��>� >������;<=���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� T8�����\pMichael Caruso B�a�=   � ThisWorkbook���=xiL;�$8�@�"��1���Arial1��Calibri1��Calibri1��Calibri1���Arial1���Arial1���Arial1���Arial1��Arial1���Arial1���Arial1���Arial1���Arial1� �Calibri1�4�Calibri1� �Calibri1��Calibri1��Calibri1�>�1�4�1�<�Calibri1�?�Calibri1��Calibri1� �Calibri1��Calibri1,>�Calibri1>�Calibri1�>�Calibri1h>�Cambria1��Calibri1� �Calibri1��Calibri1�4�Calibri1� �Calibri1��Calibri1��Calibri1,8�Calibri18�Calibri1�8�Calibri1� �Arial1�>�1�4�1�<�Calibri1�?�Calibri1h8�Cambria1��Calibri1� �Calibri1��Arial1�<�Arial1�<�Arial1� �Arial1 ���Segoe UI"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)� m/d/yyyy;@,�'[<=9999999]###\-####;\(###\)\ ###\-####�0.0�� � �� � �� � �� � �� � �� � �� � �� � �� � �� � �� � �� � �� � �� � �� � � � �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� � � �� �� �� �!� �� � � �� �� � � �"� ff��� �� ff��� � +� �� � )� �� � ,� �� � *� �� �#� �� �� �� �$� �� �� �� �%� �P� �� �P@ @ � �&� �P � �� �P � �'� � � �� � @ @ � �'� �� �� �� �(� �� �)� �� � � �� �� � � �*� �`� �� �`� �+� �� �� �� � � � � � � � � � � � �  � � � �  � �,� ���� �� ���� � � �� �-� �� �� �� �.� �a>� �� �a@  � �/� �� �� �� � @� � ? �� � @ �� � `@ � � ? @ � � � � `� � x� �x� � `�@ � � `��� � h? ?  � h? � � ` �?  � ` �� � `? ?  � <��� �8��� � 4!��� �0��� � 4!!��� �8!��� �0!!��� �0� ��4��� �4? �� �0��� �4��� � � � ���� �8? �� �8��� � x? �7 � x@ �7 � x��7 � x? � � x@ � � x�� �8 �@ � �x? ? � �x@ ? � �x�? � � x? @ � � x� � x�@ � � x@ �� � x��� �8? @ � �8� �x� � � � P� � x? ? � � x@ ? � � x�? � � x? �� �p? �, �x��, �x? �, �x@ �, �x��, �x? ? , �x@ ? , �x�? , � x? �, � x@ �, � x��, � x@ ? , � x�? , � x? �, � x@ �, � x��, �x��, � x!��, �p��, � x? ? , � x��, � ���� �8@ ? � � <@ ? � �8� � <� �  �@ ? , �  ��? , � � �  �, �  ��@ , �  �, �  ��@ , �  �, �  ��@ , � �? �, �  �@ �, �  ���, ��? ?  ��@ ?  ���?  � �? @  �� ���@  ��? � ��@ � ���� ��? �7 ��@ �7 ����7 ��? �� ����� �0�@ �� �0���� �0��@ �� �1���� �2�@ �� �2���� �2 �� ��� ��? �, ��@ �, ����, �0�@ �� �0�@ �� ��@ �� �0��@ �� �0��@ �� ��@ �, �  �� �(a � �  �� � �@ �7 � ���7 � �? @ � � �� � ��@ � � �@ �� � ���� � �� � �? �7 ��? �, ��@ �, ����, � �� �2�@ ? � �2��? � �2 �� �2�� �2��@ � �3�@ �� �3���� ��? ?  ��@ ?  ���?  � �? ? � � �@ ? � � ��? � ��? � ��@ � ���� � �? �� ��? � ��@ � ���� � �? �� � �@ �� � ���� ��? @  �� ���@  ����, �  � � ��?  �0�@ �� �0��@ �� � �� � �? ? , � �? @ , �0 �? @ , � 8��� � ��4��� � �4? �� � �0��� � �4��� � � 0��� � � 8��� � �8��� � ����� � ����� � �? �� � ��? �� �  8��� � � ||)U"w}A} )\ ###\-ef;_(@_) }A} )\ ###\-ef;_(@_) }A} )\ ###\-ef;_(@_) }A} )\ ###\-ef;_(@_) }A} )\ ###\-ef;_(@_) }A} )\ ###\-ef ;_(@_) }A} )\ ###\-L;_(@_) }A} )\ ###\-L;_(@_) }A}  )\ ###\-L;_(@_) }A}" )\ ###\-L;_(@_) }A}$ )\ ###\-L;_(@_) }A}& )\ ###\-L ;_(@_) }A}( )\ ###\-23;_(@_) }A}* )\ ###\-23;_(@_) }A}, )\ ###\-23;_(@_) }A}. )\ ###\-23;_(@_) }A}0 )\ ###\-23;_(@_) }A}2 )\ ###\-23 ;_(@_) }A}4 )\ ###\-;_(@_) }A}6 )\ ###\-;_(@_) }A}8 )\ ###\-;_(@_) }A}: )\ ###\-;_(@_) }A}< )\ ###\-;_(@_) }A}> )\ ###\- ;_(@_) }A}@ ��)\ ###\-��;_(@_) }�}B }�)\ ###\-�;_(@_) � � � �}�}D )\ ###\-�;_(@_) ???� ???� ???� ???�}-}J �)\ ###\-}A}L a�)\ ###\-�;_(@_) }A}N )\ ###\-;_(@_) }A}P )\ ###\-�?;_(@_) }A}R )\ ###\-23;_(@_) }-}T )\ ###\-}(}V  )\ ###\-}�}W ??v�)\ ###\-�̙�;_(@_) � � � �}A}Y }�)\ ###\-��;_(@_) }A}[ e�)\ ###\-��;_(@_) }x}`���)\ ###\-���;_(�� �� ��}�}b ???�)\ ###\-�;_(???� ???�  ???� ???�}-}e )\ ###\-}U}g )\ ###\-;_( }-}i ��)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}� )\ ###\-}(}� )\ ###\-}(}� )\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}� )\ ###\-}(}� )\ ###\-}(}� )\ ###\-}(}� )\ ###\-}(}���)\ ###\-}(}�  )\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}���)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}� ��)\ ###\-}(}��)\ ###\-}(}�)\ ###\-}(}�)\ ###\-}(}�)\ ###\-}(}�)\ ###\-}(}�)\ ###\-}(} �)\ ###\-}(} �)\ ###\-}(} �)\ ###\-}(}�)\ ###\-}(}�)\ ###\-}(}�)\ ###\-}(}��)\ ###\-}(} )\ ###\-}(} )\ ###\-}(} )\ ###\-�9� +��� � !%�9�  �� ?333� !%�9� � *�� !%�9� +���  �� !%�9� +���  �� !%�9� +���  �� !%� 20% - Accent1�M�� 20% - Accent1 ef� �%�20% - Accent1 2� 20% - Accent2�M�"� 20% - Accent2 ef� �%�20% - Accent2 2� 20% - Accent3�M�&� 20% - Accent3 ef� �%�20% - Accent3 2� 20% - Accent4�M�*� 20% - Accent4 ef� �%�20% - Accent4 2� 20% - Accent5�M�.� 20% - Accent5 ef� �%�20% - Accent5 2� 20% - Accent6�M�2� 20% - Accent6  ef� �%�20% - Accent6 2� 40% - Accent1�M�� 40% - Accent1 L� �%�40% - Accent1 2� 40% - Accent2�M�#� 40% - Accent2 L� �%�40% - Accent2 2� 40% - Accent3�M�'� 40% - Accent3 L� �%�!40% - Accent3 2�" 40% - Accent4�M�+� 40% - Accent4 L� �%�#40% - Accent4 2�$ 40% - Accent5�M�/� 40% - Accent5 L� �%�%40% - Accent5 2�& 40% - Accent6�M�3� 40% - Accent6  L� �%�'40% - Accent6 2�( 60% - Accent1�M� � 60% - Accent1 23� ����%�)60% - Accent1 2�* 60% - Accent2�M�$� 60% - Accent2 23ږ� ����%�+60% - Accent2 2�, 60% - Accent3�M�(� 60% - Accent3 23� ����%�-60% - Accent3 2�. 60% - Accent4�M�,� 60% - Accent4 23� ����%�/60% - Accent4 2�0 60% - Accent5�M�0� 60% - Accent5 23� ����%�160% - Accent5 2�2 60% - Accent6�M�4� 60% - Accent6  23� ����%�360% - Accent6 2� 4Accent1�A��Accent1 O� ����%�5 Accent1 2� 6Accent2�A�!�Accent2 PM� ����%�7 Accent2 2� 8Accent3�A�%�Accent3 Y� ����%�9 Accent3 2� :Accent4�A�)�Accent4 d� ����%�; Accent4 2� <Accent5�A�-�Accent5 K� ����%�= Accent5 2� >Accent6�A�1�Accent6  F� ����%�? Accent6 2�@Bad�9��Bad ��� ���%� ABad 2�B Calculation���� Calculation �� �}�%������ ���C Calculation 2�D Check Cell��� Check Cell �� ����%�???��???��???� �???��E Check Cell 2�F�� ��Comma�G��(�� Comma [0]�H��&��Currency�I��.�� Currency [0]�JExplanatory Text�G�5�Explanatory Text ��%�KExplanatory Text 2� LGood�;��Good �� �a�%� MGood 2�N Heading 1�G�� Heading 1 I}�%O��O Heading 1 2�P Heading 2�G�� Heading 2 I}�%�?��Q Heading 2 2�R Heading 3�G�� Heading 3 I}�%23��S Heading 3 2�T Heading 4�9�� Heading 4 I}�%�U Heading 4 2�V��4�� Hyperlink  ��� WInput�u��Input ��̙� �??v�%������ ��� XInput 2�Y Linked Cell�K�� Linked Cell �}�%����Z Linked Cell 2� [Neutral�A��Neutral ��� �e�%�\ Neutral 2���"��Normal� ]Normal 2� ^Normal 3� _Normal 4� `Note�b� �Note ���������� ��� aNote 2� bOutput�w��Output �� �???�%�???��???��???� �???�� cOutput 2�d��$��Percent� eTitle�1��Title I}�%� fTitle 2� gTotal�M��Total �%O�O�� hTotal 2�i Warning Text�?� � Warning Text ���%�jWarning Text 2�X��TableStyleMedium2PivotStyleLight16`� Dashboard�E�Results� Instructions�!� Test Cases��8Appendix�H Change Log������&!  ;W   ;   ;   ;'   ;!   ;   ;V   ;���SfVf@� @������ �0 �5b�-!ODw�30@Gbe� T�n�!ODw�30@Gbe�PNG  IHDR��<q�sBIT|d� IDATx^}`�`SJsH� JH��"�� btJww� `�ynw]^O�9��f�3 o�7��𿴾gN��3�R+[V]ò2 -EcYt�޸!V66�+�-{mUu?RN}>_:ϭ��՛ֳ*ի�d~=qك۽rn}L=Q")))�,g%6�$.�(~f8x|G�=1�%1� "�;KaL!w�8يZdy(%,"ZB�f鴵�(�4\JV--� 8+x9|�o�=y�w�Oևo1|WF�o�9�h4�dqp56kWP�8>�7J( })�'�$8\�t�"\&�{r9|)��4� �JSkW�MjJBve |�>xW�?�3_T;F� ߶3>�b'{�j�-&VK)X�ܒ�[wBD86Xۊ�NORK�,"�*JK�z[6,goóIF7x�,bڮ~)w�-έf0�aC[cwnݱHGbo^rΓƠw @?�"�< /7�*kTK7e+600hG�K/)Xj\�Ir�`7VFd �0�|˗0o[мl�;�޻u3~�Y�+�#�#� ݈Je�-N�J�*"ݛ֔ƕ}�&0X ��!%?��"�c6^^^jR]J�|K�8gK keeج_)eݬ�tTz�_XAz ��VWӻE-�� f|rJH�1�9&UDG�.LXDI${J�30� o"Ψ"zɪ}`2E]Wz-%��;Yj�?`}ŔwX�#Io�G�>m e�ŻO�0q{He,H}Hs$M^xa�RT�2u�YuB�:DY:i_�#?�;� �CG�-C`סO/spC�nO� �5�� ~`_o]Gɗv�"� ^żd\צҶ{>�?�Հ܉�5~vyd~D7Gt���1痲sH~uwC:K�e\x+D⁰仡]doP_Kh$Rĭ{V�;ӆu.