ࡱ> 9:;<=x  !#$%&'()*+,-./012345678?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry F$F@Workbook  MBD00050A34  F_W7_W7Ole =  -F!cover!Object 1  F'Microsoft Office Word 97-2003 Document MSWordDocWord.Document.89qOh+'0  4 @ L Xdlt|Christian, Michele  Normal.dotmChristian, Michele Data 81Table",CompObjyOlePres000>\8DdO zp<  C Ab48{ߌ[4yͰL8Dn8{ߌ[4yͰLPNG  IHDRO:EgAMA pHYs12N– IDATx}8e}{p#0rCG`9&r"D3KPxg`EF.oϼX̋ϼX̋ϼX̋ϼX̋ϼX̋ϼX̋0+놡y8ck+Sx脰:D[Q/[??HPTI5o HuoD1ճC ]^Qhz|`VOOay Z8n#ʬCR6RJUoZ篟tXܳCPZNa~FET5ېbns#n[.ZW>w9 |[FV,:xۧ/{k>qvD h"СP))F #ƟS)!GĎjJ3+Dbm5Ĕn~CZLCa#`m魜;?kWOV!Jm UKaܣj\$܄=O9FV"kTגyn- jVw!:j<ݜwAxND(ySzYKz>pRN=XT*QU/{o+T&iJ6YK~=H'?0Ou7-峭+5GdA:Vc&~E|OJӒ*X@UNHtc>Z󋄆4OgҨz/'~BQ1| .3SZ$N588l ՃbjU4&٢x/1fç#N-olKu!,O[\g(yϨh:\4{5q=~)|*Xpu0zc7C6Jg5}9AFtFqr74՚ d4ϣnVH A? 'bq„c|sB&IPݝ6m}궕i#:'PfC.4NUc31Zoj!4Oqf3]o"eLt W<'aM(>e5v M:_Y*y]Ɓ ďg%u =ԖIWqBYm]Gn 4<rф 傼;+ZܞQ |V^kɶ=KL)9#bчMBHdG tSs 6( W<ϖO3qͧTʴ[K` k߂cd ؑ/\^芊 >1_OO, λX%Z뤿6@qNgϗI3<=Α}M:skfwvA[" %cŖ=yTwt|P @Y9[jO==E /`1{zX Uѫc5qVxͤe+WbJkAmؗHv&5vmԜ0?0`OwjtkᾛMX;>_*I|p۫7QǢr&C"[m%Ls h6>%k^n{;8c,z'F3{?ͲQ{@?YM|R5\טT}dufx ]"H!' C~H)ӘDVi})"OҼFZL0+IO1&f>}OXwMZѺJnrtw2@v&O7>z?l3bS]';q:MyT'fEmS ű+HZOn,Fa `D7·(-$T*&󟟢ܣX^$Q;_MuKé(Uֆ1uCs1XGb6(kg3h١Rq"3n논%SRbKO,Ts~f~90C`QɨĬlYkTsL,'˼k N ۽ [rLc(>-ZA )ҟFJAt~O[~O)gA{'maQ aB3r#Sq#rО5$Pb=6 ՅZvѺEfD+1EѾDT $wV{cDyhK֚&{)t }5 EyTV\vj.AsTr ;21Vm|hY%!#n>q^: nI {N4}&8Zܚ6HȖ܊)*# zc۶7o= 1z E@l>}= ׌7EBe¦cБ~P {9dkwe5-|dBͫ7EQm]eU0kl\% ~߳zlLrGݠ5fq~Ê Mb஁՚;vpl_3N( a5LfH>&Qb0'=fbLO&߃uY+XPEDJW]3LLL UJ oYs_M'6($>LYcR31[mU %G9L'0.Xָ*vKZ߫Z?NFD>}2 >wV _U 7Q <\YhNh1U=H' x?BkS|blyjrrDTP,8pCwqm?dο"B_WeP]ڀk{e'bf0ݑ]'إ)ԮZg:ħ0nY-ˍ :*1稝 RjVWAN$(VT@W&iP?|opOj=@Z=Nx>;&=VSj'4 &*NwCvό5\4c=:_8~T`w Ci??ҍ}mkP3ZGuxkТ-q K@ $Gۖ [ѐZJدqЀau|'eM_͉v*l' xZ3NX:D2m΂-Dzwk1@t_xUڏ|G-U~lLKوĞڱeJ? /v|v܈k,'|`Lqu`a0QT'{KE!S$,kض'8NՀ88dRdy:7pbmd?uPs7a,zh4@2,|u m16j=yסhg9Ms5'.)lp*,Gxst% UgBu 3ggwhxy׃$Ӏ._)$/]uQI͟ἧ&O:@9T'>t~m 4~@sTodZ揥&"_ [$)(zuOoyqS]n?ħyx++W"%EUO{/`,P'^qbN -=8R/]uF<'PkViHguDvTq=4~9 E[:=S{uCrN2o3CU%^MtKs^çyG-VK26۲uYwg3ЀRuJnى| +ZL'm)D9,,ϧw։MɓnS.!#1N)rt#|nDX~ұDx:} hG"8DD5׀AOI` C*T ^NԢ#qoWD^Km^NJϩ 4FŖBӳ٦hz4y.4yҝ4dIB,^N,il xs EbD CFLE[% aQNƏ*żgQ% *k<s&Tq~)qgK#X nX|L )4tsl(%9y3ڏ|ڑhzKn%g|S&)\>נo@3([W`ЎD_$ WQ`-Ml[C *\Dn ^0Cxj}A-.O5Af7JhtY?`Z|?}H$=E[]g?N><$*hnY !*2S>||Ͼ"ey?\ꋆCXAE)qO_EP=)N r ڱWoK]>,g䓿rwo?ۏU\2!QAp4._~0HhSBY2@"XbjZãuE+N;{b7Oy ۥ1{i3;irMCPq?wf|`*gBQ mGCvEǡ2CD:Sqxtd?r/J,P'O0[߻la<о@cH'i0o1h篟~ 7c=KY}H9PQq| ? /ЮwTdml&=ʒè ,3 Yf*s}73lǜJ<[y|OOm:*KD؃0 >g/CMrwDESt,|&sonu!]{yCDP`;4}toS^OwG/1Յ3٧*N.@~Hnl|mI}E5I 3$LNW`UXBowN?vNLDw|.ݪ8J:*Vn_1 a7 ?A)wk*B6sX.tpיhbЏADgO[Q?{l5LQ<76ٍ$UolFLs )9i"p ]msPw'6/l6j;Bňj kƶhԽ3 X}RWv]Nat;΅bPWU9s5z8%w_DDGݓD:Jܡr̷Đ}`Dh._G.E>IF.b=b#>Cͥ'1]sWO?9:L $(qTO97h*h0SJAV\:Dh=ΰk^ZK4N4SoNNZX>! []'*R힓]0*OPqy{K/IT[g ."Onn|ul}^-a"4byrab/<^)Pt7nF`e"Rص d5t[2~DNlRӇ˥a>SAۿK#sU?=x7ǽ ḀG~uZ.w鞖1EL\/\f<Ѯ04ԺzzOgٮ1i{u^,WF]\85PEB9bYiӶ5l]a~Im9e%dDŽ!`bKewKtRoO+VO2.e OO?|e|Sx|$+cֹB}ҙS=Rx#Xc%K|B{C 7cԟ}@TX@bn"ˋZvQe(b^œi[}nKA,8R⪞GKj#Lz67 fPS=C# vQ7+wB&o\~l좢E} ٠Ds`/'ב4Qr)qik )e-1B\ϯǓ2|cx{%F9!s9Y¥r1<)\[NS΂ߏkat~\D/#.0mbp<((v`hĊ/]㾼fUxL,۹h-Dq|.&\ARfj\lzxbՉWxY>vH5+ a.2_~kF &_'4 <螦oUlFwIEEяⰫ3އ"x !I[= ߸N|gdd9s& McbTrC13u)\qy)`f/2&A-0Kt O%wV3>>"s":Y#ɟ~t N)3*#5Vi ĶޘUx煱;Ձpn_³mw<*҆SxyfM:O' .mj r>ҋ"n*NT4pN c \)1 {on^ WXdrqޑy0]{tVgź? *xntlo:p;Fݱ&-WJ]0\OXg>.)8u;":y۱=ǐ淖}/ѳ"p+e:&s&gNg<8fe[M蚧}xV8q$,;<?wvG8$g}-y;,*=Qxu`w*ޟ쿽p:^cWqxd]YbPT怚wRfE"za0Z1јa4U{IMхBI*PEq,.bPlvLMZzm;Q|FJL#qL wbKzo6\#|3g/FcF3VUxd1dy #UB|q|F,~`C5>fG11]˞#y=~hauucX!-q|ڻ >=':B~[h*NV|=Mɧ92Y (E* vfx %ߵ $+lgoaBgڍ18M@Ty-q =k ;p1N/JPIeUKrk /PPG" XE7@ ?)8֋(|& <]_EmE#æV\lވbSM/2( d|izy8 yeo'+-kF3X@iK;-^(۽#m6yܔO"7?T,G/QdōLꚃlcL˰ |F3P6"|>Zё.(#§1Ѫ)ħ1Ƿɵوth1ُ)ɱ?<>JA<+ ?t/d CWOC#+y+y+y+y+y+y+y+y+y+y+y+y+yWQ~?|q^R2j^%"Eh嘫g^|g^|g^|g^|g^|g>$pxW.>w@YoJѝSqzx:tn4W%sW䡽F1kymЉO2g?Y3:̤&bstU] |b`,Vl k& W(|2\i|\}1ɸK^9(vS>B |9 >7ç6NcBB"|Xgx>8.45ǧp| [Qj{cюefu ;)X&~Jȧ5'| Ơ#2C AT.gӷtⳋsN pCvm>x~l bj; T^x[T?\MԭӦ̾1=qYP)<< еl=P<a x; ӼO(I}@޹? c%T.% 缟pk%c藹}gy/^%+y+y+y+y+y+y+y+y~a/9\~+Gݝ?eY׷[b9Plz}qUyڿeƵѷ]b6 q'9ϏC! ryAo,㣇[xw"xse e; <qxψ> (U)s Otnx B=/bIrvtllO(L@G q)cڹ 5*>U洡P}ጟ欙S7e;¿?O(戾vİjہ񁣧95?ϰҾǑ>ֲ%p?DֱЯ|.1E!=~A 8nag(33}8^\QRs ]0v1Cٜ&ǁxS32{GTGܘ98\*>E@8;BJ`aIF|윟|wԗBg>k1#!CNRh}a'Q}ȪQսbNg~iRQ4Es>/l?xjc1G^2Qsɱ&O'x2E祊tTЊlOT` T,Ŷ%LF2ٲLML\zjhb zyJ,|" Bj9swF|w0oJs\HTTÁ~k-ՎHL>!?yY+$)Y:zoD V_>|c+@283c\R1o 9f+< l?vJ=Y-a42v$r1v#|Εs;Ͻw\n; oR|МL 2p\_)`l8[0DǜJ>-l*ĩ릿o2KVڶmaI_4 }{0 |Zk<|{@6y07MNу՘;6`1|.|B;D:9*Őz ^"L=F#Pv ˻5} O#?tg4 $|x p{y,eԍ&.,kMi뺞/5oHyvZu#ԣ1[Ɛ9oOLE+ޜ p0OBěRyvh ٵ_r*6'\'쌹'MeQ0OVog=U(T1izg墈4+ܴiE(n[9ZAZ|idE_UQ dԇp C)us iC.*9Kt|2n Ԏ^?7cP ͐ + uL ZIl/ٿD{% ȜTeN|}NIka l?L';y$*||FeuP-;v;{Rwfoyy`[? wzPGDw)A_o$Er>s´"0<< U۾A5?'~@ѿ?) e痺:P8;_(IPLm9-/9">^wɩmf:iCe=>BHg6a!*2GJ`B)sᳱcli/soȑͧʣؚ l)?m f#TL=scb>[=lCc[~>LafOTA?Uk3wNa1kf=2l˃( d>_jSb Pħ_myݧ>Kh.#*MNPħC{꽏GE/!O^në  6ё-u/ G'YŻ'|1ERYU؟xL"&i1ULdiqqY`t陓4>#v5A>ɠR|2lOv,ϲp@?HVr&2Hj-//ozĩϕ=Uy[g# E%,~o8+U;N.|ڽa?oϼk=983Ec"ZO#f{DHJY&RO;u0XB/v6v09ASigz{$s |q3HH`oӼf>sHeWdB߷SqTZ~O7xkhvuB)E(Z}UaRw}~؃W\5Ƙ 8;[w"GɊ_M_1`Fxw[7+}Θ1'սi GHSʍ{`;EČ/O8G fJt#A~y$ݏPp~t4y GzDϴπ06666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmH nH sH tH N`N Normal,ndhCJOJQJ_HmH sH tH " pHeading 1,1 ghost,g,Ghost,ghost,g ,1ghost,Ghost +,h1,Chapter Number,Divider Page Text,og,Heading,Ghos,g1,Graphic @&CJ*2* Heading 2,2 headline,h,headline,h2,h headline,Heading 11,heading 1,H2,heading 2,Heading 12,oh,Header1,Heading 121,h g2,Heading 1211,Heading 12111,2 hheadline,01 Headline,Heading 13,Heading 121111,Heading 1211111,Heading 12111111,2 headline1,2 headline2@& #@5;020 Heading 3,3 bullet,b,2,bullet,SECOND,Bullet,Second,4 bullet,h3,BLANK2,B1,b1,blank1,3 dbullet,ob,bbullet,3 gbullet,dot,second,3bullet,Bulle,bdullet,heading 3,Bullet 1,3 dd,3 cb,3 Ggbullet,02 Bullet,bul,B,Heading 21,3 bbullet,Heading 211,3 bulle,h 2,Dot#F@&]#^F``B` Heading 4,4 dash,d,38[@&]8^[`nRn Heading 5,5 sub-bullet,sb,4[~@&][^~`fbf Heading 6,sub-dash,sd,5p @&]p^ `FF  Heading 7$$@&a$ CJ$OJQJNN  Heading 8$$x@&]a$5CJDA D Default Paragraph FontViV 0 Table Normal :V 44 la (k ( 0No List JJ center bold,cbo$dha$5@@ center plain,cp$a$bb col text,9 col text,ctdPP @CJ.". |col bullet,cb,Center Bold,col bulletcsb,u,cbbullet,C2 Col Bullet,cb 10pt,col bullet1,cb1,c,Center Bcbold,6 chart,Chart,chart @E^`EN!2N col dash,cd k@^`JBJ col heading,8 col heading,ch,Col Heading,8 col heading,8colheading,9 col heading,e,ColHead,C1 col heading,8colheading,C0 Col Heading$dPPa$ 5;CJZ!RZ col sub-bullet,csb ^`LQbL col sub-dash,csd^`FArF col sub-heading,csh;BB first,f,1#^#`CJ> > Footerd P2CJJ&J Footnote Reference6CJEHH*TT  Footnote Texthd^h`6CJPP footnote,fnhd^h`6CJLL harvey ball$a$ CJOJQJ>> Headerd P2CJBB note,no#^#`6CJRR numbered text,nt #^#`5;NN oversized graphic!]^@"@ paragraph,p"#d`#T2T source,so # ud^`u6CJ>B> step,st$8^8`5<!R< sub-heading,sh%;FbF table title&$da$5CJZ!Z trailer,7 trailer,t'x#$2/..).  Page NumberJJ TitlePageBottom)$da$CJXTX  Block Text*$yC]y^Ca$5;CJ$OJQJJJ File Name in Footer CJOJQJ^^ facing page #,fp,&@#$2/.5CJPK![Content_Types].xmlj0Eжr(΢Iw},-j4 wP-t#bΙ{UTU^hd}㨫)*1P' ^W0)T9<l#$yi};~@(Hu* Dנz/0ǰ $ X3aZ,D0j~3߶b~i>3\`?/[G\!-Rk.sԻ..a濭?PK!֧6 _rels/.relsj0 }Q%v/C/}(h"O = C?hv=Ʌ%[xp{۵_Pѣ<1H0ORBdJE4b$q_6LR7`0̞O,En7Lib/SeеPK!kytheme/theme/themeManager.xml M @}w7c(EbˮCAǠҟ7՛K Y, e.