquisition Policy and ProceduresPlan Of Action and Milestones*Contingency Planning Policy and Procedures.Configuration Management Policy and Procedures(System Maintenance Policy and Procedures6System And Information Integrity Policy and Procedures7Identification and Authentication Policy and Procedures$Access Control Policy and Procedures.Audit and Accountability Policy and ProceduresAudit Record Retention:System and Communications Protection Policy and ProceduresPercent (%)StatusPassFailInfoBlank (Not Reviewed)1. Examine network design diagram and interview agency personnel to determine if FTI is encrypted when transmitted across a Wide Area Network (WAN). 2. Examine network design diagram and interview agency personnel to determine if FTI is encrypted when transmitted across the Local Area Network (LAN), including FTI that is downloaded from Tumbleweed and transmitted across the LAN. 3. If encryption is not used, interview agency personnel to determine how FTI is protected while in transit over the LAN and WAN. �1. If dedicated circuits are used in place of encryption fo<� r transmission of FTI across the WAN, interview agency personnel to determine what measures are in place to protect the circuits. "1. Examine system and communications protection policy, procedures addressing cryptographic key management and establishment, information system design documentation; information system configuration settings and associated documentation and other relevant documents or records. (including developer design documentation) to determine if the information system employs automated mechanisms with supporting procedures or manual procedures for cryptographic key establishment and management and how the mechanisms and procedures are implemented. �1. Examine system and communications protection policy, procedures addressing public key infrastructure certificates, public key certificate policy or policies, public key issuing process, and other relevant documents or records to determine if the Agency develops and implements a certificate policy and certification practice statement for the issuance of public key certificates at the Agency-wide level. 21. Examine system and communications protection policy, procedures addressing mobile code, mobile code usage restrictions, mobile code implementation guidance, and other relevant documents or records to determine if the Agency: i. establishes usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the information system if used maliciously ii. documents, monitors, and controls the use of mobile code within the information system iii. requires Agency officials to approve the use of mobile code. �1. Examine applicable system and communications protection policy, procedures addressing VoIP, VoIP usage restrictions, and other relevant documents or records to determine if the Agency has established policies and guidance for the use of VoIP. [1. The transfer protocol is HTTPS and the port is 11443. 2. The Login Type is certificate. �1. Examine security training policies, procedures and records to determine if the Agency identifies personnel with significant information system security responsibilities and documents those roles and responsibilities. 2. Examine security training policies, procedures and records to determine if: (i) the Agency provides security training to personnel with identified information system security roles and responsibilities before authorizing access to the system; (ii) records include the type of security training received and the date completed; and (iii) provides refresher training when required by system changes and annually thereafter. 3. Examine the security training material for the selected roles and responsibilities to determine if the material addresses the procedures and activities necessary to fulfill those roles and responsibilities. 4. Obtain a copy of the document that lists personnel who have been identified as having key information system security roles and responsibilities. H1. Examine security awareness and training policy, procedures addressing security training records, security awareness and training records, and other relevant documents to determine if the Agency monitors and fully documents basic security awareness training and specific information system security training. 2. Inspect the training records of employees and verify that each has up-to-date security training records on file. 3. Examine applicable documents, to determine if the Agency documents the requirement to maintain security training records for contractors. Sample Size = 5 Control ID Control NameOut-of-Scope ReasonControl IDControl covered in the SDSEMPass / Fail / N/A / InfohReviewer to indicate if the test case pass, failed. is not applicable or if more information is needed. Pass / Fail / Info / N/A # of Tests-Total # of Tests PerformedTotal # of Tests AvailableNot Applicable (N/A)Test Method Examine InterviewTestExaminegReformatted to remove merged cells and allow for sorting. Corrected spelling errors. Added test ID 76. ReferencesjNIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, Revision 3/Internal Revenue Service (IRS) Publication 1075Test Case Tab: Execute the test cases and document the results to complete the IRS Safeguard Computer Security review. Reviewer is required to complete the following columns: Actual Results, Comments/Supporting Evidence. Please find more details of each column below. Legenda1. The desktop that is running the Tumbleweed application to receive FTI has encryption enabled. PMPM-2#Senior Information Security OfficerMP-3Examine InterviewAC-22Publicly Accessible ContentSA-10"Developer Configuration ManagementAC-2AC-3SI-2AC-11AU-4AU-3AC-7AU-2IA-7SC-4AC-6AC-8AU-5AU-9AC-5AC-4SC-2�1. Interview agency personnel to determine if a senior information security officer has been appointed to coordinate, develop, implement, and maintain an organization-wide information security program. 2. Examine position description for senior information security officer to determine if responsibilities are established to coordinate, develop, implement, and maintain an organization-wide security program.�1. Interview agency personnel to determine if the organization obtains, protects as required, and makes available to authorized personnel, administrator documentation for the information system that describes: - Secure configuration, installation, and operation of the information system; - Effective use and maintenance of security features/functions; and - Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions 2. Interview agency personnel to determine if the organization obtains, protects as required, and makes available to authorized personnel, user documentation for the information system that describes: - User-accessible security features/functions and how to effectively use those security features/functions; - Methods for user interaction with the information system, which enables individuals to use the system in a more secure manner; and - User responsibilities in maintaining the security of the information and information system 3. Interview agency personnel to determine if organization documents attempts to obtain information system documentation when such documentation is either unavailable or nonexistent. �1. FTI is publicly accessible through an agency information system. 2. Procedures are in place to designate and train individuals authorized to post FTI onto an agency information system that is publicly accessible and training for authorized individuals is performed to ensure that the system does not contain nonpublic information. 3. Reviews are conducted for proposed content of publicly accessible information for FTI prior to posting onto the agency information system. 4. Reviews are conducted for the content of publicly accessible information system for nonpublic information periodically and promptly removes nonpublic information if discovered.AU-6%Audit Review, Analysis, and Reporting=Security Assessment and Authorization Policies and ProceduresIA-2Non-Local MaintenancePE-5Collaborative Computing DevicesInformation System Monitoring)Security Alert, Advisories and Directives.Covered in operating system and network SCSEMs=Control covered in operating system and network device SCSEMsAU-8CP-3,Control not selected in IRS Publication 1075CP-8CP-9CP-10IA-3IA-6*Control covered in operating system SCSEMsMP-1MP-2MP-4MP-5MP-6MP-7PE-1PE-2PE-3PE-4PE-6PE-7PE-8PE-9PE-10PE-11PE-12PE-13PE-14PE-15PE-16PE-17PE-18SC-8SC-9SC-10SC-13SC-20SC-22SC-23SI-8�1. Examine the Risk Assessment Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Risk Assessment Procedures to verify procedures are in place to implemen<� t the policy. 3. Examine the Risk Assessment Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the Security Planning Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Security Planning Procedures to verify procedures are in place to implement the policy. 3. Examine the Security Planning Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the System and Services Acquisition Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the System and Services Acquisition Procedures to verify procedures are in place to implement the policy. 3. Examine the System and Services Acquisition Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the Contingency Planning Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Contingency Planning Procedures to verify procedures are in place to implement the policy. 3. Examine the Contingency Planning Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the Configuration Management Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Configuration Management Procedures to verify procedures are in place to implement the policy. 3. Examine the Configuration Management Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the System Maintenance Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the System Maintenance Procedures to verify procedures are in place to implement the policy. 3. Examine the System Maintenance Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the System and Information Integrity Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the System and Information Integrity Procedures to verify procedures are in place to implement the policy. 3. Examine the System and Information Integrity Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the Identification and Authentication Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Identification and Authentication Procedures to verify procedures are in place to implement the policy. 3. Examine the Identification and Authentication Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the Access Control Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Access Control Procedures to verify procedures are in place to implement the policy. 3. Examine the Access Control Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the Audit and Accountability Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Audit and Accountability Procedures to verify procedures are in place to implement the policy. 3. Examine the Audit and Accountability Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Examine the System and Communications Protection Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the System and Communications Protection Procedures to verify procedures are in place to implement the policy. 3. Examine the System and Communications Protection Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. The information system prohibits remote activation of collaborative computing devices unless specific agency exceptions are in place to allow remote activation. 2. Procedures are in place that state the process for prohibiting remote activation of collaborative computing devices. 3. The information system has collaborative computing mechanisms but prohibits remote activation of those mechanisms and provides an explicit indication of use to the local users.1. Procedures are in place for the agency to review and analyze information system audit records. 2. Procedures are in to determine if levels of audit review, analysis, and reporting are adjusted within the information system when there is a change in risk. f1. Interview agency personnel to determine if usage restrictions and implementation guidance for organization-controlled mobile devices are established. 2. Examine procedures to determine if the agency authorizes connection of mobile devices meeting organization usage restrictions and implementation guidance to the information system. 3. Examine procedures to determine if the agency monitors for unauthorized connections of mobile devices and enforces requirements for the connection of mobile devices to organizational information systems. 4. Examine procedures and the information system to determine if the agency disables system functionality that provides the capability for automatic execution of code on mobile devices without user direction. 5. Examine procedures to determine if the agency issues specially configured mobile devices to individuals traveling to locations that the organization deems to be of significant risk. 6. Examine procedures to determine if the agency applies inspection and preventative measures to mobile devices returning from locations that the agency deems to be of significant risk. �1. Interview agency personnel to determine if usage restrictions and implementation guidance for wireless access are established. 2. Examine procedures to determine if the agency monitors for unauthorized wireless access to the information system. 3. Examine procedures to determine if the agency authorizes and enforces requirements for wireless access to the information system prior to connection. 4. Examine policy and procedures addressing wireless implementation and usage (including restrictions) and other relevant documents or records to determine if the access control policy and procedures are consistent with NIST Special Publication 800-48 and address usage, implementation, monitoring, and authorization of wireless technologies.�1. Interview agency personnel to determine if a system security plan has been documented for the information system. 2. Examine the system security plan to determine if it is consistent with the organization's enterprise architecture and defines the authorization boundary for the system. 3. Examine the system security plan to determine if it describes the operational context of the information system in terms of missions and business processes. 4. Examine the system security plan to determine if it provides the security category and impact level of the information system including support rationale. 5. Examine the system security plan to determine if it describes the operational environments for the information system and <� relationships with or connections to other information systems. 6. Examine the system security plan to determine if it provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements including a rationale for the tailoring and supplemental decisions. 7. Examine the system security plan to determine if it was reviewed and approved by the authorizing official or designated representative prior to plan implementation.&1. Interview agency personnel to determine if the organization includes a determination of information security requirements for the information system in mission/business process planning. 2. Examine procedures to determine the process for documenting and allocating resources required to protect the information system as part of its capital planning and investment control process. 3. Examine procedures to determine the process for establishing discrete line item for information security in organizational programming and budgeting information.Security Authorization�1. Interview agency personnel to determine if the organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system. 2. Examine the information system baseline configuration.Security Impact Analysis1. Agency authorizes connections from the information system to other information systems outside of the authorization boundary through the use of Interconnection Security Agreements. 2. Interconnection Security Agreements are in place that documents, for each connection, the interface characteristics, security requirements, and the nature of the information communicated. 3. Interconnection Security Agreements are in place to monitor the information system connections on an ongoing basis verifying enforcement of security requirements.)1. Agency analyzes changes to the information system to determine potential security impacts prior to change implementation. 2. Procedures are in place that describe the process for analyzing changes to the information system to determine potential security impacts prior to change implementation.c1. Interview with agency personnel to determine if the organization schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements. 2. Examine procedures to determine how the agency controls all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location. 