�2%�FZV/'�% ˹γWeEnߌF� ߢ^i߶1Xg!Oi ^� ],&Z׷uW|g[��kko^3cuDBy�䎋c^򍪚�$ٓ$fljK2 {K@�=yB bSI��ݭj�4Ho �M�� �7tl�+I�]'eڢmK�:34�5P�5g 8}LEloun탽l'�01�1XO�%R`~C)T4j�6`9�kE�r$X}Pa\Zש$H(I cz�8߮إmS} zH �1yVvd[=q�3�@ӍQnT�.zL��M!L�?t�8w�9� o =n�I̝w0_�k�;#|O�:sAS{:h|ч�ZV/+-G� �dJ�2/�&>nW� Zʜ-G��,<0ƯS,9�$r%t_E zs�,�>tml�+f�|%_ D�>⵼N� �6�?O�?Q � U;PA2 R� � xH�"}ֿ8Y� **�!mGȗ)Xv�9�;[��2 �lCsӹVB�+N?�0]���.]~ÜU*�&0 JDRP|hkeܜ `Rcf�>$ɪ�7<�+A�e 0G2�$�;Ag�2HI�9)Cț~ue)ɛ~�% ϟfB� x�%> �soL�=yDAwym]��0Mo�* �;^AV}4@�y%�$_k�n�)nBa`X�*rGvLIaZ7MeΓr;ުƁew�i� G�k@�?(6lĈ>[� � �:@d�ߍ_̇J�ud�|`�2CFK~r� כ߭�C7qd7iS'iO]xG~B/-xݨ_'�tq/ �: 76wɟkk&%мO_H�_)otCw%y�rn(�3��5GA��,ÿ[.Q5Q�7 #z1oP/_ݓ^ع}{G_Wuym���fK�>oLӘs�,z`�K0St@_TGb1M)C�(� DB�? U[�+H �H)W�&��rD!w�zC'E,jQ�!|�@~X3Jj�8ove�qr-5�'k{N�;u`BD�0w|6�&�_/HLQEz6�)Vմ�ѷP�E�Gk�8:L`Xxn�7�*�-ںx�:�?`06ʖ/�]��JBݦU�:o;(c�0�25^5ߐW^H�X]o��+Z~[� L2}r ׃GO���ltc!�9�pŰ�>*@H%kPH�i�pA%�� oՓmWI~.͔ݫxm3sp2 s5=Z~m7�-'/hX �0/Э�GMv}9Đz_�H�7.�x|˄ߍPmCiiX~z~e$��5 篷�+vK �,� �8.O� @/eL�L:mkWP� )gYI4 ͰNV]J� <4(� yHcown,�Ki�KR.S�%CA|X/ʬ]�"ƮN=�e 4�Bk�ۦC�mQsos��Y rd�CgL͸�7b-\�w,1ֵ g_C�&i]cPH.s�)\�,H_� ` `d?6J0R<� `�>E Hf{p0g+x|Wl�9w&�P#0Y�):4�&�t�/ޒU�x`�p KƆH�:C�̃D�% B�6��5gn/�zbAf�> rfҤ 5�QGkeJV=y�w̍:@?Co2A0ߏzECs=5�vxz/(sL8e{N� �5lXouUy$]J�>г�m�$&��.@=>�+� e㴑pV,/Ni�4�6�!opu�1A#�6hվ�Yk!^>x+�?g찭S�g&� >k˼AV#�5\=n� �,� `jF_l^Sz4�.;ay~860K�H[��gK^�?�10zai ,X`�g+��~� !T@=%__ӄ)�0.MgJ�?{w_� md�� �%d|?Tω�4W��&fv򛡆5kWOMҼV�`|Ń94ss�1�Xbk�3Ǒ%;a�A�*A�)�>~]jJ2|5rQ NP�<s�4Dn�~�(�& s� T/n{~փLZkO� �tGY�}:hCy�>}ʲ��,尪P?$ڲT2mնĹ�;帿7ρ%綊�<\M:N��އ\�)g�� m��!M}�*ǻa^&� Cwlp h�:M&i <1T0,٥�0h%=�}jwJ-�>�܌W.�~ܨջN)�TSL_eI󷾕4T�+�(.(JVOck>[� &~}@vE�-&>�SkZU;Gk|Oy.^-_}�/�.7�{�2 \ƞ#�QJϵ�RuVzg7� �,� 'Icp\�>{3�1݇Ӂr²Ѳֽ�|5ea'�;+价�!97�WQ͚:j�9�=� �9Hh�#Eo �Q5cJ?q7�$__ >ytik>}f�vX�6�~D!�+7�P^�Mcҋڜa�""=YbHD�~:�,?wE )x"`��3QitOU|�*Za(�t(� I�يfsI[ݣ?H Caֿ>V |38c�({�7SB#˱fKZu�x�=IdkOADtuiL_M`7(� F0Q.bJM@� �8Jp�#iN5f dv_ ܼf-to![(d�%B=?~�$a�b�夡Sߕ [g EKֽkbw5oڜrq߹V@G߁;pdP'�W�3 V\֧\p� j`iûɅ[e1kUJ!|>� � =m*˟̼60oT~[`�GX#HJE�9�/,��*`Wf�$�zl(,� Ow�z<�ȑrꮭ| @/faj>p�6+`,.J z_U]j�2�!O0q1�CpVG>@o&�wpi ';b%�'Vi-� l�?{쫈<(|1Q5*�+� i|֭�Sޘ�A8�>R�Ɉ�1�R� ݧ�%H}V陫a*mհ� zIzFH�$2ZL�6~怖If{Š�Lep[I�<@gx`Mn·!ǾX�b+uCױqɺ8YFá� Kf# `yW+FGm5�d`0D?I3䑘ۿrUk|qNrg潨O1O�'e\D4VC]'ĽG��1Wb@\ ʋR &�A*]�=��!u �JcxN�6Q� �9SwT�--M�ǟB�>[ϲ�4`���ک5��3KUG^�sr� 4h�$N=-HR_W�$խ˹qS�n8BƊ]�ⅲ޲R�%֫y�c�6CJMm�-_{懳�'җz] 1~A |P ;XrZ#�?oE�``]W�4H^vN7K�.�*wFJ26~k9n ci.f�6ۼ�:ㇿ&VMP{U�-�$ރZn=0^� ׶miKfu]uٻcۢ^wm[ґ�݉.C-�:Ȓـ &A@g u9ɌS�)�:D*<��`mFzZD.Ŗr)�(Kwkr3Sj��9z�sx*�>xKL � KBwlq2s IDAT�bch͜{i}�DYr��/lf�`q1t&yU lBH͂� Cjmrŭw:]�@]V@N3�)y �xO@�8�T\2�H�4gx br=8W�/'ۏ>*� qN�oD=AD�ebk�.LOt� �,X��-%@��R�9nx�$ޑB�#I׃?@ouz5Z� �#zo.KW\rbwxS̿�e"߱W!FKcXU ��2q� Sgl`b�%�mҵ��)5�%[[9񤸜�,)�Jky�7ڋUJ<ɮ[� mfRiZI6R�)Rk Ћ{CR{]�$�%%�*Xiy_��'� ݑ̿귕:zicD{� Z�5�0y` ��zOI󄎎Oq_�O[~¯fq�2?a�܍��(=CmA�J-np6WQ�: k�/�B�ztDc Ⱦ� e&=]D� qf֑g�%,G\]�AqDL�EnBU��)|VѮކ.aY4y6|l�@ɭHjyJ �;ҥ�5U�>dycjjgeR Pf��S LBZ�('�9�1iCn u.JPa�/�;�<~� � /5�&{d�kgY)\`jlBJ�]͸ nlKd֬QVܯ.}_�G�3�X�-�+N5o_Olh b �%Pa֯Jo~6lhՁX@Y'�5lUd��2L{g)}A<~'�z�2$#�<-j*BPT�$u{\k�9~űe�iK{J�0�5ԯrq/Cc/E`鮙� k~E6�29DiE# FE�!jee#n]Urc {� �&e�>H x&p{�jy)�3褴ǪJ~ӽK�M?S�0y)��hhfCus̪YUN� lK#J.zg��,Bq}ە0��6T\�']ʑ�8Y;],'�$eYڥrj ì -Y1ݸAI^��1Rʧ앣jQ�w;W5C%61EJ#-LjRyhI�6lϰE��:�Y�3�&Bk =^߭ | H =N*r�*mՂr/aNhf�2� EsoGWe�4 s~|~ t`ːkB�62v�á���ǰ0GR�'n]!wo#�&� Ą�6^!JUF<* P�3D.+U�V&�5= �+�4h\�Mmj!�W� g�12s�*\#Ћt��";�5�S�l1֑o>~Eg�(S,reל@Rm�-`&@�uИAQ�(l�7ێp3z,eZ?*;Y��+S-��&Hj^ҿF xjY�pÙƞs�:_,}%A~ ,�'ˁ�eWW֫�/wQ:= I�=R�>g.l�:��=ͦKQdP/2kf ]U,�5><#؁J̴ͤ9OU�bKRIu6I rH<s�35`@l�Hy\[H]q?v�.7_$� M˪넒�ZKI4+�6 vRf58AO3OJW�dnVՕ�#a"L '} qr�cunצZll LO�#�n�'gZ&v�� 5`�SbxY}Rb� t^ ߇q�ZԮ)�.A�0l;N(a5w�+�-� �6[KU� PqB%�-bX��43� v�-V�>}\Sz ϗ y 8y1�;58&T� @� bL׺b3f*�?o;�.Cn,… eJBRZ)CL� Ľ�,y*�%�=H_�>J%}Pf/�"iڳ!8]�9_ݺ[ԼZ�}kXoV�T5^�=;o[[4Q� cn*ŒPuF/j=|[miQD2S�){�4y��*2�K�~eldZ�$,k $p{t̩U  y]t[iKB͊ff�!.B@�;�&6vt'Z_L_y�^�`� y��׬]ccVEUĻPS耭>s�>N`R�3}Sx+fݑH~erbKG0� *?0�.^O �[$2) ̫b\qez ki�;gzK!yGrB]�/4lu(�0UXZ�Nsv͝2BkkeəP�5AfGF� ?AءR GZ �;N+3m僣�a�0Rj�,-EY �oX�;Z'X{kI c_Δ@H=X˔@�ԉ]&�*Cn$!>b`�Ɗ@�L�S[�!Fc*m� Dnar0X P%P �[+ ˫X�?ӻ�Zˎea\n� ض�/�6u7դ�7u��?Y�>oXFy^?sdL\C1 �8Qy�4+CWbFæK=W�<�8R>ޜ2|Jڸl�,J% d,.6GScM�0� :Ex11`�\wpaH ��Ҡb)9q%H�-Kg{ �0P�pƇ#!�W}�� BNZŅ k�#_s0 k�uL76 [�Y*&�9P�( gj6�&TWSI�24ws�{�>󴥘?< ǵ€ 7a bt~X$v��b\\ ,4kEUulf5�s�`�,d%�(oY #,@.wϷjJG�'Jg �< ǰ�!8�:�+�sR@� �!@I�2cn�' �]�:,p� ��!ϵ~'^E/멐-�0X`�Lflu �M�+L֗Fe62n E�4�/<ɝx5u�du"�78jN�}��3ve&q݊u+~��NUeHrLEjtoB� JzZ�1ٔ۴�,U�" KJBB�( {!O+":IA2ֺիSF?�'x S`@'xF_sQOw�J m�lh5�Ov`" =�IW�iOJە� ;h�QFR2xQ14o˺�L2ES[#=�7rS�-`B�#^UsS�(��w �%:�8TvrILoyt0)(�ʰ�7V�5wHT��:aߴ~J� D� 5Ϭ%�ij,{q�>P5ݼ@:6v�2� 0KR^Z3�/u!Z|�'[�#�z $'m6r�p<~*Rui� �$tM�Az!tz�_{ߐ�w#bhNZq7;Yw9\~�M�6ȋ0Z�v`0[�0I�4� ["�%_}sx�;}A W�7,8�H>{9�<@:Co_gŒ�픲K�#1�P�6Wz|�__f>�?�r�:[�S� )�Oa,iH鉶6�(z SHi^w r�*UQko�!�>uYmz2RU쟐Q3�� T0B� ?�fx�yS � �,j�Q(Z$}7'�(Ld]Uw�8ixf�m4H�$Y9HYH�;Pj}:%2fDZ�-H_$K[�nq�m T� \ ~kC5v �%^7da'`Yc`/`M�1`S�Lmd2 PyO45dKuV�FQrCHJK  �;L FpA&Q&zJ%|F�r\M6�:A��7͗�*�N2}_�?JCr�=�ӡY�- -_M$[bQg5L��. �9CKPꑶʶz�)�".AU�/Etå}�, {Kr ̋Hh)\�ܧo?YR 6æ)P=�6 YVjTw�%JBe�wlTyU v0E���5=rHB|� qm�z {<�j|SQqM�?TZK�:� UPW�.K� X�"yfju��=�3� 8ːr⢭3!M�߉>8@Lƒ c�?e;_T�Cn IDAT�+ u NJq�. >HYUqxI�0\#I�!)RUe�026�s@ޫCrRYI;�W^ SR�5Tk�&� �gCvW@_]%>Y$gi`� �3�&_},GI@ dWCT�7m�)r/M@JwʞQlZ|Z*9o�M1Fʌu1Udg�ITa��5`i9NBԌ@:3dK%eFmTMȍV� QBc|_|�%PX�Rz (EkNε�'η2Ln"^s G�Hjo�:T8+�:$' !Xh�9c�2`]JWA=G `k� ~~fn p'@�6�>=Zޡ�._� �2nS�4�L̴E�?�6uT: |Q0x S39YBT ;Z�L�CL-lM'=q`2)WYl�XK#W�>d�F~J ,0LJ?N�3BI%.FbƮ� �]I�:2U)l&��3`uo�o\�3��8:�4_�o%� @*oہzHta x�]~t}<]8SV&~ژLJ���s1x{QN^*J'�2Ep:�2ZDd�2np�/$N^ZC^=U- Ju`��>dMلVˢs�bwK_8*(kȺkU uK|Z{ߑnG�qlL^�$E3H�y24EDbܛ'W:�#*hEgʬC΀ԃYvkI3I�op?zh7⣑|�=?K 6#nN۶l%}�X:% ڽ�E ]Jh|cV�zOouW I=�"�SIw*uSom-j*Ҍr&h]J>v]l~!O�;> �4�]T&U:(V:چ|Ҁ�P2>`\jx�69H~�5�).b)�PN@jP� uc�7N�8w7hW�weܤr�$�� BZ!�2@�0o@�9[%1�a� :�+Cq�hpwgXH~N.aJ�oxhwp��0�:ZM�,L, : 5�7AG'ϐ"QPEp[9 E�#eMu*\2�=rZu;� �~�,_ '?�@A� ʯv(.U�4~^ju V"_Lm�G{u� q\N�rCMesd'*R6Q� �Š)j.�,ڡ2׉E� xӋP\q�*v#ke6`UP�eTJ�#&Y�>~R -��bD@�00XU_w2��*��3��"Xq./K�_R�P�&�( W8>Of6�ZOw�/XB�;M~5rM�$g±� {T.h��@nCZ�J zJƛB\�>βb` pڌZ�<�h\u�{2K̻�k�2q2 � N<�>N>XT=Qd`t�>�$Ac'�=�ض�{�Yt(�.#�vp~^j�� Nz"Q �5!�wr^�*�_L׃uRǶzYx� Bcsh�<$ftJԌ�4�;C6ï�x48mBD@n'U{k4N&�2H HSJӿ8#�,�*�x^IzKJf[EK~�6q�bT-ފk� ‰E_�,LTqgkq�35K7aAGɯ>\dßٴ{w�`Q/GXS1[2HT�:ҰV�(�� L~�)Gpns�5C�U�H�+Y �_�;qfث!`�0A�(l��!�'+G n?� �fG(G<|*C@�'M�љ{T]y R9$i�z٬I[fFt2� 䪅��)�=?|7JYOt��%e�?!k�[\�)?D|�#KHcqNbu9 n+uIuG4KlM/�&%B@J�8go%�(7 ?P#S^o/c{��3|SIn+CIW�#Y5o�;|^N]�*G� sF=|,ҴvuOIHV8�8:Y�M6Bb��B}a���;6Ej?4�(`�*t`AUРvf|�[뇍HdBlC�q��:ӣ$� S NJϩ�2hg�?7iy}Ƴ�-x*Y)wm ?�~v�X3S[[�A BD�#�.&ݥkz<�+~sdɎF0FUL؈.� ppWn^NҸ�->P{=�JP�z{խYM򊔃d"-kx�qbL�5 (@`�*KNM7d5YVlḽ>Jx_`@C 0}��8#�?A� �+gh4OPSTAA�1/&�:WJ7�&Y˱`'_ �_� E6Sjp@KoD&ei�;PY}'8�<2]:�M|��*fp>5E{¼1k�Ǹy<�;x>��>0~15%Ė}7^��Ta�=5p�Ѱ¹7�??l1֧5ؘٿg����$gcQDp_�u7K(H|8 ~\p8�;�7ˑ0d֛Mn#zHO`eM�Y�/� ��IUFis�\U��(tQ^mZ#)�/khV�'}N'i9{ ۧ.c\�h^3ռ%+? #;6-3dN�'P�$�!u!B�ݞd;~w��-~�ls� A#~j8�)Y5vvq�TT� BL�*[HT !ʐ$�/k 'e�?�E}FDA;i|YzdߝlS&x_ s7R%}[�r�V*ѰݸkwXط�6iMN3�-ŗ� �/�9LqF*n>"?ݳ#<'e^�od�B_BiP��xH\�9��.9IBaВyhh鬹`"Пud� Tnh�9v%hP"!p L%jipX�'pCy-� �g8VY^w=tuZ~0e58Q0DN^4KotQT�'�/`]a�2}�>ˊ˾dASTFIx�>tu �.|ӜX=;߲:99�*i� ϭxy[)[QHzr�0�>`EG!9YpN#�gxXRjd+�ar�9ҫ�5IMh,S� �dzA]|n�:�Bb" e�4�3el� 8"\&�&ݥ?xXfp11�,M"Q=1@0dƁll�>�S�*ƺܱ<BXٚ�_AE}�h�1B�}4�? @�� Kӡ]CPZzu��gټԏU�<*iEbCb53Sn>NP k%�dyy)Aʅ,��,Ze~B?,�r�+6� _ij�%Ŝ׉!W��@�Bqw�')�IE.�5z�R�|`e�% 'HFk� Ye�$n1IA�kV1�%DͱI�bT#�hn0wʝvo){wK矁mT�m|� >�<> Ѯ)e�Edx�>W'�js /o8IU\ky\xvrYڲp!^e~s\�>�3|h��7w�mܟpTl�7^ \-O$[�8;�,t�r�5�%M�*S˜?