ࡱ>  d  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcefghijklmnopqrstuvwxyz{|}~Root Entry FPK<sbq @#Workbook8MsoDataStore g[ gDIMEWE0GWZHB==2ggItem  Properties7mUBUKLFKSFUD0==2 g gItem E_PropertiesSlRSZGQ0XUOGLH==2 g[ gItem  YProperties]O T8\pMasood, Taimur [USA] Ba=   ThisWorkbook=xIL;$8@"1Arial1Calibri1Calibri1Calibri1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1 Arial1Calibri1 Calibri1Calibri14Calibri1 Calibri1Calibri1Calibri1,8Calibri18Calibri18Calibri1 Arial1>141<Calibri1?Calibri1h8Cambria1Calibri1 Calibri1Arial1<Arial1 Arial1Arial1 Segoe UI"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_) m/d/yyyy;@,'[<=9999999]###\-####;\(###\)\ ###\-####0.0 0.0%"Yes";"Yes";"No""True";"True";"False""On";"On";"Off"],[$ -2]\ #,##0.00_);[Red]\([$ -2]\ #,##0.00\)$[$-409]dddd\,\ mmmm\ dd\,\ yyyy[$-409]h:mm:ss\ AM/PM                                                                      ff  +  )  ,  *     P  P          `              a>   @  x 4 4?  0  0 4      x? 7  x@ 7  x7 x? ?  x@ ?  x?   x? @   x  x@   x@   x x    P  x? ?   x@ ?   x?   x?  x, x? , x@ , x, x? ? , x@ ? , x? ,  x? ,  x@ ,  x, p,     @ ? ,    ,   ,   ,  ? ,   @ , ? ?  @ ?   ? @   ?  @  ? 7 @ 7 ?   ? , @ , !@  !@  @ ,    @ 7  7  ? @     @   @      ? 7 ? , @ , ,  "@ ?  "?  "  " "@  #@  # ? ?  @ ?  ?   ? ?   @ ?   ?  ?  @    ?  ?  @    ?   @    ? @   @  ,      ? ? ,  ? @ , ! ? @ ,  (8@ @   )8@ @   (0@ @   )0@ @   8   p@ @    p@ @    @ @    x@ @    x@ @   x@ @    p@ @    x@ @    x@ @    x@ @    x@ @    8   @ ? ,    ,    ,    ,   @ , @ ?    @    @ 7  ?   ?  !@  !@    !@ 7  ,  ?  !   x@ @    @ @    x@ @       x@ @    p@ @        x@ @   $@ @  @  @ @ @    @       @ @   @   @  x@ @   x@ @ ,  x@,  x @,  `  x@ @   x@ @   `@ @ 7  x@ @   `@ @ 7  x@   x@   x@   `@ @   x@ ,  x@ ,  x? @ ,  x@ ,  x,  x? ,   x@ @  8@ @  8@ @  8@ ?  8?   <?  <? ?   0  (  x@ @   @ @   x@ ,  x  8@ @   x@ @   @   x    @ @ 7  @ 7 @ @ , @ @ ,    @ ?   |@ @    x@ @    (@ @   @ @  "<@ @    @ @    @    @   @ @         @        *8@ @   *0@ @   *0@ @  |@ @  ||)q|}A} yyyy_)ef[$ -}A} yyyy_)ef[$ -}A} yyyy_)ef[$ -}A} yyyy_)ef[$ -}A} yyyy_)ef[$ -}A} yyyy_)ef [$ -}A} yyyy_)L[$ -}A} yyyy_)L[$ -}A} yyyy_)L[$ -}A} yyyy_)L[$ -}A} yyyy_)L[$ -}A} yyyy_)L [$ -}A} yyyy_)23[$ -}A} yyyy_)23[$ -}A} yyyy_)23[$ -}A} yyyy_)23[$ -}A}  yyyy_)23[$ -}A}! yyyy_)23 [$ -}A}" yyyy_)[$ -}A}# yyyy_)[$ -}A}$ yyyy_)[$ -}A}% yyyy_)[$ -}A}& yyyy_)[$ -}A}' yyyy_) [$ -}A}( yyyy_)[$ -}}) }yyyy_)[$ -##0.  }}* yyyy_)[$ -???##0.??? ??? ???}-}/ yyyy_)}A}0 ayyyy_)[$ -}A}1 yyyy_)[$ -}A}2 yyyy_)?[$ -}A}3 yyyy_)23[$ -}-}4 yyyy_)}(}5  yyyy_)}}7 ??vyyyy_)̙[$ -##0.  }A}8 }yyyy_)[$ -}A}9 eyyyy_)[$ -}x}<yyyy_)[$##  }}= ???yyyy_)[$???## ???  ??? ???}-}? yyyy_)}U}@ yyyy_)[$## }-}A yyyy_)}(}^yyyy_)}(}_yyyy_)}(}`yyyy_)}(}ayyyy_)}(}byyyy_)}(}cyyyy_)}(}dyyyy_)}(}eyyyy_)}(}fyyyy_)}(}gyyyy_)}(}hyyyy_)}(}{yyyy_)}(}|yyyy_)}(}} yyyy_)}(}~ yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(} yyyy_)}(} yyyy_)}(} yyyy_)}(} yyyy_)}(} yyyy_)}(} yyyy_)}(} yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(} yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(} yyyy_)}(} yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}<} yyyy_)[$}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)}(} yyyy_)}(}yyyy_)}(}yyyy_)}(}yyyy_)9 +  !%9   ?333 !%9  * !%9 +  !%9   ?333 !%9  * !%9 +  !% 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text % 0Good;Good  a%1 Heading 1G Heading 1 I}%O2 Heading 2G Heading 2 I}%?3 Heading 3G Heading 3 I}%234 Heading 49 Heading 4 I}%54 Hyperlink  6 Hyperlink 2 7InputuInput ̙ ??v% 8 Linked CellK Linked Cell }% 9NeutralANeutral  e%"Normal :Normal 2 ;Normal 3 <Noteb Note   =OutputwOutput  ???%????????? ???>$Percent ?Title1Title I}% @TotalMTotal %OOA Warning Text? Warning Text %XTableStyleMedium2PivotStyleLight16`S DashboardlResults Instructions Test CasesF Rule SetsAppendix Change Log,!  ; _xlfn.COUNTIFS  ;   ;   ;*  ;!   ;  ;   ;   ;Sffh, @ @K.5b-!ODw30@Gbe 4n!ODw30@GbePNG  IHDR<qsBIT|d IDATx^}``SJsH JH" btJww `ynw]^O9f3 o7𿴾gN3ڍR+[V]ò2 -EcYt޸!V66+-{mUu?RN}>_:ϭ՛ֳ*իd~=qك۽rn}L=Q"))),g%6$.(~f8x|G=1%1 ";KaL!w8يZdy(%,"ZBf鴵(4\JV-- 8+x9|o=ywOևo1|WFo9h4dqp56kWP8>7J( })ᑱ'$8\t"\&{r9|)4 JSkWMjJBve |>xW?3_T;F ߶3>b'{j-&VK)Xܒ[wBD86XۊNORK,"*JKz[6,goóIF7x,bڮ~)w-έf0aC[cwnݱHGbo^rΓƠw @?"< /7*kTK7e+600hGK/)Xj\Ir`7VFd 0|˗0o[мl;޻u3~Y+## ݈Je-NJ*"ݛ֔ƕ}&0X !%?"c6^^^jR]J|K8gK keeج_)eݬtTz_XAz VWӻE- f|rJH19&UDG.LXDI${J30 o"Ψ"zɪ}`2E]Wz-%;Yj?`}ŔwX#IoG>m eŻO0q{He,H}Hs$M^xaRTŊ2uYuB:DY:i_#?; CG-C`סO/spCnO 5 ~`_o]Gɗv" ^żd\צҶ{>?Հ܉5~vyd~D7Gt1痲sH~uwC:Ke\x+D⁰仡]doP_Kh$Rĭ{V;ӆu.2%FZV/'͖% ˹γWeEnߌF ߢ^i߶1Xg!Oi ^ ],&Z׷uW|g[kko^3cuDBy䎋c^84$ٓ$fljK2 {K@=yB bSIݭj4Ho M 7tl+I]'eڢmK:345P5g 8}LEloun탽l'011XO%R`~C)T4j6`9kEr$X}Pa\Zש$H(I cz8߮إmS} zH 1yVvd[=q3@ӍQnT.zLM!L?t8w9 o =nI̝w0_k;#|O:sAS{:h|чZV/+-G dJ2/&>nW Zʜ-G,<0ƯS,9$r%t_E zs,>tml+f|%_ D>⵼Nп 6?O?Q U;PA2 Rȥ  xH"}ֿ8Y **!mGȗ)Xv9;[2 lCsӹVB+N?0].]~ÜU*&0 JDRP|hkeܜ `Rcf>$ɪ7<+Ae 0G2$;Ag2HI9)Cț~ue)ɛ~% ϟfB x%> soL=yDAwym]0Mo* ;^AV}4@y%$_kn)nBa`X*rGvLIaZ7MeΓr;ުƁewi Gk@?(6lĈ>[  :@dߍ_̇Judߜ|`2CFK~r כ߭C7qd7iS'iO]xG~B/-xݨ_'tq/ : 76wɟkk&%мO_H_)otCw%yrn(35GA,ÿ[.Q5Q7 #z1oP/_ݓ^ع}{G_WuymfK>oLӘs,z`K0St@_TGb1M)C( DB? U[+H H)W&rD!wzC'E,jQ!|@~X3Jj8oveqr-5'k{N;u`BD0w|6&_/HLQEz6)VմѷPEGk8:L`Xxn7*-ںx:?`06ʖ/]JBݦU:o;(c025^5ߐW^HX]o+Z~[ L2}r ׃GOltc!9pŰ>*@H%kPHipA% oՓmWI~.͔ݫxm3sp2 s5=Z~m7-'/hX 0/ЭGMv}9Đz_H7.x|˄ߍPmCiiX~z~e$5 篷+vK , 8.O @/eLL:mkWP )gYI4 ͰNV]Jκ <4( yHcown,KiKR.S%CA|X/ʬ]"ƮN=e 4BkۦCmQsosY rdCgL͸7b-\w,1ֵ g_C&i]cPH.s)\,H_ ` `d?6J0R< `>E Hf{p0g+x|Wl9w&P#0Y):4&t/ޒUx`p KƆH:C̃D% B65gn/zbAf> rfҤ 5QGkeJV=yw̍:@?Co2A0ߏzECs=5vxz/(sL8e{N 5lXouUy$]J>гm$&.@=>+ e㴑pV,/Ni46!opu1A#6hվYk!^>x+?g찭Sg& >k˼AV#5\=n , `jF_l^Sz4.;ay~860KH[谺gK^?10zai ,X`g+~ !T@=%__ӄ)0.MgJ?{w_ md %d|?Tω4W&fv򛡆5kWOMҼV`|Ń94ss1Xbk3Ǒ%;aA*A)>~]jJ2|5rQ NP<s4Dn~(& s T/n{~փLZkO tGY}:hCy>}ʲ,尪P?$ڲT2mնĹ;帿7ρ%綊<\M:Nއ\)g mݍ!M}*ǻa^& Cwlp h:M&i <1T0,٥0h%=}jwJ->܌W.~ܨջN)TSL_eI󷾕4T+(.