|,H,lxɴIsQ}#Ր ֵ+!,^$j=GW)E+& 8PK!Ptheme/theme/theme1.xmlYOo6w toc'vuر-MniP@I}úama[إ4:lЯGRX^6؊>$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3ڗP 1Pm \\9Mؓ2aD];Yt\[x]}Wr|]g- eW )6-rCSj id DЇAΜIqbJ#x꺃 6k#ASh&ʌt(Q%p%m&]caSl=X\P1Mh9MVdDAaVB[݈fJíP|8 քAV^f Hn- "d>znNJ ة>b&2vKyϼD:,AGm\nziÙ.uχYC6OMf3or$5NHT[XF64T,ќM0E)`#5XY`פ;%1U٥m;R>QD DcpU'&LE/pm%]8firS4d 7y\`JnίI R3U~7+׸#m qBiDi*L69mY&iHE=(K&N!V.KeLDĕ{D vEꦚdeNƟe(MN9ߜR6&3(a/DUz<{ˊYȳV)9Z[4^n5!J?Q3eBoCM m<.vpIYfZY_p[=al-Y}Nc͙ŋ4vfavl'SA8|*u{-ߟ0%M07%<ҍPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 +_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!Ptheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] " 8@0(  B S  ? #2  hh^h`OJQJo(#2 n @@UnknownG* Times New Roman5Symbol3. * ArialABook AntiquaY Harvey BallsCourier New;WingdingsA BCambria Math@ "1hJK#fiK&,cY0dS2HX $P n2!xxChristian, Michele Christian, Michele        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~\ FT&" WMFC l EMF \KhC   % %   Rp@"CalibriHRO`2H@,$O`2H@ o.1@H <:o.1 ,%7.{ @Calibr ŗ`2s:Lt9'1z%1<:dv% % % !F(GDIC!b K  QOPl0 (Oppp@@@000 PPP```C k                                  H       "             [           &" WMFC m            8          ^                5   2                #    h                                          &" WMFC M                            &" WMFC -                                                                &" WMFC                                                                                                                                         &" WMFC                                               &" WMFC                                                                       &" WMFC                                                                                                                                                                           &" WMFC                                                                      &" WMFC m    &" WMFC M                                                          &" WMFC -                                                                                                           &" WMFC                                                                                                               &" WMFC                                                                                                    &" WMFC                                                                                                             &" WMFC                                                                                                 &" WMFC                                                                                                                             &" WMFC m                                                                                                              &" WMFC M                                                                                                                  &" WMFC -                                                                                                   &" WMFC                                                    & WMFC " FGDIC" % % % TTAEALP % %   n."System-- @"Calibri---,n,TA Op(Oppp@@@000 PPP```C k                                  H       "             [                       8          ^                5   2                #    h                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         ''--- 2 pn --NANIWordDocument SummaryInformation( DocumentSummaryInformation8 ,SummaryInformation( 0 bjbj΀ 0 $$$$$$$$8!% -% $'9%9%9%9%9%&&&'')')')')')')'^),v)'$&&&&&)'$$9%9%>'f&f&f&&$9%$9%''T) f&&''f&f&&&9%q=4$&R&'T'0'&v,f&v,&v,$&$&&f&&&&&&)')'f&&&&'&&&&v,&&&&&&&&& #:         h hjh U    dgd  .:p n) =!"#$% 44Microsoft Office Word@ʗ1@KhM@FJ@(Z4՜.+,0 hp  BOOZ-ALLEN & HAMILTON  TitleOh+'0 P      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwyz{|}~ \p Andrew Westner Ba=   ThisWorkbook=x1,>1>1>111<rCalibri1>rCalibri1?rCalibri14rCalibri14rCalibri1 rCalibri1 rCalibri1rCalibri1rCalibri1 rCalibri1rTahoma"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_) 0.0%                                        *  *  *  *  *  *  *  *  *  *  *  *    $   & ff + ) , * (    P  P    "   % ` !        #    ) a '   x@ @   x@ @   p  p  h "x x  x *x )x !x x@ @  x Zx@ @  x@ @  |@ @  x@ @   1 |@ @   p@ @   p@ @  8@ @  x@ @   x@ @   x@ @   x  "x@ @   (@ @   ,@ @  (8@ @  8@ @  <@ @  8@ @   p@ @   t )p    p""@ @   t""@ @   x""@ @ 1 *p""@ @   x""@ @   x""@ @   (@ @   ,@ @      "x@ @   `@ @   @ @   `@ @   x@ @   @ @    x@ @   x@ @   x@ @  Q   x@ @    8@ @   8@ @    x""@ @ 8  *x""@ @ 8  `@ @ 7  `@ @ 7  `@ @ 7 *pUU@ @   @  x@ @   x@ @   `  `  x@ @   p@ @  "p@ @   `@ @   x@ @    x@ @    h@ @  "p   x@ @    x@ @   *x@ @    x  x@ @    x@ @  "p  `   @         *X "X  (  "x@ @   "x@ @   "x@ @  (8@ @   (8@ @   (8@ @  8@ @  8@ @  8@ @  8@ @  8 8@ @  8@ @  8@ @  8@ @  "x"  "x"@  "x "@  x"@ @   x"@ @   x "@ @   "x )x !x x@ @  x@ @  ||}d}d00\);_(*_)?_);_(   }(}g2300\);_(*}P}m00\);_(*_)?_);_(  }P}n00\);_(* _)?_);_(  }<}o 00\);_(*_)?_);_(}(}p00\);_(*}(}r00\);_(*}(}v00\);_(*}(}w00\);_(*}(}~400\);_(*}(}400\);_(*}(}400\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}d}00\);_(*_)?_);_(  }x}00\);_(*_)?_);_(  }(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}x}00\);_(*_)?_);_(  }(}00\);_(*}d}00\);_(*_)?_);_(   }d}00\);_(*_)?_);_(   }(}00\);_(*}<} 00\);_(*_)?_);_(}<} 00\);_(*_)?_);_(}(}00\);_(*}(}00\);_(*}(}00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}(} p00\);_(*}d}00\);_(*_)?_);_(  }P}00\);_(*_)?_);_( }d}00\);_(*_)?_);_(  }-}> 00\);_(*}A}1 00\);_(*;_(}A}2 00\);_(*?;_(}A}3 00\);_(*23;_(}-}4 00\);_(*}A}0 a00\);_(*;_(}A}( 00\);_(*;_(}A}8 e00\);_(*;_(}}6 ??v00\);_(*̙;_(    }}< ???00\);_(*;_(??? ???  ??? ???}}) }00\);_(*;_(    }A}7 }00\);_(*;_(}}* 00\);_(*;_(??? ???  ??? ???}-}@ 00\);_(*}x};00\);_(*;_(??? ??? ???}-}/ 00\);_(*}U}? 00\);_(*;_( }A}" 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}# 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}$ 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}% 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A} 00\);_(*23;_(}A}& 00\);_(*;_(}A} 00\);_(*ef;_(}A} 00\);_(*L;_(}A}  00\);_(*23;_(}A}' 00\);_(* ;_(}A} 00\);_(*ef ;_(}A} 00\);_(*L ;_(}A}! 00\);_(*23 ;_( +   23 + !3   !3 2 ! +   25 3 @5 3 @3 + !3   !3 2 !3 + !3   !3 2 !3 + !3   !3 2 ! 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L湸 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ٗ % 60% - Accent3M( 60% - Accent3 23֚ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text % 0Good;Good  a%1 Heading 1G Heading 1 I}%O2 Heading 2G Heading 2 I}%?3 Heading 3G Heading 3 I}%234 Heading 49 Heading 4 I}%5( Hyperlink 6InputuInput ̙ ??v% 7 Linked CellK Linked Cell }% 8NeutralANeutral  e%"Normal 9Normal 2: Normal 2 2 ;Noteb Note   <OutputwOutput  ???%????????? ???=$Percent >Title1Title I}% ?TotalMTotal %OO@ Warning Text? Warning Text %XTableStyleMedium9PivotStyleLight168=,=,̙̙3f3fff3f3f33333f33333\` RCoverdPurpose*m Dashboard' Test CasesmOut Of Scope ControlsSourcesLegends Change Log!  ;1  _xlfn.IFERROR Q@  Á"n-L'Š!6@=n-L'Š!6 ]xxuP[np+NB)RHqNhqC (5H79;ss˞53 #$!B  a95y {H"/}m>f>JleP 0 %$a LгPN'OО OR#RГ5z<]dhȨ(ȨȀ?$"O!3π&נ i|!;ľ~ #O!L_bfiV?uxM=)Tst,!@j,^ @So?$|1OkxII@Oژ4TS,ZC]qeD|G(T)5).*= c9+WkuRX_P=?H_"wC*`&+@(nVV?5}Q{YڼQJ(kqUp:HwI$ Y6 S1gj3+|pO}W xK#.rqH\n* Ip}b'0X PX^qNg&'1Oz^WEj>.6yuɼ{e_@}j| U|QCKeZQ1pM]]( FY/w$թN ǼV70Me/ಥKLMkV#2i^V}jbpGR"p Ҕ;92Py"@0ne;Sq#XlXf"ޗ;-& x7mt| SmL% M._z6WT֑MM/odjQԕhA3ؖe\L6gbbm'Ra+b¿'"Zj0u>_mI`s./.%O|^/&8;ğq4sM޾څ ρo8Զ](bGKIaY, ][AnҬJKy_PcdDŔ8\G/@)?2d#;B륽Eyh5/]%QڔS觍 @-Y'K]Xl捙j-/?xŸ4Ϭ,nlp` $۰?k&Y̨V Bԏs&7t:^2E+8 <m":vKT#|M>޻,$Z1Uza $iET+\#27Uof^`裷B2 #|./Bu~6 Q PYe['4'&vcbvPBJJ> ',gF`73Ȓ.K1{]D6̬>Qj"TnvS^GRƌ8,!9b>7cNitA_q% I+>頹bbݳrXTf%M]ļ~˾ݏ W43JK<*?