�:E{cR#wǍPJz��9-ţf��Bs,lj!}{bL�:1c'RV2x]�� Q9� L�8 ĘZMLM�$�L*K`nd7YeU)Y}=F� %7�-H_-wVQlgkɛ%x7��!�n�)@#�Q�_FmuRN�% Ut3߉3y�(`PgDf�rHB] �!!�&8^~� pW%�2P�8A�:܏ xTE�N�qy�H� �(�0�:��:ā~u w�mWVݳA�SRx!iz;m�\a*�8vZvCf yYE՞�.{g��?�-i6zXyØ\7؍OBhei�6M��2r08yh; k'{Iw8Jm4 4dyZr|VP8LAţ�3,tjA_�4 f}]-,SJ)�, _�.c RajAvX ˦�T-�:\߶|Ы� �kfFJU8tA_.ޮa6\Jkz�2\l\�JmHس}8o�9�2�2 "R�fISG�4{�S�\�2&��3y2kdqZWܡ%HVN:B_HJy�l)NJ��%aFBEeߢ�Ri+ĬG�F�'*�>R0PrMN+[V�(�i_�&.6IX[Sn]o�ڔ6ڛ5fzF[|C�زb�6LIV�;qp)C2?Q q{:���2�zJӺ6Bk r�爄\>�ڔ1oW>��1J_A�8O:cu\~W;s@M|:6W$2)LHvxS�jJ~󅲦{rfWbu([Q�1,Wd]nVA Ѹ�2mLA�́y,/ۼC�ʛU��);Zc�7rWhQ3}VRTO�/ej`֍@PEB�#0 oܞz~ d:0�n~ce1�.1T� �J0l�"�"EiOZYN"�v56a%�2d�QN � =VtZBO*�,�;�33g3q\�ηZ]Pz�"R Nϗ4W h(S}�(\“�ɧswt�9> p(1nbMBg\�DU%,st_{\p;U5�&�$2C>Xt6q�ܕP*.Ji�yW>d�X�7C�:�#x�9� s;Sz<�-M BN~yy�:_T[-#V�zBDnʛX_4FmH6D>Jf.�;f�0 ˍFz:ߤgYi�9ԞHV_XD̑꬙]4yΛiYU@jO�#x�$PӳlGϐ�$f}Խf%�?(cLB۞�ȓc5!`~SbH�?jryUU16O29p?�$7J=>t$s᭒�>zٖː�x٬�>&}�Ϸ[F,zΌiVJ>],�a_ӉK:Dמ�#�Ĥ}~S g&ӋlQS+,Zf;jF�+ FL� a}}⇥zy1E3Iq�9/oQ䘟H�'1S7%uHZoƢϒE-!F1�2*�7U8u�@�/�\X)�ή3]cBYR�;y 2TTog,T4�ר�[ǭ[b\V?� /N~E:ݘɗ6Ϻ�?aav`�� Hs� X �'�c� 4�64|X$�ё&S�6sR蓉o]ÓUxJ��J�4&kzLߖD�*CVS|KۇT�laJ0p�fA�36cf =Jqd_OSg�3 >4ȗa@*n v׿M;v\�4�.Y?){S>�a6~�I�x�H� 8ӈmmfpoi3ԛ�,�dPF.�M7| x)}?o׸kn'^�=v�4Da�"6Qu�09XLZ �FZR���3U'YyכCfJr�a!_t�G� �=||5+��mkrw�-RH})Lŏ;b3k6R~ѱ I&ARSޭ�;Pք@RG� ~uo{"jCڒ^�7�,ڸ۬"tdH$S�g�gEDG�65oSw��;ogxZ��QV93� |Z~tweBA�=�0~ q0vu^6QqL¤4D˵[kz_(,Qӳ�=�2OuE'�*�$�[AR�;w:hw�:X0M68D+wL l W܁͵^=Iý?MiM]b�+:G"�8� �JbXڞLVUw{w��uVQGT'rśwt��<�>E�)[� �?GST�0\oTu0sa)�?R�-Ǭa=īE�%2L�&m�6\#Ysl35w~S|HZr u�&��ƾ�)Z~ZLM�fhi�ۀq؊� zHnԇT́Bs{@�qn�[Z˼`$;pSV�-:u{�g p�+��q`+�>\]o�Z_}|;lP;uy�)� )rKLlzB^��Lv:R:�(i�1NGjSwl� Z6i@]1NrX0֯*>�,E*H%�,<&R�/ .򩛅Mp�+YV|5ެI\�#�#z<�2e*5B �/s/bfV�*]O�|�)3�!s@[�x �"w.�ђBWE0)c !S/T�=ze�$᣹f0Z!&gͶ!͂T/i{�-wɘV� U"��7 ~StO54d C7}#�#-H[�<$KB|ROۦkD�/� g(9l� O��$¨�V%Zc_P Yyy&~cA.%k~ӕU UD}W�?sAH� èlI?NDH>B'vDFYW KkH) UIwn#*iW�/�>9�!U�'�/\ʰ|�8�P�)e�;>Ypʏ@3@_E�T]6)h�#&8؇0�('F#�T:Q_�8A#~UJA~a�ifu8C� ~[KÍhj�*k�'�8W!|XBlFf$2cꂆ*{�Cjbi/İʁUL@fG6P�;eU#P�-n&)Gi@,Iv)I?�6#'dǤ:�4��UU~SAv �)GHGy-4�-|�.�3�@U0Elv|gLj_5+ddF݅ � +oq=@k#!%B�[Z�1yIgrŔu�hl�:ѻͤ�(�&j�0pK[Y.5&[|Crf_P0�8m%/Q;�?|cNk[Ӗ]/DXY�"Y(cP(E|�&SKd� o]R� 6�4S]ܧl1sU[8.mx^z:'�}�N t󙀼�XLg�-|�:όMp`vC�HlQv>!�7�<�0L1=u $�R%�GxA\s�2C�6sS&kc�)8c bWOz Mti� 9 �(*O�5 �@TnOeEWxƔ%YP �#q� ƣF�3fHz�-�vu_�CZc6ij?Ԫ�;S�5w^�!Y�9S�/�6UnФa;kh5Xl,+{�;X`N6v�]Ù J�?Hx~�6=*N>#g�5�:�YWCl�+׌@�0ݤl4`"�/�>txWa�3c{ 4խ9G�/I�=�-0P[ꅭY�OmfJ��!QKL(ؖmc\0ERM"?;XٓckS�)?v/%Kw)JpL4tT+{�?xʘG�)c�|seհ�07!GB�V�-Z�6U9$ "�4˱v4˄GD _(]H.3i) (| @Q%QgK_@C)y(2 !�>�$ٶ�<� !j ;#歱;W|y4Gk�rH >kO*OBs3c�GE�+*1rz߷ [no� ?h|O8h(?Q}ɼ=�k�%_N�XK}K @i�:z԰i^� �BS�1g}TBR$( njcQ`<.e>֥`b�$&Cה5f|�)-b�5Z3l|� [$D�2�=a8O�= ug" NjVޠtsM�'�,�85⊊e tɼ~@J0�v07dx@mwbYV�&)f� Y�7(B CJ΄/<�i)@yk�h>�u\ꩽ�J}p QvRl{kwh2�"P M%�!\bx2@z� � `xH"5Z|<�Σnm�j VY`':���1�%P,߰\BϔJ}tW�-_�)3mznUbfr�&J�bj�5ݔc~'9arx/�6 Q�8[udU96� K:/ITH?c۾́Yl�&Wv}��.,ujj@R.W5"급L`Slb^c�/OD`R��(ՑUk-[$oyg}t-G�3N�"g� � �11r[JRLD|QG~EKa�iqf �N蔶N~DiҲMstpI~uuWg+T`�_��16Xג" @vdtyp ,9kAȥipߣ#ְݕմө<ң=bbwV�&r_;I2JCy�*YՃ�Ƅ�,r.�.&`VRuQ�3BBЊ�-^�9ζXr.畕x"x$ψߙR� @n~};�/�.,-N$9yڛO�ʘ9آe�?2�;;\ݯo}�4G1�{;�*QyxDHr;2* 'ͥ X_qDT"suC2ezSG}\IUBG#�IQ9�A *U�MI:Ʒ])@rr"8?]bSOf�4 c�:m�?lױ ��픱�>DҜ?�7uf�=)ҥϣ;�(UWKS� yKzJ�d� �/i6�3OdfZe{R�-YS-� �$߻sC\6��Zrjr6�1_AC�>�'*�4�ѥ߶mNxS[�5!~U m{ti)aڷI)� vFyٔ{6R(�)?~ܵ}\m�>m�z}�)=t^}_-̧pD'nRUh�}d܇.·��!�:"=>j\HY��'{!b6ᇂ`T�6)3�tlGd�4s/ϔɗՄʼ@3xc՛|ʷ/B�#�Bk�#ys�Uev� JwXM��-&#vp|He�`N\"D9If7�,_G4IOrub ~mES^k׮١U;J�t �����*�4i�0oE@r�8KQoPf*]"ʳ-O贵T,KG̽u)4G=c!ȕ9 /%x8� ޻_I=�☓4Edy4S�G�)pxYi]Consult with the Information Assurance Manager (IAM) to verify written procedures are established and disseminated to ensure that the ability to change the system security configuration is tightly controlled. Any administrative passwords should be: (1) Restricted to authorized personnel and approved by appropriate systems management personnel; (2) Stored in a secure manner (sealed envelope in a safe, etc.), with access restricted to authorized personnel; (3) Changed after each use; and (4) Their use monitored to detect and log changes to the security configuration.VTasks submitted by a user to run in the background are subject to security validation.Consult with the Information Assurance Manager (IAM) to verify tasks submitted by a user to run in the background are subject to security validation: 1) The user is authorized to submit the task; 2) The user is authorized access to any files or resources used/modified by the task.]Checks to see if the host requires authenitication before being booted into single user mode.�Consult with the Information Assurance Manager (IAM) and System Administrator to verify the system required requires a password when booting into single-user mode.MThe host should not allow booting to single user mode without authentication.`Check to see if the root account can be directly logged into from other than the system console.qConfer with the System Administrator (SA) to verify that the root account ca< n only login from the system console.]The root account cannot be directly logged into from somewhere other than the system console.KVulnerable or unnecessary network services are not employed on the machine.�Work with the system administrator to bring up the listing of services. Verify that unecesary or vulnerable services are not enabled. (may include FTP, SNMP (ok if protocol v3), telnet, rlogin, rpc, etc.)QAll services that are not necessary for the operation of the system are disabled.Configuration IntegritytHave the administrator show the value for the parameter QAUTOCFG and ensure that it's value is set to 0 or DISABLED.LQAUTOCFG is set to 0, thus preventing automatic configuration of the system.System Security Integrity\Type the following command: WRKSYSVAL (*SEC) CFGSYSSEC Verify that QSECURITY is set to 40.`QSECURITY is set to 40, providing sign-on and resource security as well as integrity protection.%Protection of security related values�Use the following command to see if any security-related system values are locked: DSPSECA 1. Enter the STRSST command on a command line. 2. Enter the service tools user ID and password when prompted. 3. Select Work with system security (option 7). 4. In the screen that is displayed, look at the Allow system value security changes parameter 5. An attribute of 2 shows a value to be locked. Locked system values shown on page 73/444 in the IBM i5/OS security guide.[Appropriate security-related values are locked to prevent users from changing those values."Protection against tampered objectVerify the following settings are in place to prevent the placement of tampered objects to the system: CFGSYSSEC - QALWOBJRST has the restore option set to "NONE". Do not allow objects with security sensitive attributes to be restored. - QFRCCVNRST has the restore option set to option 5. Objects that contain sufficient creation data will be converted. - QVFROBJRST has the verify object on restore option set to 5. Do not restore unsigned user-state objects. Restore signed user-state objects only if the signature is valid.dThe system values are set appropriately to restrict the placement of tampered objects on the system."Restricting access to root objectsLQPWFSERVER is set to *EXCLUDE to protect access to the QSYS.LIB file system.QPWFSERVER is set to *EXCLUDE.Security Configurations�Open the iSeries Navigator Click on Security and view the security attributes available and their values to ensure they are set properly in accordance with Publication 1075 standards.