3. Examine procedures to determine how the agency requires that a designated official explicitly approve the removal of the information system or system components from organizational facilities for off-site maintenance or repairs. 4. Examine procedures to determine how the agency sanitizes equipment to remove all information from associated media prior to removal from organizational facilities for off-site maintenance or repairs. 5. Interview agency personnel to determine if the organization checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions.01. Agency approves, controls, monitors, the use of, and maintains on an ongoing basis, information system maintenance tools. 2. System maintenance policy describes the process for the organization to approve, control, monitor, the use of, and maintains on an ongoing basis, information maintenance tools.�1. Interview agency personnel to determine if the information system monitors and controls communications at the external boundary of the system and at key internal boundaries within the system. 2. Examine procedures to determine how the information system connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. �1. Interview agency personnel to determine if a risk assessment has been conducted for the information system. 2. Interview agency personnel to determine if the risk assessment results are documented in a risk assessment report. 3. Interview agency personnel to determine how often the risk assessment results are reviewed. 4. Examine the risk assessment to determine if how often it is updated based. Cover: 1) Added disclaimer language to the cover sheet. Dashboard: 2) Added this tab to reflect summary numbers for the test cases and each of their possible result statuses (i.e. pass, fail, N/A, Info). Test Cases: 3) Corrected spelling errors. 4) Corrected errors - Changed SA-5 to read SA-4 and CP-3 and CP-4 to read CP-4 and CP-5. 5) Added N/A to Column H header. 6) Deleted "Procedures" text from Column F cells and "Expected Results" text from Column G cells. 7) Added "Test Method" column 8) NIST Revision 3 Changes: Added AC-22, AU-12, MP-3, SA-10, and SC-28. Removed CA-4, CP-5, RA-4, PL-3. Legend: 8) Updated the Pass/Fail row to reflect the four possible status indicators (including N/A & Info - more information needed). 9) Changed REF. ID to Control ID in Column E Header 10) Vertically centered the column headers 11) Removed Out of Scope Controls (grayed out controls) and put them in the newly created Out of Scope Controls tab. 12) Deleted "Control Procedure" as it is no longer contained in the Test Cases tab Out of Scope Controls: 12) Added this tab to account for controls out of the scope of the MOT, but accounted for in other SCSEMs or in the SDSEM. Sources: 13) Added this tab to account for the sources of the test cases (controls) in the Test 9C �� bi ( �� DIRECTIONS FOR SCSEM USE-State Run Data Center SCSEM Results DashboardAU-12IA-8SC-25SC-26SC-27SC-28SC-29SC-30SC-31SC-34AC-21AU-13AU-14SA-12SA-13SA-14SC-16SI-13PM-1PM-3PM-4PM-5PM-6PM-7PM-8PM-9PM-10PM-11J1. Agency assigned a senior-level executive or manager to the role of authorizing official for the information system. 2. Security authorization ensures that the authorizing official authorizes the information system for processing before commencing operations. 3. Security authorization is updated based on agency requirements. I �1. Interview agency personnel to determine if a contingency plan for the information system has been developed. 2. Examine contingency plan to determine if the document: - Identifies essential missions and business functions and associated contingency requirements; - Provides recovery objectives, restoration priorities, and metrics; - Addresses contingency roles, responsibilities, assigned individuals with contact information; - Addresses maintaining essential missions and business functions despite an information system disruption, compromise, or failure; - Addresses eventual, full information system restoration without deterioration of the security measures originally planned and implemented; and - Is reviewed and approved by designated officials within the organization 3. Interview agency personnel to determine if the organization distributes copies of the contingency plan to key contingency personnel responsible for implementing the plan. 4. Interview agency personnel to determine if the organization coordinates contingency planning activities with incident handling activities. 5. Interview agency personnel to determine if the organization reviews the contingency plan for the information system on an agency defined basis, at least annually. |} 01. Contingency plan for the information system has been developed. 2. Contingency plan is in place that describes the process for: - Identifying essential missions and business functions and associated contingency requirements; - Providing recovery objectives, restoration priorities, and metrics; - Addressing contingency roles, responsibilities, assigned individuals with contact information; - Addressing maintaining essential missions and business functions despite an i<� nformation system disruption, compromise, or failure; - Addressing eventual, full information system restoration without deterioration of the security measures originally planned and implemented; and - Reviewing and approving by designated officials within the organization 3. Agency distributes copies of the contingency plan to key contingency personnel responsible for implementing the plan. 4. Agency coordinates contingency planning activities with incident handling activities. 5. Agency reviews the contingency plan for the information system on an agency defined basis, at least annually. �1. Agency establishes and documents mandatory configuration settings for information technology products employed within the information system using documented security configuration checklists that reflect the most restrictive mode consistent with operational requirements. 2. Agency implements the configuration settings. 3. Procedures are in place to identify, document, and approve exceptions from the mandatory configuration settings for individual components within the information system based on explicit operational requirements. 4. Agency monitors and controls changes to the configuration settings in accordance with organizational policies and procedures.1. Agency configures the information system to provide only essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or services to an agency-defined list of prohibited or restricted functions, ports, protocols, and/or services. 2. Procedures are in place to describe the process for configuring information system to provide essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or services.�1. Agency develops, documents, and maintains an inventory of information system component. 2. Information system component inventory accurately reflects the current information system and is consistent with the authorization boundary of the information system. 3. Information system component inventory is tracked and reported. 4. Information system component inventory is available for review and audited by the designated organizational officials.!1. Interview agency personnel to determine if the organization manages information system identifiers for users and devices. 2. Examine procedures to determine the process for receiving authorization from a designated organizational official to assign a user or device identifier. 3. Examine procedures to determine the process for selecting an identifier that uniquely identifies an individual or device. 4. Examine procedures to determine the process for assigning the user identifier to the intended party or the device identifier to the intended device. 5. Examine procedures to determine the process for preventing reuse of user or device identifiers in accordance with agency policy. 6. Examine procedures to determine the process for disabling the user identifier after 90 days of inactivity.SC-32�1. Examine network design documentation and interview agency personnel to determine the mechanisms the agency has put in place to separate the flow of FTI through the internal network from the rest of the environment. "Transmission Preparation Integrity First M. Lastmonth d, yyyy - month d, yyyyCity, STName:Telephone # Email Address(###) ###-#### x#####First.M.Last@xx.xxxInformation Flow Enforcement�1. Standard Operating Procedures (or equivalent document) exists to ensure FTI is permanently deleted (including from the recycle bin) after being temporarily stored on the Tumbleweed client when downloaded from IRS? 2. The Recycle Bin or the default directory do not contain any FTI that a) Has been transferred over to the FTI storage or processing platform(s) b) Is not authorized to be permanently stored on the Tumbleweed client platformTransmission ConfidentialitySC-33TW-01TW-02TW-03TW-04TW-05TW-06 Interview�1. Examine the standard operating procedures (or equivalent document) to ensure FTI is permanently deleted (including from the recycle bin) after being temporarily stored on the Tumbleweed client when downloaded from IRS? 2. For a Windows implementation, test the Recycle Bin and default directory where FTI is temporarily stored before being transferred to the FTI storage or processing platform e.g. a mainframe. Examine TestWireless Access!Access Control for Mobile DevicesBooz Allen Hamilton�1. The agency has contractors supporting the systems that maintain FTI for multiple agencies and each access to specific FTI data elements is authorized via IRC 6103.Account Management�1. Interview agency personnel to determine if the organization documents allowed methods of remote access to the information system. 2. Examine procedures to determine the process for establishing usage restrictions and implementation guidance for each allowed remote access method. 3. Examine procedures to determine the process for monitoring unauthorized remote access to the information. 4. Examine procedures to determine the process for authorizing remote access to the information system prior to connection 5. Examine procedures to determine the process for enforcing requirements for remote connections to the information system. 6. Check for direct internet connections e.g. (DSL) to FTI hosting or processing platforms. 7. If a direct remote connection exists, verify the mechanisms used to monitor and control this connection. Note: Remote access is defined as any access to an agency information system by a user communicating through an external network, for example: the Internet51. Examine policy and procedures addressing continuous monitoring of system security controls. 2. Examine policy and procedures addressing continuous monitoring of system security controls, examine security impact analyses. 3. Examine policy and procedures addressing continuous monitoring of system security controls. NOTE: For federal agencies that receive FTI, a NIST compliant C&A is required in accordance with FISMA. For state or local agencies that receive FTI, a third-party accreditation is not required. Instead these agencies may internally attest. �1. The POA&M documents the planned, implemented, and evaluated actions to correct the deficiencies noted during internal inspections. The CAP will identify activities planned or completed to correct deficiencies identified during the on-site safeguard review. Both the POAM and the CAP shall address implementation of security controls to reduce or eliminate known vulnerabilities in the system. �1. Interview agency personnel to determine if FTI is being e-mailed and to what extent (inside or outside network). 2. Examine the process in place for e-mailing FTI (whether sent in the clear or encrypted).�1. FTI is not being transmitted or used on the agency s internal e-mail systems. FTI is not being transmitted outside of the agency, either in the body of an email or as an attachment. 2. If transmittal of FTI within the agency s internal e-mail system is necessary, the following guidelines must be met to protect FTI sent via E-mail: " Do not send FTI unencrypted in any email messages " The file containing FTI must be attached and encrypted " Ensure that all messages sent are to the proper address WP-01WP-02WP-03�1. Interview agency personnel to determine how the web portal architecture (e.g. three-tier architecture) is set up. Inquire about documentation such as a system architectural diagram portraying the layout of the web portal.�1. Interview agency personnel to det<� ermine the process or procedures in place to harden systems that are part of the web portal architecture.&User Identification and AuthenticationIVR-01�1. Interview agency personnel to determine if local area network (LAN) segment where the IVR system resides is firewalled to prevent direct access from the internet to the IVR system.IVR-02IVR-03IVR-04t1. Interview agency personnel to determine the authentication process in place for access to FTI via the IVR system.�1. The agency ensures access to FTI via the IVR system requires a strong identity verification process. The authentication uses a minimum of two pieces of information to verify the identity. One of the authentication elements is be a shared secret only known to the parties involved and issued by the agency directly to the customer. Examples of shared secrets include: a unique username, PIN number, password or passphrase issued by the agency to the customer through a secure mechanism. Case number does not meet the standard as a shared secret because that case number is likely shown on all documents the customer receives and does not provide assurance that it is only known to the parties involved in the communication.�1. Interview agency personnel regarding the authentication process (e.g. unique username, minimum password length, etc.) in place for obtaining access to FTI via the web portal.11. Interview agency personnel to determine if the operating system and associated software for each system within the architecture that receives, processes, stores or transmits FTI to an external customer through the IVR is hardened and frequent vulnerability testing is being performed on those systems.�1. Interview agency personnel to determine if independent security testing is conducted on the IVR system prior to implementation.j1. The agency ensures Independent security testing is conducted on the IVR system prior to implementation.61. The agency ensures operating system and associated software for each system within the architecture that receives, processes, stores or transmits FTI to an external customer through the IVR is hardened in accordance with the requirements of Publication 1075 and is subject to frequent vulnerability testing.�1. The agency ensures a firewall is in place in the LAN segment where the IVR system resides to prevent direct access from the internet to the IVR system.�1. The agency ensures access to FTI via the web portal requires a strong identity verification process. The authentication uses a minimum of two pieces of information to verify the identity. One of the authentication elements is a shared secret only known to the parties involved and issued by the agency directly to the customer. Examples of shared secrets include: a unique username, PIN number, password or passphrase issued by the agency to the customer through a secure mechanism. Case number does not meet the standard as a shared secret because that case number is likely shown on all documents the customer receives and does not provide assurance that it is only known to the parties involved in the communication. �1. Interview agency personnel to determine if the organization scans for vulnerabilities in the information system and hosted applications based on agency policy or at least annually to identify and report we vulnerabilities potentially affecting the system/applications. 2. Examine procedures to determine the process for employing vulnerability scanning tools and techniques that promote interoperability among tools and automate parts of the vulnerability management process by using standards for: enumerating platforms, software flaws, and improper configurations; formatting and making transparent, checklists and test procedures; and measuring vulnerability impact. 3. Examine procedures to determine the process for analyzing vulnerability scan reports and results from security control assessments. 4. Examine procedures to determine the process for remediating legitimate vulnerabilities in accordance with an agency acceptance of risk. 5. Examine procedures to determine the process for sharing information obtained from the vulnerability scanning process and security control assessments (i.e. system weaknesses and deficiencies) with designated personnel throughout the organization to help eliminate similar vulnerabilities in other information systems.H1. Configuration management policy and procedures are in place. 2. Procedures are in place to describe the process of controlling configuration changes to the information system. 3. Procedures are in place to describe the process of approving configuration-controlled changes to the system with explicit consideration for security impact analysis. 