ࡱ> 9:;<=x  !#$%&'()*+,-./012345678?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry FC@Workbook MBD0004F31B  Fr7r7Ole =  -F!cover!Object 1  F'Microsoft Office Word 97-2003 Document MSWordDocWord.Document.89qOh+'0  4 @ L Xdlt|Christian, Michele  Normal.dotmChristian, Michele Data 81Table",CompObjyOlePres000>\8DdO zp<  C Ab48{ߌ[4yͰL8Dn8{ߌ[4yͰLPNG  IHDRO:EgAMA pHYs12N– IDATx}8e}{p#0rCG`9&r"D3KPxg`EF.oϼX̋ϼX̋ϼX̋ϼX̋ϼX̋ϼX̋0+놡y8ck+Sx脰:D[Q/[??HPTI5o HuoD1ճC ]^Qhz|`VOOay Z8n#ʬCR6RJUoZ篟tXܳCPZNa~FET5ېbns#n[.ZW>w9 |[FV,:xۧ/{k>qvD h"СP))F #ƟS)!GĎjJ3+Dbm5Ĕn~CZLCa#`m魜;?kWOV!Jm UKaܣj\$܄=O9FV"kTגyn- jVw!:j<ݜwAxND(ySzYKz>pRN=XT*QU/{o+T&iJ6YK~=H'?0Ou7-峭+5GdA:Vc&~E|OJӒ*X@UNHtc>Z󋄆4OgҨz/'~BQ1| .3SZ$N588l ՃbjU4&٢x/1fç#N-olKu!,O[\g(yϨh:\4{5q=~)|*Xpu0zc7C6Jg5}9AFtFqr74՚ d4ϣnVH A? 'bq„c|sB&IPݝ6m}궕i#:'PfC.4NUc31Zoj!4Oqf3]o"eLt W<'aM(>e5v M:_Y*y]Ɓ ďg%u =ԖIWqBYm]Gn 4<rф 傼;+ZܞQ |V^kɶ=KL)9#bчMBHdG tSs 6( W<ϖO3qͧTʴ[K` k߂cd ؑ/\^芊 >1_OO, λX%Z뤿6@qNgϗI3<=Α}M:skfwvA[" %cŖ=yTwt|P @Y9[jO==E /`1{zX Uѫc5qVxͤe+WbJkAmؗHv&5vmԜ0?0`OwjtkᾛMX;>_*I|p۫7QǢr&C"[m%Ls h6>%k^n{;8c,z'F3{?ͲQ{@?YM|R5\טT}dufx ]"H!' C~H)ӘDVi})"OҼFZL0+IO1&f>}OXwMZѺJnrtw2@v&O7>z?l3bS]';q:MyT'fEmS ű+HZOn,Fa `D7·(-$T*&󟟢ܣX^$Q;_MuKé(Uֆ1uCs1XGb6(kg3h١Rq"3n논%SRbKO,Ts~f~90C`QɨĬlYkTsL,'˼k N ۽ [rLc(>-ZA )ҟFJAt~O[~O)gA{'maQ aB3r#Sq#rО5$Pb=6 ՅZvѺEfD+1EѾDT $wV{cDyhK֚&{)t }5 EyTV\vj.AsTr ;21Vm|hY%!#n>q^: nI {N4}&8Zܚ6HȖ܊)*# zc۶7o= 1z E@l>}= ׌7EBe¦cБ~P {9dkwe5-|dBͫ7EQm]eU0kl\% ~߳zlLrGݠ5fq~Ê Mb஁՚;vpl_3N( a5LfH>&Qb0'=fbLO&߃uY+XPEDJW]3LLL UJ oYs_M'6($>LYcR31[mU %G9L'0.Xָ*vKZ߫Z?NFD>}2 >wV _U 7Q <\YhNh1U=H' x?BkS|blyjrrDTP,8pCwqm?dο"B_WeP]ڀk{e'bf0ݑ]'إ)ԮZg:ħ0nY-ˍ :*1稝 RjVWAN$(VT@W&iP?|opOj=@Z=Nx>;&=VSj'4 &*NwCvό5\4c=:_8~T`w Ci??ҍ}mkP3ZGuxkТ-q K@ $Gۖ [ѐZJدqЀau|'eM_͉v*l' xZ3NX:D2m΂-Dzwk1@t_xUڏ|G-U~lLKوĞڱeJ? /v|v܈k,'|`Lqu`a0QT'{KE!S$,kض'8NՀ88dRdy:7pbmd?uPs7a,zh4@2,|u m16j=yסhg9Ms5'.)lp*,Gxst% UgBu 3ggwhxy׃$Ӏ._)$/]uQI͟ἧ&O:@9T'>t~m 4~@sTodZ揥&"_ [$)(zuOoyqS]n?ħyx++W"%EUO{/`,P'^qbN -=8R/]uF<'PkViHguDvTq=4~9 E[:=S{uCrN2o3CU%^MtKs^çyG-VK26۲uYwg3ЀRuJnى| +ZL'm)D9,,ϧw։MɓnS.!#1N)rt#|nDX~ұDx:} hG"8DD5׀AOI` C*T ^NԢ#qoWD^Km^NJϩ 4FŖBӳ٦hz4y.4yҝ4dIB,^N,il xs EbD CFLE[% aQNƏ*żgQ% *k<s&Tq~)qgK#X nX|L )4tsl(%9y3ڏ|ڑhzKn%g|S&)\>נo@3([W`ЎD_$ WQ`-Ml[C *\Dn ^0Cxj}A-.O5Af7JhtY?`Z|?}H$=E[]g?N><$*hnY !*2S>||Ͼ"ey?\ꋆCXAE)qO_EP=)N r ڱWoK]>,g䓿rwo?ۏU\2!QAp4._~0HhSBY2@"XbjZãuE+N;{b7Oy ۥ1{i3;irMCPq?wf|`*gBQ mGCvEǡ2CD:Sqxtd?r/J,P'O0[߻la<о@cH'i0o1h篟~ 7c=KY}H9PQq| ? /ЮwTdml&=ʒè ,3 Yf*s}73lǜJ<[y|OOm:*KD؃0 >g/CMrwDESt,|&sonu!]{yCDP`;4}toS^OwG/1Յ3٧*N.@~Hnl|mI}E5I 3$LNW`UXBowN?vNLDw|.ݪ8J:*Vn_1 a7 ?A)wk*B6sX.tpיhbЏADgO[Q?{l5LQ<76ٍ$UolFLs )9i"p ]msPw'6/l6j;Bňj kƶhԽ3 X}RWv]Nat;΅bPWU9s5z8%w_DDGݓD:Jܡr̷Đ}`Dh._G.E>IF.b=b#>Cͥ'1]sWO?9:L $(qTO97h*h0SJAV\:Dh=ΰk^ZK4N4SoNNZX>! []'*R힓]0*OPqy{K/IT[g ."Onn|ul}^-a"4byrab/<^)Pt7nF`e"Rص d5t[2~DNlRӇ˥a>SAۿK#sU?=x7ǽ ḀG~uZ.w鞖1EL\/\f<Ѯ04ԺzzOgٮ1i{u^,WF]\85PEB9bYiӶ5l]a~Im9e%dDŽ!`bKewKtRoO+VO2.e OO?|e|Sx|$+cֹB}ҙS=Rx#Xc%K|B{C 7cԟ}@TX@bn"ˋZvQe(b^œi[}nKA,8R⪞GKj#Lz67 fPS=C# vQ7+wB&o\~l좢E} ٠Ds`/'ב4Qr)qik )e-1B\ϯǓ2|cx{%F9!s9Y¥r1<)\[NS΂ߏkat~\D/#.0mbp<((v`hĊ/]㾼fUxL,۹h-Dq|.&\ARfj\lzxbՉWxY>vH5+ a.2_~kF &_'4 <螦oUlFwIEEяⰫ3އ"x !I[= ߸N|gdd9s& McbTrC13u)\qy)`f/2&A-0Kt O%wV3>>"s":Y#ɟ~t N)3*#5Vi ĶޘUx煱;Ձpn_³mw<*҆SxyfM:O' .mj r>ҋ"n*NT4pN c \)1 {on^ WXdrqޑy0]{tVgź? *xntlo:p;Fݱ&-WJ]0\OXg>.)8u;":y۱=ǐ淖}/ѳ"p+e:&s&gNg<8fe[M蚧}xV8q$,;<?wvG8$g}-y;,*=Qxu`w*ޟ쿽p:^cWqxd]YbPT怚wRfE"za0Z1јa4U{IMхBI*PEq,.bPlvLMZzm;Q|FJL#qL wbKzo6\#|3g/FcF3VUxd1dy #UB|q|F,~`C5>fG11]˞#y=~hauucX!-q|ڻ >=':B~[h*NV|=Mɧ92Y (E* vfx %ߵ $+lgoaBgڍ18M@Ty-q =k ;p1N/JPIeUKrk /PPG" XE7@ ?)8֋(|& <]_EmE#æV\lވbSM/2( d|izy8 yeo'+-kF3X@iK;-^(۽#m6yܔO"7?T,G/QdōLꚃlcL˰ |F3P6"|>Zё.(#§1Ѫ)ħ1Ƿɵوth1ُ)ɱ?<>JA<+ ?t/d CWOC#+y+y+y+y+y+y+y+y+y+y+y+y+yWQ~?|q^R2j^%"Eh嘫g^|g^|g^|g^|g^|g>$pxW.>w@YoJѝSqzx:tn4W%sW䡽F1kymЉO2g?Y3:̤&bstU] |b`,Vl k& W(|2\i|\}1ɸK^9(vS>B |9 >7ç6NcBB"|Xgx>8.45ǧp| [Qj{cюefu ;)X&~Jȧ5'| Ơ#2C AT.gӷtⳋsN pCvm>x~l bj; T^x[T?\MԭӦ̾1=qYP)<< еl=P<a x; ӼO(I}@޹? c%T.% 缟pk%c藹}gy/^%+y+y+y+y+y+y+y+y~a/9\~+Gݝ?eY׷[b9Plz}qUyڿeƵѷ]b6 q'9ϏC! ryAo,㣇[xw"xse e; <qxψ> (U)s Otnx B=/bIrvtllO(L@G q)cڹ 5*>U洡P}ጟ欙S7e;¿?O(戾vİjہ񁣧95?ϰҾǑ>ֲ%p?DֱЯ|.1E!=~A 8nag(33}8^\QRs ]0v1Cٜ&ǁxS32{GTGܘ98\*>E@8;BJ`aIF|윟|wԗBg>k1#!CNRh}a'Q}ȪQսbNg~iRQ4Es>/l?xjc1G^2Qsɱ&O'x2E祊tTЊlOT` T,Ŷ%LF2ٲLML\zjhb zyJ,|" Bj9swF|w0oJs\HTTÁ~k-ՎHL>!?yY+$)Y:zoD V_>|c+@283c\R1o 9f+< l?vJ=Y-a42v$r1v#|Εs;Ͻw\n; oR|МL 2p\_)`l8[0DǜJ>-l*ĩ릿o2KVڶmaI_4 }{0 |Zk<|{@6y07MNу՘;6`1|.|B;D:9*Őz ^"L=F#Pv ˻5} O#?tg4 $|x p{y,eԍ&.,kMi뺞/5oHyvZu#ԣ1[Ɛ9oOLE+ޜ p0OBěRyvh ٵ_r*6'\'쌹'MeQ0OVog=U(T1izg墈4+ܴiE(n[9ZAZ|idE_UQ dԇp C)us iC.*9Kt|2n Ԏ^?7cP ͐ + uL ZIl/ٿD{% ȜTeN|}NIka l?L';y$*||FeuP-;v;{Rwfoyy`[? wzPGDw)A_o$Er>s´"0<< U۾A5?'~@ѿ?) e痺:P8;_(IPLm9-/9">^wɩmf:iCe=>BHg6a!*2GJ`B)sᳱcli/soȑͧʣؚ l)?m f#TL=scb>[=lCc[~>LafOTA?Uk3wNa1kf=2l˃( d>_jSb Pħ_myݧ>Kh.#*MNPħC{꽏GE/!O^në  6ё-u/ G'YŻ'|1ERYU؟xL"&i1ULdiqqY`t陓4>#v5A>ɠR|2lOv,ϲp@?HVr&2Hj-//ozĩϕ=Uy[g# E%,~o8+U;N.|ڽa?oϼk=983Ec"ZO#f{DHJY&RO;u0XB/v6v09ASigz{$s |q3HH`oӼf>sHeWdB߷SqTZ~O7xkhvuB)E(Z}UaRw}~؃W\5Ƙ 8;[w"GɊ_M_1`Fxw[7+}Θ1'սi GHSʍ{`;EČ/O8G fJt#A~y$ݏPp~t4y GzDϴπ06666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmH nH sH tH N`N Normal,ndhCJOJQJ_HmH sH tH " pHeading 1,1 ghost,g,Ghost,ghost,g ,1ghost,Ghost +,h1,Chapter Number,Divider Page Text,og,Heading,Ghos,g1,Graphic @&CJ*2* Heading 2,2 headline,h,headline,h2,h headline,Heading 11,heading 1,H2,heading 2,Heading 12,oh,Header1,Heading 121,h g2,Heading 1211,Heading 12111,2 hheadline,01 Headline,Heading 13,Heading 121111,Heading 1211111,Heading 12111111,2 headline1,2 headline2@& #@5;020 Heading 3,3 bullet,b,2,bullet,SECOND,Bullet,Second,4 bullet,h3,BLANK2,B1,b1,blank1,3 dbullet,ob,bbullet,3 gbullet,dot,second,3bullet,Bulle,bdullet,heading 3,Bullet 1,3 dd,3 cb,3 Ggbullet,02 Bullet,bul,B,Heading 21,3 bbullet,Heading 211,3 bulle,h 2,Dot#F@&]#^F``B` Heading 4,4 dash,d,38[@&]8^[`nRn Heading 5,5 sub-bullet,sb,4[~@&][^~`fbf Heading 6,sub-dash,sd,5p @&]p^ `FF  Heading 7$$@&a$ CJ$OJQJNN  Heading 8$$x@&]a$5CJDA D Default Paragraph FontViV 0 Table Normal :V 44 la (k ( 0No List JJ center bold,cbo$dha$5@@ center plain,cp$a$bb col text,9 col text,ctdPP @CJ.". |col bullet,cb,Center Bold,col bulletcsb,u,cbbullet,C2 Col Bullet,cb 10pt,col bullet1,cb1,c,Center Bcbold,6 chart,Chart,chart @E^`EN!2N col dash,cd k@^`JBJ col heading,8 col heading,ch,Col Heading,8 col heading,8colheading,9 col heading,e,ColHead,C1 col heading,8colheading,C0 Col Heading$dPPa$ 5;CJZ!RZ col sub-bullet,csb ^`LQbL col sub-dash,csd^`FArF col sub-heading,csh;BB first,f,1#^#`CJ> > Footerd P2CJJ&J Footnote Reference6CJEHH*TT  Footnote Texthd^h`6CJPP footnote,fnhd^h`6CJLL harvey ball$a$ CJOJQJ>> Headerd P2CJBB note,no#^#`6CJRR numbered text,nt #^#`5;NN oversized graphic!]^@"@ paragraph,p"#d`#T2T source,so # ud^`u6CJ>B> step,st$8^8`5<!R< sub-heading,sh%;FbF table title&$da$5CJZ!Z trailer,7 trailer,t'x#$2/..).  Page NumberJJ TitlePageBottom)$da$CJXTX  Block Text*$yC]y^Ca$5;CJ$OJQJJJ File Name in Footer CJOJQJ^^ facing page #,fp,&@#$2/.5CJPK![Content_Types].xmlj0Eжr(΢Iw},-j4 wP-t#bΙ{UTU^hd}㨫)*1P' ^W0)T9<l#$yi};~@(Hu* Dנz/0ǰ $ X3aZ,D0j~3߶b~i>3\`?/[G\!-Rk.sԻ..a濭?PK!֧6 _rels/.relsj0 }Q%v/C/}(h"O = C?hv=Ʌ%[xp{۵_Pѣ<1H0ORBdJE4b$q_6LR7`0̞O,En7Lib/SeеPK!kytheme/theme/themeManager.xml M @}w7c(EbˮCAǠҟ7՛K Y, e.