(Security attributes are set up properly.2Verifying security via the Security Wizard Reports�Have the system administrator produce an Administrator Information report and examine the recommendations for sigificant security flaws.RThe Administrator Information report does not identify significant security flaws.Object Creation AuthorityyHave the administrator display the value for QCRTAUT to check and see if there are limitations placed on object creation.�The parameter QCRTAUT should be set to either *USE or *EXCLUDE to prevent all newly created objects from being created with a DEFAULT level of authority that is too high (e.g., *ALL or *CHANGE). Attention Key Program protection5Have the administrator display the value for QATNPGM.�The parameter QATNPGM has a defined program assigned to be called if/when a user would hits the ATTN key on a computer or uses a CTRL BREAK to exit an application program.Access Security�Open the iSeries Navigator and expand the Users and Groups option. Examine the users and groups for appropriate settings and permissions.2Appropriate settings and permissions are in place.�Procedures: 1. Identify which sequential access ("flat") files on the system contain FTI (whether solely FTI or commingled). 2. Determine if the naming convention of the files identifies them as containing FTI.�Any special privileged attributes granting hightened system privileges or advanced access to files / resources, are restricted to personnel in a manner consistent with their assigned tasks.�Consult with the Information Assurance Manager (IAM) to identify any special privileged attributes supported by the system security configuration: 1) The function of each privileged attribute; 2) The users assigned each attribute.�Special privileged attributes granting hightened system privileges or advanced access to files / resources, are restricted to personnel in a manner consistent with their assigned tasks.Separation of dutiestVerify that there is no one individual/account that has complete access to all the security functions of the system.oResponsibility for the security functions are given to more than one individual to ensure separation of duties.'Access Protection to Sensitive programsSHave the administrator show that no user has access to the Data ob Utility (DFU).�No users have access to the DFU, which could allow a user to manage and manipulate the contents of data files WITHOUT an audit trail.VHave the administrator show that no user has access to the Source entry utility (SEU).cNo users have access to the SEU, which could allow a user to edit or manipulate source code online.fHave the administrator show that no user has access to the Interactive data definition utility (IDDU).�No users have access to the IDDU, which could allow a user user to create and maintain record formats, data dictionaries (DDs) and file definitions (FDs)aHave the administrator show that no user has access to the Programming development manager (PDM).�No users have access to the PDM, which could allow a user user to select and manipulate objects. Typically, access to this tool should only be granted to programmers.'Access Protection to Sensitive commands�Have the administrator verify that no user has access to the following commands: (Type DSPOBJAUT followed by the command name) DELETE LIBRARY (DLTLIB) CREATE USER PROFILE (CRTUSRPRF) CLEAR LIBRARY (CLRLIB) CHANGE SYSTEM VALUE (CHGSYSVAL) CHANGE DST PASSWORD (CHGDSTPWD) CREATE LIBRARY (CRTLIB) DELETE DFU PROGRAM (DLTDFUPGM) Note: If any user has an access granted higher than *EXCLUDE, have the administrator provide a reason why a user accound would need this capability.IAccess to the sensitive commands are restricted from being run by a user.�Users allowed access to the system when system security is inactive, are limited to authorized emergency, disaster recovery, and systems personnel.#Consult with the Information Assurance Manager (IAM) to determine if the system can be accessed when system security is inactive, and if that access can be limited: 1) If access when system security is inactive can be restriced, it should be restricted to authorized emergency, disaster recovery, and systems personnel.; 2) If access when system security is inactive can not be restriced, then policies and procedures must be in place to ensure that the system is not accessible by the general user community without activation of system security.�Any special privileged attributes granting hightened system privileges or advanced access to files / resources, if assigned to system-level tasks, are restricted to critical, trusted tasks.�Consult with the Information Assurance Manager (IAM) to identify any special privileged attributes supported by the system security configuration: 1) The function of each privileged attribute; 2) The system-level tasks assigned each attribute.�Special privileged attributes granting hightened system privileges or advanced access to files / resources, if assigned to system-level tasks, are restricted to critical, trusted tasks.XAll resources available to interactive users are defined to she system security product.�Consult with the Information Assurance Manager (IAM) to identify resources (files, etc.) available to interactive users: 1) The function / purpose of each resource; 2) The resource is defined to and controlled by the system security product.XAll resources available to interactive users are defined to the system security product._The ability to bypass tape file access controls is restricted to app< ropriate systems personnel.�Consult with the Information Assurance Manager (IAM) to determine if the system supports labeling of files on tape. If it does, then determine if the ability to bypass access authorizations to tape files can be controlled by the security product. If yes, ensure that : 1) The capability to control tape file access is defined and activated; 2) The ability to control tape file access is restriveted to appropriate systems personnel.LOnly appropriate users have the ability to bypass tape file access controls.GUsers are not granted access to the system audit data collection files.nObtain access control list (ACL) for the system audit data collection files from the Security Administrator. �Users are not granted update or delete access to operating system datasets; this access is restricted to appropriate systems personnel (e.g. system programmers / administrators)BObtain access control lists (ACLs) for the operating system files.dUpdate or delete access to operating system datasets is restricted to appropriate systems personnel.EAccess to files containing FTI is restricted to those users required.Obtain access control lists (ACLs) for files containing FTI. Note: If the security product supports a system level capability for universal access (i.e. access to files regardless of the specifications in the file's ACL), the ensure that this universal access does not apply to FTI%User privileges are set appropriately�Work with the admininstrator to bring up the user roles and ensure that roles are assigned with the least amount of privileges necessary to perform their job functions. Verify that no normal user has administrative permissions.VUsers are assigned the least amount of privilege needed to perform their job function.SUser accounts are revoked after three (3) consecutive, unsuccessful login attempts.D1. Have the system administrator attempt to login to the system three (3) times using an incorrect password. 