%^6[ +EH:f*"Oz^ֻa-ߞ 7 w@D~GBͅrW({{34&0PZVOQ jC" X'@JgCd,O 4WhBt;yb^f0OciЉ%FBpѺ+Lј%R 8ݻ#GyB}l{|~\h΂W$% AZ鱄KD&{;3Y:V$ޏ7a(!"s6hy~ m]0)V̲L:]@6"{D,dH/6Ƙ ,eԩpa7:DHi*;^{!GΒaS^$?IoUAyo `/G]|"Ff} ]PU3XWQqJ9=9K9̉,oRv\o Qp7t\*{0-Wu8Ytb;އ,cʥkGjp/g pdydݤ^Np7!oI oJ7n_ڢaZ W0Jq >|ǃS2mQ L[@<3u@L0LuȱY%}fH@O{v:xnd?Ug'%Ư; uNc}nLR#zo~#SʞiΒ7?2c79L_nn|+-33 :İgg|cqHeQrhe{jbX 3qH0^A9`}e`B˛FpVnt߂ߑp҂]ׇ1L@uVWw*5wL~|нA61oRLqW ma XVu]SX*H YmKf-8p*g&{|g֊ M 6M?Xcj PXȺZa|5f@CH6BoCuVUue2h4a0dέv*[ڛQsT c,yڌt*7X"BUx\S-*wF+5Fihgoq:ɿ{饗uS° l5DLNh mE[^hbC?X|̮LfdqAi-kFL8KC]vDUinmiֶGac4LW"2?dd;WZXwxMfKT[`0lR Ey I_ .ةcI9^ >ER}E>4G JYӣ3pMQX<,4eۃ~ VbuITzڟضGFi1X^2UQQ8~N1$Y[B: ̼pe&?vK KČPtv8iF)xxōs9^Qi,K!ْP̼7] ^fhO4g+GU=-ۈo$x+U44@DCߐW^kv(Tqļo%߷x.'J^^ 8>AME }R*bA{=w8V!l 3բdC=srM z6lv̜vӳMr63hv()+IR~WS5XiFcZL^G}'tXu@|G!S s$ v/_qA ŋ+(Ը;o>-O m $бՔ}:Ni0JN5ȂC{a3AV3̱A$K )wTJ1k@;+#@dt"0/wҬXAmn:TdϬ;C^|'M@;|"\M)$(ЯC|_gϲIO85޹X/2<{-&ԭumVҿ!*WEE%S5,"0*]A#g,B*G{TBsO^"J=Au t7/O-]ŭ*eR9gVՈk7xx = S.hW+W)?۔iy(;Ep^ATVٻdτ991 epIE‘TLJ BL[zް|z7Z-c1)j ul@ 1`NvśPV@hRV#9pb&h\ n ÑCPxS.J}}I_ݸʖ" ?M~0Czu7v, ޜZW_rqq{<[(PH\sUKR/C: =e5G;'wR5zj1*LfP>Z,gR>m>w(#p#oF#l71t..6*yda L#cQ%KQvw[ d@aD|I7re>Fő c76S$w"$7dX6׌z4Avb}(3fmYH$dUFo\ifzUCG"7U8xd?!RDBcRւ%iʶw'h3?Fhח\$]Ef{:cӮ_6u]wA d !s6ԇ-ڋ P' ^/(M&5W0b -tvk{̋s&#&+vs'4o.~yFI4fO|3aCzIb!Q-R!gS.A'< [@iגaN=^O <؃}JJyoIc>=Um8o|$r-S[Ѡv Z8l53&TTw:-K2ӷrÅenCa".}V_%\;;cP95*ْ>RxW6΃چDG$-w|!8eGL٢!>^L [+ 'jh7dV᯻$pGϾCcSzX-9 LڳLAj;Al;xfhMr evL}P 82>yCE8r*_vZy i|)'Ur-v焃hX'C0Z<ʞoơ$g%VjQ6U]My.Xtpsƽཟ ہߝ͕\rDi$;SiG'#%UK% f:mg&Ƭ;f >G³X]U+|yV@\K_E8O@7 ;$Ƥؽ68߸]ZrwɎ=MVOC4'$Q >h&Dm $)-̇zAu;Un /w3CvQqL;."ݶ֩4ʽ22;ޔqۣμV`'/vС*N`(un;[M+͘阾)9~{[p * }ݨ r "J ! K"u{pTIi0íofxe%em3&G+p}?Q.e!Vjt$^-U74-R NIQM |o7aA<[*&"jXqIM#Rzhq_4`Y۰evo''U#ԇԍοž&CJ8k֙fj`lEu!Up+M1޶y>(:|B^{wů;-W}\717,qCD-ׄj :'v~`Ԛm`Xp7~]5XVݾD:l"WgsqxBAKTd] ՎiN+ߥ F\ڤ>ƽ9.Ѱ<6<0`70?r4w-d&B' a{aaÏMxJwM/#>.9n7KP O~~G;҄Upj٨S%^^m<5Wae;9V @9凶ߠ˺:mmj旖ӭ](4÷ucbZޥL1uLK#]L+%.$_R'ώdq9+jIC ws*R+`!-2|ODLdSk o/+b2L8Ȟh/cr{YZL&nz1â"9꺣cVldd73n#.c>ݐe^cRӍ1d|tV!/ 6+ 6mP-ώoMNթ$e5w0IIf"CPߏo. |Ӭv tlz[;{*B-'. Nj)(Tz哉T7̈́aE8˪"Bs40yv)X`mS +fxa<(|2F]{F>%9ٰt888p1ܕɳʶ3ݱ'ޱh?}=ಹ2͞("ܴ䆲rݵ!7ݱ%2]nň/2/8r;Zb5Fy kW3z |ruYNNyh ) Jp4y9BN.zfES.յWvDh mĹn s$B٧GDὐK_x\Txۙ-F<R">Vubw$YTII6z;gcdҗ  '"= xn6a*jg/mDΒ>Da攷_a\Mz뭵!U 0|+JA,T ixd"jm 'GBXGtۨW52z[R.2.;rsAʴi0آէe-苼gCe;*?2OнIXp᧤6qߜL;Vh٫!7Rr Ѱ\WP0u} 'TV!(|`rQŚPuk]yc⛲箑8HIKZfC]tsD íxyM70Uƙ{xX<_~)/oǚ]? <nHiT\O;m(,u%T(T*WQQ%[RHITv/̙{/z|_ϯ˼Ҝ99>9̜32'=/1>ǃհշ [8Ǿʑ辱9<*YRڥg 'j)5h}1QB:ӗAf ݜ+d61]Jaio9$dnG}i{(R7@bJPפ8CvXtzɓTZZ-;w.~wJNjJPBw{I!ߊSK&%UiRu.Y\֊2LpJYG?&S;^iWJYK`+#{n J':?m9,UoIm鴍UG~5JƁao2-L~A-,eGN?sڬX'|UCw7um{iڲ5S^y]fʻ U:}((}j-˚?pvN7v&gw 4u})n}M-v'>GuGWث9;շYcR([C9{D ) jIAtEm3~rh皁)x&\rJLq𲊦5?[ݕPЈ}\15MI*CMp# Wq6KO, ^e u6$ `n 4>sY,k^ֺ8UM;أz%Jf!wNdʮقЌECW7儧Oy%{"ar9G~e\k$~Tؖڲpmq޶$M4w1+[bSf1 &N`g֌ܲc\y &Yr 9딙Aɱt x;+J{]QY4概&)ComsZ$OejM'~ xb>V"U=k"D}RMcLDOC3 f}vrlm3<)u:18s<K7Hl2i`IT2u\/דsGԦs%q~SO\buI Ȯ$=:y]n QASWggBl{^bӷӯE ؔ$Yn,UtK>6jJLMr /KxXeחȎ0)1ˏ kSkm;ywDWtX`G&kJ4MV$捁fN$[NַO-{_Ϊ\Ƶ!?潵Okb-hjȴ r M]S<5H~.˛cӅK^Ŝ*+Km\%;[GxbVgQbܪd7x涓?]qr~F^m_g DQ#b%wvؚ9MO4Nȍ齧qL)d$tޜ["֐㳒gF^6T?ɻqfS{y`[K6uA/N+""Dsܫd) YY?%)o`'ԁ?oVTƅyu): W5T{d/Z[W|obyBԽ_cuBӊ&3./g΋9=uSsJi͒'8x&w{lk66_~ڱ?s-7OX~9F"g996ÏNOZ"U㶙"+RU?Գ~k9NǼu,~}'5SԹJÍvū< >6ճМC~緡8|;-%/̴ܰ>/虾6G9Ϲ9Fi$rժ9OlǓX߹eTzb}A52.aE8LK"&NiϱxauY># dۣUH%=lt3wY?X;qzU%ZZT~ZdHTY׫G__zڀ*E.ע'zZ YiL |ݤ+S+TU.kFnoi20Wkh^qyV5̑ܝ =;*y)ebʇ-$ Y " ǏN=3Wl/;Uwǹ"_Mso]aE|GL^#@4y`%qc"%~z]W/t FjvziARC6&LzQe3͏S]ǖ^PLTvdj%M+^b(S_zݬ*G-&%"~@iod&z\Pɼ=-rC+0ku W=u÷G[CH[Iۤc0?" 'B[TJL2vSXIC+I{M??H@BI:6noG7@ 合c2yCByhFБ5)SżLjAI(XV 6&/))$%%aD"inn9r|r2FVVavڅp6y%M,v8ϱ%0s[in"\#҂S[SxD7O#qrR33\S&/ AQ.^0h{0 /@a.5RmD0yDW'/R8C+An,'>&.A[mj"I-O9QQZTPv6dMq(S@4!?$ L-O* F:iaax +:,( p8#DZ(L dǓ:8/ :2}{<Bf^_7ôOdlxlBB` "lyG&71OC)CU;Ba(;Óat710 `" <)*&gx#T9NSQF 5"#lH"\+`1aѓbϚSգaUǑDF$|9B5'%(F 0kõ$mk t<J # Aʛ ZucWfsDΓ GZ4Bգ3,ESe8Qh .Ń虡2i1,y1[ PưBe1b̴;(7yʐu%0¾³ R\ zC&KN NhP-Mz4B DF`m-g % TJMpJ hb9ZOU=Kv"XePHy#efe`GHФ D) a0P Ȧԣ'R̟OJ4.# d$+ "H?IkR@KޯCPgXȆ)*5X4B  _ARnbsF: 0DA]IO`|$ 5.}JUyDKQgDIgOhsr0;| I'=u")3P9$ EOSIj+HE`S(y eIV:(%Gt iDG4xOa.n~#7ɿ< xm# C;G>Ԧf90ưűI΢yٹ()N03~ T8CX^ZiaDZ؎(b C ״$AP (9*85 }< L`c@Ul[#VBd'@Ʌ|@ɦ̍Cefa@!LaF䉈J 4'p%UVzo +M!p$`kDBଅĎb~2˨4Fa"gGbޖ!'{C BȠ<#"yBb|< ;9*Mvy"[bh} 3Bu1Lfx2j!;JuG'eG͠劲GE&XOg/fn<"8r9A/T?#&CyEE2VU<'*17G$]3ԙCĂ?Zȸb]#ӡ=/BW/WEAOmi7{Z4-X4#*~ O^TT2~'0?+_6<#|L͝öGFhe5y-6ԟ<ǖJqcK`l8ϱ%0s[i9sl qxBӽI(L u &)7WTX>0Hi7x&Ț.` \IТ:֯sA1c@?Bϯ0?KJ u*2*0b ?l/!ײ>f\CCr/%m DsXPg:C9? RgMuQȨ2> Damlx2V]є@Hf9 X,Oe [t伬2& ʗYز1J/I "xf "$'6 mvpptk8D-~ OvL OYW r^ ,::aH, {/݃>O6QIKj'3t&A@ဗE>E^ck1^Ht~  WxL\"$ j7## [>W 4bzIӂxPx5Jm(EAb`eqS)LO{G4zL"~xhg>J2X1HN"/9"TL2) ^MiQ(A8 $? VEw*AyChoSѐ4@DCڴnq3!"<?,#AKLlm-ğ(BI,-szkT]s6[ә_DH).;k+1ə݉͏kIE1yjV4u&C&7<=Lj^EwR7Ϥ(&ܝx*ItnԺ#\"! p)7kg΂Ԯ)RZj<>'qQPbOs&gb.Ll],(3weIdM4ۭONH:5~WԻn딏 (_ {TA@ȅaN`9=?Qnwq#rE? ~[{*w9 zO, Kү?eA¼V$OoiڊaxS~~8NZn;զNƗ _Ts `!ODkK sCJ+)V,E&KR|tOۀ\w3Wm-7h7XdO=#cVEELŲv+&sCG!}~89j_i }"Ucex uPUf3/ TPN7?r$(sR<}\x>>9S=n.3[P&RFuj^ N<'*<F[gYb?aij^GMg|ΰ#7Ey¯pr({oVȟ>ン, TK`uuG_7"+n+ ^N,6Jyd[T F=gt͙M qa- ;26~5y 6e >-հ{/*ĉ#ڿqu<:v7V D;6 kywwiCN!'>VW@Տ 'a`ůݮ_gّ_\GAn _sbǴJf!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ!}xJ%+3z A\$[WXϧ ďo<}2C *+&%;T_^|oiih~8=^wL';M?>; ]{]܃lx!+/tiz<Q*AL'B!r%ZѽiQ3 ~TF|b2]a{տDW/--SÓ^t(@@1tmkM7z.m9]“^5V׶S؈* 9P)KEm<2Yv<]aa)~ϊ"[Aa6rSs}vgXR#; rFe/O%trohF"QRٳX a3VeOqxZagM0Cyz '<}W hnR}g(iWj;m„D7e/wo_+/Ņ:yʎI﨓+.=}s*@{Yq-Ga8<=:s7s<O@aO $; Y6pÂ8Kח[k ý`f~[lҔ?%wp{ϋZH CMlzu~kO7k):+:/aհx OфXH ;ҭ+'dz$i;Lf8Gn/YT-Ӓ`8(Ӧ.݂ m|;3?8lӘIqQǾχW ̃2c5~__gaOvi9 o,ϰUkj[jo)8d.+q˧A<>%Xsۏ%Ί)Q^ @΍qKqƍ>}UjR/]ש.ue/3 <ʘ}RGy45X gOԂnsTx[~/Y|zk~-y TRQ &SI_HBz/lYkx><~`o2FpQ2G?O QrE텛'? sY9óy,?y=`2-gPW-@xЛG@ a@p(pZ]ӽ)!X3|sdgfOoS r]uAX)?`b&'kmœ(WHi.}|VꃰR߱.rW\ ),cmpJ];+Ox^ ~r+tx:@6( v<}$joG:uoxf5~O|woِz$k) !U{G6@J7˹!ͣrכ ecoGoDCUיvo"es49m>xvǛXM@; +u/VkӢc)=/2ʰdy7s34 !׍ 0qW1Vn [,p&[629iXI3+:{Iv=f`n5Lzp<;!4>elwX0:OhyO9*q{ z][^8OAqdu~<3Ka>,s .=xLU;%@dz [˧:BQ;h (@퐊WX\#&}Hi'F.odzڣ ᜖#Dmѐj5>W#vn҉9wnljBnz'#CPhm`-=`fHZ]#wQ(cCΔ dHUs~tCw1Df'&A⽹.xa ;|^,:ZH'w9g> #$$Dko % s_sh~A(]{4[_&ujI Fh `YuhAxLjZ W}kd:O,A<*S >βgI9̦:=<3eό=MG^TFPE4Kx$I?PWM߈jwRn튤Pww<4 6Q/'u" &шm9"uxR./Itp":uL'Gʛ+oK$\3Nj^r}-xk * m.'`6*o=~!*mhsAp$U͑H v b"`n 3vdELb+Tt{p@aC[g-Z~;x<7OqYckJoX*/Uн*Υxp23I%DFMI8+е8>'چkk [Ϗ 3,J65*ʁ&29zN6v{ m6#$*h5ҏ`RQ #XMGj>>q,`@v'PJm'i 212ueƦ4aKPAJ*)2>+Zɷ4%紳(5?s<|tआE6cɧs7.źx253͍FFs'.&ճGM= J6ڠf%"#_ҤTmD;6xz}}6TGVOj(@j~fVDGtZд҉(9'7-jL+z 7ZP5™rw,m5=g #L;*wZtk'4E t>UqlULIEa IQT* k?TdwEC4o7A@_ 1Plz[Gu $:X<ɢ&mR.Ӎ8׋a|k'uU#Je:XW4I_gynafl!T,~E6KSpQɅOY/C*BL`0jn;mxׂr*}ѡ4uojHzx3OM T߱r/:U8 ŊMJQramoktf-ݩN!6vRCc'ibyሲB#2 G pƩ 7+DџlnN~wҠ9F+CPCՁ9Ak\oݶ`4x7[khhNMVO JUӸ{P ?^@!* "lEaI_{LL0P’s~y iΗ/iOl5ѦjC#+2-`SJHRJ ҽpl3MȊC_ϵ]t_լ@@%lx-RYiv fB;$Z(2"u( 5bhRۇb1Mwh x? \&]IU!ʓsiR^i\&K5ã0)vYU20PYo*> ϯC 5*4qPI`^碷Sڐpz d)*V D渡}Uotvw}:8y,?UX>gBAfC6*5xy5i 6\*h`?@.O{!u> S'AF`!sw5rPUƞu0C+4Q"kt7U;L)v{:+$B6|OCo'LĂ^AE-f|5iH%&Vm-RbJKJUe]l'gW n4) ]k\d(9j$qh1nWn-/ ç1;$NϏ-$?2Uj<ڰy}DVj5G}>% ' jEX\ Lju=vJZܩXz} g_,U7;W#&vWv %xvBg2O= {2pxd}˳jbGlJ96E|r[f|v1~h'z 7tTdnr'X5#_URjT|/OE0@;ÓE6DZ}K>jʉ h 7 N#߅i> -='Ϩ8ވ cAAV15.s %,;}}O(mw&ҩbV':G b^- /C3 =(Su+Y GzUygĽxPFJˀ71x}RswB7R8˅發(V+5s/Q{%4\ BgwEa@YfA͆[ S,^p'6*Ym(2kz<;ᓼ [Hb~`$qUnĒVbYz FK#om <b=hZlxr kG_K"h"f5;$`t7آ"K_ۯ=! \v?Iq7@AlQDSL\ƕ>L6w\'ƕ.|x@6M>>+h@MuL8}8Q\(QtBGtC%GeI_'czǰc]F>T7fF>KN_Y]kEcjRFaq_xc]  32]<}|0g 3A\ُ(|wcdg-5% .C/_!a2x^34n<1|JL6o)&v  ؒV[{{~E&TI)q+?|Vl^<'0-z8HW[Y'QfH'y he koYU ʁWQhD%I7:Փv: IP1N@_H < >Б _A%ZVRȑ#w"z\_ܝ˰ҙ7e%ՅkD7;>U^ЛWl#H5 ُ3QH(=ـQ_* <>9) şE