4. Configuration change records are retained and reviewed for the information system. 5. Agency coordinates and provides oversight for configuration change control activities through a change control board that convenes periodically. Information System Partitioning"Web Portal SCSEM Results DashboardIVR SCSEM Results Dashboard(Transmission Integrity / Confidentiality SC-8 SC-9vUpdates based on NIST 800-53 rev 3 release Update for new Publication 1075 version Added Web Portal and IVR appendices�1. Interview the Tumbleweed client administrator at the agency to determine if the Tumbleweed client is installed on a dedicated platform. �1. Tumbleweed client is installed on a dedicated platform. If not then all FTI stored on the Tumbleweed client platform is encrypted with FIPS 140-2 compliant algorithm and key length of at least 128 bits. SDC-1SDC-2SDC-3$Use of Live FTI in Test Environments�1. Interview agency personnel to determine if security test and evaluations are performed during system development. 2. Examine security test and evaluation plan and results from system development, or the most recent modification to the system. �1. The agency requires that information system developers (and systems integrators) create a security test and evaluation plan, implement the plan, and document the results for newly developed systems and modifications to existing systems that impact security controls. 2. Security test and evaluation plan and results are available and document the test cases executed and results of each test. �1. The agency has implemented procedures to only allow authorized employees or contractors (if allowed by statute) of the agency receiving the information have access to FTI.�1. Interview agency personnel to determine if the organization requires multi-factor authentication for remote access. 2. Examine procedures to determine how multi-factor authentication is implemented.+Overall Results Dashboard - Metrics for PFR+Remote Access - Multi-Factor Authentication 1. Examine the list of software usage restrictions. 2. Examine the list of software usage restrictions. 3. Examine policy for use of open-source software. 4. Examine inventory of licensed software installed on the system, and site software license documentation. 1. The policy mandates a regular review of software usage for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to appropriate officials, and takes necessary actions. 2. The policy controls and documents the use of publicly accessible peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work. 3. The agency has a usage policy for open-source software. The policy requires that any open-source software used with FTI must be legally licensed software, approved by the agency, and adheres to a secure configuration baseline checklist either from government, industry or the software vendor. 4. Only licensed and approved software is contained in the inventory of software installed on the system. The agency makes use of a controlled implementation process for licensed software and employs tracking systems to control copying and distribution. ~(For Windows only) 1. Examine the desktop to determine if encryption is enabled for th<� e Tumbleweed application to receive FTI. CM-9Configuration Management PlanIR-8Incident Response PlanSI-7"Software and Information IntegrityExamine InterviewMA-6SC-34Moved Test IDs 97-104 for Data Warehouse to Appendix�1. Examine information system design documentation, security requirements and security specifications for the security design principles used for new information systems and for system upgrades and modifications. N/A�1. Examine the system's Rules of Behavior. 2. Interview an authorized system user to determine their awareness of the rules of behavior. 3. Examine user's signed Rules of Behavior document.�1. Examine security planning policy and procedures and interview personnel with security planning responsibility to determine if system security related activities are properly coordinated. Z1. The Agency monitors and fully documents basic security awareness training and specific information system security training. 2. Each user has a training record that (i) identifies security training courses is taken and (ii) the record is being maintained and updated. 3. Contractors are required to complete the mandatory security training. {1. Examine information system development life cycle documentation. 2. Examine the agency's system development life cycle.`Revised Test ID 63 Expected Result column to provide language specific to FTI related incidents.v1/2. Examine the list of personnel authorized access to the information system for the purpose of initiating changes. 1. The agency maintains a list of qualified and authorized personnel permitted to access the information system for the express purpose of initiating changes. the ability to make configuration changes is restricted to authorized development and configuration management staff only and list of the staff is maintained. No system administrator, database administrator or end user has the ability to make configuration changes. 2. The agency generates, retains, and reviews records reflecting all such changes to the information system. �1. Examine agency incident response procedures and/or interview agency personnel with incident response responsibility to determine if the agency provides an incident response support resource for assistance in handling and reporting security incidents. Authenticator Management`(For Browser client only) 1. Open the browser and navigate to the URL of the Tumbleweed server. 'Incident Response Testing and ExercisesIncident Response AssistanceSecurity Training Records#Use of External Information Systems%Audit Reduction and Report GenerationBoundary ProtectionRisk AssessmentRules Of Behavior Information System DocumentationSecurity AssessmentsContinuous MonitoringAccess Restrictions For ChangeConfiguration SettingsLeast FunctionalityMaintenance ToolsAcquisitionsSoftware Usage RestrictionsCAUser Installed SoftwareSecurity Engineering PrinciplesDeveloper Security TestingInformation System ConnectionsMRASAOCPCMSIIRATTIAACAUSCSecurity TrainingIdentifier ManagementCP-7Alternate Storage SiteBaseline Configuration&Information System Component InventoryConfiguration Change Control PS-7PS-8CP-6CM-5CM-6CM-7CM-8MA-3MA-4MA-5MA-2SI-9SI-12IR-5IR-6IR-4AT-4IA-4IA-5AC-18AC-19AC-20AU-11SC-7SC-12SC-15SC-17SC-19SC-18System Security PlanPUB 1075Contingency Plan&Contingency Plan Testing and ExercisesIR-7"Security-Related Activity PlanningAllocation of ResourcesLife Cycle SupportID Control ClassControl FamilyVersion Release DateSummary of Changes Changed ByCommentsMA-1�DES Checkpoint: Testing of this control is a shared responsibility between the DES and the Computer Security Reviewer. The Computer Security Reviewer is responsible for testing this control to verify the training records for specific job-related security training provided to security and system administration personnel. Note: Coordinate on-site to ensure there is computer security and DES representation when agency AT records are checked, or when the agency representative is interviewed. CI �DES Checkpoint: Testing of this control is a shared responsibility between the DES and the Computer Security Reviewer. The Computer Security Reviewer is responsible for testing this control to verify specific job-related security training provided to security and system administration personnel. Note: Coordinate on-site to ensure there is computer security and DES representation when agency training records are checked, or when the agency representative is interviewed. +2 �Note: NIST requires third party certificate authority for digital certificates. If agencies are willing to accept the risk of using self-signing certificates and have a process in place to issue, manage and revoke certificates, then it is acceptable. �DES Checkpoint: Check with DES on-site the first day of the review to get a copy of the SPR if it is not available before the review starts. Note: The agency's most recent SPR can be used as evidence to support this control in lieu of a NIST 800-18 compliant System Security Plan. If available prior to the on-site review, the result of this control test can be pre-populated using the most recent SPR as evidence. �� Notes�This SCSEM is used by the IRS Office of Safeguards to evaluate compliance with IRS Publication 1075 for all non-technical security controls. The MOT SCSEM is mandatory for every safeguard review, and focuses on the policies and procedures implemented by the agency as part of their security program that govern the systems that receive, store, process and transmit FTI. Policies and procedures may be generated at the state level, agency level or department level. The Tumbleweed appendix is used for agencies that utilize the Tumbleweed software for receiving FTI from the IRS. The State Run Data Center appendix is used for agencies that have systems located in a consolidated state run data center, and may not have direct administrative control over their systems. The MFD appendix is used for agencies that utilize multifunctional devices such as combination printer/scanner/fax to process and transmit FTI. The Data warehouse appendix is used for agencies that store or process FTI in a data warehouse environment. The Web Portal appendix is for agencies utilizing an Internet accessible web portal for customers to retrieve FTI. The IVR tab is for agencies that use an integrated voice response (IVR) system to provide FTI to customers over the telephone. Agencies should use this SCSEM to prepare for an upcoming Safeguard review, but it is also an effective tool for agencies to use as part of internal periodic security assessments or internal inspections to ensure continued compliance in the years when a Safeguard review is not scheduled. Also the agency can use the SCSEM to identify the types of policies to have in place to ensure continued compliance with IRS Publication 1075.�1. Interview agency personnel to determine if the organization includes the following requirements and/or specifications: Security functional requirements/specifications, Security-related documentation requirements, and developmental and evaluation-related assurance requirements in information system acquisition contracts based on an assessment of risk in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. 2. Examine information system acquisition contracts to determine if the following requirements and/or specifications are included: Security functional requirements/specifications, Security-related documentation requirements, and developmental and evaluation-related assurance requirements.MOT SCSEM - Tumbleweed Appendix*MOT SCSEM - State Run Data Center AppendixMOT SCSEM - Web Portal AppendixMOT SCSEM - IVR Appendix:Management, Operation<� al and Technical Controls (MOT) SCSEM�1. Risk Assessment Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Risk Assessment Procedures are documented and in place to implement the policy. 3. Risk Assessment Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. r1. Risk assessment has been conducted for the information system based on NIST SP 800-30 methodology and documented that includes the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, modification, or destruction of the information system and the information it processes, stores, or transmits. 2. Risk assessment results are documented in a risk assessment report. 3. Risk assessment results are reviewed at least annually. 4. Risk assessment is updated on at least an annual basis or when significant changes occur to the information system that my impact the security state of the system. D1. At a minimum, systems containing FTI are scanned quarterly to identify any vulnerabilities in the information system. The vulnerability scanning tool is updated with the most current definitions prior to conducting a vulnerability scan. 2. Procedures are in place that describe the process for employing vulnerability scanning tools and techniques that promote interoperability among tools and automate parts of the vulnerability management process by using standards. 3. Procedures are in place to that describe the process for analyzing vulnerability scan reports and results from security control assessments. 4. Procedures are in place that describe the process for remediating legitimate vulnerabilities in accordance with an agency acceptance of risk. 5. Procedures are in place that describe the process for sharing information obtained from the vulnerability scanning process and security control assessments (i.e. system weaknesses and deficiencies) with designated personnel throughout the organization to help eliminate similar vulnerabilities in other information systems. �1. Security Planning Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Security Planning Procedures are documented and in place to implement the policy. 3. Security Planning Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �1. The Rules of Behavior establishes a set of rules that describe user responsibilities and expected behavior with regard to information system usage. 2. The user is aware of the Rules of Behavior, and the document is readily available to them. 3. The Rules of Behavior document is signed, indicating acknowledgement from the user that they have read, understand, and agree to abide by the rules of behavior. 1. Security-related activities including, but are not limited to, security assessments, audits, system hardware and software maintenance, security certifications, and testing/exercises are coordinated prior to execution to limit the impact on agency operations. �1. System and Services Acquisition Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. System and Services Acquisition Procedures are documented and in place to implement the policy. 3. System and Services Acquisition Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �1. The agency has implemented managed interfaces that segregate traffic carrying FTI and information flow from the rest of the agency's internal network. L1. The Agency: (i) establishes usage restrictions and implementation guidance for VoIP technologies based on the potential to cause damage to the information system if used maliciously, (ii) documents, monitors, and controls the use of VoIP within the information system, (iii) requires Agency officials to approve the use of VoIP. �1. Interview agency personnel to determine if the information system prohibits remote activation of collaborative computing devices unless specific agency exceptions are in place allowing remote activation and if procedures exist. 2. Examine procedures to determine if the process of information system prohibiting remote activation of collaborative computing devices is documented. 3. Examine the information system to verify whether or not it has collaborative computing mechanisms (collaborative computing mechanisms include, for example, video and audio conferencing capabilities). If the system does have collaborative computing mechanisms, then verify the ability to remotely execute those capabilities. A1. The information system utilizes automated mechanisms with supporting procedures in place for digital certificate generation, installation, and distribution. Subscriber key pairs are generated and stored using FIPS 140-2 Security Level 2 or higher cryptographic modules. The same public/private key pair is not be used for both encryption and di��gital signature. Private keys are protected using, at a minimum, a strong password. A certificate is revoked if the associated private key is compromised; management requests revocation; or the certificate is no longer needed. �1.Circuits are maintained on cable and not converted to unencrypted radio (microwave) transmission. The cable is protected by either being buried underground, or run through plenum area in walls, ceilings or floors. Access to cable and switching rooms is restricted. All wiring, conduits, and cabling are within the control of agency personnel and that access to routers and network monitors are strictly controlled. �1. Transmissions are encrypted using a key no less than 128 bits in length, or FIPS 140-2 compliant, whichever is stronger. All transmissions of FTI between the agency and IRS are executed using the Tumbleweed solution. 2. Transmissions are encrypted using a key no less than 128 bits in length, or FIPS 140-2 compliant, whichever is stronger. 3. If encryption is not used to transmit data over the WAN, unencrypted cable circuits of copper or fiber optics is an acceptable means of transmitting FTI. If encryption is not used to transmit data over the LAN, the agency must use other compensating mechanisms (e.g., switched vLAN technology, fiber optic medium, etc.) �1. Information system monitors and controls communications at the external boundary of the system and at key internal boundaries within the system. 2. Procedures are in place that describes how the information system connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. �1. System and Communications Protection Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. System and Communications Protection Procedures are documented and in place to implement the policy. 