2. Examine the password security settings which control user account suspension for unsuccessful login attempts: CFGSYSSEC QMAXSIGN is set to 3 QMAXSGNACN is set to 2 (disable user profile after QMAXSIGN is reached)�1. User accounts are revoked after three (3) consecutive, unsuccessful login attempts. 2. The system is configured to disabled user IDs after three (3) failed login attempts.�All computer systems must have an IRS-approved screen-warning banner, which outlines the nature and sensitivity of information processed on the system and the consequences / penalties for misuse. ZReview the logon warning banner for information consistent with IRS-approved documentation�Confer with the Information Assurance Manager (IAM) and System Administrator (SA). Have the administrator bring up the auditing parameters. Verify that auditing is enabled: WRKSYSVAL SYSVAL(*SEC) GO SECTOOLS DSPOBJD Also verify that audit logs are not set to be overwriten automatically. This is a finding if a) auditing is not enabled, or b) the audit logs are set to be overwritten automatically.�Auditing is implemented, and the audit logs are not set to be overwritten automatically. Note: This requirement also can be met by the user of a 3rd party auditing tool.!All active resources are audited.�Confer with the security administrator to determine if auditing can be selectively enabled and/or disabled for resources. If selective enabling/disabling is possible, ensure that auditing is enables for all active resources. Have the administrator bring up the auditing parameters and verify that appropriate auditing events are being captured. QAUDCTL WRKSYSVAL SYSVAL(*SEC) QAUDJRN *auditing journal DSP JRN *displays journal informationVAll active resources are audited, and the system logs capture appropriate information.�Confer with the security administrator to identify security related events on the system which can be audited. Determine if these events are audited..�Auditing is configured to capture unsuccessful security-relevant events (e.g., logon failure, user violations). Audit events include the original of request (e.g., terminal ID) for logon, logoff, password change, and user system activities. Each audit event trails the user and information relevant to the event (e.g., date and time of the event, user, type of event, file name and the success or failure of the event). The audit record shall include the file name of the file related event. oRequest that the security administrator generate audit and security reports, including a user violation report.61. Each audit event trails the user and information relevant to the event (e.g., date and time of the event, user, type of event, file name and the success or failure of the event). The audit report records the date and time of the security events, the user, and the type of event/commands performed by privileged users (e.g., user addition, deletion, and modification of user attributes). 2. The violation report records audit events, which include the original of request (e.g., terminal ID) for logon, logoff, password change, and user system activities. 3. The violation reports distributed to and reviewed by the Security Administrator / Security Auditor he violation report records audit events which include the original of request (e.g., terminal ID) for logon, logoff, password change, and user system activities.�Check to see if the organization allocates sufficient audit record storage capacity and configures auditing to reduce the likelihood of such capacity being exceeded.�Interview Information Assurance Officer (IAO) or System Administrator (SA) and ask if log storage is sufficient to meet IRS logging and retention requirements. IRS Publication 1075, section 9.3, requires log data retention for 6 years. Have the administrator bring up the auditing parameters and validate that audit records are kept for a minimum of six (6) years. WRKSYSVAL SYSVAL(*SEC)KSufficient storage is available to meet IRS logging and retention policies.HChecks to see if the organization responds to audit processing failures.~1. Have the administrator bring up the auditing parameters and show the alerts that are set up to notify a system administrator given an audit processing failure. WRKSYSVAL SYSVAL(*SEC) QAUDENDACN is set to *NOTIFY (sends a message if auditing is ended) 2. Interview the system administrator to verify the following actions occur in the event of an audit failure or storage capacity being reached: a. In the event the audit log becomes full, a scheduled job shall be executed to archive the log to a secure location on the server for the Mainframe; it shall include direct access storage (disks) or other media b. In the event the security event log is manually cleared by the system administrator, this should be recorded as an auditable event for future analysis. c. Security event logging should be configured to capture the clearing of the security event log itself as an auditable event.�1. Alerts are in place to notify the system administrator of any audit processing failures. 2.a. A scheduled job is executed to archive the log to a secure location on the server for the Mainframe; it shall include direct access storage (disks) or other media 2.b. Security event logs manually cleared by the system administrator is recorded as an auditable event for future analysis. 2.c. Security event logging is configured to capture the clearing of the security event log itself as an auditable event. OChecks to ensure system time is synchronized with an authoritative time server.a# ps  e | egrep  xntpd|ntpd # grep ntpdate /var/spool/cron/crontabs/* If NTP is running or ntpdate is found: # more /etc/ntp/ntp.conf Confirm the servers and peers or multicastclient (as applicable) are local or an authoritative U.S. IRS source. If a non-local/non-authoritative (U.S. IRS appro< ved source) time-server is used, then this is a finding.@An authoritative (U.S. IRS approved source) time-server is used.uLogon to the system as a standard (non-privileged) end-user and attempt to generate and view mainframe audit reports.�A standard standard (non-privileged) user does not have the ability to perform system audit functions. A standard end-user is not allowed to use the audit reporting tools. Only Security Administrators have access to these audit reports.\The audit trail shall be protected from unauthorized access, use, deletion or modification. Anonymous FTP is not permitted. Work with the system administrator to verify that anonymous FTP is not permitted. Verify that none of the following exist: -User profile "ANONYMOUS" -FTP server logon exit program [QIBM_QTMF_SVR_LOGON] -FTP server request validation exit program [QIBM_QTMF_SERVER_REQ] �Anonymous FTP is not enisabled. None of the following exist: -User profile "ANONYMOUS" -FTP server logon exit program [QIBM_QTMF_SVR_LOGON] -FTP server request validation exit program [QIBM_QTMF_SERVER_REQ]TEach USERID is unique and is consistent with the naming conventions of the facility.