{ EӶgzdL* QKvK U$'^}7,$Q42t`3$ #8q?ަ)~|ֲ'N{mqxMzO09Ny$Peu|le.C7"v3 #,o;Ҏ8H""RGp~"G36I;peKqp4N *>;>uV x6|iP<t@哮TsMC!mnzٲOxR4;㨭%PiB\X0qx4LY'LH&/{ZK?\*.2Zt`c' =r`ـXzoց5Cy ątplD`(>5*M$ՅS㝲]rƳ֞4oo/zk,fdz4}Ϲy5;໖ p><촠>UKx}^x*3`~]7Z]x1(Ǧ9Hh| v޾7Čz<Bpl+:Ғ+ ǚ{uՈTp'hu%FxUvI7DD_OFnPQÙCq E*gB녟wr~ |!6P9Z!NfGv9+atg5+ dO'vтyhT=rTE?>و!Zdѱɂ31İհzʰ±<,d #]akCJko_"EOǚ2#<1TjIm{oSZ]=$W%!ӤH>c!L%ٟfͱէ\䥱败:I&݆[x[StxːFg̍0ZArtd c<ˤ$Rz!k#%\]W@,i'GN_q*YI5bƔ:|' @KƗ^?>'#?Fٳ>"t:Ɠ<[ NR>ވZv )Eh>sS (W*N`}$ќ3Qe@^IRb\1ћb*TfMFbEҥ6Rc&6K1 MƌB%oRU|sxNMގ/ZU,%g5%ޣHpܮT19ԒjфMY4J[6 ֙'<< x3h&Q>ɽ7OhHDGgu -#)I#/rkxb[8$a״Ot^gMOZ2Lyp6L5ѹ6g,yqa2xiTxBQƽ떭`Vq$mcgk'DHa[aGuZȳy$̢؉NpG5d &K3utϡ߬g`NHPx4Ĉ4!QQ# !̏:Jr%$'wlwHdހo Ert=86W-%ZB>&~4;W=\ϹÛw: *.1-/ZON܉gp,7lxC> H9VAH4紸.>;'s=L< j{^ғl4@BQCwRR\m?A&9\ B2:vEpecHޞ 'gX9b:wl4gGg0^cfdx*\t;a]N0 #?9Cu9i@y8@^<"93?'nwBr@dwZ+' jH1v ?>Nmm 9=ns ;_v.:[ Gqc_'b~幞%@]sX.Nrj}NdUy$3yMhm|=TQ4?Ceuo fi,5< Ӎ|V>ֳ0S鱫!|)܌[Xs-:$kϵ<dߦFV]eNO>Mjy%ngxDP/EMۮd8_6 m{S<|~ǬlI:;( X3'V3lմ!|==ʻ巡<"k.֌F UߘxaO#tBq0^`~ڽ hO_X %Cߚ˳gx0cXgJougL<׉=RbCկ8.$w3ɠxag7?|->kC_8G:q^?kO~g:׿Ÿ%C?niO_? B忖!#Ÿe/+OΣ3Ӈ3D*GO ޶Ro+ 7{S AA@A@    Percent (%)StatusNumber of ChecksPassFailInfoNot ApplicableBlank (Not Reviewed)Total Tests PerformedAbsolute Total # Tests Updates: -Cover: Reorganized the Tester and Agency POC information cells, to better reflect possible multiple POCs. -Test Cases: a. Changed Column G header to "Pass / Fail / N/A", to more accurately reflect the four possible status indicators. b. Added conditional formatting to the status cells, and included summary cells at the bottom of the checks. c. Added control names to the NIST ID cells. Primary control is listed in black; any secondary controls are listed in GRAY. d. Changed the primary control for several findings where there was a better fit than the currently assigned control: 48, 53-59, 62, 64 -Legend: Updated the Pass/Fail row to reflect the three possible status indicators (above). -Test IDs: -No changes at this time.  uiqChecks to see if the organization allocates sufficient audit record storage capacity and configures auditing to reduce the likelihood of such capacity being exceeded.dConsidering the auditing requirements in control objective AU-2, ask the administrator if there has been enough storage allocated for capturing and retaining audit logs. Note: if the server stores logs onto a dedicated syslog server, ask the administrator if that server has been allocated enough space to handle the requirements in control objective AU-2._Local or syslog server has enough space to capture and retain the logs generated by the system.Ask the administrator if the appropriate organization officials are notified if any of the following occur: Software/hardware errors, failures in the audit capturing mechanisms, or audit storage capacity being reached or exceeded_Appropriate organizational officials are notified in the event of an audit processing failure.Checks to see if the organization regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to appropriate officials, and takes necessary actions.Checks to see if The information system produces audit records that contain sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events.xAsk the administrator if the following items are being recorded with the audit log output. Make note of any exceptions: -- (i) date and time of the event; (ii) the component of the information system (e.g., software component, hardware component) where the event occurred; (iii) type of event; (iv) user/subject identity; and (v) the outcome (success or failure) of the event.ZAuditing is configured to meet all requirements within the operating systems capabilities.`Checks to see if the information system provides time stamps for use in audit record generation.*Timestamps are included with audit output.Checks to see if the information system protects audit information and audit tools from unauthorized access, modification, and deletion.ZProtection mechanisms have been implemented to protect the auditing system and its output.Checks to see if the information system alerts appropriate organizational officials in the event of an audit processing failure and takes the following additional actions: shut down information system, overwrite oldest audit records, stop generating audit recordsTester:Date: Location:IRS Safeguard SCSEM LegendTest Case Tab: Execute the test cases and document the results to complete the IRS Safeguard Computer Security review. Reviewer is required to complete the following columns: Actual Results, Comments/Supporting Evidence. Please find more details of ea(Identification number of SCSEM test caseNIST ID'NIST 800-53/PUB 1075 Control IdentifierObjective of test procedure.6Detailed test procedures to follow for test execution.LThe expected outcome of the test step execution that would result in a Pass._The actual outcome of the test step execution, i.e., the actual configuration setting observed.Comments / Supporting EvidenceReviewer to include any supporting evidence to confirm if the test case passed., failed on not applicable As evidence, provide the following information for the following assessment methods: 1. Interview - Name and title of the person providing informatiComments/Supporting EvidencePass / Fail / N/AMReviewer to indicate if the test case passed, failed, or is not applicable. vAsk the administrator about the current logging implementation. Spend time looking for audit capabilities and compliance with the following requirements. -- The audit trail shall ... *capture all successful login and logoff attempts. *capture all unsuccessful login and authorization attempts. *capture all identification and authentication attempts. *capture all actions, connections and requests performed by privileged users (a user who, by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users. Such persons will include, for example, the system administrator(s) and network administrator(s) who are responsible for keeping the system available and may need powers to create new user profiles as well as add to or amend the powers and access rights of existing users). *capture all actions, connections and requests performed by privileged functions. *capture all changes to logical access control authorities (e.g., rights, permissions). *capture all system changes with the potential to compromise the integrity of audit policy configurations, security policy configurations and audit record generation services. *capture the creation, modification and deletion of user accounts and group accounts. *capture the creation, modification and deletion of user account and group account privileges. *capture: i) the date of the system event; ii) the time of the system event; iii) the type of system event initiated; and iv) the user account, system account, service or process responsible for initiating the system event. *capture system startup and shutdown functions. *capture modifications to administrator account(s) and administrator group account(s) including: i) escalation of user account privileges commensurate with administrator-equivalent account(s); and ii) adding or deleting users from the administrator group account(s). *capture the enabling or disabling of audit report generation services. *capture command line changes, batch file changes and queries made to the system (e.g., operating system, application, database). Interview