3. System and Communications Protection Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. s1. The procedures define the retention period for audit records generated by the information system. 2. The agency retains information system audit records for the agency-defined time period, but a minimum of 6 years to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements. �1. Interview agency personnel to determine if procedures are in place to review and analyze information system audit records for indications of inappropriate or unusual activity, and report findings to designated agency officials. 2. Examine procedures to determine if<� the agency adjust the levels of audit review, analysis, and reporting within the information system when there is a change in risk to agency operations, assets, individuals, other organizations. �1. Audit and Accountability Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Audit and Accountability Procedures are documented and in place to implement the policy. 3. Audit and Accountability Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. >Note: If FTI is not publicly accessible, this control is N/A. �1. Interview agency personnel to determine if FTI is publicly accessible through an agency information system (e.g., web site application, voice response system) 2. Interview agency personnel to determine if procedures exist for the agency to designate individuals authorized to post FTI onto an agency information system that is publicly accessible, and the agency trains authorized individuals to ensure that publicly accessible information does not contain nonpublic information 3. Interview agency personnel to verify the agency reviews the proposed content of publicly accessible information for FTI prior to posting onto the agency information system 4. Interview agency personnel to verify the agency reviews the content on the publicly accessible information system for nonpublic information periodically and promptly removes nonpublic information from the publicly accessible organizational information system, if discovered. � �1. The agency has developed usage restrictions and implementation guidance for organization-controlled mobile devices. 2. Procedures are in place that authorizes connection of mobile devices meeting organization usage restrictions and implementation guidance to agency information system. 3. Procedures are in place that monitors for unauthorized connections of mobile devices and enforces requirements for the connection of mobile devices to agency information system. 4. Procedures are in place that disables system functionality that provides the capability for automatic execution of code on mobile devices without user direction. 5. Procedures are in place that issues configured mobile devices to individuals traveling to location that the agency deems to be of significant risk. 6. Procedures are in place that applies inspection and preventative measures to mobile devices returning from locations that the agency deems to be of significant risk. �1. The agency has developed usage restrictions and implementation guidance for wireless access. 2. Procedures are in place that monitors for unauthorized wireless access to the information system. 3. Procedures are in place that authorizes and enforces requirements for wireless access to the information system prior to connection. 4. The agency's wireless access control policy is consistent with NIST Wireless Network Security Policies and addresses encryption of communications, device authentication, physical security, replay protection, and wireless intrusion detection and prevention systems. 5. Agencies must develop policies for any allowed wireless access, where these systems contain FTI. �1. The agency requires multi-factor authentication for all remote access to the information system. 2. The multi-factor authentication mechanism is sufficient. �1. Agency documents allowed methods of remote access to the information system. 2. Procedures are in place to describe the process for establishing usage restrictions and implementation guidance for each allowed remote access method. 3. Procedures are in place to describe the process for monitoring unauthorized remote access to the information. 4. Procedures are in place to describe the process for authorizing remote access to the information system prior to connection 5. Procedures are in place to describe the process for enforcing requirements for remote connections to the information system. 6. There are no direct internet connections to the platform hosting or processing FTI. All connections originating from a remote network go through an agency managed access point, e.g., VPN. 7. If a direct remote connection exists verify there is documented authorization with management sign-off, the connection is encrypted and the connection is monitored as part of the agency's audit monitoring strategy. 51. Interview agency personnel to determine if only authorized employees or contractors (if allowed by statute) of the agency receiving the information have access to FTI. For example, human services agencies may not have access to FTI provided to child support enforcement agencies or state revenue agencies. �1. Access Control Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Access Control Procedures are documented and in place to implement the policy. 3. Access Control Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �1. Agency manages information system identifiers for users and devices. 2. Procedure are in place to describe the process for receiving authorization from a designated organizational official to assign a user or device identifier. 3. Procedures are in place to describe the process for selecting an identifier that uniquely identifies an individual or device. 4. Procedures are in place to describe the process for assigning the user identifier to the intended party or the device identifier to the intended device. 5. Procedures are in place to describe the process for preventing reuse of user or device identifiers in accordance with agency policy. 6. Procedures are in place to describe the process disabling the user identifier after 90 days of inactivity. �1. Identification and Authentication Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Identification and Authentication Procedures are documented and in place to implement the policy. 3. Identification and Authentication Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �DES Checkpoint: Testing of this control is a shared responsibility between the DES and the Computer Security Reviewer. The Computer Security Reviewer is responsible for testing this control for incident response support procedures specific to computer security incidents. Note: Coordinate on-site to ensure there is Computer Security and DES representation when agency Incident Response team is interviewed. �1. The agency defines incident response tests/exercises that contain procedures for the following: - Detecting unauthorized FTI access - Reporting unauthorized FTI access to IRS, TIGTA, and internal agency incident response team. 2. The agency tests/exercises the incident response capability for FTI related security violations (e.g. simulated successful unauthorized access to FTI) at least annually. 3. The agency documents the results of incident response tests/exercises.� :DES Checkpoint: Testing of this control is a shared responsibility between the DES and the Computer Security Reviewer. The Computer Security Reviewer is responsible for testing this control for incident response support procedures specific to computer security incidents. Note: Coordinate on-site to ensure there is Computer Security and DES representation when agency Incident Response team is interviewed. Note: The incident response tests/exercise should be different from any testing activities perform as part of Disaster Recovery or Contingency Planning. �� 1. Results from the technical control SCSEMs indicate systems employ restrictions on personnel authorized to input information to the information system to include limitations based o<� n specific operational/project responsibilities. �1. Interview agency personnel to determine if the information system detects unauthorized changes to software and data. 2. Examine information system logs to determine if the system detects and tracks unauthorized changes to software and data. �1. Agency personnel with security responsibility subscribe to third-party vulnerability mailing lists and vendor mailing lists that highlight the most critical vulnerabilities (e.g., the US-CERT Cyber Security Alerts). 2. Procedures are in place that describe the process for generating internal security alerts, advisories and directives as deemed necessary. 3. Procedures are in place that describe the process for disseminating security alerts, advisories, and directives to an organization-defined list of personnel. 4. Procedures are in place that describe the process for implementing security directives in accordance with established time frames, or notifying the issuing organization of the degree of noncompliance. 1. Interview agency personnel to determine if the agency monitors and detects events on the information system in accordance with agency defined monitoring objectives and if the process is documented. 2. Examine procedures to determine if the agency identifies unauthorized use of the information system 3. Examine procedures to determine if the agency deploys monitoring devices to collect organization-determined essential data and specific types of transactions. 4. Examine information system configuration to determine the process for monitoring devices that captures and stores information on specific logs. 5. Examine procedures to determine the process of how the level of information system monitoring activity is heightened whenever there is an indication of increased risk to organizational operations, assets, individuals, and other organizations. 6. Examine procedures to determine if the agency obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, policies, or regulations. 7. Examine legal memorandum to determine if an opinion was received regarding the information system monitoring activities in accordance with federal laws, Executive Orders, directives, policies, and regulations. 1. The agency monitors and detects events on the information system in accordance with agency defined monitoring objectives. 2. Procedures are in place that identifies unauthorized use of the information system 3. Procedures are in place that deploys monitoring devices to collect organization-determined essential information and specific types of transactions. 4. The information system is configured appropriately to capture and store data from monitoring devices in specific logs. 5. Procedures are in place that describe the process of how the level of information system monitoring activity is heighten whenever there is an indication of increased risk to organizational operations, assets, individuals, and other organizations. 6. Procedures are in place that describe the process for the agency to obtain legal opinion with regard to information system monitoring activities in accordance with federal guidance. 7. Legal opinion was received for the agency regarding the information system monitoring activities process. �1. System and Information Integrity Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. System and Information Integrity Procedures are documented and in place to implement the policy. 3. System and Information Integrity Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �1. Only authorized personnel are authorized to perform maintenance on the information system. Maintenance personnel have appropriate access authorizations to the information system. When maintenance personnel do not have needed access authorizations, organizational personnel with appropriate access authorizations supervise maintenance personnel during the performance of maintenance activities on the information system. �1. Information system detects unauthorized changes to software and data. 2. Information system has logs and a monitoring process in place to detect and track unauthorized changes to software and data.�1. Interview agency personnel to determine if information system security alerts, advisories, and directives are received from designated external organizations on an ongoing basis and if the process is documented. 2. Examine procedures to determine the process for generating internal security alerts, advisories, and directives as deemed necessary. 3. Examine procedures to determine the process for disseminating security alerts, advisories, and directives to an organization-defined list of personnel. 4. Examine procedures to determine the process for implementing security directives in accordance with established time frames, or notifying the issuing organization of the degree of noncompliance. �1. Interview agency personnel to determine if procedures are in place for the agency to authorize, monitor, and control non-local maintenance and diagnostic activities. 2. Examine procedures to determine if the agency allows the use of non-local maintenance and diagnostic tools only as consistent with policy and is documented in the system security plan for the information system. 3. Examine information system's identification and authentication configuration. 4. Examine procedures to determine if records for non-local maintenance and diagnostic activities are maintained. 5. Examine remote maintenance records and session configuration settings. 6. Examine procedures to determine if all sessions and network connections are terminated when local maintenance is completed. 7. Examine system configuration to determine if all sessions and network connections are terminated when local maintenance is completed.MOT SCSEM Results Dashboard"Tumbleweed SCSEM Results DashboardRA-2cFTI is categorized as Moderate impact; agencies are not required to perform security categorizationTransmission IntegrityCDC-01CDC-02CDC-03�1. The agency has implemented physical (e.g. separate drives) or logical partitioning along with access controls granular enough so that one agencies FTI cannot be accessed by another agencies users.Restricted AccessContractor Access^1. The agency does not have an alternate or reciprocal location where its FTI is being stored. 1. Agency has developed and implemented a configuration management plan for the information system. 2. Configuration management plan addresses roles, responsibilities, and configuration management process and procedures. 3. Configuration management plan defines configuration items for information system and the items are placed under configuration management in the system development life cycle. 4. Configuration management plan identifies and manages the configuration items through the system development life cycle.�1. Developers are implementing configuration management procedures to manage control changes during the information system design, development, implementation, and operation phases. 2. Configuration management procedures are followed, documented, and approved for the change control request process. 3. Security flaws are tracked through an automated mechanism and resolved through the lifecycle development process.z1. Procedures are in place that describe the process authorizing, monitoring, and controlling non-local maintenance and diagnostic activities. 2. Procedures are in place that describe the process for allowing the use of non-local maintenance and diagnostic tools consistent with policy and system security plan for the information system includes a documented process. 3. Configuration for the information system's identification and authentication is in place as described in the procedures. 4. Procedures are in place that describes the maintenance process for non-local maintenance and diagnostic recor<� ds. 5. Agency maintains records for all remote maintenance and diagnostic activities and remote sessions are protected with encryption and decryption of communications; strong identification and authentication techniques; and remote disconnect verification. 6. Procedures are in place that describes the process for the termination of all sessions and network connections when local maintenance is completed. 7. System configuration is in place for all sessions and network connections to terminate after non-local maintenance is completed. ~1. Interview agency personnel to determine if the organization approves, controls, monitors, the use of, and maintains on an ongoing basis, information system maintenance tools. 2. Examine system maintenance policy to determine if process is documented for the organization to approve, control, monitor, the use of, and maintains on an ongoing basis, information maintenance tools. 1. Agency schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements. 2. Procedures are in place to describe how the agency controls all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location. 