|,H,lxɴIsQ}#Ր ֵ+!,^$j=GW)E+& 8PK!Ptheme/theme/theme1.xmlYOo6w toc'vuر-MniP@I}úama[إ4:lЯGRX^6؊>$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3ڗP 1Pm \\9Mؓ2aD];Yt\[x]}Wr|]g- eW )6-rCSj id DЇAΜIqbJ#x꺃 6k#ASh&ʌt(Q%p%m&]caSl=X\P1Mh9MVdDAaVB[݈fJíP|8 քAV^f Hn- "d>znNJ ة>b&2vKyϼD:,AGm\nziÙ.uχYC6OMf3or$5NHT[XF64T,ќM0E)`#5XY`פ;%1U٥m;R>QD DcpU'&LE/pm%]8firS4d 7y\`JnίI R3U~7+׸#m qBiDi*L69mY&iHE=(K&N!V.KeLDĕ{D vEꦚdeNƟe(MN9ߜR6&3(a/DUz<{ˊYȳV)9Z[4^n5!J?Q3eBoCM m<.vpIYfZY_p[=al-Y}Nc͙ŋ4vfavl'SA8|*u{-ߟ0%M07%<ҍPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 +_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!Ptheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] " 8@0(  B S  ? #2  hh^h`OJQJo(#2 n @@UnknownG* Times New Roman5Symbol3. * ArialABook AntiquaY Harvey BallsCourier New;WingdingsA BCambria Math@ "1hJK#fiK&,cY0dS2HX $P n2!xxChristian, Michele Christian, Michele        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~\ FT&" WMFC l EMF \KhC   % %   Rp@"CalibriHRO`2H@,$O`2H@ o.1@H <:o.1 ,%7.{ @Calibr ŗ`2s:Lt9'1z%1<:dv% % % !F(GDIC!b K  QOPl0 (Oppp@@@000 PPP```C k                                  H       "             [           &" WMFC m            8          ^                5   2                #    h                                          &" WMFC M                            &" WMFC -                                                                &" WMFC                                                                                                                                         &" WMFC                                               &" WMFC                                                                       &" WMFC                                                                                                                                                                           &" WMFC                                                                      &" WMFC m    &" WMFC M                                                          &" WMFC -                                                                                                           &" WMFC                                                                                                               &" WMFC                                                                                                    &" WMFC                                                                                                             &" WMFC                                                                                                 &" WMFC                                                                                                                             &" WMFC m                                                                                                              &" WMFC M                                                                                                                  &" WMFC -                                                                                                   &" WMFC                                                    & WMFC " FGDIC" % % % TTAEALP % %   n."System-- @"Calibri---,n,TA Op(Oppp@@@000 PPP```C k                                  H       "             [                       8          ^                5   2                #    h                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         ''--- 2 pn --NANIWordDocument SummaryInformation( DocumentSummaryInformation8 ,SummaryInformation( 0 bjbj΀ 0 $$$$$$$$8!% -% $'9%9%9%9%9%&&&'')')')')')')'^),v)'$&&&&&)'$$9%9%>'f&f&f&&$9%$9%''T) f&&''f&f&&&9%q=4$&R&'T'0'&v,f&v,&v,$&$&&f&&&&&&)')'f&&&&'&&&&v,&&&&&&&&& #:         h hjh U    dgd  .:p n) =!"#$% 44Microsoft Office Word@ʗ1@KhM@FJ@(Z4՜.+,0 hp  BOOZ-ALLEN & HAMILTON  TitleOh+'0 P      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwyz{|}~ \p Andrew Westner Ba=   ThisWorkbook=,x1,>1>1>111<Calibri1>Calibri1?Calibri14Calibri14Calibri1 Calibri1 Calibri1Calibri1Calibri1 Calibri1Tahoma"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_) 0.0%                                        (  (  (  (  (  (  (  (  (  (  (  (    "   $ ff + ) , * &    P  P       # `         !    ' a %   x@ @  *p  x@ @   p  p   h  "x  x   x  *x )x !x  x@ @  x Zx@ @  x@ @   |@ @   x@ @   1 |@ @   p@ @   p@ @  *p@ @  8@ @  x@ @   x@ @   x@ @  *x@ @   x &x"@ @   &x"@ @   &x "@ @   &x"@ @   &x""@ @   p@ @    x@ @   t!@ @   p@ @   p@ @   x@ @   x!@ @   p!@ @   x!!@ @  0@ @   x@ @  8@ @  <@ @  8@ @   x@ @  &p@ @  &p@ @  &x@ @   `@ @   `@ @   `@ @   x@ @   0@ @    h@ @   x@ @    h@ @  Q  8@ @    x@ @  8@ @   p   8@ @   x@ @   `@ @ 7  `@ @ 7  `@ @ 7  p@ @    x@ @   p@ @  *p@ @   p  |@ @   |@ @    <@ @   |@ @   |@ @    |@ @    <@ @   |@ @   |@ @  "  (@ @   ,@ @  (8@ @  *pUU@ @  x@ @  8@ @   h@ @  x@ @  8@ @   x@ @    @        *X "X  (  "x@ @   "x@ @   "x@ @   (8@ @   (8@ @   (8@ @  8@ @  8@ @  8@ @  8@ @  8 8@ @  8@ @  8@ @  8@ @   x"@ @   x"@ @   x "@ @  !8@ @  !8@ @  !8@ @  !0@ @  !0@ @  !0@ @   "x )x !x x@ @  x@ @  ||Nj}(}]00\);_(*}(}^00\);_(*}(}_00\);_(*}(}`00\);_(*}(}a00\);_(*}(}bP00\);_(*}(}f00\);_(*}(}g2300\);_(*}(}q00\);_(*}(}r00\);_(*}<}s 00\);_(*_)?_);_(}(}t00\);_(*}(}u00\);_(*}(}v00\);_(*}(}w00\);_(*}(}z00\);_(*}(}00\);_(*}(}400\);_(*}(}400\);_(*}(}400\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}<} 00\);_(*_)?_);_(}<} 00\);_(*_)?_);_(}(}00\);_(*}(}00\);_(*}(}00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}-}> 00\);_(*}A}1 00\);_(*;_(@_) }A}2 00\);_(*?;_(@_) }A}3 00\);_(*23;_(@_) }-}4 00\);_(*}A}0 a00\);_(*;_(@_) }A}( 00\);_(*;_(@_) }A}8 e00\);_(*;_(@_) }}6 ??v00\);_(*̙;_(@_)    }}< ???00\);_(*;_(@_) ??? ??? ??? ???}}) }00\);_(*;_(@_)    }A}7 }00\);_(*;_(@_) }}* 00\);_(*;_(@_) ??? ??? ??? ???}-}@ 00\);_(*}x};00\);_(*;_(??? ??? ???}-}/ 00\);_(*}U}? 00\);_(*;_( }A}" 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}# 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}$ 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}% 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}& 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A}  00\);_(*23;_(}A}' 00\);_(* ;_(}A} 00\);_(*ef ;_(}A} 00\);_(*L ;_(}A}! 00\);_(*23 ;_( P   13S P  5 3 @5 3 @3 + !3   !3 2 !3 + !3   !3 2 !3 + !3   !3 2 !3 + !3   !3 2 ! 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L湸 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ٗ % 60% - Accent3M( 60% - Accent3 23֚ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text % 0Good;Good  a%1 Heading 1G Heading 1 I}%O2 Heading 2G Heading 2 I}%?3 Heading 3G Heading 3 I}%234 Heading 49 Heading 4 I}%5( Hyperlink 6InputuInput ̙ ??v% 7 Linked CellK Linked Cell }% 8NeutralANeutral  e%"Normal 9Normal 2: Normal 2 2 ;Noteb Note   <OutputwOutput  ???%????????? ???=$Percent >Title1Title I}% ?TotalMTotal %OO@ Warning Text? Warning Text %XTableStyleMedium9PivotStyleLight168=,=,̙̙3f3fff3f3f33333f33333\` GCoverXPurposea Dashboardx Test CasesOut of Scope ControlsSourcesLegend Change Log!  ;1  _xlfn.IFERROR Q@  Á"n-L'Š!6@=n-L'Š!6 ]xxuP[np+NB)RHqNhqC (5H79;ss˞53 #$!B  a95y {H"/}m>f>JleP 0 %$a LгPN'OО OR#RГ5z<]dhȨ(ȨȀ?$"O!3π&נ i|!;ľ~ #O!L_bfiV?uxM=)Tst,!