�Have the administrator bring up the list of user account names. WRKUSRPRF DSPUSRPRF DSPAUTUSR QSECOFR is default administrator account. No user should have the same access level as this account.5All user accounts on the system have unique user IDs.>All system tasks / processes are run with a specific a UserID.0Review the list of system tasks / processes with the system administrator. With the security administrator, verify that all identified tasks have a UserID associated with them, such that all access authorizations will be granted by the system security product based on the associated ACL protections. TEach UserID is unique and is consistent with the naming conventions of the facility.�Review the system UserID list to verify that each UserID is unique, and is consistent with the entity s naming-conventions policy.TEach UserID is unique and is consistent with the entity s naming-conventions policy.�Confer with the System Administrator (SA) to verify that devices connecting to the system are identified and authenticated before the connection is allowed.;Checks to see that only valid administrator accounts exist.�Have the administrator bring up the list of administrator accounts. Work with them to ensure that each account has a specific need to be there.PAll administrator acconts are valid and needed for the operations of the system.�Confer with the security administrator to review the system security settings, to verify the configuration for revoking (or suspending) inactive user accounts.CUser accounts that are inactive for a period of 90 days are revokedFChecks to see if password are in-line with Publication 1075 standards.�Have the administrator bring up the password parameters of the system with the command: WRKSYSVAL SYSVAL(*SEC) CFGSYSSEC QPWDLVL If password parameters are pushed down from a group policy, examine those for the same criteria below. -Passwords are atleast 8 characters in length (QPWDMINLEN set to 8 or more) -Passwords are required to be a alpha-numeric combination (QPWDPOSDIF and QPWDRQDDGT) -Password history is set to hold the previous 6 passwords (QPWDRQDDIF set to 6 or more) -Initial passwords are immediately required to be changed -Users are forced to change their password every 90 days (QPWDEXPITV set to 90 days) -Once a password has been changed, it cannot be changed again for at least 15 daysDAll password parameters are in line with Publication 1075 standards.XChecks to see if the default passwords for IBM supplied user accounts have been changed.*Attempt to log in with the following user names and passwords to make sure the default passwords have been changed. You should not be able to log in with any of these. QSECOFR QSECOFR QPGMR QPGMR QUSER QUSER QSYSOPR QSYSOPR QSRVBAS QSRVBAS QSRV QSRV QDFTOWN QDFTOWN(All default passwords have been changed.�Verify that for site created user accounts the default password has been changed. Run the command: ANZDFTPWD The list will show the sensitivity and access allowed by the user IDs.�The default passwords have been changed. The sensitivity and access level allowed by the users are in line with Publication 1075 standards.~Passwords must be a minimum length of 8 characters, with a minimum of one (1) alpha, and one (1) numeric or special character.pReview pasword configutation options and verify configuration of the settings which control password complexity.\Users are forced to change passwords at a maximum of 90 days; 60 days for privileged users..�Review pasword configutation options and verify configuration of the settings which control the password change Interval (maximum password retention period).gThe password change Interval is 90 days For privileged users: The password change Interval is 60 daysKPassword history shall be maintained for a minimum of six (6) generations. xReview pasword configutation options and verify configuration of the settings which control password history retention. 26 generations of previous passwords are maintainedSUsers are prompted to change their passwords 5-14 days before the password expires.�Review pasword configutation options and verify configuration of the settings which control the password expiration warning period.;Background jobs do not have embedded UserIDs and passwords.Verify with the security administrator that UserIDs and passwords are not embedded in jobs submittied for background processing.TUserIDs and passwords are not embedded in jobs submittied for background processing.�Review pasword configutation options and verify configuration of the settings which control the password minimum change interval. (The password change Interval is 15 days. Interview Information Assurance Offices (IAO) or System Administrator (SA) and ask if any applications or services display the user or service account password during input or after authentication. Have the administrator attempt to log in with an incorrect password.�Interview the System Administrator (SA) or Information Assurance Offices (IAO) to determine if strong (FIPS 140-2 compliant) encryption is used for the authentication module. This includes, sshv2, tls, and 128-bit key lengths. It should not use old/weak ciphers or authentication, such as sshv1, or ssl <=3, or account password hashes that are not hashed using a current standard hasing algorithm, blf, md5, sha, etc. iThe authentication module uses strong (FIPS 140-2 compliant) encryption for all forms of authentication.�Confer with the Information Assurance Manager (IAM) and System Administrator (SA). Verify that interactive sessions (SSH, etc.) are terminated after a period of inactivity in accordance with IRS guidelines.AChecks to see if services that allow interaction without authentication or via anonymous authentication are documented, justified to the Information Assurance Offices (IAO), and are properly secured and segregated from other systems that contain services that explicitly require authentication and identity verification.Determine if the organization permits actions to be performed without identification and authentication only to the extent necessary to accomplish mission objectives. Examples are access to public facing government service websites such as www.firstgov.gov./Services that allow interaction without authentication or via anonymous authentication are documented, justified to the Information Assurance Offices (IAO), and are properly secured and segregated from other systems that contain services that explicitly require authentication and identity verification.�Check to see if the information system separates user functionality (including user interface services) from information system management functionality.<�Interview the System Administrator (SA) or Information Assurance Offices (IAO) and ask if the information system physically or logically separates user interface services (e.g., public web pages) from information storage and management services (e.g., database management). Separation may be accomplished through the use of different computers, different central processing units, different instances of the operating system, different network addresses, combinations of these methods, or other methods as appropriate.|obs containg FTI are over-written to destroy their contents before the files are deleted (disk space returned for re-use).