3. Procedures are in place to describe how the agency requires that a designated official explicitly approve the removal of the information system or system components from organizational facilities for off-site maintenance or repairs. 4. Procedures are in place that describe how the agency sanitizes equipment to remove all information from associated media prior to removal from organizational facilities for off-site maintenance or repairs. 5. Agency checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions. �1. System Maintenance Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. System Maintenance Procedures are documented and in place to implement the policy. 3. System Maintenance Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �1. Interview agency personnel to determine if the process for developing and implementing a configuration management plan for the information system is in place. 2. Examine configuration management plan to determine if the document addresses roles, responsibilities, and configuration management process and procedures. 3. Examine configuration management plan to determine if the document defines the configuration items for the information system and if the items are placed under configuration management in the system development life cycle. 4. Examine configuration management plan to determine if the process for establishing the means to identify and manage the configuration items through the system development life cycle is documented. [1. Interview agency personnel to determine if the organization develops, documents, and maintains an inventory of information system component. 2. Examine information system component inventory to determine if it accurately reflects the current information system and is consistent with the authorization boundary of the information system. 3. Examine information system component inventory to determine if the level of granularity is tracked and reported. 4. Examine information system component inventory to determine if it is available for review and audited by designated organizational officials. >1. Interview agency personnel to determine if the organization configures the information system to provide only essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or services to an agency-defined list of prohibited or restricted functions, ports, protocols, and/or services. 2. Examine procedures to determine the process for configuring information system to provide essential capabilities and specifically prohibits or restricts the use of the following functions, ports, protocols, and/or services. Y1. Interview agency personnel to determine if the organization establishes and documents mandatory configuration settings for information technology products employed within the information system using documented security configuration checklists that reflect the most restrictive mode consistent with operational requirements. 2. Interview agency personnel to determine if the organization implements the configuration settings. 3. Examine procedures to determine if the organization identifies, documents, and approves exceptions from the mandatory configuration settings for individual components within the information system based on explicit operational requirements. 4. Interview agency personnel to determine if the organization monitors and controls changes to the configuration settings in accordance with organizational policies and procedures. Y1. Interview agency personnel to determine if the organization analyzes changes to the information system to determine potential security impacts prior to change implementation. 2. Examine procedures to determine the process for analyzing changes to the information system to determine potential security impacts prior to change implementation. �1. Interview agency personnel to determine if a configuration management policy and procedures are in place. 2. Examine procedures to determine the process of controlling configuration changes to the information system. 3. Examine procedures to determine the process of approving configuration-controlled changes to the system with explicit consideration for security impact analysis. 4. Examine configuration changes to determine if the records are retained and reviewed for the information system. 5. Interview agency personnel to determine if the agency coordinates and provides oversight for configuration change control activities through a change control board that convenes periodically. �1. Agency develops, documents, and maintains under configuration control, a current baseline configure of the information system. 2. The baseline configuration includes documented deviations from the baseline configuration. �1. Configuration Management Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Configuration Management Procedures are documented and in place to implement the policy. 3. Configuration Management Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. z1. FTI is replicated to the DR hot site or SAN using an encrypted channel that meets FIPS 140-2 encryption requirements. 6Note: FTI is only required to be encrypted in transit. ;1. The agency identifies an alternate storage site that is used to store backup media containing FTI; 2. The alternate storage site agreements are currently in place, available, accessible, and meets the requirements (including necessary equipment and supplies) to permit the storage of information system backup. ;�DES Checkpoint: The DES will also be testing the agency's system backup process and alternate storage sites. Collaborate with the DES to complete this test. Note: If the agency has not contracted for a dedicated alternate storage site service it is acceptable for them to use their alternate processing site (hot or cold site) as the secondary storage site provided that alternate processing site has adequate geographic separation from the primary processing site. �� 1. The agency defines the set of contingency plan tests and/or exercises, and tests/exercises the contingency plan annually. 2. Testing records document the results of contingency plan testing/exercises. �1. Contingency Planning Policy is documented and addresses purpose, scope, roles, <� responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Contingency Planning Procedures are documented and in place to implement the policy. 3. Contingency Planning Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. z1. The organization appointed a senior information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program. 2. The position description for senior information security officer lists responsibilities to coordinate, developed, implement, and maintain an organization-wide security program. �1. Interview agency personnel to determine if the organization assigns a senior-level executive or manager to the role of authorizing official for the information system. 2. Examine security authorization to determine it ensures that the authorizing official authorizes the information system for processing before commencing operations. 3. Examine security authorization to determine how often it is updated based on agency requirements. �Note: For federal agencies that receive FTI, a NIST compliant C&A is required in accordance with FISMA. For state or local agencies that receive FTI, a third-party accreditation is not required. Instead these agencies may internally attest. n1. Examine the plan of action and milestones (POA&M) corresponding to the last security control assessment. �Note: Since state agencies are not bound by Federal FISMA requirements, C&A documents required by NIST may not be in existence. Reviewer should evaluate agency documents that are similar to C&A artifacts, and shows that system assessment or Safeguard review results have been provided to and signed off by agency management. Refer to MOT document request list for alternate acceptable evidence. Note: For federal agencies that receive FTI, a NIST compliant C&A is required in accordance with FISMA. For state or local agencies that receive FTI, a third-party accreditation is not required. Instead these agencies may internally attest. �� 1. Interview agency personnel to determine if the organization authorizes connections from the information system to other information systems outside the authorization boundary through the use of Interconnection Security Agreements. 2. Examine Interconnection Security Agreements to determine if the organization documents, for each connection, the interface characteristics, security requirements, and the nature of the information communicated. 3. Examine Interconnection Security Agreements to determine if the organization monitors the information system connections on an ongoing basis verifying enforcement of security requirements. �Note: For federal agencies that receive FTI, a NIST compliant C&A is required in accordance with FISMA. For state or local agencies that receive FTI, a third-party accreditation is not required. Instead these agencies may internally attest. �Note: The agency's most recent SRR can be used as evidence to support this control. If available prior to the on-site review, the result of this control test can be pre-populated using the most recent SRR as evidence. Note: For federal agencies that receive FTI, a NIST compliant C&A is required in accordance with FISMA. For state or local agencies that receive FTI, a third-party accreditation is not required. Instead these agencies may internally attest. �� 1. Interview agency personnel to determine if the organization developed a security assessment plan that describes the scope of the assessment including: - Security controls and control enhancements under assessment; - Assessment procedures to be used to determine security control effectiveness; and - Assessment environment, assessment team, and assessment roles and responsibilities 2. Examine the security assessment plan to determine the how often security controls are assessed to determine the extent controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting security requirement for the system. 3. Interview agency personnel to determine if the organization produces a security assessment report that documents the results of the assessment. 4. Interview agency personnel to determine if the organization provides the results of the security control assessment, in writing, to the authorizing official or authorizing official designated representative.�1. Agency developed a security assessment plan that describes the scope of the assessment including: - Security controls and control enhancements under assessment; - Assessment procedures to be used to determine security control effectiveness; and - Assessment environment, assessment team, and assessment roles and responsibilities 2. Security Assessment plan describes the process of accessing the security controls in the information system at an agency defined frequency, at least annually to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with response to meeting security requirement for the system. 3. Agency produced a security assessment report that documented the results of the assessment. 4. Agency provided the results of the security control assessment, in writing, to the authorizing official or authorizing official designated representative. �Note: For federal agencies that receive FTI, a NIST compliant C&A is required in accordance with FISMA. For state or local agencies that receive FTI, a third-party accreditation is not required. Instead these agencies may internally attest. �1. Examine the Security Assessment and Authorization Policy to verify it addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Examine the Security Assessment and Authorization Procedures to verify procedures are in place to implement the policy. 3. Examine the Security Assessment and Authorization Policy and Procedures to verify the agency develops, disseminates, and reviews/updates the policy and procedures annually.�1. Security Assessment and Authorization Policy is documented and addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. 2. Security Assessment and Authorization Procedures is documented and in place to implement the policy. 3. Security Assessment and Authorization Policy and Procedures are documented and verified that the agency develops, disseminates, and reviews/updates the policy and procedures annually. �1. Interview agency personnel to determine if FTI is being used in the development and testing environment. 2. Examine the agency s approved request for use of live FTI in development and test environments. 3. Interview agency personnel to determine if the following control capabilities are in place for the development and test systems with FTI: -Logical Access Controls -Identification and Authentication -Audit and Accountability -Labeling -Encryption of FTI in Transit -Incident response and reporting:1. Interview agency personnel to determine if developers are implementing configuration management procedures to manage control changes during information system design, development, implementation, and operation phases. 2. Examine change control request documentation to verify if configuration management procedures are followed and determine if changes were documented <� and approved. 3. Examine change control request documentation to determine if security flaws are tracked through an automated mechanism and resolved through the lifecycle development process. h1. The agency designs and implements the information system using security engineering principles consistent with NIST SP 800-27, e.g., establish a sound security policy as the foundation of design, ensure developers are trained in how to develop secure software, implement layered security. See NIST 800-27 for a complete list of the security engineering principles. For legacy information systems, the organization applies security engineering principles to system upgrades and modifications, to the extent feasible, given the current state of the hardware, software, and firmware components within the system. �1. The agency enforces explicit rules governing the installation of software by users. The policy identifies what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software that is free only for personal, not government use, and is potentially malicious). The agency regularly reviews/analyzes user installed software for indications of inappropriate or unusual activity. �1. Agency obtains, protects as required, and makes available to authorized personnel, administrator documentation for the information system that describes: - Secure configuration, installation, and operation of the information system; - Effective use and maintenance of security features/functions; and - Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions 2. Agency obtains, protects as required, and makes available to authorized personnel, user documentation for the information system that describes: User-accessible security features/functions and how to effectively use those security features/functions; - Methods for user interaction with the information system, which enables individuals to use the system in a more secure manner; and - User responsibilities in maintaining the security of the information and information system 3. Agency attempts to obtain information system documentation when such documentation is either unavailable or nonexistent. 1. The agency includes the following requirements and/or specifications in information system acquisition contracts: (i) required security capabilities (i.e., security needs and, as necessary, specific security controls and other specific FISMA requirements); (ii) required design and development processes; (iii) required test and evaluation procedures; and (iv) required documentation. The contracts reference IRS Publication 1075 as the source of system security requirements. 2. Information system acquisition contracts based on an assessment of risk includes the following requirements and/or specifications: - Security functional requirements/specifications, - Security-related documentation requirements, - Developmental and evaluation-related assurance requirements 1. The agency manages the system using a system development life cycle methodology that includes information security considerations. 2. The agency uses a system development life cycle that is consistent with NIST Special Publication 800-64 by including the following phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition. Each of these five phases includes a minimum set of security steps to effectively incorporate security into a system during its development. �Note: The agency will either use the general SDLC described in the expected result or will have developed a tailored SDLC that meets their specific needs. In either case, security steps shall be incorporated into the agency's SDLC. 1. The agency includes a determination of information security requirements for the information system in mission/business process planning. 2. Procedures are in place that describe the process for documenting and allocating resources required to protect the information system as part of its capital planning and investment control process. 