@j,^ @So?$|1OkxII@Oژ4TS,ZC]qeD|G(T)5).*= c9+WkuRX_P=?H_"wC*`&+@(nVV?5}Q{YڼQJ(kqUp:HwI$ Y6 S1gj3+|pO}W xK#.rqH\n* Ip}b'0X PX^qNg&'1Oz^WEj>.6yuɼ{e_@}j| U|QCKeZQ1pM]]( FY/w$թN ǼV70Me/ಥKLMkV#2i^V}jbpGR"p Ҕ;92Py"@0ne;Sq#XlXf"ޗ;-& x7mt| SmL% M._z6WT֑MM/odjQԕhA3ؖe\L6gbbm'Ra+b¿'"Zj0u>_mI`s./.%O|^/&8;ğq4sM޾څ ρo8Զ](bGKIaY, ][AnҬJKy_PcdDŔ8\G/@)?2d#;B륽Eyh5/]%QڔS觍 @-Y'K]Xl捙j-/?xŸ4Ϭ,nlp` $۰?k&Y̨V Bԏs&7t:^2E+8 <m":vKT#|M>޻,$Z1Uza $iET+\#27Uof^`裷B2 #|./Bu~6 Q PYe['4'&vcbvPBJJ> ',gF`73Ȓ.K1{]D6̬>Qj"TnvS^GRƌ8,!9b>7cNitA_q% I+>頹bbݳrXTf%M]ļ~˾ݏ W43JK<*?%^6[ +EH:f*"Oz^ֻa-ߞ 7 w@D~GBͅrW({{34&0PZVOQ jC" X'@JgCd,O 4WhBt;yb^f0OciЉ%FBpѺ+Lј%R 8ݻ#GyB}l{|~\h΂W$% AZ鱄KD&{;3Y:V$ޏ7a(!"s6hy~ m]0)V̲L:]@6"{D,dH/6Ƙ ,eԩpa7:DHi*;^{!GΒaS^$?IoUAyo `/G]|"Ff} ]PU3XWQqJ9=9K9̉,oRv\o Qp7t\*{0-Wu8Ytb;އ,cʥkGjp/g pdydݤ^Np7!oI oJ7n_ڢaZ W0Jq >|ǃS2mQ L[@<3u@L0LuȱY%}fH@O{v:xnd?Ug'%Ư; uNc}nLR#zo~#SʞiΒ7?2c79L_nn|+-33 :İgg|cqHeQrhe{jbX 3qH0^A9`}e`B˛FpVnt߂ߑp҂]ׇ1L@uVWw*5wL~|нA61oRLqW ma XVu]SX*H YmKf-8p*g&{|g֊ M 6M?Xcj PXȺZa|5f@CH6BoCuVUue2h4a0dέv*[ڛQsT c,yڌt*7X"BUx\S-*wF+5Fihgoq:ɿ{饗uS° l5DLNh mE[^hbC?X|̮LfdqAi-kFL8KC]vDUinmiֶGac4LW"2?dd;WZXwxMfKT[`0lR Ey I_ .ةcI9^ >ER}E>4G JYӣ3pMQX<,4eۃ~ VbuITzڟضGFi1X^2UQQ8~N1$Y[B: ̼pe&?vK KČPtv8iF)xxōs9^Qi,K!ْP̼7] ^fhO4g+GU=-ۈo$x+U44@DCߐW^kv(Tqļo%߷x.'J^^ 8>AME }R*bA{=w8V!l 3բdC=srM z6lv̜vӳMr63hv()+IR~WS5XiFcZL^G}'tXu@|G!S s$ v/_qA ŋ+(Ը;o>-O m $бՔ}:Ni0JN5ȂC{a3AV3̱A$K )wTJ1k@;+#@dt"0/wҬXAmn:TdϬ;C^|'M@;|"\M)$(ЯC|_gϲIO85޹X/2<{-&ԭumVҿ!*WEE%S5,"0*]A#g,B*G{TBsO^"J=Au t7/O-]ŭ*eR9gVՈk7xx = S.hW+W)?۔iy(;Ep^ATVٻdτ991 epIE‘TLJ BL[zް|z7Z-c1)j ul@ 1`NvśPV@hRV#9pb&h\ n ÑCPxS.J}}I_ݸʖ" ?M~0Czu7v, ޜZW_rqq{<[(PH\sUKR/C: =e5G;'wR5zj1*LfP>Z,gR>m>w(#p#oF#l71t..6*yda L#cQ%KQvw[ d@aD|I7re>Fő c76S$w"$7dX6׌z4Avb}(3fmYH$dUFo\ifzUCG"7U8xd?!RDBcRւ%iʶw'h3?Fhח\$]Ef{:cӮ_6u]wA d !s6ԇ-ڋ P' ^/(M&5W0b -tvk{̋s&#&+vs'4o.~yFI4fO|3aCzIb!Q-R!gS.A'< [@iגaN=^O <؃}JJyoIc>=Um8o|$r-S[Ѡv Z8l53&TTw:-K2ӷrÅenCa".}V_%\;;cP95*ْ>RxW6΃چDG$-w|!8eGL٢!>^L [+ 'jh7dV᯻$pGϾCcSzX-9 LڳLAj;Al;xfhMr evL}P 82>yCE8r*_vZy i|)'Ur-v焃hX'C0Z<ʞoơ$g%VjQ6U]My.Xtpsƽཟ ہߝ͕\rDi$;SiG'#%UK% f:mg&Ƭ;f >G³X]U+|yV@\K_E8O@7 ;$Ƥؽ68߸]ZrwɎ=MVOC4'$Q >h&Dm $)-̇zAu;Un /w3CvQqL;."ݶ֩4ʽ22;ޔqۣμV`'/vС*N`(un;[M+͘阾)9~{[p * }ݨ r "J ! K"u{pTIi0íofxe%em3&G+p}?Q.e!Vjt$^-U74-R NIQM |o7aA<[*&"jXqIM#Rzhq_4`Y۰evo''U#ԇԍοž&CJ8k֙fj`lEu!Up+M1޶y>(:|B^{wů;-W}\717,qCD-ׄj :'v~`Ԛm`Xp7~]5XVݾD:l"WgsqxBAKTd] ՎiN+ߥ F\ڤ>ƽ9.Ѱ<6<0`70?r4w-d&B' a{aaÏMxJwM/#>.9n7KP O~~G;҄Upj٨S%^^m<5Wae;9V @9凶ߠ˺:mmj旖ӭ](4÷ucbZޥL1uLK#]L+%.$_R'ώdq9+jIC ws*R+`!-2|ODLdSk o/+b2L8Ȟh/cr{YZL&nz1â"9꺣cVldd73n#.c>ݐe^cRӍ1d|tV!/ 6+ 6mP-ώoMNթ$e5w0IIf"CPߏo. |Ӭv tlz[;{*B-'. Nj)(Tz哉T7̈́aE8˪"Bs40yv)X`mS +fxa<(|2F]{F>%9ٰt888p1ܕɳʶ3ݱ'ޱh?}=ಹ2͞("ܴ䆲rݵ!7ݱ%2]nň/2/8r;Zb5Fy kW3z |ruYNNyh ) Jp4y9BN.zfES.յWvDh mĹn s$B٧GDὐK_x\Txۙ-F<R">Vubw$YTII6z;gcdҗ  '"= xn6a*jg/mDΒ>Da攷_a\Mz뭵!U 0|+JA,T ixd"jm 'GBXGtۨW52z[R.2.;rsAʴi0آէe-苼gCe;*?2OнIXp᧤6qߜL;Vh٫!7Rr Ѱ\WP0u} 'TV!(|`rQŚPuk]yc⛲箑8HIKZfC]tsD íxyM70Uƙ{xX<_~)/oǚ]? <nHiT\O;m(,u%T(T*WQQ%[RHITv/̙{/z|_ϯ˼Ҝ99>9̜32'=/1>ǃհշ [8Ǿʑ辱9<*YRڥg 'j)5h}1QB:ӗAf ݜ+d61]Jaio9$dnG}i{(R7@bJPפ8CvXtzɓTZZ-;w.~wJNjJPBw{I!ߊSK&%UiRu.Y\֊2LpJYG?&S;^iWJYK`+#{n J':?m9,UoIm鴍UG~5JƁao2-L~A-,eGN?sڬX'|UCw7um{iڲ5S^y]fʻ U:}((}j-˚?pvN7v&gw 4u})n}M-v'>GuGWث9;շYcR([C9{D ) jIAtEm3~rh皁)x&\rJLq𲊦5?[ݕPЈ}\15MI*CMp# Wq6KO, ^e u6$ `n 4>sY,k^ֺ8UM;أz%Jf!wNdʮقЌECW7儧Oy%{"ar9G~e\k$~Tؖڲpmq޶$M4w1+[bSf1 &N`g֌ܲc\y &Yr 9딙Aɱt x;+J{]QY4概&)ComsZ$OejM'~ xb>V"U=k"D}RMcLDOC3 f}vrlm3<)u:18s<K7Hl2i`IT2u\/דsGԦs%q~SO\buI Ȯ$=:y]n QASWggBl{^bӷӯE ؔ$Yn,UtK>6jJLMr /KxXeחȎ0)1ˏ kSkm;ywDWtX`G&kJ4MV$捁fN$[NַO-{_Ϊ\Ƶ!?潵Okb-hjȴ r M]S<5H~.˛cӅK^Ŝ*+Km\%;[GxbVgQbܪd7x涓?]qr~F^m_g DQ#b%wvؚ9MO4Nȍ齧qL)d$tޜ["֐㳒gF^6T?ɻqfS{y`[K6uA/N+""Dsܫd) YY?%)o`'ԁ?oVTƅyu): W5T{d/Z[W|obyBԽ_cuBӊ&3./g΋9=uSsJi͒'8x&w{lk66_~ڱ?s-7OX~9F"g996ÏNOZ"U㶙"+RU?Գ~k9NǼu,~}'5SԹJÍvū< >6ճМC~緡8|;-%/̴ܰ>/虾6G9Ϲ9Fi$rժ9OlǓX߹eTzb}A52.aE8LK"&NiϱxauY># dۣUH%=lt3wY?X;qzU%ZZT~ZdHTY׫G__zڀ*E.ע'zZ YiL |ݤ+S+TU.kFnoi20Wkh^qyV5̑ܝ =;*y)ebʇ-$ Y " ǏN=3Wl/;Uwǹ"_Mso]aE|GL^#@4y`%qc"%~z]W/t FjvziARC6&LzQe3͏S]ǖ^PLTvdj%M+^b(S_zݬ*G-&%"~@iod&z\Pɼ=-rC+0ku W=u÷G[CH[Iۤc0?" 'B[TJL2vSXIC+I{M??H@BI:6noG7@ 合c2yCByhFБ5)SżLjAI(XV 6&/))$%%aD"inn9r|r2FVVavڅp6y%M,v8ϱ%0s[in"\#҂S[SxD7O#qrR33\S&/ AQ.^0h{0 /@a.5RmD0yDW'/R8C+An,'>&.A[mj"I-O9QQZTPv6dMq(S@4!?$ L-O* F:iaax +:,( p8#DZ(L dǓ:8/ :2}{<Bf^_7ôOdlxlBB` "lyG&71OC)CU;Ba(;Óat710 `" <)*&gx#T9NSQF 5"#lH"\+`1aѓbϚSգaUǑDF$|9B5'%(F 0kõ$mk t<J # Aʛ ZucWfsDΓ GZ4Bգ3,ESe8Qh .Ń虡2i1,y1[ PưBe1b̴;(7yʐu%0¾³ R\ zC&KN NhP-Mz4B DF`m-g % TJMpJ hb9ZOU=Kv"XePHy#efe`GHФ D) a0P Ȧԣ'R̟OJ4.# d$+ "H?IkR@KޯCPgXȆ)*5X4B  _ARnbsF: 0DA]IO`|$ 5.}JUyDKQgDIgOhsr0;| I'=u")3P9$ EOSIj+HE`S(y eIV:(%Gt iDG4xOa.n~#7ɿ< xm# C;G>Ԧf90ưűI΢yٹ()N03~ T8CX^ZiaDZ؎(b C ״$AP (9*85 }< L`c@Ul[#VBd'@Ʌ|@ɦ̍Cefa@!LaF䉈J 4'p%UVzo +M!p$`kDBଅĎb~2˨4Fa"gGbޖ!'{C BȠ<#"yBb|< ;9*Mvy"[bh} 3Bu1Lfx2j!;JuG'eG͠劲GE&XOg/fn<"8r9A/T?#&CyEE2VU<'*17G$]3ԙCĂ?Zȸb]#ӡ=/BW/WEAOmi7{Z4-X4#*~ O^TT2~'0?+_6<#|L͝öGFhe5y-6ԟ<ǖJqcK`l8ϱ%0s[i9sl qxBӽI(L u &)7WTX>0Hi7x&Ț.` \IТ:֯sA1c@?Bϯ0?KJ u*2*0b ?l/!ײ>f\CCr/%m DsXPg:C9? RgMuQȨ2> Damlx2V]є@Hf9 X,Oe [t伬2& ʗYز1J/I "xf "$'6 mvpptk8D-~ OvL OYW r^ ,::aH, {/݃>O6QIKj'3t&A@ဗE>E^ck1^Ht~  WxL\"$ j7## [>W 4bzIӂxPx5Jm(EAb`eqS)LO{G4zL"~xhg>J2X1HN"/9"TL2) ^MiQ(A8 $? VEw*AyChoSѐ4@DCڴnq3!"<?,#AKLlm-ğ(BI,-szkT]s6[ә_DH).;k+1ə݉͏kIE1yjV4u&C&7<=Lj^EwR7Ϥ(&ܝx*ItnԺ#\"! p)7kg΂Ԯ)RZj<>'qQPbOs&gb.Ll],(3weIdM4ۭONH:5~WԻn딏 (_ {TA@ȅaN`9=?Qnwq#rE? ~[{*w9 zO, Kү?eA¼V$OoiڊaxS~~8NZn;զNƗ _Ts `!ODkK sCJ+)V,E&KR|tOۀ\w3Wm-7h7XdO=#cVEELŲv+&sCG!}~89j_i }"Ucex uPUf3/ TPN7?r$(sR<}\x>>9S=n.3[P&RFuj^ N<'*<F[gYb?aij^GMg|ΰ#7Ey¯pr({oVȟ>ン, TK`uuG_7"+n+ ^N,6Jyd[T F=gt͙M qa- ;26~5y 6e >-հ{/*ĉ#ڿqu<:v7V D;6 kywwiCN!'>VW@Տ 'a`ůݮ_gّ_\GAn _sbǴJf!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ%+3z A\$[WXϧ ďo<}2C *+&%;T_^|oiih~8=^wL';M?>; ]{]܃lx!+/tiz<Q*AL'B!r%ZѽiQ3 ~TF|b2]a{տDW/--SÓ^t(@@1tmkM7z.m9]“^5V׶S؈* 9P)KEm<2Yv<]aa)~ϊ"[Aa6rSs}vgXR#; rFe/O%trohF"QRٳX a3VeOqxZagM0Cyz '<}W hnR}g(iWj;m„D7e/wo_+/Ņ:yʎI﨓+.=}s*@{Yq-Ga8<=:s7s<O@aO $; Y6pÂ8Kח[k ý`f~[lҔ?%wp{ϋZH CMlzu~kO7k):+:/aհx OфXH ;ҭ+'dz$i;Lf8Gn/YT-Ӓ`8(Ӧ.݂ m|;3?8lӘIqQǾχW ̃2c5~__gaOvi9 o,ϰUkj[jo)8d.+q˧A<>%Xsۏ%Ί)Q^ @΍qKqƍ>}UjR/]ש.ue/3 <ʘ}RGy45X gOԂnsTx[~/Y|zk~-y TRQ &SI_HBz/lYkx><~`o2FpQ2G?O QrE텛'? sY9óy,?y=`2-gPW-@xЛG@ a@p(pZ]ӽ)!X3|sdgfOoS r]uAX)?`b&'kmœ(WHi.}|VꃰR߱.rW\ ),cmpJ];+Ox^ ~r+tx:@6( v<}$joG:uoxf5~O|woِz$k) !U{G6@J7˹!ͣrכ ecoGoDCUיvo"es49m>xvǛXM@; +u/VkӢc)=/2ʰdy7s34 !׍ 0qW1Vn [,p&[629iXI3+:{Iv=f`n5Lzp<;!4>elwX0:OhyO9*q{ z][^8OAqdu~<3Ka>,s .=xLU;%@dz [˧:BQ;h (@퐊WX\#&}Hi'F.odzڣ ᜖#Dmѐj5>W#vn҉9wnljBnz'#CPhm`-=`fHZ]#wQ(cCΔ dHUs~tCw1Df'&A⽹.xa ;|^,:ZH'w9g> #$$Dko % s_sh~A(]{4[_&ujI Fh `YuhAxLjZ W}kd:O,A<*S >βgI9̦:=<3eό=MG^TFPE4Kx$I?PWM߈jwRn튤Pww<4 6Q/'u" &шm9"uxR./Itp":uL'Gʛ+oK$\3Nj^r}-xk * m.'`6*o=~!*mhsAp$U͑H v b"`n 3vdELb+Tt{p@aC[g-Z~;x<7OqYckJoX*/Uн*Υxp23I%DFMI8+е8>'چkk [Ϗ 3,J65*ʁ&29zN6v{ m6#$*h5ҏ`RQ #XMGj>>q,`@v'PJm'i 212ueƦ4aKPAJ*)2>+Zɷ4%紳(5?s<|tआE6cɧs7.źx253͍FFs'.&ճGM= J6ڠf%"#_ҤTmD;6xz}}6TGVOj(@j~fVDGtZд҉(9'7-jL+z 7ZP5™rw,m5=g #L;*wZtk'4E t>UqlULIEa IQT* k?TdwEC4o7A@_ 1Plz[Gu $:X<ɢ&mR.Ӎ8׋a|k'uU#Je:XW4I_gynafl!T,~E6KSpQɅOY/C*BL`0jn;mxׂr*}ѡ4uojHzx3OM T߱r/:U8 ŊMJQramoktf-ݩN!6vRCc'ibyሲB#2 G pƩ 7+DџlnN~wҠ9F+CPCՁ9Ak\oݶ`4x7[khhNMVO JUӸ{P ?^@!* "lEaI_{LL0P’s~y iΗ/iOl5ѦjC#+2-`SJHRJ ҽpl3MȊC_ϵ]t_լ@@%lx-RYiv fB;$Z(2"u( 5bhRۇb1Mwh x? \&]IU!ʓsiR^i\&K5ã0)vYU20PYo*> ϯC 5*4qPI`^碷Sڐpz d)*V D渡}Uotvw}:8y,?UX>gBAfC6*5xy5i 6\*h`?@.O{!u> S'AF`!sw5rPUƞu0C+4Q"kt7U;L)v{:+$B6|OCo'LĂ^AE-f|5iH%&Vm-RbJKJUe]l'gW n4) ]k\d(9j$qh1nWn-/ ç1;$NϏ-$?2Uj<ڰy}DVj5G}>% ' jEX\ Lju=vJZܩXz} g_,U7;W#&vWv %xvBg2O= {2pxd}˳jbGlJ96E|r[f|v1~h'z 7tTdnr'X5#_URjT|/OE0@;ÓE6DZ}K>jʉ h 7 N#߅i> -='Ϩ8ވ cAAV15.s %,;}}O(mw&ҩbV':G b^- /C3 =(Su+Y GzUygĽxPFJˀ71x}RswB7R8˅發(V+5s/Q{%4\ BgwEa@YfA͆[ S,^p'6*Ym(2kz<;ᓼ [Hb~`$qUnĒVbYz FK#om <b=hZlxr kG_K"h"f5;$`t7آ"K_ۯ=! \v?Iq7@AlQDSL\ƕ>L6w\'ƕ.|x@6M>>+h@MuL8}8Q\(QtBGtC%GeI_'czǰc]F>T7fF>KN_Y]kEcjRFaq_xc]  32]<}|0g 3A\ُ(|wcdg-5% .C/_!a2x^34n<1|JL6o)&v  ؒV[{{~E&TI)q+?|Vl^<'0-z8HW[Y'QfH'y he koYU ʁWQhD%I7:Փv: IP1N@_H < >Б _A%ZVRȑ#w"z\_ܝ˰ҙ7e%ՅkD7;>U^ЛWl#H5 ُ3QH(=ـQ_* <>9) şE