�Interview the security administrator and the system administrator to determine if the system can automatically over-write a file with random data when the file is deleted (often referred to as "erase-on-scratch".) 1) If this is possible, then ensure that automatic over-write is specified for all files containing FTI. 2) If not possible, then ensure that policies and procedures are in place mandating manual over-writing of files containing FTI before they are deleted.�The system is kept current with vendor updates, especially security related updates. Maintenance is received, evaluated, and installed on a regular schedule. IBM i5/OS is at release v5r3 or newer./Anti-Virus Software is installed on the system.[Interview the System Administrator (SA) to determine if an IRS approved virus scan program in installed on the system. 1. Examine the system to identify the existence of an anti-virus software program. 2. Examine the anti-virus software configuration to verify it is set for automatic periodic scanning, and the virus definition files are current.�An IRS approved virus scan program is used and configured correctly. The anti-virus software is set to automatically scan the system periodically and virus definition files are current.�Note: Document how the default account has been rendered unusable (revoked, suspended or other). Also document if the account cannot safely be revoked or suspended.LNote: Document the system parameters or settings used to control root login.VNote: Document here the file names of the sequential ("flat") files which contain FTI. 8Note: Document the time server used for synchronization.�Note: Document how device identification and authentication is accomplished, and the relevant software and configuration settings (SSH daemon config parameters, etc.).�% DISA STIG for i5 OS�Updated to confirm to the new SCSEM format; added and modified checks for consistency with other SCSEMs Updated for new Publication 1075 version �% SCSEM Version: 1.2 �% Released: February 12, 2013�% NIST Control Name&Full name which describes the NIST ID.hMinor update to correct worksheet locking capabilities. Added back NIST control name to Test Cases Tab.NIST Control Name Session LockAccount ManagementAccess EnforcementInformation Flow EnforcementSeparation of DutiesLeast PrivilegeUnsuccessful Login AttemptsSystem Use NotificationAudit GenerationAuditable EventsContent of Audit RecordsAudit Storage Capacity%Response to Audit Processing Failures%Audit Review, Analysis, and Reporting Time StampsProtection of Audit InformationLeast Functionality8Identification and Authentication (Organizational Users)(Device Identification and AuthenticationIdentifier ManagementAuthenticator ManagementAuthenticator Feedback#Cryptographic Module AuthenticationNetwork DisconnectApplication PartitioningInformation in Shared ResourcesFlaw RemediationMalicious Code Protection SC-8 SC-9*Transmission Integrity and Confidentiality�* 4��w��+�{��c�?D��X��C N {�� b��>��/F�1�] �� �� g�� #1]����G P � � � � @# B� 5GRJ7OU�Z@_\ e�q}xj}m,�� �ڋx* sf��  J�� ^�� 9��cc��B����� T8� ,{� �  dMbP?_*+�%���# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S� od��LetterPRIV� ''''��0\KhCFF���SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d���?�?�&��cU} $ �} � �} $ �} $�} $ �,;;�����h@�@ � � � � ���������������@�@���� z� ������������� � y� ������������� �"������������� � �� ������������� � �� ������������� � �� ������������� �"�������������� � �� ������������� � �{� ������������� � �|� ������������� � �}� ������������� � �~� ������������� � �� ������������� �" �������������� � �� ������������� � �� �%����������� � �� �%����������� � �� �&����������� � �� �%����������� � �x� �%����������� � �A� �%����������� � ���� � �E� ������������� �"�������������� � � � ������������ � � � ������������ � � � ������������ � � � ������������ � �� ������������ �"�������������� � � � ������������ �BX22&222&222222&22222222&22222& �!�"�#�$�%�&�'�)�`*�`+�`� � � ������������ � !� � !������������ � "� � "������������ � #�� #������������ �$ ���� � %�F�% ���� � &�m� &�o�& ���� � '�n� '�p� )�� *�� +��J�2222 .� � �( � �� �  � �A�:?��?�:�The official logo of the IRSPicture 1The official logo of the IRS"�PK!�9^�[Content_Types].xmlAN�0EH�%NY tA�*T0�'E2�� JMN� vi{ɖz$cȢ*%�2�-uAg�>zӶ/�3[0߀:r5�a8�>GT�8W�r>wOo?aΫ�Uv_��PK!�+2m��drs/picturexml.xmlU[o�0~�`r @%U4۪�.`ؑ&HU{iʓ}}߹C�*ͤ(qx`DE%k&6%2!�&\ Z�C� "V*B`(qk̶}]#Jn�o#UG l��x(R_o%n)5ރgr>�)h\�4XpQOWڷAG�$JZWl0hi r7#�,�F{'�&�49Έ#�q3n˪ݳ^ |w� ��$P/A:�0ϊ�� R$UpF�0~}a5X�;a�S�d['wG�r�s�ݖ�/ӹYOm׌CuIU�W/Ue5U{)j@e�9.[!HiR}�(3:x: he^`m`P�0dQ`T�ҭ{tBŢ*ܸ@NY),f��0'A}N���?ۖY��Ƀ|؋tr׋K4YN�2k�EꚊi �7رJI-sUwCOǧ�0 x�>i��^h�eVX�!QFN˧A�a~AyHwL�1 Kl_|e��-pH�1C+qv g?�dg���PK!+ܹv�drs/downrev.xmlT]O�0M��1N:F6)d!~EAv�vi L��z9:հ ZW- L^Rjp3ԹlF?`6qnzԗh7�*1�.PI�3-j��*�%ϭp0bdJ򇝼NJGZ/~�|KQ�.��sNAD aJ]�2� t�/�Ŭ� }3P�.x/ ^�0&}FaMGvpq<�(�("���PK-!�9^�[Content_Types].xmlPK-!�� 1_rels/.relsPK-!�+2m��.drs/picturexml.xmlPK-!+ܹv�Mdrs/downrev.xmlPK��� �b pi�]& `��>�@d���w��&&y��K� SafeguardReports@IRS.govy��K� Xmailto:SafeguardReports@IRS.govyX;H�,]ą'c��''y��K� *http://www.irs.gov/uac/Safeguards-Programy��K� lhttp://www.irs.gov/uac/Safeguards-ProgramyX;H�,]ą'c:''Link to IRS Safeguards ������d ?Identify OS or App Version and include Service Packs and Buildsae�X 3Insert unique identifier for the computer or deviceBuds�H #Insert tester name and organization ode�O *Insert City, State and address or building� Sheet1gg����\ T8� <�u�  dMbP?_*+�%���# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S� od��LetterPRIV� ''''��0\KhCFF���SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d���?�?�&��cU} $ �h�k��k�k�k�k�k��k ��k �@  �@ �@ �@�@�@�@ �@ �@��`�`�`� �H� ������������� � �� ������������� � �s� ������������� �"�������������� � �t� ������������� � �u� ������������� �"�������������� � �q�������q� �r� ���� � �G� ������r�� � �!� �� �� oppppptq� �" �% { �;w � B�! {@U@� D D �% {@U@ �;w�B�� �J� ��� v� zxtq����� � �I� ��� w� nytq����� � ����� �� �� tq� sssss � ���� |+~�;w � �PassAZM}�7%��P D�%��B�tq������ � ���� | +~�;w � �FailAZM}�7%��F D�%��B�tq������ � ���� |+~�;w � �InfoAZM�7%��I D�%��B�tq������ � ���� *��;w � �N/AAZ��tq������ �"lmmmmmuq������ �sssss � � �  �0�222&22&FT�FFP���h&>�@ds��r�w�  ����;� ������ �N/AAZAZAZD�%����������� ���������;������� �N/AAZAZAZD�%����������� �����  ����;� ������ �N/AAZAZAZD�%����������� ����{+{ {+{{+{ � Sheet4gg����\ T8� !/�  dMbP?_*+�%���# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S� od��LetterPRIV�0''''��0\KhCFF���SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d���?�?�&��cU} $ �} $ �} $ �!������������������� �@ �@ � �@�@�@��@�@��@��@�@��@�����@�� �%� ������������� � �N� ������������� � �� ������������� � ��� ������������� �"�������������� � �K� ������������� � �L� ������������� � �M� ������������� �"������������� � �&� ������������� � �;� � O�  � � P� ���������� � <�   �  6�           � �� � � � �7� � Q� � � �R����������� � � S����������� � �8� � T� � � U����������� � �=� � V� � � W����������� �  v�   �  >�          � �w� � X� � � Y����������� � �:� � Z� � � �[����������� � � �^����������� � � �\����������� � � ]����������� � �@� � _� � � `����������� �B� X2222&222&2H<HHH<<H<H<HH<H<<<<H �@� ?�   �  9�           �\�PH ��0�( � �>�@d��A �w� Sheet6gg����\ T8�  a$�� �t,�,  dMbP?