the administrator to determine what service are running on the UNIX server. Services such as ssh, http, mysql, and others including web-based management interfaces should be configured with a timeout value set in accordance with the organizations policy.kAsk the administrator what type of encryption capabilities are installed and configured on the UNIX server.Information requiring protection by encryption is actually identified and is safeguarded using established and approved encryption methods.Interview the administrator to get a good understanding of the services that are provided by the UNIX server. Ask if any additional configuration was performed to protect against DoS attacks. In addition to service configurations on items such as Apache, other UNIX applications such as software firewalls or access control lists like tcpwrappers could be installed and configured to perform additional port blocking, rate limiting of TCP connections, or black listing of particular networks that are the cause of the DoS attack.mNative or third party applications or devices have been configured to protect the UNIX host from DoS attacks.HAsk the administrator about any publicly accessible services that the UNIX server is hosting. If the server is hosting a publicly accessible web application such as a website, and an administrative or management service such as a database server; ask the administrator what measures are bei< ng used to separate the two services. Many UNIX's by design, have supported the Trusted Computer System Evaluation Criteria (TCSEC) [DoD5200.28-STD]. Ask the administrator if this specific version of UNIX is not compliant or if any add on software components have been installed that would contribute to issues that arise from sharing previous resources that have not been appropriately sanitized and made available for reuse. wAsk the administrator if the UNIX environment support a RADIUS, PKI, VPN technology, or other authentication method that requires the use of extra software or hardware token for authentication. If it does support one of these systems, ask about the management of these authentication devices specifically when the device is lost/compromised or needs to be revoked or changed.As the administrator of passwords are obscured/hidden when they are entered at any of the UNIX login prompts. This includes, but is not limited to Remote Console logins, SSH logins, etc.sPasswords or other types of authenticator feedback are obscured/hidden from being seen by unauthorized individuals.<Strong cryptography is used for all forms of authentication.{Ask the administrator if the audit reporting system is configured to provide timestamps for use in audit record generation.Ask the administrator if there actions that can be performed on the UNIX deployments that can be done without user authentication.Ask the administrator if all remote access to the UNIX environment is monitored and checks for proper authentication occur regularly.dAll remote access to the UNIX environment is monitored and checked for unauthorized access attempts.SAsk the administrator if all user accounts are unique. Also, ask if all user accounts or processes such as apache or mysql are unique and require passwords or other authentication method when invoked. These processes could be invoked without a password and offer a emote connection without the admin's knowledge if not properly controlled.Ask the administrator if specific hosts or devices have been determined to need to authenticate or identify themselves before a connection can be established? If so, are these hosts required to identify/authenticate by IP address, MAC Address, or via a Radius server? Example: Some UNIX servers use /etc/host.allow and /etc/host.deny files. PAM authentication is also another method.If the UNIX deployment involves several interconnected systems, access controls are in place to prevent unauthorized information flow between systems. }Ask the administrator about the deployment of the UNIX environment. From this information, determine the if the environment encompasses several interconnected systems. These interconnected systems could be comprised of multiple UNIX servers running SSH, Apache, or other web based service deployments. Ask if TCPwrappers, UNIX firewalls, or other similar technologies are in place.Ask the administrator if separate roles have been defined for specific tasks. This can be performed using additional groups in UNIX where each role has assigned members that are responsible for a specific task. The SUDO utility, properly configured, could meet this control objective.eThe UNIX deployment makes use of roles and user assignments to those roles to perform specific tasks.[The principle of least privilege is used when creating users and groups on the UNIX system.Consecutive invalid login attempts are limited using UNIX configurations for each respective service. Examples would be sshd.conf, telnetd.conf, or inetd.conf, configuration file name or location may vary.Ask the administrator if session locks are enabled for admin consoles using X-Windows or Workstations running any UNIX utility remotely. All interactive sessions should employ a method of locking a session after a period of inactivityUser accounts are reviewed at least annually to ensure accounts found on the UNIX server are necessary and that account privileges are assigned correctly. No accounts exist for individuals that are no longer associated with the organization.Ask the administrator to demonstrate how user and group access is assigned. Find out if roles are assigned for a particular set of users and then that role/group are given only the rights that are required to perform that duty. The sudo utility could be used for this control objective.9Access to functions or areas on the UNIX system should be protected by access controls. This could be by user, group or role or a more granular approach depending on the organizations requirements. Users listed, if any, with security equal to the root user are both must be required for production and documented.Checks to see if the information system terminates a network connection at the end of a session or after a organizationally defined amount of inactivity.Ask the administrator if the measures are taken to restrict the use of auditing tools and protect their output so that they can only be read by users with appropriate privileges, and cannot be deleted or modified.VManagement and user based services and applications are either physically or logically separated. Separation may be accomplished through the use of different computers, different central processing units, different instances of the operating system, different network addresses, combinations of these methods, or other methods as appropriate.Information systems that are required to authenticate or otherwise identify themselves are using IP, MAC, RADIUS, or other well know authentication and identification methods.The operating system is configured to meet all requirements possible within the capabilities of the operating system's audit configuration options. Note any exception that are limitations of the operating system.Ask the administrator about audit log reviews. Does the current log review procedure meet the control objective? Note any exceptions.Audit logs are reviewed for suspicious activity, access control changes, or other inappropriate activities and events are reported to the appropriate officials.]Ask the administrator if the currently implemented password controls meets the test objective5Current password controls meet the control objective.