{ EӶgzdL* QKvK U$'^}7,$Q42t`3$ #8q?ަ)~|ֲ'N{mqxMzO09Ny$Peu|le.C7"v3 #,o;Ҏ8H""RGp~"G36I;peKqp4N *>;>uV x6|iP<t@哮TsMC!mnzٲOxR4;㨭%PiB\X0qx4LY'LH&/{ZK?\*.2Zt`c' =r`ـXzoց5Cy ątplD`(>5*M$ՅS㝲]rƳ֞4oo/zk,fdz4}Ϲy5;໖ p><촠>UKx}^x*3`~]7Z]x1(Ǧ9Hh| v޾7Čz<Bpl+:Ғ+ ǚ{uՈTp'hu%FxUvI7DD_OFnPQÙCq E*gB녟wr~ |!6P9Z!NfGv9+atg5+ dO'vтyhT=rTE?>و!Zdѱɂ31İհzʰ±<,d #]akCJko_"EOǚ2#<1TjIm{oSZ]=$W%!ӤH>c!L%ٟfͱէ\䥱败:I&݆[x[StxːFg̍0ZArtd c<ˤ$Rz!k#%\]W@,i'GN_q*YI5bƔ:|' @KƗ^?>'#?Fٳ>"t:Ɠ<[ NR>ވZv )Eh>sS (W*N`}$ќ3Qe@^IRb\1ћb*TfMFbEҥ6Rc&6K1 MƌB%oRU|sxNMގ/ZU,%g5%ޣHpܮT19ԒjфMY4J[6 ֙'<< x3h&Q>ɽ7OhHDGgu -#)I#/rkxb[8$a״Ot^gMOZ2Lyp6L5ѹ6g,yqa2xiTxBQƽ떭`Vq$mcgk'DHa[aGuZȳy$̢؉NpG5d &K3utϡ߬g`NHPx4Ĉ4!QQ# !̏:Jr%$'wlwHdހo Ert=86W-%ZB>&~4;W=\ϹÛw: *.1-/ZON܉gp,7lxC> H9VAH4紸.>;'s=L< j{^ғl4@BQCwRR\m?A&9\ B2:vEpecHޞ 'gX9b:wl4gGg0^cfdx*\t;a]N0 #?9Cu9i@y8@^<"93?'nwBr@dwZ+' jH1v ?>Nmm 9=ns ;_v.:[ Gqc_'b~幞%@]sX.Nrj}NdUy$3yMhm|=TQ4?Ceuo fi,5< Ӎ|V>ֳ0S鱫!|)܌[Xs-:$kϵ<dߦFV]eNO>Mjy%ngxDP/EMۮd8_6 m{S<|~ǬlI:;( X3'V3lմ!|==ʻ巡<"k.֌F UߘxaO#tBq0^`~ڽ hO_X %Cߚ˳gx0cXgJougL<׉=RbCկ8.$w3ɠxag7?|->kC_8G:q^?kO~g:׿Ÿ%C?niO_? B忖!#Ÿe/+OΣ3Ӈ3D*GO ޶Ro+ 7{S AA@A@   Checks to see if the organization allocates sufficient audit record storage capacity and configures auditing to reduce the likelihood of such capacity being exceeded.dConsidering the auditing requirements in control objective AU-2, ask the administrator if there has been enough storage allocated for capturing and retaining audit logs. Note: if the server stores logs onto a dedicated syslog server, ask the administrator if that server has been allocated enough space to handle the requirements in control objective AU-2._Local or syslog server has enough space to capture and retain the logs generated by the system.Ask the administrator if the appropriate organization officials are notified if any of the following occur: Software/hardware errors, failures in the audit capturing mechanisms, or audit storage capacity being reached or exceeded_Appropriate organizational officials are notified in the event of an audit processing failure.Checks to see if the organization regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to appropriate officials, and takes necessary actions.xAsk the administrator if the following items are being recorded with the audit log output. Make note of any exceptions: -- (i) date and time of the event; (ii) the component of the information system (e.g., software component, hardware component) where the event occurred; (iii) type of event; (iv) user/subject identity; and (v) the outcome (success or failure) of the event.ZAuditing is configured to meet all requirements within the operating systems capabilities.`Checks to see if the information system provides time stamps for use in audit record generation.Ask the administrator if the audit reporting system, possibly NAAS, is configured to provide timestamps for use in audit record generation.*Timestamps are included with audit output.Checks to see if the information system protects audit information and audit tools from unauthorized access, modification, and deletion.ZProtection mechanisms have been implemented to protect the auditing system and its output.Checks to see if the information system alerts appropriate organizational officials in the event of an audit processing failure and takes the following additional actions: shut down information system, overwrite oldest audit records, stop generating audit recordsTester:Date: Location:IRS Safeguard SCSEM LegendTest Case Tab: Execute the test cases and document the results to complete the IRS Safeguard Computer Security review. Reviewer is required to complete the following columns: Actual Results, Comments/Supporting Evidence. Please find more details of each column below. (Identification number of SCSEM test caseNIST ID'NIST 800-53/PUB 1075 Control IdentifierObjective of test procedure.6Detailed test procedures to follow for test execution.LThe expected outcome of the test step execution that would result in a Pass._The actual outcome of the test step execution, i.e., the actual configuration setting observed. Pass/FailJReviewer to indicate if the test case pass, failed or is not applicable. Comments / Supporting EvidenceReviewer to include any supporting evidence to confirm if the test case passed., failed on not applicable As evidence, provide the following information for the following assessment methods: 1. Interview - Name and title of the person providing information. Also provide the date when the information is provided. 2. Examination - Provide the name, title, and date of the document referenced as the evidence. Also provide section number where the pertinent information is resident within the document (if possible). Ensure all supporting evidence to verify the test case passed or failed. If the control is marked as NA, then provide appropriate justification as to why the control is considered NA.Comments/Supporting Evidence SC-8, SC-9vAsk the administrator about the current logging implementation. Spend time looking for audit capabilities and compliance with the following requirements. -- The audit trail shall ... *capture all successful login and logoff attempts. *capture all unsuccessful login and authorization attempts. *capture all identification and authentication attempts. *capture all actions, connections and requests performed by privileged users (a user who, by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users. Such persons will include, for example, the system administrator(s) and network administrator(s) who are responsible for keeping the system available and may need powers to create new user profiles as well as add to or amend the powers and access rights of existing users). *capture all actions, connections and requests performed by privileged functions. *capture all changes to logical access control authorities (e.g., rights, permissions). *capture all system changes with the potential to compromise the integrity of audit policy configurations, security policy configurations and audit record generation services. *capture the creation, modification and deletion of user accounts and group accounts. *capture the creation, modification and deletion of user account and group account privileges. *capture: i) the date of the system event; ii) the time of the system event; iii) the type of system event initiated; and iv) the user account, system account, service or process responsible for