3. Procedures are in place that describe the process for establishing discrete line item for information security in organizational programming and budgeting information. �1. System security plan has been documented for the information system. 2. System security plan is consistent with the organization's enterprise architecture and defines the authorization boundary for the system. 3. System security plan describes the operational context of the information system in terms of missions and business processes. 4. System security plan provides the security category and impact level of the information system including the support rationale. 5. System security plan describes the operational environments for the information system and relationships with or connections to other information systems. 6. System security plan provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements including a rationale for tailoring and supplemental decisions. 7. System security plan is reviewed and approved by the authorizing official or designated representative prior to plan implementation. �Note: This test only applies if Tumbleweed is currently being used by the agency to receive FTI. If the agency is not currently using Tumbleweed this is a finding, except for Child Support agencies, who are still authorized use of Connect Direct. �1. Interview the consolidated state run data center main IT POC to determine if the facility has any reciprocal relationship with another facility located in or out of the state for disaster recovery purposes such as exchange and storage of backup containing FTI, alternate work site location housing systems with FTI, or system development activities where FTI is used. If yes work with the IRS disclosure enforcement specialist to determine if that other site is authorized and potentially in scope. 1. Interview the consolidated state run data center main IT POC to determine if contractors are involved with the operation of the data center as it pertains to the support of systems maintaining FTI. If yes, determine the extent of the contractors access (what pieces of FTI does the contractor have access to) to each Agency's FTI represented in the consolidated state run data center. Determine with the help of the IRS disclosure enforcement specialist if each contractor access instance is authorized via IRC 6103. �1. Interview the consolidated state run data center main IT POC to determine if FTI from multiple agencies reside on the same devices. If yes, inquire as to how the FTI for each individual agency is being segregated from another agency's FTI. *1. The agency ensures each system within the architecture that receives, processes, stores or transmits FTI to an external customer through the web portal is hardened in accordance with the requirements of Publication 1075. The agency also performs frequent vulnerability testing on those systems. �1. The agency uses at a minimum, a system architecture that is configured as a three-tier architecture with physically separate systems that provide layered security of the FTI and access to the database through the application is limited. [The dashboard is provided to automatically calculate test results from the Test Case tab. The 'Info' status is provided for use by the reviewer during test execution to indicate more information is needed to complete the test. It is not an acceptable final test status, all test cases should be Pass, Fail or N/A at the conclusion of the review.XUpdated SA-6 test for open source software - test ID 13 New AC-17 test case added for multi-factor authentication - test ID 61 New AC-20 test case added - test ID 64 New SA-11 test case for live data testing - test ID 18 New CP-9 test case for live data in DR sites or SANs - test ID 30 Revised Dashboard to calculate overall compliance for PFRTest Case Mapping*The reviewer should clearl<� y identify evidence and/or interviewee information for each applicable test case. The master list of evidence and/or interviewee information shall be maintained on this tab. For documentation evidence, it is the responsibility of the reviewer to document the specific section of the document in the test case results. Interviewee name should be identified in the test case result. Interviewee contact information should be included in the cover tab of this SCSEM. Insert the applicable mapped test cases in the last column.�Formatting tweaks for better printing performance. Clarified requirement for encryption of FTI in transit (various test cases) Added "Offshoring" Test case under AC-17. 1. FTI may not be accessed by agency employees, agents, representatives or contractors located offshore , outside of the United States or its territories. Further, FTI may not be received, stored, processed or disposed via information technology systems located off-shore. �1. Interview agency personnel to determine if the agency has the ability for agency employees, agents, representatives or contractors to have access to FTI from offshore locations.�1. Examine procedures to ensure the agency does not allow employees or contractors to access FTI from non agency-owned devices (including employee owned or contractor owned computers). 2. Examine procedures to determine the process for accessing the information system from the external information systems. 3. Examine procedures to determine the process for processing, storing, and/or transmitting organization-controlled information using the external information systems. �1. Agency does not allow employees or contractors to access the information system using non agency-owned devices. 2. Procedures are in place to describe the process for allowing authorized individuals to access the information system from the external information systems. 3. Procedures are in place to describe the process for allowing authorized individuals to process, store, and/or transmit organization-controlled information using the external information systems. �MFD test cases are contained in a separate Appendix SCSEM. Please refer to IRS_Safeguards_SCSEM_MOT_Release IV_MFD Appendix_v0.2.xls for execution of the MFD Tests.L � �Data Warehouse test cases are contained in a separate Appendix SCSEM. Please refer to IRS_Safeguards_SCSEM_MOT_Release IV_DW Appendix_v0.6.xls for execution of the Data Warehouse tests. W � Backup and Recovery�1. Interview agency personnel to determine if live FTI data is used in disaster recovery environments, e.g., data replicated to a DR hot site or storage area network (SAN)?&DIRECTIONS FOR COLLECTING MOT EVIDENCE Document DateDocument Title�Reviewer to include any supporting evidence to confirm if the test case passed., failed on not applicable As evidence, provide the following information for the following assessment methods: 1. Interview - Name and person providing information. Also provide the date when the information is provided. 2. Examination - Provide the name, title, and date of the document referenced as the evidence. Also provide section number where the pertinent information is resident within the document (if possible). Ensure all supporting evidence to verify the test case passed or failed. If the control is marked as NA, then provide appropriate justification as to why the control is considered NA. 1. The agency is using FTI in the testing environment. 2. The agency submitted a request to the IRS Office of Safeguards and received approval for authority to use live data (FTI) for testing, and has provided a documented explanation of the safeguards in place to protect the data and the necessity for using live data (FTI) during development and testing. 3. The following controls are in place: -Logical Access Controls: Only authorized employees or contractors (if allowed by statute) of the agency receiving the information have access to the system with FTI, and user accounts for the development and test systems are managed according to production system standards for establishing, activating, changing, reviewing, disabling and removing accounts. -Identification and Authentication: The development and test system is configured to uniquely identify users, devices and processes via the assignment of unique user accounts and authentication methods such as passwords, tokens, smart cards, etc. No shared accounts are used. -Audit and Accountability: The development and test systems generate a level of audit records to the extent necessary to capture unauthorized access of FTI by unique users. As part of system testing, the agency should mimic the audit capabilities that will be in place in production to ensure auditing functions properly. -Labeling: If FTI is commingled with other state data in a database or data warehouse, the FTI is labeled at the lowest level where FTI is commingled to identify it as FTI at all times, i.e., at the table level or data element level if data is commingled within tables. -Encryption: All FTI in transit is encrypted when moving across a Wide Area Network (WAN) and within the agency s Local Area Network (LAN). -Incident response and reporting: The agency follows the incident response and reporting procedure used for production systems for any incident involving FTI that occurs on a test or development system. This includes notification to the Office of Safeguards and TIGTA no later than 24 hours after the identification of a possible incident. System testers are trained and aware of the incident response process. The agency s incident response plan specif<� ically references incident reporting for FTI in development and test environments. �� & NY ]j � *1. Agency employs malicious code protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code: - Transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means; or - Inserted through the exploitation of information system vulnerabilities 2. Procedures are in place that describe the process for updating malicious code protection mechanisms including signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures. 3. Procedures are in place that describe the process for configuring malicious code protection mechanisms to: - Perform periodic scans of the information system and real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational security policy; and block malicious code; quarantine malicious code; and alert administrators in response to malicious code detection 4. Procedures are in place that describe the process for addressing the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system. O1. Interview agency personnel to determine if the organization employs malicious code protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code: - Transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means; or - Inserted through the exploitation of information system vulnerabilities 2. Examine procedures to determine the process for updating malicious code protection mechanisms including signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures. 3. Examine procedures to determine the process for configuring malicious code protection mechanisms to: - Perform periodic scans of the information system on and real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational security policy; and block malicious code; quarantine malicious code; and alert administrators in response to malicious code detection. 4. Examine procedures to determine the process for addressing the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system._1. Incident response plan is in place and provides that the organization with a roadmap for implementing its incidents response capability. 2. Incident response plan describes the structure and organization of the incident response capability and provides a high-level approach of how the incident response capability fits into the overall organization. 3. Incident response plan provides metrics for measuring the incident response capability within the organization. 4. Incident response plan defines the resources and management support needed to effectively maintain and mature an incident response capability 5. Incident response plan is reviewed and approved by designated officials within the organization. 6. Incident response plan meets the unique requirements of the agency and defines reportable incidents. 7. Copies of the incident response plans are distributed to appropriate list of incident response personnel. 8. Incident response plan is reviewed on an agency defined frequency, at least annually. 9. Review of the incident response plan is performed and the evidence of review is documented. 10. Incident response plan is revised to address system/organizational changes or problems encountered during plan implementation, execution or testing. 11. Changes to the incident response plan are communicated to a defined-list of incident response personnel. �1. Interview agency personnel to determine if an incident response plan has been established that provides the organization with a roadmap for implementing incident response capability. 2. Examine the incident response plan to determine if the plan documents the structure and organization of the incident response capability and provides a high-level approach of how the incident response capability fits into the overall organization. 3. Examine the incident response plan to determine if the plan provides metrics for measuring the incident response capability within the organization. 4. Examine the incident response plan to determine if the plan defines the resources and management support needed to effectively maintain and mature an incident response capability 5. Examine the incident response plan to determine if the designated officials within the organization reviews and approves the plan. 6. Examine the incident response plan to determine if the plan meets the unique requirements of the agency (mission, size, structure, and functions) and defines reportable incidents. 7. Interview agency personnel to determine if copies of the plan are distributed to a defined-list of incident response personnel. 8. Interview agency personnel to determine how often the incident response plan is reviewed. 9. Examine the incident response plan to determine if the plan was reviewed and the evidence was documented. 10. Interview agency personnel to determine if the incident response plan is revised to address system/organizational changes or problems encountered during plan implementation, execution, or testing. 11. Interview agency personnel to determine if changes to the incident response plan are communicated to a defined-list of incident response personnel.1. Agency manages information system authenticators for users and devices. 2. Procedures are in place that describe the process for verifying, as part of the initial authenticator distribution, the identity of the individual and/or device receiving the authenticator. 3. Procedures are in place that describe the process for establishing initial authenticator content for authenticators defined by the organization. 4. Procedures are in place that describe the process for ensuring that authenticators have sufficient strength of mechanism for their intended use. 5. Procedures are in place that describe the process for establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators. 6. Procedures are in place that describe the process for changing default content of authenticators upon information system installation. 7. Procedures are in place that describe the process for establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators (if appropriate). 8. Procedures are in place that describe the process for changing/refreshing authenticators on an organization-defined time period by authenticator type. 9. Procedures are in place that describe the process for protecting authenticator content from unauthorized disclosure and modification. 10. Procedures are in place that describe the process for requiring users to take, and having devices implement, specific measures to safeguard authenticators. 1. Interview agency personnel to determine if the organization manages information system authenticators for users and devices. 2. Examine procedures to determine the process for verifying, as part of the initial authenticator distribution, the identity of the individual and/or device receiving the authenticator. 3. Examine procedures to determine the process for establishing initial authenticator content for authenticators defined by the organization. 4. Examine procedures to determine the process for ensuring that authenticators have sufficient strength of mechanism for their intended use. 5. Examine procedures to determine the process for establishing and implementing<� administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators. 6. Examine procedures to determine the process for changing default content of authenticators upon information system installation. 7. Examine procedures to determine the process for establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators (if appropriate). 