$Interview the administrator and ask about what steps are involved in creating a user, group, or role. Specifically ask if the principle of least privilege is used when account, groups, or roles are created. Are users granted permissions that would allow access to areas that are not required?Users shall be prohibited from changing their passwords for at least 15 days after a recent change. Meaning, the minimum password age limit shall be 15 days after a recent password change. Privileged users shall be able to override the minimum password age limit for users when necessary to perform required job functions. |The information system shall routinely prompt users to change their passwords within 5-14 days before such password expires.`User account lockout feature shall disable the user account after 3 unsuccessful login attempts.rAccount lockout duration shall be permanent until an authorized system administrator reinstates the user account. lDefault vendor passwords shall be changed upon successful installation of the information system product. BSystem initialization (boot) settings shall be password-protected.jClear-text representation of passwords shall be suppressed (blotted out) when entered at the login screen.~Passwords shall not be automated through function keys, scripts or other methods where passwords may be stored on the system. Null passwords shall be prohibited to reduce the risk of compromise through rogue enticement techniques or other attack and penetration methods. Use of dictionary words, popular phrases, or obvious combinations of letters and numbers in passwords shall be prohibited when possible. Obvious combinations of letters and numbers include first names, last names, initials, pet names, user accounts spelled backwards, repeating characters, consecutive numbers, consecutive letters, and other predictable combinations and permutations.Users shal< l commit passwords to memory, avoid writing passwords down and never disclose passwords to others (e.g., with a co-worker in order to share files).sChecks to see if the information system provides mechanisms to protect the authenticity of communications sessions.!Ask the administrator if VPN technologies are being used to remotely access and administer the server, TLS is used for protecting the transmission of secure data during web access/management, and if ssh is used for secure access when command line utilities are needed by the administrator.Any service requiring security of communication sessions are being secured with the appropriate security technology. Examples are VPN, TLS, SSHqPasswords shall be a minimum length of 8 characters in a combination of alpha and numeric or special characters. Passwords shall be changed every 90 days, at a minimum, for standard user accounts to reduce the risk of compromise through guessing, password cracking or other attack & penetration methods.Passwords shall be changed every 60 days, at a minimum, for privileged user accounts to reduce the risk of compromise through guessing, password cracking or other attack and penetration methods. cPassword changes for standard and privileged users shall be systematically enforced where possible.cUsers shall be prohibited from using their last six passwords to deter reuse of the same password. _Services are set to disconnect or timeout when a defined amount of inactivity has been reached.Checks to see that for information requiring cryptographic protection, the information system implements cryptographic mechanisms that comply with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.Checks to see if the information system separates user functionality (including user interface services) from information system management functionality.~Checks to see if the information system prevents unauthorized and unintended information transfer via shared system resources.kChecks to see if the information system protects against or limits the effects of denial of service attacksChecks to see if the information system employs authentication methods that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.FApplicable only if RADIUS, PKI, or other authentication methods that require a hardware token or additional software beyond username and password are used. -- Checks to see if the organization manages information system authenticators by: (i) defining initial authenticator content; (ii) establishing administrative procedures for initial authenticator distribution, for lost/compromised, or damaged authenticators, and for revoking authenticators; (iii) changing default authenticators upon information system installation; and (iv) changing/refreshing authenticators periodically.sIf relevant, the management of the authentication device(s) will meet the guidelines set out in the test objective.Checks to see if the information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.cAll actions (if any) that can be performed without identification and authorization are documented.|Checks to see if the organization authorizes, monitors, and controls all methods of remote access to the information system.LAll user accounts are unique, have passwords or other authentication method.wChecks to see if the information system identifies and authenticates specific devices before establishing a connection.Ask the administrator to show the warning banner. This banner should be used for user authentication to a workstation as well as for authenticating to network based services such as SSH.Checks to see if the information system prevents further access to the system by initiating a session lock after a period of inactivity, and the session lock remains in effect until the user reestablishes access using appropriate identification and authentication procedures.ZAll interactive sessions employ a method of locking a session after a period of inactivityChecks to see if the organization identifies and documents specific user actions that can be performed on the information system without identification or authenticationChecks to see if the information system enforces the most restrictive set of rights/privileges or accesses needed by users (or processes acting on behalf of users) for the performance of specified tasks. Checks to see if the information system enforces a limit of consecutive invalid access attempts by a user during a time period. The information system automatically delays next login prompt according to when the maximum number of unsuccessful attempts is exceeded.mChecks to see if the information system enforces separation of duties through assigned access authorizations.Interview the administrator: Ask if there are measures in place to enforce a limit of consecutive invalid access attempts by a user during a specified time period. This could include delaying the login prompt or temporarily locking the account.Checks to see if the information system enforces assigned authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.Expected ResultsChecks to see if the information system generates audit records for