initiating the system event. *capture system startup and shutdown functions. *capture modifications to administrator account(s) and administrator group account(s) including: i) escalation of user account privileges commensurate with administrator-equivalent account(s); and ii) adding or deleting users from the administrator group account(s). *capture the enabling or disabling of audit report generation services. *capture command line changes, batch file changes and queries made to the system (e.g., operating system, application, database). Interview the administrator about the use encryption when information is transferred to and from the Netware server. Depending on what services are running on the system, Novell provides several configurable options such as the use of TLS encryption when serving pages hosted by apache or setting NCP packet signatures on traffic sent to and from workstations. These are examples are not the only possible methods of ensuring integrity in data sent to or from the Netware server.Checks to see if the information system terminates a network connection at the end of a session or after a organizationally defined amount of inactivity. Interview the administrator to determine what service are running on the NetWare server. Services such as ssh, http, mysql, and others including web-based management interfaces should be configured with a timeout value set in accordance with the organizations policy.KAsk the administrator about any publicly accessible services that the Netware server is hosting. If the server is hosting a publicly accessible web application such as a website, and an administrative or management service such as a database server; ask the administrator what measures are being used to separate the two services. VManagement and user based services and applications are either physically or logically separated. Separation may be accomplished through the use of different computers, different central processing units, different instances of the operating system, different network addresses, combinations of these methods, or other methods as appropriate.`Netware, by design, has supported the Trusted Computer System Evaluation Criteria (TCSEC) [DoD5200.28-STD] since 4.x or before. Ask the administrator if any add on software components have been installed that would contribute to issues that arise from sharing previous resources that have not been appropriately sanitized and made available for reuse.Interview the administrator to get a g< ood understanding of the services that are provided by the NetWare server. Ask if any additional configuration was performed to protect against DoS attacks. In addition to service configurations on items such as Apache, other Novell applications such as BorderManager could be installed and configured to perform additional port blocking, rate limiting of TCP connections, or black listing of particular networks that are the cause of the DoS attack. Ask the administrator if specific hosts or devices have been determined to need to authenticate or identify themselves before a connection can be established? If so, are these hosts required to identify/authenticate by IP address, MAC Address, or via a Radius server?Information systems that are required to authenticate or otherwise identify themselves are using IP, MAC, RADIUS, or other well know authentication and identification methods.Ask the administrator to show that the Novell International Cryptographic Infrastructure (NICI) modules/software have been installed. The NICI should also be installed on the Novell client for Windows if used. The operating system is configured to meet all requirements possible within the capabilities of the operating system's audit configuration options. Note any exception that are limitations of the operating system.Ask the administrator about audit log reviews. Does the current log review procedure meet the control objective? Note any exceptions.Audit logs are reviewed for suspicious activity, access control changes, or other inappropriate activities and events are reported to the appropriate officials.]Ask the administrator if the currently implemented password controls meets the test objective5Current password controls meet the control objective.Using a tool such as iManager, Console One or NwAdmin, have the administrator show how access to objects within the E-DIR are controlled. How are roles defined meaning what authorizations are required before a user can be added to a role? Also, ask the administrator to check privileged accounts such as "admin" for use of the "security equal to me" option. Discuss how a user is granted these rights and what documentation is necessary for a user to be given this admin equivalent privilege. Ask the administrator if separate roles have been defined for specific tasks. This can be performed using Roles in Netware where each role has assigned members that are responsible for a specific task.hThe Netware deployment makes use of roles and user assignments to those roles to perform specific tasks.$Interview the administrator and ask about what steps are involved in creating a user, group, or role. Specifically ask if the principle of least privilege is used when account, groups, or roles are created. Are users granted permissions that would allow access to areas that are not required?LThe principle of least privilege is used when creating objects in the E-DIR.kAudit logs are reviewed for suspicious activity, access control changes, or other inappropriate activities.gAll remote access to the Netware environment is monitored and checked for unauthorized access attempts.Users shall be prohibited from changing their passwords for at least 15 days after a recent change. Meaning, the minimum password age limit shall be 15 days after a recent password change. Privileged users shall be able to override the minimum password age limit for users when necessary to perform required job functions. |The information system shall routinely prompt users to change their passwords within 5-14 days before such password expires.`User account lockout feature shall disable the user account after 3 unsuccessful login attempts.rAccount lockout duration shall be permanent until an authorized system administrator reinstates the user account. lDefault vendor passwords shall be changed upon successful installation of the information system product. BSystem initialization (boot) settings shall be password-protected.