8. Examine procedures to determine the process for changing/refreshing authenticators on an organization-defined time period by authenticator type. 9. Examine procedures to determine the process for protecting authenticator content from unauthorized disclosure and modification. 10. Examine procedures to determine the process for requiring users to take, and having devices implement, specific measures to safeguard authenticators. �The IRS strongly recommends agencies test all SCSEM settings in a development/test environment prior to deploying them in operational environments because in some cases a security setting may �impact a system s functionality and usability. Consequently, it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configuration should match the operational system configuration. Prior to making changes to the production system agencies should back up all critical data files on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary. The IRS welcomes feedback and suggestions from agencies in regard to individual SCSEMs.�Safeguard Computer Security Evaluation Matrix (SCSEM) Management, Operational, and Technical Controls (MOT) Version 1.3 September 28, 2011o)z({*�z-�冃b恍�笮�)�a�@难�>� ��侈�む��2��勭c��S�T�帙�嘃A��Y�扆L��B��[�� V �� ,��88繟3Bs?B�xB��齏L GZ�.\}鑔7lk�Sp~m~�鈥 '�R\�c覍�*�1b�i +�2鄸�"�)X�_� 8�? q�x 瘶� ,�3罊�蠣�G�*嚭j2�碥�涬6�B�� "0!�X+��77歀�鉦膋�v 檢�摡zcc��B�� f2�蓘%乩勁ㄆ d褚MbP?_*+�€%��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� od��LetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d��333333�?333333�?�&�<3U}$ �}��}$ �}� �}�%�} �} $ �% � � � � � � � � � � � � � � � � � � @ � � �� r�� q�� +� �,�0$�(0! �" �# �$ �� !�-� "�."�� "�/"�� "�0� #�+� #�1� #�2� $�+� $�1� $�2��<�>*�鸺� 4黏�( � �4瓞� �4 餽��4�A?��1�览�?��伱IRS Logo�p<�l�]N`�� $Word.Document.8乊��鸶甬 �%O2 �4S餘�€�伱 �Group 2Horizontal Rule"��<� ��] `�~饁B � 4B ��>��?€��Line 3�%O�] `��饇B � 4 �餌��)�?€��Line 4�Z 22�] `>�@�� ##猩陏�寕�K�First.M.Last@xx.xxx嗌陏�寕�K�Nmailto:First.M.Last@xx.xxxyX侓;H�,俔膮'cカ��$$猩陏�寕�K�First.M.Last@xx.xxx嗌陏�寕�K�Nmailto:First.M.Last@xx.xxxyX侓;H�,俔膮'cカgg��D f2�蓘�氃 d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� od��Letter !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghj��klmnopqrstuvwxyz{|}~€PRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d��333333�?333333�?�&�43U}I[�� b(�P餒 �,�0�( � �,>�蔼��蔼�)宸�>翱驰奥糄硚诲蔼<� ��&ffffff�?'ffffff�?(�?)�?�"~333333�?333333�?<��&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発d@<� ��&ffffff�?'ffffff�?(�?)�?�"k333333�?333333�?<��&��靛�5H籇�)� 発43��gg��D f2�蓘#D�{�宾 d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� oXXXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"XXX333333�?333333�?�&�43U}�}�}�}�}�}�# J �� J �� J ��@� U� VW� Ua� VW� Xr� X�� YqZ� Xr� X�� Yq� [s/\�;S��@PassAZC]�-D繢 AD繢 BZ� [s/\ �;@PassAZC] �-D繢 AD繢 B� ^t/\�;S��@FailAZC]�-D繢 AD繢 BZ� ^t/\�;@FailAZC]�-D繢 AD繢 B� �u/\�;S��@InfoAZC]�-D繢 AD繢 BZ� �u/\�;@InfoAZC]�-D繢 AD繢 B� `�.\�;S��@N/AAZC]�-D繢 AD繢 BZ� `�.\�;@N/AAZC]�-D繢 AD繢 B� ^v$_€T@�;S�繟["]�? �D繢 �Z� ^v$_@ �;A["]�?�D繢 �� ^�# a� %��[� b� Z� ^�# a� %�� b�� c�# d€T@� %��i� e� Z� c�# d@� %�� e�� U� VW� Ub� VW� Xr� X�� Yq� Xr� X�� Yq� [s/\�;@PassAZC]�-D繢AD繢B� [s/\�;@PassAZC] �-D繢AD繢B� ^t/\�;@FailAZC]�-D繢AD繢B� ^t/\�;@FailAZC]�-D繢AD繢B� �u/\�;@InfoAZC]�-D繢AD繢B� �u/\�;@InfoAZC]�-D繢AD繢B� `�.\�;@N/AAZC]�-D繢AD繢B� `�.\�;@N/AAZC]�-D繢AD繢B� ^v$_@�;A["]�? �D繢�� ^v$_@�;A["]�?�D繢�� ^�#a� %��[� b�� ^�#a� %�� b�� c�#d@� %�� e�� c�#d@� %�� e�� U� VW� Up� VW� Xr� X�� Yq� Xr� X�� Yq� [s/\�;@PassAZC]�-D繢AD繢B� �s��' ,�,�,,��,�繠C]�-D繢AD繢B� ^t/\�;@FailAZC]�-D繢AD繢B� ^t\�C] �-D繢AD繢B� �u/\�;@InfoAZC]�-D繢AD繢B� �u\�C]�-D繢AD繢B� `�.\�;@N/AAZC]�-D繢AD繢B� `�\�C]�-D繢AD繢B� ^v$_@�;�繟["]�?�D繢 �� ^v\€X@�"]�?�D繢 �� ^�#a� %��[� b�� ^�\�� b��D�l8^��8T��8T'�� !�€�"�@� c�# d@� %�� e�� c� �€X@�� e��!�� "�V�"�� (~�P餒0�(�0�( � �(>�@��@�)宸�>OYW糄硚d@| ��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o`XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"`XX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発d@} ��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o`XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"`XX333333�?333333�?�&��靛�5H籇�)� 発43�� ""��. ��;�€ _A365_HP� S��@Pass��;�€ _A365_HP� S��@Fail��;�€ _A365_HP� S��Info�""""��;�€""_A365_HP� S��@Pass��;�€""_A365_HP� S��@Fail��;�€""_A365_HP� S��Info�!!��;�€!_A365_HP� S��@Pass��;�€!_A365_HP� S��@Fail��;�€!_A365_HP� S��Info��;�€_A365_HP� S��@Pass��;�€_A365_HP� S��@Fail��;�€_A365_HP� S��Info� """"��;�€""_A365_HP� S��@Pass��;�€""_A365_HP� S��@Fail��;�€""_A365_HP� S��Info�""""��;�€""_A365_HP� S��@Pass��;�€""_A365_HP� S��@Fail��;�€""_A365_HP� S��Info� ��;�€ _A365_HP� S��@Pass��;�€ _A365_HP� S��@Fail��;�€ _A365_HP� S��Info��;�€_A365_HP� S��@Pass��;�€_A365_HP� S��@Fail��;�€_A365_HP� S��Info��;�€_A365_HP� S��@Pass��;�€_A365_HP� S��@Fail��;�€_A365_HP� S��Info{+{{+{{+{{+{""{+{""{+{""{+{!{+{!{+{! {+{ {+{{+{{+{"" {+{""{+{""{+{""{+{""{+{""{+{ {+{ {+{ {+{{+{{+{{+{ {+{ {+{ � Sheet2gg��D f2�蓘+z- d褚MbP?_*+�€%��&�?'�?(�?)�?M�Adobe PDF��S飥� od��LetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d��333333�?333333�?�&�43U}$%}�$}�� @�� c� �� Y� �� e� �d� �X�� **�P餒@�$�0�( � �$>�@��"�7gg��D f2�蓘��'7qKi^m檛!|﹥1�箳A�伞Q�侔a�榭q�佒 �戝�◆)��9�I�!Y)�0i8�?yGO塚^檈!m﹖1|梻 d褚MbP?_*+�€%��OL&CIRS Safeguards Management, Operational and Technical Controls (MOT) SCSEM&CPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S飥� o8XXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"8XX333333�?333333�?�&�43U}mM}M}IN}�O}I3K}�*O}� �} ��} ��}$ K��ss;s�€fs�€�s�s�s�s�s� s� s� s� s� s� s�s�s�� €� �� J� �� K� ��SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSr~ ��?� �� R� �d� �� ~ �@� T�� T�� TS� T�� ~ �@� T�� T�� T� T3� �� ^� �� ~ �@� T�� T� T� Te� �� ~ �@� T�� T� T � T�� O� �� ~ �@� T�� T� T!� T�� ~ �@� T�� T� T"� T�� ~ � @� T�� T�� TT� Tf� �� ~ �"@� T�� T�� TU� T�� N� �� ~ �$@� T�� T�� TV� T�� L� �� M~ �&@� T�� T�� Tc� T�� K�� ~ �(@� T�� T�� T#� T�� =� �� J� �� ~ �*@� T�� T�� T%� T�� r� �s�� ~ �,@� T�� T�� T&� T�� <�� I�� ~ �.@� T�� T�� T'� T�� H�� ~ �0@� T�� T�� T�� T�� G� �&�� ~ �1@� T�� T�� T+� T�� l� �m�� ~ �2@� T�� T�� T+� Tk� �� F� �j�� ~ �3@� T�� T�� T(� T�� D� �E� �� C~ �4@� T�� T�� T)� T�� A� �B� �� @~ �5@� T�� T�� T*� T�� >� �� ?~ �6@� T�� T�� T,� Tg� �� <� �G� �� =~ �7@� T�� T�� T-� T�� :� �!� �� ;~ �8@� T�� T�� T.� T�� F� �;�� ~ �9@� T�� T�� T�� T�� 9�� ~ �:@� T�� T�� T]� Th� �� 8�� ~ �;@� T�� T�� T� T�� "� �#�� ~ �<@� T�� T�� T � T�� 7� �7�� ~ �=@� T�� T�� T�� T�� 8� �5� �� 6~ �>@� T�� T�� T�� Ta� �=� �b� �3� �� 4�D�l,t€€€€�€€€€�€€€€€€€€��€€€€€� � !�"�#�$� %�&�'� (�)�*�+�,�-�.� /�0�1�2�3�4�5�6�7�8�9� :�;�<��=�>�?�~ �?@� T�� T�� T � Ti� �� 2� �� ~ !�@@� !T�� !T�� !T� !T�� !�� !�� !�1�!�� ~ "�€@@� "T�� "T�� "T� "T�� "�� "�0� "�_�"�� ~ #�A@� #T�� #T�� #T � #T�� #�� #�/� #��#�� ~ $�€A@� $T�� $T�� $T�� $T�� $�� $�� $��$�� ~ %�B@� %T�� %T�� %T�� %T�� %�{� %�.� %�$�%�� ~ &�€B@� &T�� &T�� &T�� &T�� &�� &�-� &�%�&�� ~ '�C@� 'T�� 'T�� 'T�� 'T�� '�� '�,� '�&�'�� ~ (�€C@� (T�� (T�� (Tu� (Tv� (�� (�+� (�%�(�� ~ )�D@� )T�� )TN� )T�� )Tj� )�� )�� )�*�)�� ~ *�€D@� *T�� *TN� *T�� *TM� *�� *�� *�)�*�� ~ +�E@� +T�� +TN� +T�� +T�� +�� +�(� +��+�� ~ ,�€E@� ,T�� ,TN� ,T�� ,T�� ,�� ,�� ,�'�,�� ~ -�F@� -T�� -TN� -T�� -TO� -�� -�� -��-�� ~ .�€F@� .T�� .T�� .T� .Tk� .�� .�� .��.�� ~ /�G@� /T�� /T�� /T� /TP� /�� /�l� /�k�/�� ~ 0�€G@� 0T�� 0T�� 0T� 0T�� 0�� 0�� 0��0�� ~ 1�H@� 1T�� 1T�� 1T� 1T�� 1�� 1�� 1��1�� ~ 2�€H@� 2T�� 2T�� 2Ty� 2Tz� 2�{� 2�� 2��2�� ~ 3�I@� 3T�� 3T�� 3T�� 3TQ� 3�� 3�� 3��3�� ~ 4�€I@� 4T�� 4T�� 4T� 4T�� 4�� 4�� 4� � 4�� 4 �~ 5�J@� 5T�� 5T�� 5T�� 5T�� 5�� 5�� 5�� 5�� 5 �~ 6�€J@� 6T�� 6T�� 6Tw� 6Tx� 6�� 6�n� 6�m�6�� ~ 7�K@� 7T�� 7T�� 7T� 7T�� 7�� 7�~� 7�^� 7�� 7 ��~ 8�€K@� 8T�� 8T�� 8T�� 8T�� 8�� 8�� 8�� 8�� 8 ��~ 9�L@� 9T�� 9T�� 9T� 9Tl� 9�� 9�� 9��9�� ~ :�€L@� :T�� :T�� :T�� :T�� :�� :�'� :� �:�� ~ ;�M@� ;T�� ;T�� ;T�� ;T�� ;�� ;�p� ;�o�;�� ~ <��€M@� <�T�� <�T�� <�T� <�Tm� <�� <�� <�� <�� ~ =�N@� =�� =�� =�� =�D� =�=� =�� =�n�=�� ~ >�€N@� >T�� >T�� >T_� >T`� >�� >�E� >��>�� ~ ?�O@� ?T�� ?T�� ?T_� ?Tq� ?�� ?�o� ?��?�� D�l€€€€€€€€€€€€€€€€€€€€��€��€€€€€€@�A�B�C�D�E� F�G�H� I� J� K�L� M�N�O�P�Q� R�S�T�U�V�W�X�Y�Z�[�\�]�^�_�~ @�€O@� @T�� @T_� @T_� @T�� @�� @�\� @�[�@�� ~ A�P@� AT�� AT�� AT�� AT@� A�� A�� A��A�� ~ B�@P@� BT�� BT�� BT�� BTA� B�� B�� B��B�� ~ C�€P@� CT�� CT�� CT�� CT�� C�� C�]� C�^�C�� ~ D�繮@� DT�� DT�� DT�� DT�� D�=� D�� D�� D�� D �~ E�Q@� ET�� ET�� ET� ETn� E�� E�� E��E�� ~ F�@Q@� FT�� FT�� FT�� FT�� F�{� F�� F��F�� ~ G�€Q@� GT�� GT�� GT� GT�� G�� G�I� G��G�� ~ H�繯@� HT�� HT�� HT�� HTo� H�� H�H� H��H�� ~ I�R@� IT�� IT�� IT� ITp� I�� I�� I��I�� ~ J�@R@� JT�� JT�� JT�� JT�� J�� J�� J��J�� ~ K�€R@� KT�� KT�� KT�� KT� K�� K�w� K��K�� ~ L�繰@� LT�� LT�� LT�� LT5� L�=� L�x� L��L�� ~ M�S@� M�� M�� M�d� M�c� M�{� M�H� M�I�M�� ~ N�@S@� NT�� NT�� NT�� NT/� N�� N�y� N�� N�� N ��~ O�€S@� OT�� OT�� OT�� OT�� O�� O�� O��O�� ~ P�繱@� PT�� PT�� PT�� PT2� P�� P�z� P�9�P�� ~ Q�T@� QT�� QT�� QT�� QT0� Q�� Q�{� Q�:�Q�� ~ R�@T@� RT�� RT�� RT�� RT1� R�� R�|� R��R�� ~ S�€T@� ST�� ST�� ST(� ST`� S�� S�)� S��S�� TKKKKKK�TK�� UKKKKKK�UK�� VKKKKKK�VK�O �WKKKKKK�WK�O �XKKKKKK�XK�O �YKKKKKK�YK�O �ZKKKKKK�ZK�O �[KKKKKK�[K�O �\KKKKKK�\K�O �]KKKKKK�]K�O �^KKKKKK�^K�O �_KKKKKK�_K�O �D`l€€€€�€€€€€€€€€�€€€€€&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`K�O �aKKKKKK�aK�O �bKKKKKK�bK�O �cKKKKKK�cK�O �dKKKKKK�dK�O �eKKKKKK�eK�O �fKKKKKK�fK�O �gKKKKKK�gK�O �hKKKKKK�hK�O �iKKKKKK�iK�O �jKKKKKK�jK�O �kKKKKKK�kK�O �lKKKKKK�lK�O �mKKKKKK�mK�O �nKKKKKK�nK�O �oKKKKKK�oK�O �pKKKKKK�pK�O �qKKKKKK�qK�O �rKKKKKK�rK�O �sKKKKKK�sK�O �tKKKKKK�tK�O �uKKKKKK�uK�O �vKKKKKK�vK�O �wKKKKKK�wK�O �xKKKKKK�xK�O �yKKKKKK�yK�O �zKKKKKK�zK�O �{KKKKKK�{K�O �|KKKKKK�|K�O �}KKKKKK�}K�O �~KKKKKK�~K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� K�O �!KKKKKK�!K�O �"KKKKKK�"K�O �#KKKKKK�#K�O �$KKKKKK�$K�O �%KKKKKK�%K�O �&KKKKKK�&K�O �'KKKKKK�'K�O �(KKKKKK�(K�O �)KKKKKK�)K�O �*KKKKKK�*K�O �+KKKKKK�+K�O �,KKKKKK�,K�O �-KKKKKK�-K�O �.KKKKKK�.K�O �/KKKKKK�/K�O �0KKKKKK�0K�O �1KKKKKK�1K�O �2KKKKKK�2K�O �3KKKKKK�3K�O �4KKKKKK�4K�O �5KKKKKK�5K�O �6KKKKKK�6K�O �7KKKKKK�7K�O �8KKKKKK�8K�O �9KKKKKK�9K�O �:KKKKKK�:K�O �;KKKKKK�;K�O �<KKKKKK�<K�O �=KKKKKK�=K�O �>KKKKKK�>K�O �?KKKKKK�?K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@K�O �AKKKKKK�AK�O �BKKKKKK�BK�O �CKKKKKK�CK�O �DKKKKKK�DK�O �EKKKKKK�EK�O �FKKKKKK�FK�O �GKKKKKK�GK�O �HKKKKKK�HK�O �IKKKKKK�IK�O �JKKKKKK�JK�O �KKKKKKK�KK�O �LKKKKKK�LK�O �MKKKKKK�MK�O �NKKKKKK�NK�O �OKKKKKK�OK�O �PKKKKKK�PK�O �QKKKKKK�QK�O �RKKKKKK�RK�O �SKKKKKK�SK�O �TKKKKKK�TK�O �UKKKKKK�UK�O �VKKKKKK�VK�O �WKKKKKK�WK�O �XKKKKKK�XK�O �YKKKKKK�YK�O �ZKKKKKK�ZK�O �[KKKKKK�[K�O �\KKKKKK�\K�O �]KKKKKK�]K�O �^KKKKKK�^K�O �_KKKKKK�_K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`K�O �aKKKKKK�aK�O �bKKKKKK�bK�O �cKKKKKK�cK�O �dKKKKKK�dK�O �eKKKKKK�eK�O �fKKKKKK�fK�O �gKKKKKK�gK�O �hKKKKKK�hK�O �iKKKKKK�iK�O �jKKKKKK�jK�O �kKKKKKK�kK�O �lKKKKKK�lK�O �mKKKKKK�mK�O �nKKKKKK�nK�O �oKKKKKK�oK�O �pKKKKKK�pK�O �qKKKKKK�qK�O �rKKKKKK�rK�O �sKKKKKK�sK�O �tKKKKKK�tK�O �uKKKKKK�uK�O �vKKKKKK�vK�O �wKKKKKK�wK�O �xKKKKKK�xK�O �yKKKKKK�yK�O �zKKKKKK�zK�O �{KKKKKK�{K�O �|KKKKKK�|K�O �}KKKKKK�}K�O �~KKKKKK�~K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&��&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� K�O �!KKKKKK�!K�O �"KKKKKK�"K�O �#KKKKKK�#K�O �$KKKKKK�$K�O �%KKKKKK�%K�O �&KKKKKK�&K�O �'KKKKKK�'K�O �(KKKKKK�(K�O �)KKKKKK�)K�O �*KKKKKK�*K�O �+KKKKKK�+K�O �,KKKKKK�,K�O �-KKKKKK�-K�O �.KKKKKK�.K�O �/KKKKKK�/K�O �0KKKKKK�0K�O �1KKKKKK�1K�O �2KKKKKK�2K�O �3KKKKKK�3K�O �4KKKKKK�4K�O �5KKKKKK�5K�O �6KKKKKK�6K�O �7KKKKKK�7K�O �8KKKKKK�8K�O �9KKKKKK�9K�O �:KKKKKK�:K�O �;KKKKKK�;K�O �<KKKKKK�<K�O �=KKKKKK�=K�O �>KKKKKK�>K�O �?KKKKKK�?K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@K�O �AKKKKKK�AK�O �BKKKKKK�BK�O �CKKKKKK�CK�O �DKKKKKK�DK�O �EKKKKKK�EK�O �FKKKKKK�FK�O �GKKKKKK�GK�O �HKKKKKK�HK�O �IKKKKKK�IK�O �JKKKKKK�JK�O �KKKKKKK�KK�O �LKKKKKK�LK�O �MKKKKKK�MK�O �NKKKKKK�NK�O �OKKKKKK�OK�O �PKKKKKK�PK�O �QKKKKKK�QK�O �RKKKKKK�RK�O �SKKKKKK�SK�O �TKKKKKK�TK�O �UKKKKKK�UK�O �VKKKKKK�VK�O �WKKKKKK�WK�O �XKKKKKK�XK�O �YKKKKKK�YK�O �ZKKKKKK�ZK�O �[KKKKKK�[K�O �\KKKKKK�\K�O �]KKKKKK�]K�O �^KKKKKK�^K�O �_KKKKKK�_K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`K�O �aKKKKKK�aK�O �bKKKKKK�bK�O �cKKKKKK�cK�O �dKKKKKK�dK�O �eKKKKKK�eK�O �fKKKKKK�fK�O �gKKKKKK�gK�O �hKKKKKK�hK�O �iKKKKKK�iK�O �jKKKKKK�jK�O �kKKKKKK�kK�O �lKKKKKK�lK�O �mKKKKKK�mK�O �nKKKKKK�nK�O �oKKKKKK�oK�O �pKKKKKK�pK�O �qKKKKKK�qK�O �rKKKKKK�rK�O �sKKKKKK�sK�O �tKKKKKK�tK�O �uKKKKKK�uK�O �vKKKKKK�vK�O �wKKKKKK�wK�O �xKKKKKK�xK�O �yKKKKKK�yK�O �zKKKKKK�zK�O �{KKKKKK�{K�O �|KKKKKK�|K�O �}KKKKKK�}K�O �~KKKKKK�~K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� K�O �!KKKKKK�!K�O �"KKKKKK�"K�O �#KKKKKK�#K�O �$KKKKKK�$K�O �%KKKKKK�%K�O �&KKKKKK�&K�O �'KKKKKK�'K�O �(KKKKKK�(K�O �)KKKKKK�)K�O �*KKKKKK�*K�O �+KKKKKK�+K�O �,KKKKKK�,K�O �-KKKKKK�-K�O �.KKKKKK�.K�O �/KKKKKK�/K�O �0KKKKKK�0K�O �1KKKKKK�1K�O �2KKKKKK�2K�O �3KKKKKK�3K�O �4KKKKKK�4K�O �5KKKKKK�5K�O �6KKKKKK�6K�O �7KKKKKK�7K�O �8KKKKKK�8K�O �9KKKKKK�9K�O �:KKKKKK�:K�O �;KKKKKK�;K�O �<KKKKKK�<K�O �=KKKKKK�=K�O �>KKKKKK�>K�O �?KKKKKK�?K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@K�O �AKKKKKK�AK�O �BKKKKKK�BK�O �CKKKKKK�CK�O �DKKKKKK�DK�O �EKKKKKK�EK�O �FKKKKKK�FK�O �GKKKKKK�GK�O �HKKKKKK�HK�O �IKKKKKK�IK�O �JKKKKKK�JK�O �KKKKKKK�KK�O �LKKKKKK�LK�O �MKKKKKK�MK�O �NKKKKKK�NK�O �OKKKKKK�OK�O �PKKKKKK�PK�O �QKKKKKK�QK�O �RKKKKKK�RK�O �SKKKKKK�SK�O �TKKKKKK�TK�O �UKKKKKK�UK�O �VKKKKKK�VK�O �WKKKKKK�WK�O �XKKKKKK�XK�O �YKKKKKK�YK�O �ZKKKKKK�ZK�O �[KKKKKK�[K�O �\KKKKKK�\K�O �]KKKKKK�]K�O �^KKKKKK�^K�O �_KKKKKK�_K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`K�O �aKKKKKK�aK�O �bKKKKKK�bK�O �cKKKKKK�cK�O �dKKKKKK�dK�O �eKKKKKK�eK�O �fKKKKKK�fK�O �gKKKKKK�gK�O �hKKKKKK�hK�O �iKKKKKK�iK�O �jKKKKKK�jK�O �kKKKKKK�kK�O �lKKKKKK�lK�O �mKKKKKK�mK�O �nKKKKKK�nK�O �oKKKKKK�oK�O �pKKKKKK�pK�O �qKKKKKK�qK�O �rKKKKKK�rK�O �sKKKKKK�sK�O �tKKKKKK�tK�O �uKKKKKK�uK�O �vKKKKKK�vK�O �wKKKKKK�wK�O �xKKKKKK�xK�O �yKKKKKK�yK�O �zKKKKKK�zK�O �{KKKKKK�{K�O �|KKKKKK�|K�O �}KKKKKK�}K�O �~KKKKKK�~K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O � KKKKKK� K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� K�O �!KKKKKK�!K�O �"KKKKKK�"K�O �#KKKKKK�#K�O �$KKKKKK�$K�O �%KKKKKK�%K�O �&KKKKKK�&K�O �'KKKKKK�'K�O �(KKKKKK�(K�O �)KKKKKK�)K�O �*KKKKKK�*K�O �+KKKKKK�+K�O �,KKKKKK�,K�O �-KKKKKK�-K�O �.KKKKKK�.K�O �/KKKKKK�/K�O �0KKKKKK�0K�O �1KKKKKK�1K�O �2KKKKKK�2K�O �3KKKKKK�3K�O �4KKKKKK�4K�O �5KKKKKK�5K�O �6KKKKKK�6K�O �7KKKKKK�7K�O �8KKKKKK�8K�O �9KKKKKK�9K�O �:KKKKKK�:K�O �;KKKKKK�;K�O �<KKKKKK�<K�O �=KKKKKK�=K�O �>KKKKKK�>K�O �?KKKKKK�?K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@K�O �AKKKKKK�AK�O �BKKKKKK�BK�O �CKKKKKK�CK�O �DKKKKKK�DK�O �EKKKKKK�EK�O �FKKKKKK�FK�O �GKKKKKK�GK�O �HKKKKKK�HK�O �IKKKKKK�IK�O �JKKKKKK�JK�O �KKKKKKK�KK�O �LKKKKKK�LK�O �MKKKKKK�MK�O �NKKKKKK�NK�O �OKKKKKK�OK�O �PKKKKKK�PK�O �QKKKKKK�QK�O �RKKKKKK�RK�O �SKKKKKK�SK�O �TKKKKKK�TK�O �UKKKKKK�UK�O �VKKKKKK�VK�O �WKKKKKK�WK�O �XKKKKKK�XK�O �YKKKKKK�YK�O �ZKKKKKK�ZK�O �[KKKKKK�[K�O �\KKKKKK�\K�O �]KKKKKK�]K�O �^KKKKKK�^K�O �_KKKKKK�_K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`K�O �aKKKKKK�aK�O �bKKKKKK�bK�O �cKKKKKK�cK�O �dKKKKKK�dK�O �eKKKKKK�eK�O �fKKKKKK�fK�O �gKKKKKK�gK�O �hKKKKKK�hK�O �iKKKKKK�iK�O �jKKKKKK�jK�O �kKKKKKK�kK�O �lKKKKKK�lK�O �mKKKKKK�mK�O �nKKKKKK�nK�O �oKKKKKK�oK�O �pKKKKKK�pK�O �qKKKKKK�qK�O �rKKKKKK�rK�O �sKKKKKK�sK�O �tKKKKKK�tK�O �uKKKKKK�uK�O �vKKKKKK�vK�O �wKKKKKK�wK�O �xKKKKKK�xK�O �yKKKKKK�yK�O �zKKKKKK�zK�O �{KKKKKK�{K�O �|KKKKKK�|K�O �}KKKKKK�}K�O �~KKKKKK�~K�O �KKKKKK�K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O ��KKKKKK��K�O �:&&&&&&&&&&&&&&&&&&&&&&&&&&��&P�6��( � �餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F !d ��Z餜� �! C��]F!!d ��Z餜� �" C�� ]F"!d ��Z餜� �# C�� ]F#!d ��Z餜� �$ C�� ]F$!d �>�@P��A ��@�)宸�>OYW糄硚R@|� �?��OL&CIRS Safeguards Management, Operational and Technical Controls (MOT) SCSEM&CPage &P of &N��&�?'�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o2XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"2dXX�?�?�&��)宸�>OYW糄硚��@�靛�5H籇�)� 発R@}� �?��OL&CIRS Safeguards Management, Operational and Technical Controls (MOT) SCSEM&CPage &P of &N��&�?'�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o2XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"2dXX�?�?�&��靛�5H籇�)� 発��I.. "# !))EF7799GIII<�? 8@�N>��;�€�L€'J@@A' " B�****�N>��;�€�L��€'JA' " B�nFEF "# !))..<�? @@�N>��;�€�L€'JA' " B� ****�N>��;�€�L��€'JA' " B� SS��;�€@Pass��;�€@Fail��;�€�Info{+{I{+{**{+{F{+{**{+{S{+{S{+{S��y�Input Error5Please enter an accepted value: Pass, Fail, N/A, InfoPassFailN/AInfoNS� Sheet3gg��D f2�蓘��%�吖g�锶w��囘�楊�/�?�O#�*_2�9oA鱄PX廮g焠'v瘆7�繉G�蠜W�擢g�锕w��熛 d褚MbP?_*+�€%��OL&CIRS Safeguards Management, Operational and Technical Controls (MOT) SCSEM&CPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S飥� o8XXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"8XX333333�?333333�?�&�43U}mM}M}IN}�O}I3K}�*O}� O} �R} �K}$ K� �ss;s�€fs� s� s� s� s�€Ls� s�€Q s�€Q s�€Qs�s� s�s�s� � � � � � � � � � � � � � � � �� €� �� J� �� K� ��SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSr� �7� �� 5� �� }� �� P� �8� T�� T�� T�� T5� T�� 4� �� P� �9� T�� T�� T6� T*� T�� t� �� P� �:� T�� T�� T*� T�� T�� 5� �6� �� P� �;� T�� T�� 3� T?