the following events: (NOTE: This is a very long list. It may be easier to paste into a text editor for ease of use) Also, make note of any requirements that cannot be met due to operating system limitations. Checks to see if the organization manages information system accounts, including establishing, activating, modifying, reviewing, disabling, and removing accounts. The organization reviews information system accounts to ensure that existing accounts are being controlled properly.Checks to see if the information system enforces assigned authorizations for controlling access to the system in accordance with applicable policy.Actual ResultsTest IDTest Objective Test StepsVersion Release DateSummary of ChangesName First ReleaseDUpdated warning banner language based on the IRS.gov warning banner.SCSEM Results Dashboard-Out-of-Scope ReasonRA-1 Control covered in the MOT SCSEMRA-2RA-3RA-5PL-1PL-2PL-4PL-5,Control not selected in IRS Publication 1075PL-6SA-1SA-2SA-3SA-4SA-5SA-6SA-7SA-9CA-1CA-2CA-3CA-5CA-6CA-7PS-1PS-2PS-3PS-4PS-5PS-6PS-7PS-8CP-1CP-2CP-3CP-4CP-6CP-7CP-8CP-9CP-10CM-1CM-8MA-1MA-2MA-3MA-4MA-5MP-1Control covered in the SDSEMMP-2MP-3MP-4MP-5MP-6PE-1PE-2PE-3PE-4PE-5PE-6PE-7PE-8PE-9PE-10PE-11PE-12PE-13PE-14PE-15PE-16PE-17PE-18SI-1SI-4SI-5SI-8IR-1IR-2IR-3IR-4IR-5IR-6IR-7AT-1AT-3AT-4IA-1IA-4AC-1AC-19AC-20AU-1AU-7AU-11SC-1SC-15SC-17SC-18SC-19SC-22 References+IRS Publication 1075, October 2007 RevisionTest Method (800-53)Interview ExamineAT-2CM-2CM-3CM-4CM-5CM-6CM-7MP-7SA-8SA-10SA-11SC-7SC-9SC-12SC-20SC-23SI-2SI-3SI-9SI-10SI-11SI-12 First M. Lastmonth d, yyyy - month d, yyyyCity, STAgency POC(s): Name: Telephone # Email Address(###) ###-#### x#####First.M.Last@xx.xxx NIST ControlAuthenticator Management Account Management Access Enforcement Information Flow Enforcement Separation Of Duties Least Privilege Unsuccessful Login Attempts System Use Notification Session Lock ;Permitted Actions Without Identification Or Authentication Remote Access (Device Identification And AuthenticationAuthenticator Feedback $Cryptographic Module Authentication Auditable Events Content Of Audit Records Audit Sto< rage Capacity %Response To Audit Processing Failures Time Stamps Protection Of Audit Information Application Partitioning Information Remnance Denial Of Service ProtectionTransmission IntegrityNetwork DisconnectUse Of Cryptography Session Authenticity Authenticator ManagementAC-2AC-3AC-4AC-5AC-6AC-7AC-8AC-11AC-14AC-17IA-2IA-5IA-6IA-7AU-2AU-3AU-4AU-8AU-9SC-2SC-4SC-13IA-2 Transmission ConfidentialityFlaw RemediationProcedures: 1. Interview the administrator verify the process and procedures for receiving security patches and updating vulnerable systems. 2. Examine the system patch level and verify it is compliant with the currently released patch level by the vendor.A process and procedures are in place to identify patches and patch vulnerable systems. The system patch level is compliant with the current vendor patch level.Pass / Fail / N/A / InfoDIRECTIONS FOR SCSEM USENumber of test casesLast test case row:AC-21!Control not selected in Pub. 1075AC-22AU-13AU-14CM-9IA-8IR-8PM-1PM-10PM-3PM-4Control covered in MOT SDSEMPM-5PM-6PM-7PM-8PM-9SA-12SA-13SC-16SC-25SC-26SC-27SC-28SC-29SC-30SC-31SC-32SC-33SC-34SI-13SI-7*Control covered in the MOT SCSEM and SDSEM Control IDPM-11PM-2SA-14AU-5AU-6IA-3SC-10SC-5SC-8 Audit Generation AU-12)Checks to see if auditing is implemented.Perform the following to determine if auditing is enabled: " Solaris # ps  ef |grep auditd " HP-UX # audsys " AIX # /usr/sbin/audit query | head -1 " Linux # ps  ef |grep auditd If the auditd process is not found, then this is a finding. Auditing is implemented.8Identification and Authentication (Organizational Users)%Audit Review, Analysis, and ReportingChecks to see if the information system displays an approved, system use notification message before granting system access informing potential users.HExpected Results: The warning banner is compliant with IRS guidelines and contains the following 4 elements: - the system contains US government information - users actions are monitored and audited - unauthorized use of the system is prohibited - unauthorized use of the system is subject to criminal and civil penalties jNIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, Revision 3Booz Allen Hamilton#DESCRIPTION OF SYSTEM ROLE WITH FTInProvide a narrative description of this system's role with receiving, processing, storing or transmitting FTI.Ask the administrator how often account as reviewed for consistency with the test objective. The administrator should be able to demonstrate that all users on the UNIX server are necessary and are reviewed periodically. 3Ask the administrator to show how strong cryptography is used for authentication. This includes, sshv2, tls, and 128-bit key lengths. Old/weak ciphers or authentication such as sshv1, or ssl <=3, or account password hashes that are not hashed using a current standard hashing algorithm, blf, md5, sha, etc. DThe UNIX version is current enough to have been written to comply with a no object reuse principle, and no additional software that would cause unintended information transfer via shared system resources has been installed. Note: Supported versions of UNIXware, Tru64, and others, have been designed to meet these standards.NChecks to ensure the system is current with vendor released security patches.[The dashboard is provided to automatically calculate test results from the Test Case tab. The 'Info' status is provided for use by the reviewer during test execution to indicate more information is needed to complete the test. It is not an acceptable final test status, all test cases should be Pass, Fail or N/A at the conclusion of the review.Note: Remote access is defined as any access to an agency information system by a user communicating through an external network, for example: the Internet. pInterview the administrator about the use encryption when information is transferred to and from the UNIX server. Depending on what services are running on the system, various versions of UNIX provide several configurable options such as the use of TLS encryption when serving pages hosted by apache or SCP when copying files or even smb ver ssl/tls. These are examples and are not the only possible methods of ensuring integrity in data sent to or from the UNIX server. Confirm whether all FTI data in transit is encrypted when moving across a Wide Area Network (WAN) and within the agency s Local Area Network (LAN). A recognized method of ensuring the integrity of transmitted data has been configured on the UNIX server. All FTI data in transit is encrypted when moving across a Wide Area Network (WAN) and within the agency s Local Area Network (LAN). QChecks to see if the information system protects the integrity of transmitted FTIA recognized method of ensuring the confidentiality of transmitted data has been configured on the UNIX server. All FTI data in transit is encrypted when moving across a Wide Area Network (WAN) and within the agency s Local Area Network (LAN). XChecks to see if the information system protects the confidentiality of transmitted FTI.PUpdated SCSEM based on NIST 800-53 rev3 release. Update for new Publication 1075This SCSEM is used by the IRS Office of Safeguards to evaluate compliance with IRS Publication 1075 for agencies that have implemented flavors of the UNIX operating system not commonly seen implemented in the field for systems that receive, store, process and transmit FTI. These would include SCO Unix, Tru64 Unix. Agencies should use this SCSEM to prepare for an upcoming Safeguard review, but it is also an effective tool for agencies to use as part of internal periodic security assessments or internal inspections to ensure continued compliance in the years when a Safeguard review is not scheduled. Also the agency can use the SCSEM to identify the types of policies to have in place to ensure continued compliance with IRS Publication 1075.uUpdates: -Cover: Added SCSEM disclaimer language -Dashboard: Added test case calculations -Test Cases: a. Updated NIST test case method on old to new test cases b. Added test method column -Out of Scope Controls: Newly added worksheet to identify out of scope controls -Sources: Added worksheet for source documents -Closeout tab: Added tab to populate close out document. 