~Passwords shall not be automated through function keys, scripts or other methods where passwords may be stored on the system. Null passwords shall be prohibited to reduce the risk of compromise through rogue enticement techniques or other attack and penetration methods. Use of dictionary words, popular phrases, or obvious combinations of letters and numbers in passwords shall be prohibited when possible. Obvious combinations of letters and numbers include first names, last names, initials, pet names, user accounts spelled backwards, repeating characters, consecutive numbers, consecutive letters, and other predictable combinations and permutations.Users shall commit passwords to memory, avoid writing passwords down and never disclose passwords to others (e.g., with a co-worker in order to share files).sChecks to see if the information system provides mechanisms to protect the authenticity of communications sessions.!Ask the administrator if VPN technologies are being used to remotely access and administer the server, TLS is used for protecting the transmission of secure data during web access/management, and if ssh is used for secure access when command line utilities are needed by the administrator.Any service requiring security of communication sessions are being secured with the appropriate security technology. Examples are VPN, TLS, SSHqPasswords shall be a minimum length of 8 characters in a combination of alpha and numeric or special characters. Passwords shall be changed every 90 days, at a minimum, for standard user accounts to reduce the risk of compromise through guessing, password cracking or other attack & penetration methods.Passwords shall be changed every 60 days, at a minimum, for privileged user accounts to reduce the risk of compromise through guessing, password cracking or other attack and penetration methods. cPassword changes for standard and privileged users shall be systematically enforced where possible.Passwords shall be systematically disabled after 90 days of inactivity to reduce the risk of compromise through guessing, password cracking or other attack and penetration methods.cUsers shall be prohibited from using their last six passwords to deter reuse of the same password. Checks to see that for information requiring cryptographic protection, the information system implements cryptographic mechanisms that comply with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.Ask the administrator if the NICI services that are native to Netware have been disabled or are not used to encrypt sensitive data. Netware 6.5 has the ability to encrypt data using the NICI with full PKI encryption support.<The NICI service is running and sensitive data is encrypted.pNative or third party applications or devices have been configured to protect the Netware host from DoS attacks.Checks to see if the information system separates user functionality (including user interface services) from information system management functionality.~Checks to see if the information system prevents unauthorized and unintended information transfer via shared system resources.wNo additional software that would cause unintended information transfer via shared system resources has been installed.kChecks to see if the information system protects against or limits the effects of denial of service attackslPasswords or other types of authenticator feedback are obscured from being seen by unauthorized individuals.IA-7Checks to see if the information system employs authentication methods that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.&The NICI framework has been installed.AU-3AU-2AU-4AU-5AU-6AU-8AU-9SC-2SC-5SC-4SC-10SC-13SC-23IA-6Checks to see if the information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.IA-5AC-14Ask the administr< ator if there actions that can be performed on the Netware deployments that can be done without user authentication.cAll actions (if any) that can be performed without identification and authorization are documented.AC-17|Checks to see if the organization authorizes, monitors, and controls all methods of remote access to the information system.xAsk the administrator if all remote access to the Netware environment is monitored and checks for proper authentication.IA-2Ask the administrator if all user accounts are unique. Also, ask if all user accounts or processes such as apache or mysql are unique and require passwords or other authentication method.LAll user accounts are unique, have passwords or other authentication method.IA-3wChecks to see if the information system identifies and authenticates specific devices before establishing a connection.tChecks to see if the information system automatically terminates a remote session after a defined amount inactivity. Ask the administrator if session locks are enabled for admin consoles such as Console One, Rmanager, iManager, or on Workstations running any of these services remotely. All interactive sessions should employ a method of locking a session after a period of inactivityAsk the administrator if session termination is enabled for admin consoles such as Console One, Rmanager, iManager, or on Workstations running any of these services remotely. All interactive sessions should employ a method of session termination after a period of inactivitySession termination is enabled.Ask the administrator how the organization reviews audit records (e.g., user activity logs) for inappropriate activities in accordance with organizational procedures. Also as if the organization investigates any unusual information system-related activities and periodically reviews changes to access authorizations. Finally, as if the organization reviews more frequently the activities of users with significant information system roles and responsibilities.Ask the administrator to show the warning banner. This banner should be used for user authentication to a workstation as well as for authenticating to network based services such as SSH.AC-11Checks to see if the information system prevents further access to the system by initiating a session lock after a period of inactivity, and the session lock remains in effect until the user reestablishes access using appropriate identification and authentication procedures.ZAll interactive sessions employ a method of locking a session after a period of inactivityChecks to see if the organization identifies and documents specific user actions that can be performed on the information system without identification or authenticationAC-8vAsk the administrator about the deployment of the Netware environment. From this information, determine the if the environment encompasses several interconnected systems. These interconnected systems could be comprised of multiple Netware servers in a read/write, or read-only setup or it could be Netware severs running SSH, Apache, or other web based service deployments. Checks to see if the organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls.AC-7Checks to see if the information system enforces the most restrictive set of rights/privileges or accesses needed by users (or processes acting on behalf of users) for the performance of specified tasks. Checks to see if the information system enforces a limit of consecutive invalid access attempts by a user during a time period. The information system automatically delays next login prompt according to when the maximum number of unsuccessful attempts is exceeded.If the Netware deployment involves several interconnected systems, access controls are in place to prevent unauthorized information flow between systems. mChecks to see if the information system enforces separation of duties through assigned access