_*+�%���# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S� oA��LetterPRIV�0''''��0\KhCFF���SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"A���?�?�&��cU} $ �} ��} ��} I �} m �} m�} I �} ��} �} $ �} �} � �} $ �tt � a  � @ � �  �  � � � � � � � �  � � � � � � � � � � � � � � � � � � �� �3������������ � � #� � � � B� �� � �  �  '�  C� $�� #�� #� #�#� #>� #?� #@���#� � $�� #�� #� #�� #�� #A� #B� #C� �� �  #� �� $�� #�� #� #�#� #�� #�� #����#� � $�� #�� #� #�#� #D� #E� #F���#� � $�� #�� #� #�#� #G� #H� #I���#� � $�� #�� #� #�#� #J� #K� #J���#� � $�� #�� #� #�#� #L� #M� #L���#� � $�� #�� #� #� #� #N� #O� #N� ��#� � $�� #�� #� #� #� #P� #Q� #P� ��#� � $�� #�� #� #� #� #R� #S� #R� ��#� � $�� #�� #� #� #� #T� #U� #T� ��#� � $�� #�� #� #� #� #V� #W� #X� ��#� � $�� #�� #� #�#� #Y� #Z� #[� �� �  #� �� $�� #�� #� #�#� #\� #]� #^���#� � $�� #�� #� #�#� #_� #`� #a���#� � $�� #�� #� #�#� #b� #c� #d���#� � $�� #�� #� #�#� #e� #f� #g���#� � $�� #�� #� #�#� #h� #i� #j���#� � $�� #�� #� #�#� #k� #l� #m���#� � $�� #�� #� #�#� #n� #o� #p���#� � $�� #�� #� #�#� #q� #r� #s���#� � $�� #�� #� #�#� #t� #u� #v���#� � $�� #�� #� #�#� #w� #x� #y���#� � $�� #�� #� #�#� #z� #{� #|���#� � $�� #�� #� #�� #�� #�� #}� #�� �� �  #� �� $�� #�� #� #�� #�� #�� #�� #�� �� �  #� �� $�� #�� #� #�� #�� #�� #�� #�� �� �  #� �� $�� #�� #� #�� #�� #�� #�� #�� �� �  #� �� $�� #�� #� #�#� #~� #� #���#� � $�� #�� #� #�#� #�� #�� #����#� �D�l.�~�~~~~~~~~~~�~~~~~~~~~~~����~ �! �" �# �$ �% �& �' �( � ) �* �+ �, �- � . �/ � 0 �1 �2 �3 � 4 �5 � 6 � 7 �8 �9 � : � ; �< �= � > �? �� $�� #�� # � #� #� #�� #�� #�� ��#� � !$�� !#�� !# � !#�!#� !#�� !#�� !#��!��#� � "$� "#�� "# � "#�"#� "#�� "#�� "#��"��#� � #$� ##�� ## � ##�##� ##�� ##�� ##��#��#� � $$� $#�� $# � $#�$#� $#�� $#�� $#��$��#� � %$� %#�� %# � %#�%#� %#�� %#�� %#��%��#� � &$� &#�� &# � &#�&#� &#�� &#�� &#��&��#� � '$� '#�� '# � '#�'#� '#�� '#�� '#�� '�� � ' #�' �� ($� (#�� (# � (#�(#� (#�� (#�� (#��(��#� � )$� )#�� )# � )#�)#� )#�� )#�� )#��)��#� � *$� *#�� *# � *#�*#� *#�� *#�� *#��*��#� � +$ � +#�� +# � +#�+#� +#�� +#�� +#��+��#� � ,$ � ,#�� ,# � ,# ,#� ,#�� ,#�� ,#��,��#� � -$ � -#�� -# � -#�� -#:� -#�� -#�� -#��-��#� � .$ � .#�� .# � .#�.#� .#�� .#�� .#��.��#� � /$� /#�� /# � /#�/#� /#�� /#�� /#��/��#� � 0$� 0#�� 0# � 0#�0#� 0#�� 0#�� 0#��0��#� � 1$� 1#�� 1# � 1#�1#� 1#�� 1#�� 1#��1��#� � 2$� 2#� 2#� 2#�2#� 2#�� 2#�� 2#��2��#� � 3$� 3#�� 3#� 3#�3#� 3#�� 3#�� 3#��3��#� � 4$� 4#�� 4#� 4#�4#� 4#�� 4#�� 4#��4��#� � 5$� 5#�� 5#� 5#�5#� 5#�� 5#�� 5#��5��#� � 6$� 6#�� 6#� 6#�6#� 6#�� 6#�� 6#�� 6�� � 6 #�6 �� 7$� 7#�� 7#� 7#�7#� 7#�� 7#�� 7#��7��#� � 8$� 8#�� 8#� 8#�8#� 8#�� 8#�� 8#��8��#� � 9$� 9#� 9#� 9#�9#� 9#�� 9#�� 9#��9��#� � :$� :#�� :#� :#�:#� :#�� :#�� :#��:��#� � ;$� ;#�� ;#� ;#�;#� ;#�� ;#�� ;#��;��#� � <$� <#�� <#� <#�<#� <#�� <#�� <#��<��#� � =$� =#�� =#� =#�=#� =#�� =#�� =#�� =�� � = #�= �� >$� >#�� >#� >#�>#� >#�� >#�� >#��>��#� � ?$ � ?#�� ?#� ?#�?#� ?#�� ?#�� ?#��?��#� �Dl~~~~~~~�~~~~~�~~~~~~~~�~~~~~~�~@ �A �B � C �D �E �F �G �H �I �J � K �L �M � N �O � P �Q � R �S �T �U � V � W �X � Y � Z � [ � \ � ] � ^ � _ � � @$!� @#�� @#� @#�@#� @#�� @#�� @#��@��#� � A$"� A#�� A#� A#�A#� A#�� A#�� A#��A��#� � B$#� B#�� B#� B#$� B#;� B#�� B#�� B#��B��#� � C$%� C#�� C#� C# � C#<� C#�� C#�� C#��C��#� � D$&� D#�� D#� D#�� D#:� D#�� D#�� D#��D��#� � E$'� E#�� E#� E#�� E#:� E#�� E#�� E#��E��#� � F$(� F#�� F#� F#�� F#:� F#�� F#�� F#��F��#� � G$)� G#�� G#� G#�� G#:� G#�� G#�� G#��G��#� � H$*� H#�� H#� H#�H#� H#�� H#�� H#��H��#� � I$+� I#�� I#� I#�� I#:� I#�� I#�� I#��I��#� � J$,� J#�� J#� J#�J#� J#�� J#�� J#��J��#� � K$-� K#�� K#� K#�K#� K#�� K#�� K#��K��#� � L$.� L#�� L#� L#�L#� L#�� L#�� L#��L��#� � M$/� M#�� M#� M#�M#� M#�� M#�� M#��M��#� � N$0� N#�� N#� N#�N#� N#�� N#�� N#��N��#� � O$1� O#�� O#� O#�O#� O#�� O#�� O#��O��#� � P$2� P#�� P#� P#�P#� P#�� P#�� P#��P��#� � Q$3� Q#�� Q#� Q#�Q#� Q#�� Q#�� Q#��Q��#� � R$4� R#�� R#� R#�R#� R#�� R#�� R#��R��#� � S$5� S#�� S#� S#�S#� S#�� S#�� S#��S��#� � T$6� T# � T#!� T#�� T#�� T#�� T#�� T#��T��#� � U$7� U#�� U#� U#�� U#�� U#�� U#�� U#�� U�� � U #�U �� V$8� V#9� V#� V#�� V#=� V#�� V#�� V#��V��#� W� W4�W( � Z�$� [�� \� � ]�� ^�� _�D�l~~������~�~~~~~~~~~~���6` � � ` �"��0� h�( � �R� � C ������]F! d ��ZR� � C ������]F! d ��ZR� � C ������]F! d ��ZR� � C ������]F! d ��ZR� � C ������]F! d ��ZR� � C ������]F! d ��ZR� � C ������]F! d ��ZR� � C ������]F! d ��ZR� �  C ����� �]F ! d ��ZR� �  C �����  �]F ! d ��ZR� �  C �����  �]F ! d ��ZR� �  C �����  �]F ! d �>�@Z��� A �w�V V ����;�V d � ���������*����Pass����;�V d � ���������?���@Fail����;�V d � �������������Info{+{V {+{V {+{V ������/  %[^V �/  %_`V� Sheet2gg����\ T8� @5G  dMbP?_*+�%���# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S� od��LetterPRIV�0''''��0\KhCFF���SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d���?�?�&��cU} $ �} $ �} $ �����������������@ �@ �@ � ��@�@�@�����@�@�@��� �(� ������������� � �)� ������������� � �a� ������������� � �b� ������������� � �c� ������������� � ��� ������������� �"�������������� � �� ������������� � �.� ������������� � �d� ������������� � �e� ������������� � �f� ������������� � �-� ������������� � �,� ������������� � �g� ������������� � �h� ������������� � �i� ������������� � �j� ������������� �"�������������� � �*� ������������� � �+� ������������� � �k� ������������� � �l� ������������� �"�������������� �4l�222222&22222222222&2222>�@d����A �w� Sheet7gg����\ T8� OT  dMbP?_*+�%���# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N��&�?'�?(�?)�?M�Adobe PDF��S� od��LetterPRIV�0''''��0\KhCFF���SMTJ�Adobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard�"d���?�?�&��cU} $ } mT} m���k������� � � � � ���������� �2� ���� �/� �0� �1� �D�$@f@� 5� ���?@@�  �� ��?~ �@� !�� ���^@��,@� '� �� � �� "� ����� ����� ����� �������������0��822<2 �PH@� �0�( � � >�@d��A �w� Sheet8gg����\ �Oh+'0� hp����� � � ��� IRS Office of Safeguards SCSEM$IT Security Compliance EvaluationBooz Allen Hamiltonusgcb, stig, pub1075�The IRS strongly recommends agencies test all SCSEM settings in a development or test environment prior to deployment in production. In some cases a security setting may impact a systems functionality and usability. Consequently, it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configuration should match the production system configuration. Prior to making changes to the production system, agencies should back up all critical data files on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary.Michael CarusoMicrosoft Excel@/p+@s@(lk ��՜.+,D՜.+,�@ `h|�� ���� � � securityOffice of SafeguardsInternal Revenue Service  DashboardResults Instructions Test Cases Appendix Change LogAppendix!Print_Area'Change Log'!Print_AreaDashboard!Print_AreaInstructions!Print_AreaResults!Print_Area'Test Cases'!Print_Area'Test Cases'!Print_Titles  Worksheets Named Ranges�0v~��_PID_LINKBASE _PID_HLINKS_NewReviewCycle�AThttp://www.irs.gov/uac/Safeguards-ProgramA *http://www.irs.gov/uac/Safeguards-Program7 mailto:SafeguardReports@IRS.gov  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~�������������������������������������������������������������������������������������������������������������������������������      !"#$%&'()*���,-./012���456789:�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Root Entry�������� �F���Workbook������������USummaryInformation(����+DocumentSummaryInformation8������������3