� �>� �4� �� P� �<� T�� T�� 3� T=� �f� �g� �� P�MMMMPO�OOO � MMMMPO� OOO � MMMMPO� OOO O O O O O O O O O�KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �D� l,t��&&& &&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �<� �= �> �? �� KKKKKK� KKO �!KKKKKK�!KKO �"KKKKKK�"KKO �#KKKKKK�#KKO �$KKKKKK�$KKO �%KKKKKK�%KKO �&KKKKKK�&KKO �'KKKKKK�'KKO �(KKKKKK�(KKO �)KKKKKK�)KKO �*KKKKKK�*KKO �+KKKKKK�+KKO �,KKKKKK�,KKO �-KKKKKK�-KKO �.KKKKKK�.KKO �/KKKKKK�/KKO �0KKKKKK�0KKO �1KKKKKK�1KKO �2KKKKKK�2KKO �3KKKKKK�3KKO �4KKKKKK�4KKO �5KKKKKK�5KKO �6KKKKKK !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijl��mnopqrstuvwxyz{|}~€�6KKO �7KKKKKK�7KKO �8KKKKKK�8KKO �9KKKKKK�9KKO �:KKKKKK�:KKO �;KKKKKK�;KKO �<�KKKKKK�<�KKO �=KKKKKK�=KKO �>KKKKKK�>KKO �?KKKKKK�?KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@KKO �AKKKKKK�AKKO �BKKKKKK�BKKO �CKKKKKK�CKKO �DKKKKKK�DKKO �EKKKKKK�EKKO �FKKKKKK�FKKO �GKKKKKK�GKKO �HKKKKKK�HKKO �IKKKKKK�IKKO �JKKKKKK�JKKO �KKKKKKK�KKKO �LKKKKKK�LKKO �MKKKKKK�MKKO �NKKKKKK�NKKO �OKKKKKK�OKKO �PKKKKKK�PKKO �QKKKKKK�QKKO �RKKKKKK�RKKO �SKKKKKK�SKKO �TKKKKKK�TKKO �UKKKKKK�UKKO �VKKKKKK�VKKO �WKKKKKK�WKKO �XKKKKKK�XKKO �YKKKKKK�YKKO �ZKKKKKK�ZKKO �[KKKKKK�[KKO �\KKKKKK�\KKO �]KKKKKK�]KKO �^KKKKKK�^KKO �_KKKKKK�_KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`KKO �aKKKKKK�aKKO �bKKKKKK�bKKO �cKKKKKK�cKKO �dKKKKKK�dKKO �eKKKKKK�eKKO �fKKKKKK�fKKO �gKKKKKK�gKKO �hKKKKKK�hKKO �iKKKKKK�iKKO �jKKKKKK�jKKO �kKKKKKK�kKKO �lKKKKKK�lKKO �mKKKKKK�mKKO �nKKKKKK�nKKO �oKKKKKK�oKKO �pKKKKKK�pKKO �qKKKKKK�qKKO �rKKKKKK�rKKO �sKKKKKK�sKKO �tKKKKKK�tKKO �uKKKKKK�uKKO �vKKKKKK�vKKO �wKKKKKK�wKKO �xKKKKKK�xKKO �yKKKKKK�yKKO �zKKKKKK�zKKO �{KKKKKK�{KKO �|KKKKKK�|KKO �}KKKKKK�}KKO �~KKKKKK�~KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� KKO �!KKKKKK�!KKO �"KKKKKK�"KKO �#KKKKKK�#KKO �$KKKKKK�$KKO �%KKKKKK�%KKO �&KKKKKK�&KKO �'KKKKKK�'KKO �(KKKKKK�(KKO �)KKKKKK�)KKO �*KKKKKK�*KKO �+KKKKKK�+KKO �,KKKKKK�,KKO �-KKKKKK�-KKO �.KKKKKK�.KKO �/KKKKKK�/KKO �0KKKKKK�0KKO �1KKKKKK�1KKO �2KKKKKK�2KKO �3KKKKKK�3KKO �4KKKKKK�4KKO �5KKKKKK�5KKO �6KKKKKK�6KKO �7KKKKKK�7KKO �8KKKKKK�8KKO �9KKKKKK�9KKO �:KKKKKK�:KKO �;KKKKKK�;KKO �<KKKKKK�<KKO �=KKKKKK�=KKO �>KKKKKK�>KKO �?KKKKKK�?KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@KKO �AKKKKKK�AKKO �BKKKKKK�BKKO �CKKKKKK�CKKO �DKKKKKK�DKKO �EKKKKKK�EKKO �FKKKKKK�FKKO �GKKKKKK�GKKO �HKKKKKK�HKKO �IKKKKKK�IKKO �JKKKKKK�JKKO �KKKKKKK�KKKO �LKKKKKK�LKKO �MKKKKKK�MKKO �NKKKKKK�NKKO �OKKKKKK�OKKO �PKKKKKK�PKKO �QKKKKKK�QKKO �RKKKKKK�RKKO �SKKKKKK�SKKO �TKKKKKK�TKKO �UKKKKKK�UKKO �VKKKKKK�VKKO �WKKKKKK�WKKO �XKKKKKK�XKKO �YKKKKKK�YKKO �ZKKKKKK�ZKKO �[KKKKKK�[KKO �\KKKKKK�\KKO �]KKKKKK�]KKO �^KKKKKK�^KKO �_KKKKKK�_KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`KKO �aKKKKKK�aKKO �bKKKKKK�bKKO �cKKKKKK�cKKO �dKKKKKK�dKKO �eKKKKKK�eKKO �fKKKKKK�fKKO �gKKKKKK�gKKO �hKKKKKK�hKKO �iKKKKKK�iKKO �jKKKKKK�jKKO �kKKKKKK�kKKO �lKKKKKK�lKKO �mKKKKKK�mKKO �nKKKKKK�nKKO �oKKKKKK�oKKO �pKKKKKK�pKKO �qKKKKKK�qKKO �rKKKKKK�rKKO �sKKKKKK�sKKO �tKKKKKK�tKKO �uKKKKKK�uKKO �vKKKKKK�vKKO �wKKKKKK�wKKO �xKKKKKK�xKKO �yKKKKKK�yKKO �zKKKKKK�zKKO �{KKKKKK�{KKO �|KKKKKK�|KKO �}KKKKKK�}KKO �~KKKKKK�~KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� KKO �!KKKKKK�!KKO �"KKKKKK�"KKO �#KKKKKK�#KKO �$KKKKKK�$KKO �%KKKKKK�%KKO �&KKKKKK�&KKO �'KKKKKK�'KKO �(KKKKKK�(KKO �)KKKKKK�)KKO �*KKKKKK�*KKO �+KKKKKK�+KKO �,KKKKKK�,KKO �-KKKKKK�-KKO �.KKKKKK�.KKO �/KKKKKK�/KKO �0KKKKKK�0KKO �1KKKKKK�1KKO �2KKKKKK�2KKO �3KKKKKK�3KKO �4KKKKKK�4KKO �5KKKKKK�5KKO �6KKKKKK�6KKO �7KKKKKK�7KKO �8KKKKKK�8KKO �9KKKKKK�9KKO �:KKKKKK�:KKO �;KKKKKK�;KKO �<KKKKKK�<KKO �=KKKKKK�=KKO �>KKKKKK�>KKO �?KKKKKK�?KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@KKO �AKKKKKK�AKKO �BKKKKKK�BKKO �CKKKKKK�CKKO �DKKKKKK�DKKO �EKKKKKK�EKKO �FKKKKKK�FKKO �GKKKKKK�GKKO �HKKKKKK�HKKO �IKKKKKK�IKKO �JKKKKKK�JKKO �KKKKKKK�KKKO �LKKKKKK�LKKO �MKKKKKK�MKKO �NKKKKKK�NKKO �OKKKKKK�OKKO �PKKKKKK�PKKO �QKKKKKK�QKKO �RKKKKKK�RKKO �SKKKKKK�SKKO �TKKKKKK�TKKO �UKKKKKK�UKKO �VKKKKKK�VKKO �WKKKKKK�WKKO �XKKKKKK�XKKO �YKKKKKK�YKKO �ZKKKKKK�ZKKO �[KKKKKK�[KKO �\KKKKKK�\KKO �]KKKKKK�]KKO �^KKKKKK�^KKO �_KKKKKK�_KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`KKO �aKKKKKK�aKKO �bKKKKKK�bKKO �cKKKKKK�cKKO �dKKKKKK�dKKO �eKKKKKK�eKKO �fKKKKKK�fKKO �gKKKKKK�gKKO �hKKKKKK�hKKO �iKKKKKK�iKKO �jKKKKKK�jKKO �kKKKKKK�kKKO �lKKKKKK�lKKO �mKKKKKK�mKKO �nKKKKKK�nKKO �oKKKKKK�oKKO �pKKKKKK�pKKO �qKKKKKK�qKKO �rKKKKKK�rKKO �sKKKKKK�sKKO �tKKKKKK�tKKO �uKKKKKK�uKKO �vKKKKKK�vKKO �wKKKKKK�wKKO �xKKKKKK�xKKO �yKKKKKK�yKKO �zKKKKKK�zKKO �{KKKKKK�{KKO �|KKKKKK�|KKO �}KKKKKK�}KKO �~KKKKKK�~KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� KKO �!KKKKKK�!KKO �"KKKKKK�"KKO �#KKKKKK�#KKO �$KKKKKK�$KKO �%KKKKKK�%KKO �&KKKKKK�&KKO �'KKKKKK�'KKO �(KKKKKK�(KKO �)KKKKKK�)KKO �*KKKKKK�*KKO �+KKKKKK�+KKO �,KKKKKK�,KKO �-KKKKKK�-KKO �.KKKKKK�.KKO �/KKKKKK�/KKO �0KKKKKK�0KKO �1KKKKKK�1KKO �2KKKKKK�2KKO �3KKKKKK�3KKO �4KKKKKK�4KKO �5KKKKKK�5KKO �6KKKKKK�6KKO �7KKKKKK�7KKO �8KKKKKK�8KKO �9KKKKKK�9KKO �:KKKKKK�:KKO �;KKKKKK�;KKO �<KKKKKK�<KKO �=KKKKKK�=KKO �>KKKKKK�>KKO �?KKKKKK�?KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@KKO �AKKKKKK�AKKO �BKKKKKK�BKKO �CKKKKKK�CKKO �DKKKKKK�DKKO �EKKKKKK�EKKO �FKKKKKK�FKKO �GKKKKKK�GKKO �HKKKKKK�HKKO �IKKKKKK�IKKO �JKKKKKK�JKKO �KKKKKKK�KKKO �LKKKKKK�LKKO �MKKKKKK�MKKO �NKKKKKK�NKKO �OKKKKKK�OKKO �PKKKKKK�PKKO �QKKKKKK�QKKO �RKKKKKK�RKKO �SKKKKKK�SKKO �TKKKKKK�TKKO �UKKKKKK�UKKO �VKKKKKK�VKKO �WKKKKKK�WKKO �XKKKKKK�XKKO �YKKKKKK�YKKO �ZKKKKKK�ZKKO �[KKKKKK�[KKO �\KKKKKK�\KKO �]KKKKKK�]KKO �^KKKKKK�^KKO �_KKKKKK�_KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`KKO �aKKKKKK�aKKO �bKKKKKK�bKKO �cKKKKKK�cKKO �dKKKKKK�dKKO �eKKKKKK�eKKO �fKKKKKK�fKKO �gKKKKKK�gKKO �hKKKKKK�hKKO �iKKKKKK�iKKO �jKKKKKK�jKKO �kKKKKKK�kKKO �lKKKKKK�lKKO �mKKKKKK�mKKO �nKKKKKK�nKKO �oKKKKKK�oKKO �pKKKKKK�pKKO �qKKKKKK�qKKO �rKKKKKK�rKKO �sKKKKKK�sKKO �tKKKKKK�tKKO �uKKKKKK�uKKO �vKKKKKK�vKKO �wKKKKKK�wKKO �xKKKKKK�xKKO �yKKKKKK�yKKO �zKKKKKK�zKKO �{KKKKKK�{KKO �|KKKKKK�|KKO �}KKKKKK�}KKO �~KKKKKK�~KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ��KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO � KKKKKK� KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& �! �" �# �$ �% �& �' �( �) �* �+ �, �- �. �/ �0 �1 �2 �3 �4 �5 �6 �7 �8 �9 �: �; �< �= �> �? �� KKKKKK� KKO �!KKKKKK�!KKO �"KKKKKK�"KKO �#KKKKKK�#KKO �$KKKKKK�$KKO �%KKKKKK�%KKO �&KKKKKK�&KKO �'KKKKKK�'KKO �(KKKKKK�(KKO �)KKKKKK�)KKO �*KKKKKK�*KKO �+KKKKKK�+KKO �,KKKKKK�,KKO �-KKKKKK�-KKO �.KKKKKK�.KKO �/KKKKKK�/KKO �0KKKKKK�0KKO �1KKKKKK�1KKO �2KKKKKK�2KKO �3KKKKKK�3KKO �4KKKKKK�4KKO �5KKKKKK�5KKO �6KKKKKK�6KKO �7KKKKKK�7KKO �8KKKKKK�8KKO �9KKKKKK�9KKO �:KKKKKK�:KKO �;KKKKKK�;KKO �<KKKKKK�<KKO �=KKKKKK�=KKO �>KKKKKK�>KKO �?KKKKKK�?KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ �A �B �C �D �E �F �G �H �I �J �K �L �M �N �O �P �Q �R �S �T �U �V �W �X �Y �Z �[ �\ �] �^ �_ ��@KKKKKK�@KKO �AKKKKKK�AKKO �BKKKKKK�BKKO �CKKKKKK�CKKO �DKKKKKK�DKKO �EKKKKKK�EKKO �FKKKKKK�FKKO �GKKKKKK�GKKO �HKKKKKK�HKKO �IKKKKKK�IKKO �JKKKKKK�JKKO �KKKKKKK�KKKO �LKKKKKK�LKKO �MKKKKKK�MKKO �NKKKKKK�NKKO �OKKKKKK�OKKO �PKKKKKK�PKKO �QKKKKKK�QKKO �RKKKKKK�RKKO �SKKKKKK�SKKO �TKKKKKK�TKKO �UKKKKKK�UKKO �VKKKKKK�VKKO �WKKKKKK�WKKO �XKKKKKK�XKKO �YKKKKKK�YKKO �ZKKKKKK�ZKKO �[KKKKKK�[KKO �\KKKKKK�\KKO �]KKKKKK�]KKO �^KKKKKK�^KKO �_KKKKKK�_KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&` �a �b �c �d �e �f �g �h �i �j �k �l �m �n �o �p �q �r �s �t �u �v �w �x �y �z �{ �| �} �~ � ��`KKKKKK�`KKO �aKKKKKK�aKKO �bKKKKKK�bKKO �cKKKKKK�cKKO �dKKKKKK�dKKO �eKKKKKK�eKKO �fKKKKKK�fKKO �gKKKKKK�gKKO �hKKKKKK�hKKO �iKKKKKK�iKKO �jKKKKKK�jKKO �kKKKKKK�kKKO �lKKKKKK�lKKO �mKKKKKK�mKKO �nKKKKKK�nKKO �oKKKKKK�oKKO �pKKKKKK�pKKO �qKKKKKK�qKKO �rKKKKKK�rKKO �sKKKKKK�sKKO �tKKKKKK�tKKO �uKKKKKK�uKKO �v��KKKKKK�vKKO �wKKKKKK�wKKO �xKKKKKK�xKKO �yKKKKKK�yKKO �zKKKKKK�zKKO �{KKKKKK�{KKO �|KKKKKK�|KKO �}KKKKKK�}KKO �~KKKKKK�~KKO �KKKKKK�KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&€ �� €KKKKKK�€KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&� �� KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO ��KKKKKK��KKO �<�X&&&&&&&&&&&&&&&&&&&&&&&&&&&��餽`� 餤�( � �餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F !d ��Z餜� � C�� ]F !d �>�@P��A �@�)宸�>OYW糄硚d@|� �?��OL&CIRS Safeguards Management, Operational and Technical Controls (MOT) SCSEM&CPage &P of &N��&�?'�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o2XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"2dXX�?�?�&��)宸�>OYW糄硚� ��@�靛�5H籇�)� 発d@}� �?��OL&CIRS Safeguards Management, Operational and Technical Controls (MOT) SCSEM&CPage &P of &N��&�?'�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o2XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"2dXX�?�?�&��靛�5H籇�)� 発� ��;�€@Pass��;�€@Fail��;�€�Info{+{{+{{+{��y�Input Error5Please enter an accepted value: Pass, Fail, N/A, InfooPassFailN/AInfoN� Sheet4gg��D f2�蓘搛&� d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&�?'�?(�?)�?M�Adobe PDF��S飥� o9��LetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"9��333333�?333333�?�&�43U}m}}I}�}I3}�*}� } ��;�K�� €� �� J� �� K� �� h� �� "� �=� �S� �!�� i� T�� T�� T� T#� �=� �R� �C�� j� T�� T�� T � T#� �=� �Q� �$�� P,�€€��&p� ��( � � 餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C�� ]F !d ��Z餜� � C�� ]F !d ��Z餜� � C�� ]F!d �>�蔼笔��蔼�)宸�>翱驰奥糄硚诲蔼<@ ��&ffffff�?'ffffff�?(�?)�?�"~333333�?333333�?<@�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発d@<@ ��&ffffff�?'ffffff�?(�?)�?�"k333333�?333333�?<@�&��靛�5H籇�)� 発43��;�€@Pass��;�€@Fail��;�€�Info{+{{+{{+{��y�Input Error5Please enter an accepted value: Pass, Fail, N/A, Info�PassFailN/AInfoNgg��D f2�蓘� d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� o5XXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"5XX333333�?333333�?�&�43U}m}}I}�}I3}�*}� } ��;�KX@��@� �� €� �� J� �� K� �� J� �� =� �M� �U�� K� �� =� �N� �T� �� h� �L� �� O� �=� �W� �]� �� i��P,�€��&€��( � �餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C�� ]F !d ��Z餜� � C�� ]F !d ��Z餜� � C�� ]F!d �>�@P��A �@�)宸�>翱驰奥糄硚诲蔼<� �?��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o@XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"@XX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発d@=� �?��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o@XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"@XX333333�?333333�?�&��靛�5H籇�)� 発43��7��;�€@Pass��;�€@Fail��;�€�Info{+{{+{{+{gg��D f2�蓘 �7N< d褚MbP?_*+�€%��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� o6XXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"6XX333333�?333333�?�&�43U}m}}I}�}I3}$%}�} �� ;�KX@�� €� �� J� �� K� �� P� �� +� �� =� �Y� �Z� �� g� �R� �� =� �X� �[� �� g� �S� �� O� �=� �U� �V� �� g� �T� �� =� �Q� �\�� ,��€ ��&��( � �餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C��]F!d ��Z餜� � C�� ]F !d ��Z餜� � C�� ]F !d ��Z餜� � C�� ]F!d �>�@P��A �@�)宸�>OYW糄硚 d@<� �?��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o;XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�";XX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発 d@=� �?��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o;XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�";XX333333�?333333�?�&��靛�5H籇�)� 発43��7��;�€@Pass��;�€@Fail��;�€�Info{+{{+{{+{gg��D f2�蓘Uc=d d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� oc��LetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"c��333333�?333333�?�&�43U}�} � *@ ��JJJJJJJJJJJ J� �_��J �JJJJJJJJJJJ � �( 4>�@J��J�@�)宸�>OYW糄硚 d@<� ��&ffffff�?'ffffff�?(�?)�?�"~333333�?333333�?<��&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発 d@<� ��&ffffff�?'ffffff�?(�?)�?�"k333333�?333333�?<��&��靛�5H籇�)� 発43�� gg��D f2�蓘祅漮 d褚MbP?_*+�€%��he&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM Data Warehouse Appendix��&�?'�?(�?)�?M�Adobe PDF��S飥� oaXXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"aXX�?�?�&�U}I} $ @ ��JJJJJJJJJJJ J� �`��J �JJJJJJJJJJJ � �( 4>�@J��J�@�)宸�>OYW糄硚d@| ��he&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM Data Warehouse Appendix��&�?'�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� odXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"dXX�?�?�&��)宸�>OYW糄硚��@�靛�5H籇�)� 発d@} ��he&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM Data Warehouse Appendix��&�?'�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� odXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"dXX�?�?�&��靛�5H籇�)� 発�� Sheet9gg��D f2�蓘 l趲�Z�ⅰ*� d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF��S飥� odXXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"dXX333333�?333333�?�&�43U}� }I;l�� T�� T�� Dl �!�"�#�$�%�&�'�(�)�*�+�,�-�.�/�0�1�2�3�4�5�6�7�8�9�:�;�<��=�>�?�� !�� !�� "�� "�� #�� #�� $�� $�� %�|� %�� &T�� &�� 'T�� '�� (T�� (�� )T�� )�� *T�� *�� +T�� +�� ,T�� ,�� -T�� -�� .T�� .�� /T�� /�� 0T�� 0�� 1T�� 1�� 2T�� 2�� 3T�� 3�� 4T�� 4�� 5T�� 5�� 6T�� 6�� 7T�� 7�� 8T�� 8�� 9T�� 9�� :T�� :�� ;T�� ;�� <�T�� <�� =T�� =�� >T�� >�� ?T� ?��Dl@�A�B�C�D�E�F�G�H�I�J�K�L�M�N�O�P�Q�R�S�T�U�V�W�X�Y�Z�[�\�]�^�_�� @T� @�� AT� A�� BT� B�� CT� C�� DT� D�� ET� E�� FT� F�� GT� G�� HT � H�� I�W� I�� J�X� J�� K�Y� K�� L�Z� L�� M�[� M�� N�\� N�� O�� O�� P�� P�� Q�� Q�� R�$� R�� S�� S�� T�� T�� U�� U�� V�� V�� W�}� W�� X�� X�� Y�� Y�� Z�� Z�� [�� [�� \�� \�� ]�� ]�� ^�� ^�� _�� _��Dl`�a�b�c�d�e�f�g�h�i�j�k�� `�� `�� a� � a�� b� � b�� c�� c�� d�� d�� e� � e�� f�6� f�� g�� g�� h�� h�� i�� i�� j�� j�� k�� k��@�>�@��@�)宸�>OYW糄硚d@<� Tn ��bbbPM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.27\i_A546_HP� S�� odXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐533641�"dXX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発d@<� �� PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.27\i_A546_HP� S�� odXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐533641�"dXX333333�?333333�?�&��靛�5H籇�)� 発43�� Sheet5gg��D f2�蓘 /�c� d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&�?'�?(�?)�?M�Adobe PDF��S飥� oHXXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"HXX333333�?333333�?�&�43U}$ B}IC}F}�1B}m}B}�B}m C}B}�&D} IB} IE}禔B}B} $ B , �@ X@X@@�€G�€H�€I �@ � �� Bs�wjkx� Bt� �� Bu�nllo� B€p� �� qAr� �� m�� qB� s�� m�� qC� t�� m€� qD p� �E �� qF B p� �K �� qG Bp� �� q�Bu� �L�� vfB�<�, , 04**:::>�@Pv��r��@�)宸�>OYW糄硚 P@| ��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o;XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�";XX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発 P@} ��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� o;XXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�";XX333333�?333333�?�&��靛�5H籇�)� 発43��B �� Sheet6gg��D f2�蓘告Z� d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M�Adobe PDF �� !"��S飥� oaXXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"aXX333333�?333333�?�&�43U}I_ � � h�� i�� g��z<�>�@��@�)宸�>OYW糄硚d@| ��OL&CIRS Safeguards Management, Operational, and Techical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� odXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"dXX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発d@} ��OL&CIRS Safeguards Management, Operational, and Techical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� odXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"dXX333333�?333333�?�&��靛�5H籇�)� 発43�� Sheet7gg��D f2�蓘M� d褚MbP?_*+�€%��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&�?'�?(�?)�?M�Adobe PDF��S飥� o`XXLetterPRIV� ''''��0\KhCFF燆��SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"`XX333333�?333333�?�&�43U}m }$ }$L}m} ��@�� y�� z�� z�� z�� {��|$@}燗鉆� ~=� �B�€4@� Q鉆� �>� �B��€>@�T鉆� �?� �B��€D@�@X鉆� �@� �B��€�?�燴鉆� �� B��€N@�繺鉆� �� B��€N@�燾鉆� �~� �B��€€Q@�€i鉆� �� B�� €T@�鄉鉆� �b� �B �� €€V@�娿@� �a� �B ��?�樸@� �� B�€殭櫃櫃�?~ �牳鉆� �e� �B�� €^@�乐鉆� �W� �B ��€@`@�理鉆� �Z� �B��(<TF<�<�<�<�<�<�<�<�<�<�<�F<�<��P餒��0�0�( � �0>�@P��@�)宸�>OYW糄硚P@| �� PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� oUXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"UXX333333�?333333�?�&��)宸�>OYW糄硚43��@�靛�5H籇�)� 発P@} ��PM&CIRS Safeguards Management, Operational, and Technical Controls (MOT) SCSEM��&ffffff�?'ffffff�?(�?)�?M� \\ipp://156.80.61.26\i_A365_HP� S�� oUXXLetterPRIV�0''''�T\KhC]F�4��TRJPHAA倐536406�"UXX333333�?333333�?�&��靛�5H籇�)� 発43�� Sheet8gg��D �胀諟.摋+,D胀諟.摋+,�� PX€�� k� Internal Revenue Service (IRS)%CoverPurpose Dashboard EvidenceTest CasesTumbleweed AppendixState Run Data Center AppendixWeb Portal Appendix IVR Appendix MFD AppendixData Warehouse AppendixOut of Scope ControlsLegendSourcesChange Log'Change Log'!Print_AreaDashboard!Print_Area%'Data Warehouse Appendix'!Print_AreaEvidence!Print_Area'IVR Appendix'!Print_AreaLegend!Print_Area'MFD Appendix'!Print_Area#'Out of Scope Controls'!Print_AreaSources!Print_Area,'State Run Data Center Appendix'!Print_Area'Test Cases'!Print_Area!'Tumbleweed Appendix'!Print_Area!'Web Portal Appendix'!Print_Area'Change Log'!Print_Titles'IVR Appendix'!Print_Titles.'State Run Data Center Appendix'!Print_Titles'Test Cases'!Print_Titles#'Tumbleweed Appendix'!Print_Titles#'Web Portal Appendix'!Print_Titles ValidEntriesValidInputs ValidResultsWorksheets Named Ranges$ 8@_PID_HLINKS�A�kHmailto:First.M.Last@xx.xxxkHmailto:First.M.Last@xx.xxx� �� FMicrosoft Excel 2003 WorksheetBiff8Excel.Sheet.8�9瞦