authorizations.AC-5AC-6Interview the administrator: Ask if there are measures in place to enforce a limit of consecutive invalid access attempts by a user during a specified time period. This could include delaying the login prompt or temporarily locking the account.Objects within the E-DIR should be employ access controls. This could be by user, group or container or a more granular approach. Users listed, if any, with security equal to the admin user are both required and documented.AC-4Checks to see if the information system enforces assigned authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.Expected ResultsChecks to see if the information system generates audit records for the following events: (NOTE: This is a very long list. It may be easier to paste into a text editor for ease of use) Also, make note of any requirements that cannot be met due to operating system limitations. AC-2Checks to see if the organization manages information system accounts, including establishing, activating, modifying, reviewing, disabling, and removing accounts. The organization reviews information system accounts to ensure that existing accounts are being controlled properly.User accounts are reviewed at least annually to ensure accounts found in the E-DIR are necessary and that account privileges are assigned correctly. No accounts exist for individuals that are no longer associated with the organization.Checks to see if the information system enforces assigned authorizations for controlling access to the system in accordance with applicable policy.Actual ResultsTest IDTest Objective Test Steps Test MethodOut-of-Scope ReasonRA-1 Control covered in the MOT SCSEMRA-2RA-3RA-5PL-1PL-2PL-3PL-4PL-5,Control not selected in IRS Publication 1075PL-6SA-1SA-2SA-3SA-4SA-5SA-6SA-7SA-9CA-1CA-2CA-3CA-5CA-6CA-7PS-1PS-2PS-3PS-4PS-5PS-6PS-7PS-8CP-1CP-2CP-3CP-4CP-6CP-7CP-8CP-9CP-10CM-1CM-8MA-1MA-2MA-3MA-4MA-5MP-1Control covered in the SDSEMMP-2MP-3MP-4MP-5MP-6PE-1PE-2PE-3PE-4PE-5PE-6PE-7PE-8PE-9PE-10PE-11PE-12PE-13PE-14PE-15PE-16PE-17PE-18SI-1SI-3SI-4SI-5SI-8IR-1IR-2IR-3IR-4IR-5IR-6IR-7AT-1AT-2AT-3AT-4IA-1IA-4AC-1AC-18AC-19AC-20AU-1AU-7AU-11SC-1SC-12SC-15SC-17SC-18SC-19SC-20SC-22SCSEM Results DashboardStatus # of Tests Percent (%)PassFailInfoNot ApplicableBlank (Not Reviewed)Total Tests Performed-Total # Tests AvailableInterview ExamineAC-3 InterviewExamine.Checks to see if all user accounts are unique.Observe the administrator login to the system to verify passwords are obscured when they are entered at any of the Novell login prompts. This includes, but is not limited to Rconsole logins, SSH logins, iManager or Console OneChecks to see if the information system produces audit records that contain sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events.YServices are set to disconnect or timeout when 15 minutes of inactivity has been reached.{Observe the configuration and ask the administrator if the currently implemented password controls meets the test objectiveVersion Release DateSummary of ChangesName First Release References+IRS Publication 1075, October 2007 Revision Control ID=Control covered in operating system and network device SCSEMsCM-2CM-3CM-4CM-5CM-6CM-7CP-5MP-7SA-8SA-10SA-11SC-7SI-2SI-9SI-10SI-11SI-12 First M. Lastmonth d, yyyy - month d, yyyyCity, STAgency POC(s): Name: Telephone # Email Address(###) ###-#### x#####First.M.Last@xx.xxx NIST ControlProcedures: 1. Interview the administrator verify the process and proce<Ddures for receiving security patches and updating vulnerable systems. 2. Examine the system patch level and verify it is compliant with the currently released patch level by the vendor.A process and procedures are in place to identify patches and patch vulnerable systems. The system patch level is compliant with the current vendor patch level.Account ManagementAccess EnforcementInformation Flow EnforcementSeparation of DutiesLeast PrivilegeUnsuccessful Login AttemptsSystem Use Notification Session Lock:Permitted Actions without Identification or Authentication Remote Access&User Identification and Authentication(Device Identification and AuthenticationAuthenticator Feedback#Cryptographic Module AuthenticationAuditable EventsContent of Audit RecordsAudit Storage Capacity%Response to Audit Processing Failures)Audit Monitoring, Analysis, and Reporting Time StampsProtection of Audit InformationApplication PartitioningInformation RemnanceDenial of Service Protection4Transmission Integrity, Transmission ConfidentialityNetwork DisconnectUse of CryptographySession AuthenticityAuthenticator ManagementFlaw RemediationPass / Fail / N/A / Info Updated the following; 1.) NIST mapping per test case - Clarification of one NIST control per test case. 2.) Added NIST 800-53A Test Methods (e.g. Test, Examine, Interview). 3.) Added Out-Of-Scope controls tab. 4.) Added Dashboard tab to automatically calculate the Test Case results. 5.) Added Sources tab to identify sources for the Test Case material. 6.) Added SCSEM disclaimer language.DIRECTIONS FOR SCSEM USEThis SCSEM is used by the IRS Office of Safeguards to evaluate compliance with IRS Publication 1075 for agencies that have implemented Novell Netware for a system that receives, stores, transmits or processes Federal Tax Information (FTI). Agencies should use this SCSEM to prepare for an upcoming Safeguard review, but it is also an effective tool for agencies to use as part of internal periodic security assessments or internal inspections to ensure continued compliance in the years when a Safeguard review is not scheduled. Also the agency can use the SCSEM to identify the types of policies to have in place to ensure continued compliance with IRS Publication 1075.Audit GenerationAU-12Checks to see if the information has audit record generation capability, allows the selection of auditable events, and can generate audit records for the list of audited events defined in AU-2 with the content as defined in AU-3.Examine audit generation mechanism. Ask administrator if they sort by and select event and event criteria based on AU-2 and AU-3.PM-1PM-2PM-3PM-4PM-5PM-6PM-7PM-8PM-9PM-10PM-11 AC-21AU-13AU-14SA-12SA-13SA-14SC-25SC-26SC-27SC-29SC-30SC-31SC-33SC-34)SI-13SC-16uAudit capability is utilized, automated, and allows for selectable and sortable criteria as defined by AU-2 and AU-3.Number of test casesLast test case row:IR-8IA-8Checks to see if the information system displays an approved, system use notification message before granting system access informing potential users.HExpected Results: The warning banner is compliant with IRS guidelines and contains the following 4 elements: - the system contains US government information - users actions are monitored and audited - unauthorized use of the system is prohibited - unauthorized use of the system is subject to criminal and civil penalties Booz Allen HamiltonjNIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, Revision 3gConsecutive invalid login attempts are limited to 3 using Netware utilities such as intruder detection.