1<Zg>LThe IRS strongly recommends agencies test all SCSEM settings in a development/test environment prior to deploying them in operational environments b<ecause in some cases a security setting may impact a system s functionality and usability. Consequently, it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configuration should match the operational system configuration. Prior to making changes to the production system agencies should back up all critical data files on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary. The IRS welcomes feedback and suggestions from agencies in regard to individual SCSEMs.System Hostname:Safeguard Computer Security Evaluation Matrix (SCSEM) Generic UNIX SCO UnixWare, Tru64 UNIX Release IV July 30, 2010 Version 0.5E]h NsPu{ "r }~[8"I&#O$,$"%Z%7%o%&S&0&h&'<'v'S'6(p(M())*|+Jd,,i,%-c//u 0K00D0J3U6 VAFPccB  +X]^  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,333333?333333?&<3U} $ } } $ }  } I} } $ +                           @                              0l*2# $ % & ' ( *  # #  $ $  % %  & && && &  '  ' ' x (  ( ( x *xL**|(   %O2 S N Group 2Horizontal Rule"B h] `b~vB B >?Line 3%O]`"|B  D)?Line 4Z 22]``4  JA 1?IRS Logo@!]N``V\  $  Word.Document.84 >@`VbV    '' yK First.M.Last@xx.xxxyK Nmailto:First.M.Last@xx.xxxyX;H,]ą'c(( yK First.M.Last@xx.xxxyK Nmailto:First.M.Last@xx.xxxyX;H,]ą'cggD  ,il  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,333333?333333?&<3U    C@            M ~  ~      @0$0$0$0$$$$$$>@ "    ggD  Fr|w  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"dXX333333?333333?&<3U} I} $} I J           0   @    | } | e+j ;1PassAZ.f #DD Bb e+j ;1FailAZ.f #DD Bb e+j ;1InfoAZ.f #DD Bb g*j ;1N/AAZ.f #DD Bb e$eH@ ;1A[.f? #DD Bb e# h  % i D e # H@  % i D   NH@  D O.I@ ;@@B@"*yyyxrMM1>@   ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@Pass; ;@@B@B@$C@Fail; ;@@B@B@$CInfo  ; ;@@B@B@$C@D  ; ;@@B@B@$C@D{+{  {+{  {+{ {+{ {+{ {+{ {+{ {+{ {+{ {{ ;@@B@B@$C@3[ t|{{ ;@@B@B@$C@3[ t| Sheet2ggD  9GM  dMbP?_*+%&?'?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"KXX??&U} C} C} m D}  D} C} D} ID} D}  D} C} $ D 9  e@       @                  Y       B B A A B B Bz B~ BL R'~ S? S u1 T T| W TC TSS ~ S@ S u2 T T} TD TE TSS ~ S@ S u3 T Ty T= T< TSS ~ S@ S u4 T Tw T> T? TSS ~ S@ S u5 T Tu TO T@ TSS ~ S@ S u6 T Tv Tx TA TSS ~ S@ S u7 T u Tq  TSS ~ S @ S u8 T Tr TB Ts TSS ~ S"@ S u9 T Tt T7 Tm TSS ~ S$@ S u: T Tn T8 T9 TS ~ S&@ S u; T Tn T: To TSS ~ S(@ S  ux T Tp T; TI TSS ~ S*@ S u< T Tj T2 Tk TSS ~ S,@ S! u= T Tl T3 T4 TSS ~ S.@ S" u> T Ti W T5 TSS ~ S0@ S# u? T T{ T* TJ TSS ~ S1@ S$ u@ T T T T TSS ~ S2@ S% uA T T T T TSS ~ S3@ S& uv T T T T TSS ~ S4@ S uw T T TK TL TSS ~ S5@ S' uB T T T6 T TSS ~ S6@ S( uC T T TG T TSS ~ S7@ y| u} ~ {  uuyD ~ S8@ S) uD T Tf T0 TH TSS ~ S9@ S* uE T Wg W1 W WSX ~ S:@ S+ uz T Th T. T/ TSS ~ S;@ S, u{ T W T W TSS ~ S<@ yH u T W T W TSS ~ S=@ S- uy T TF T+ Td TSS ~ S>@ S. uF T Te T, T- TSS ~ S?@ S/ u T T\ T] T^ TSS Dlrrrrrrrrr~rrrrrrrrrrrrtrrrrrrr ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 I@6 :@7 8 ~ S@@ S u< T U_ TM TN TSS ~ !S@@ !S0 !u< !T !V` !TM !TN !TSS ~ "SA@ "S "u< "T "Ua "TM "TN "TSS ~ #SA@ #S #u< #T #Vb #TM #TN #TSS ~ $SB@ $S $u< $T $Vc $TM $TN $TSS ~ %SB@ %S %u< %T %UP %TM %TN %TSS ~ &SC@ &S0 &u< &T &VQ &TM &TN &TSS ~ 'SC@ 'S 'u< 'T 'UR 'TM 'TN 'TSS ~ (SD@ (S (u6 (T (VS (TM (TN (TSS ~ )SD@ )S )u6 )T )UT )TM )TN )TSS ~ *SE@ *S *u< *T *VU *TM *TN *TSS ~ +SE@ +S +uG +T +UV +TM +TN +TSS ~ ,SF@ ,S! ,u= ,T ,VW ,TM ,TN ,TSS ~ -SF@ -S -u< -T -UX -TM -TN -TSS ~ .SG@ .S .uG .T .VY .TM .TN .TSS ~ /SG@ /S /u< /u /UZ /TM /TN /TSS ~ 0SH@ 0S 0t< 0T 0V[ 0TM 0TN 0TsS ~ 1SH@ 1tI 1t 1z 1U 1{J 1{K 1TsS 2a2D 2bCY 3DD3D 3bCD 4DD4D 4bCD 5DD5D 5bCD 6DD6D 6bCD 7DD7D 7Cc 8DD8D 8Cc 6 rrrrrrrrrrrrrrrrrr$((((&  (  R  C ]F!" d ZR  C ]F!F d ZR  C ]F!F d ZR  C ]F!@F d ZR  C ]F!F d ZR  C ]F!`F d ZR  C ]F!F d ZR  C ]F!F d ZR   C  ]F !@F d ZR   C  ]F !F d >@Z A w 11;@Pass;@Fail;Info286824;6824d  @Pass;6824d  @Fail;6824d  Info;@Pass;@Fail;Info{+{1{+{1{+{1{+{28{+{28{+{28 {+{{+{{+{  Input Error5Please enter an accepted value: Pass, Fail, N/A, InfoPassFailN/AInfoN1y  Input Alert5Please enter an accepted value: Pass, Fail, N/A, InfoPassFailN/AInfoN Sheet3ggD  $!/  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,333333?333333?&<3U} } 8} $       r        P Q R  v w v w       v   S Q  T Q                                U     D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& !"#$%&'()*+,-./0123456789:;<=>?   ! !! " "" # ## $v $w$ % %% & && ' '' ( (( )V )Q) *v *w* +v +w+ , ,, -v -w- .v .w. /v /w/ 0 00 1W 1q1 2 22 3 33 4 44 5 55 6 66 7 77 8 88 9 99 : :: ; ;; < << = == > >> ? ??D@l&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ @@ A AA B BB C CC D DD E EE F FF G GG H HH I II J JJ K KK L LL M MM N NN O OO P PP Q QQ R RR S SS T TT UX UQU VY VQ Ws WQ Xt X YZ YQ Z[ Z\ [] [Q \^ \Q ]_ ]Q ^` ^Q _a _QDl&&&&&&&&&&&&&&&&&&&&&&`abcdefghijklmnopqrstuvwxyz{|}~ `v `w av aw bv bw cv cw dv dw ev ew fv fw gv gw h h iv i j j k k l l m m nv n ob oQ pc pQ qu qQ r r s s t t u u v v w w x x yv yw z z { { | | }d }Q ~ ~  Dl     e Q f Q g Q h Q i Q j Q k Q l  m Q n Q        v  w o Q     p     8>@A  Sheet4ggD  /  dMbP?_*+%&ffffff?'ffffff?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,333333?333333?&<3U} I_d} $ d om pm qm rm qmnd>@db Sheet5ggD     dMbP?_*+%&?'?(?)?MFreedom Import Printer$C od,,LetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"d,,??&U} F} I} 1E} m}E} E} mF} E} &G} IE} IH} AE} E} $ E ,X@X@@,M,@,@@ @ ,@ @    JKKKE  LN O L E  L!EE  L"EE z L#E E ~  L$ E E (  P) E E %  Q& E0&:::::>@QR J    w  Sheet6ggD  I  dMbP?_*+%&?'?(?)?MFreedom Import Printer$C odXXLetterDINU"CSMTJFreedom Import PrinterInputBinAUTORESDLLUniresDLLOrientationPORTRAITResolutionOption5PaperSizeA4PrintQualityLETTER_QUALITYColorModeColorTFSM"dXX??&U} $ } &} IH@m       Z Z Z Z[$@\A@ ] [[4@\@P@ ] [^>@_@@ ` [kD@l@ ] [[?\@ ] [[[][[[][[[][ [[][ [[][ [[][ [[][ [[][[[][[[][[[][[[][(rT822222>@[ZA w  Sheet7ggD X 8Safeguard Computer Security Evaluation Matrix (SCSEM)IRSJonathan IsnerMicrosoft Excel@`4:@v)@ƫ7՜.+,D՜.+,t0 PXh px BA&H CoverPurpose DashboardDocumentSummaryInformation8CompObjr Test CasesOut Of Scope ControlsSourcesLegend Change Log  Worksheets$ 8@ _PID_HLINKSA kHmailto:First.M.Last@xx.xxxkHmailto:First.M.Last@xx.xxx F&Microsoft Office Excel 2003 WorksheetBiff8Excel.Sheet.89q