#DESCRIPTION OF SYSTEM ROLE WITH FTInProvide a narrative description of this system's role with receiving, processing, storing or transmitting FTI.System Hostname:[The dashboard is provided to automatically calculate test results from the Test Case tab. The 'Info' status is provided for use by the reviewer during test execution to indicate more information is needed to complete the test. It is not an acceptable final test status, all test cases should be Pass, Fail or N/A at the conclusion of the review. Examine permission settings for the audit log files. Ask the administrator if the measures are taken to restrict the use of auditing tools and protect their output so that they can only be read by users with appropriate privileges, and cannot be deleted or modified.NChecks to ensure the system is current with vendor released security patches.Ask the administrator how often account as reviewed for consistency with the test objective. The administrator should be able to demonstrate that all users within the E-DIR (formerly know as NDS) are necessary and are reviewed periodically. Note: Remote access is defined as any access to an agency information system by a user communicating through an external network, for example: the Internet. Checks to see if all FTI data in transit is encrypted when moving across a Wide Area Network (WAN) and within the agency s Local Area Network (LAN). OA FIPS 140-2 validated encryption mechanism is used to encrypt transmitted FTI.FUpdated for NIST 800-53 Rev 3 Updated for new Publication 1075 versionThe IRS strongly recommends agencies test all SCSEM settings in a development/test environment prior to deploying them in operational environments because in some cases a security setting may impact a system s functionality and usability. Consequently, it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configuration should match the operational system configuration. Prior to making changes to the production system agencies should back up all critical data files on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary. The IRS welcomes feedback and suggestions from agencies in regard to individual SCSEMs.pSafeguard Computer Security Evaluation Matrix (SCSEM) Novell Netware 6.5 Release IV July 30, 2010 Version 0.3V   E0 9$%  . I G  F !O!!N!"H""O""4#r#9#N$!''(Y( ( ++,-z27 ,4 i4 4L i5 ^8[=ccB  +LQsS  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,333333?333333?&<3U} $ } } $ }  } I} } $ +                           @                              0l*2# $ % & ' ( *  # #1 $ $2 % %3 &4 &5& &6& & 7 '1 '8 ' |9 (1 (8 ( |9 *xL**|(   %O2 S N Group 2Horizontal Rule" ] `b~vB B >?Line 3%O]`"|B  D)?Line 4Z 22]`4  JA 1?IRS Logo-"]N`A $A| d Word.Document.8>@  '' yK First.M.Last@xx.xxxyK Nmailto:First.M.Last@xx.xxxyX;H,]ą'c(( yK First.M.Last@xx.xxxyK Nmailto:First.M.Last@xx.xxxyX;H,]ą'cggD  ]1a  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,333333?333333?&<3U    D@            ]  ^       @0$0$0$0$$$$$$>@"    ggD  fk  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"dXX333333?333333?&<3U} } }  J      0   @  ] ^_ ` ` a b+c ;1PassAZ.d #DD B e+c ;1FailAZ.d #DD B f+c ;1InfoAZ.d #DD B g *c ;1N/AAZ.d #DD B e $TH@ ;1A["d?  DD  e # V  %[ h  i # H@  % j    H@  D .I@ ;@@B@"*ooon\CC1>@      ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@D  ; ;@@B@B@$C@D{+{  {+{  {+{ {+{  {+{  {+{  {+{ {+{ {+{ {+{ {+{ {+{ {{ ;@@B@B@$C@3[ t|{{ ;@@B@B@$C@3[ t| Sheet2ggD  2}\  dMbP?_*+%&?'?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"dXX??&U} D} m} E} E} E} E} $E} E} m D} B} $ E 2  e@                        @  \      C A: A C C C C C C[ S~ T? = U U U Z U UTV ~ T@ > U U U U0 U UTV ~ T@ ? U U U U} U UTV ~ T@ @ U U U U1 U2 UTV ~ T@ A U U U U3 U4 UTV ~ T@ B U U U U U UTV ~ T@ C U| Z U Uw  UTV ~ T @ D Ux Uy U Us Uz UTV ~ "@ V a r  t u  ~ T$@ = U U~ U Uv U5 UTV ~ T&@ E Ug U{ U Uh Ui UTV ~ T(@ F Uj Uk U Ul U6 UT ~ T*@ G Um U U Un Uo UTV ~ T,@ H Up Uq U U( U) UTV ~ T.@ I Ud Ue U U US UTV ~ T0@ J UT UU U U* UV UTV ~ T1@ K UX U U U U+ UTV ~ T2@ L UW U U U U UTV ~ T3@ M UY U U U U UTV ~ T4@ N UZ U U U U UTV ~ T5@ O U[ U U U, U- UTV ~ T6@ P U\ U U U U UTV ~ T7@ Q U] U U Z U UTV ~ T8@ _ U` Ua U Ub ~~ UTV ~ T9@ R U^ UO U U$ U% UTV ~ T:@ S Z` ZP U Z& ZQ ZY[ ~ T;@ T U_ UR U U' UN UTV ~ T<@ U U U U U! U UTV ~ T=@ V Ua U" U U# U UTV ~ T>@ W Ub UK U UL UM UpV ~ T?@ X Uc UB U UC UD UpV Dlrrrrrrrrrrr~rrrrrrrrrrrrrrrrrr ! " # $ % & ' ( ) * + , - . / 0 1 ~ T@@ Y Uf WE k U U/ UpV ~ !T@@ !Y !Uf !XF !k !U !U/ !UTV ~ "TA@ "Y "Uf "WG "k "U "U/ "UTV ~ #TA@ #Y #Uf #XH #k #U #U/ #UTV ~ $TB@ $Y $Uf $WI $k $U $U/ $UTV ~ %TB@ %Y %Uf %XJ %k %U %U/ %UTV ~ &TC@ &Y &Uf &W7 &k &U &U/ &UTV ~ 'TC@ 'Y 'Uf 'X8 'k 'U 'U/ 'UTV ~ (TD@ (Y (Uf (W9 (k (U (U/ (UTV ~ )TD@ )B )U )X: )k )U )U/ )UTV ~ *TE@ *B *U *W; *k *U *U/ *UTV ~ +TE@ +Y +Uf +X< +k +U +U/ +UTV ~ ,TF@ ,Y ,Uf ,W= ,} ,U ,U/ ,UTV ~ -TF@ -Y -Uf -W> -} -U. -U/ -UTV ~ .TG@ .Y .Uf .X? . .U. .U/ .UTV ~ /TG@ /Y /Uf /W@ /} /U. /U/ /UTV ~ 0TH@ 0Y 0Uf 0XA 0 0U. 0U/ 0UcV ~ 1TH@ 1Z 1~, 1W 1~ 1}; 1}< 1UcV (l Trrrrrrrrrrrrrrrrr  (  R  C ]F!@4 d ZR  C ]F!4 d ZR  C ]F! 4 d ZR  C ]F!4 d ZR  C ]F!`4 d ZR  C ]F!4 d ZR  C ]F!4 d ZR  C ]F!@4 d ZR   C  ]F !4 d ZR   C  ]F ! " d >@P "ѠA w 00;Info;@Fail;Pass;N/A1111;Info;@Fail;Pass{U{0&;{U{0&;@{U{0&;P{U{&;13{U{11&;{U{11&;@{U{11&;Py  Input Error5Please enter an accepted value: Pass, Fail, N/A, InfoPassFailN/AInfoN1 Sheet3ggD  $<tL  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d333333?333333?&<3U} } 8       w  x  x  x  x n x  z  z  x x x x o x p x  x  x  x  x  x  x  x  x   x ! x " x # x $ x % x  x  x  {  xDl !"#$%&'()*+,-./0123456789:;<=>? { ! !x "& "x # #x $ $z % %{ & &{ ' 'x ( (x ) ) * *z + +z , ,x - -z . .z / /z 0 0x 1 1 2 2x 3 3x 4 4x 5 5x 6 6x 7 7{ 8 8{ 9 9{ : :{ ; ;{ < <{ =' ={ > >{ ? ?{Dl@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ @{ A A{ B B{ C C{ D D{ E E{ F F{ G G{ H H{ I I{ J J{ K K{ L L{ M M{ N N{ O O{ P Px Q Qx R Rx S Sx T Tx U Ux Vc V{ Wl W{ Xm X{ Yd Yx Ze Z{ [f [{ \g \{ ]h ]{ ^i ^{ _j _{Dl`abcdefghijklmnopqrstuvwxyz{|}~ `k `{ a az b bz c cz d dz e ez f fz g gz h hz i ix j jx k kx l lx m mx n) nx o* ox pq px qr qx rs rx s sx t tx u ux v vx w wx x xx y( yx z zz { {x | |x } }x ~} ~x  xDl x x  {  { t x u x v x w x x x y x z x { x + x x . { / { 0 z | x , y x x x x - {4>@A  Sheet4ggD  8  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"dXX333333?333333?&<3U}        sqqqqqqqqr vttttttttu  vttttttttu  P**>@   Sheet5ggD     dMbP?_*+%&?'?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,??&U} G} J} 1F} m}F} F} mG} F} &H} IF} II} AF} F} $ F ,X@X@@,N,@,@@ @ ,@ @    KLLLF  MO P MF  MFF  MFF  MF F   M F F   Q F F   R F0&:::::>@RR J    w  Sheet6ggD    dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"dXX333333?333333?&<3U} I} %}   l l l lm$@nA@ o m4@n@ \ >@@   <822>@A  Sheet7ggD X 8Safeguard Computer Security Evaluation Matrix (SCSEM) IRSJonathan IsnerMicrosoft Excel@Q:@v)@Ys7՜.+,D՜.+,t0 PXh px BA&H CoverPurpose DashboardDocumentSummaryInformation8CompObjr Test CasesOut of Scope ControlsSourcesLegend Change Log  Worksheets$ 8@ _PID_HLINKSA kHmailto:First.M.Last@xx.xxxkHmailto:First.M.Last@xx.xxx F&Microsoft Office Excel 2003 WorksheetBiff8Excel.Sheet.89q