(JVOck>[ &~}@vE-&>SkZU;Gk|Oy.^-_}/.7{2 \ƞ#QJϵRuVzg7 , 'Icp\>{31݇Ӂr²Ѳֽ|5ea';+价!97WQ͚:j9= 9Hh#Eo Q5cJ?q7$__ >ytik>}fvX6~D!+7P^Mcҋڜa""=YbHD~:,?wE )x"`3QitOU|*Za(t( IيfsI[ݣ?H Caֿ>V |38c({7SB#˱fKZux=IdkOADtuiL_M`7( F0Q.bJM@ 8Jp#iN5f dv_ ܼf-to![(d%B=?~$ab夡Sߕ [g EKֽkbw5oڜrq߹V@G߁;pdP'W3 V\֧\p j`iûɅ[e1kUJ!|> =m*˟̼60oT~[`GX#HJE9/,*`Wf$zl(, Owz<ȑrꮭ| @/faj>p6+`,.J z_U]j2!O0q1CpVG>@o&wpi ';b%'Vi- l?{쫈<(|1Q5*+ i|֭SޘA8>RɈ1R ݧ%H}V陫a*mհ zIzFH$2ZL6~怖If{ŠLep[I<@gx`Mn·!ǾXb+uCױqɺ8YFá Kf# `yW+FGm5d`0D?I3䑘ۿrUk|qNrg潨O1O'e\D4VC]'ĽG1Wb@\ ʋR &A*]=!u JcxN6Q 9SwT--MǟB>[ϲ4`ک53KUG^sr 4h$N=-HR_W$խ˹qSn8BƊ]ⅲ޲R%֫yc6CJMm-_{懳'җz] 1~A |P ;XrZ#?oE``]W4H^vN7K.*wFJ26~k9n ci.f6ۼ:ㇿ&VMP{U- $ރZn=0^׶miKfu]uٻcۢ^wm[ґ݉.C-:Ȓـ &A@g u9ɌS):D*<`mFzZD.Ŗr)(Kwkr3Sj9zsx*>xKL KBwlq2s IDATbch͜{i}06DYr/lf`q1t&yU lBH͂ Cjmrŭw:]@]V@N3)y xO@8T\2H4gx br=8W/'ۏ>* qNoD=ADebk.LOt ,X-%@чR9nx$ޑB#I׃?@ouz5Z #zo.KW\rbwxS̿e"߱W!FKcXU 2q Sgl`b%mҵ)5%[[9񤸜,)Jky7ڋUJ<ɮ[ mfRiZI6R)Rk Ћ{CR{]$%%*Xiy_' ݑ̿귕:zicD{ Z50y` zOI50Oq_O[~¯fq2?a܍(=CmAJ-np6WQ: k/BztDc Ⱦ e&=]D qf֑g%,G\]AqDLEnBU)|VѮކ.aY4y6|l@ɭHjyJ ;ҥ5U>dycjjgeR PfS LBZ('91iCn u.JPa/;<~  /5&{dkgY)\`jlBJ]͸ nlKd֬QVܯ.}_G3X-+N5o_Olh b %Pa֯Jo~6lhՁX@Y'5lUd2L{g)}A<~'z2$#<-j*BPT$u{\k9~űeiK{J05ԯrq/Cc/E`鮙 k~E629DiE# FE!jee#n]Urc { &e>H x&p{jy)3褴ǪJ~ӽKM?S0y)hhfCus̪YUN lK#J.zg,Bq}ە06T\']ʑ8Y;],'$eYڥrj ì -Y1ݸAI^1Rʧ앣jQw;W5C%61EJ#-LjRyhI6lϰEڭ:Y3&Bk =^߭ | H =N*r*mՂr/aNhf2 EsoGWe4 s~|~ t`ːkB62váǰ0GR'n]!wo#& Ą6^!JUF<* P3D.+UðV&5= ԰+4h\Mmj!W g12s*\#Ћt";5Sl1֑o>~Eg(S,reל@Rm-`&@uИAQ(l7ێp3z,eZ?*;Y+S-&Hj^ҿF xjYpÙƞs:_,}%A~ ,'ˁeWW֫/wQ:= I=R>g.l:=ͦKQdP/2kf ]U,5><#؁J̴ͤ9OUbKRIu6I rH<s35`@lHy\[H]q?v.7_$ M˪넒ZKI4+6 vRf58AO3OJWdnVՕ#a"L '} qrcunצZll LO#n'gZ&v 5`SbxY}Rb t^ ߇qZԮ).A0l;N(a5w+- 6[KU PqB%-bX43 v-V>}\Sz ϗ y 8y1;58&T @ bL׺b3f*?o;.Cn,… eJBRZ)CL Ľ,y*%=H_>J%}Pf/"iڳ!8]9_ݺ[ԼZ}kXoVT5^=;o[[4Q cn*ŒPuF/j=|[miQD2S){4y*2K~eldZ$,k $p{t̩U  y]t[iKB͊ff!.B@;&6vt'Z_L_y؇^` y׬]ccVEUĻPS耭>s>N`R3}Sx+fݑH~erbKG0 *?0.^O 怅[$2) ̫b\qez ki;gzK!yGrB]/4lu(0UXZNsv͝2BkkeəP5AfGF ?AءR GZ ;N+3m僣a0Rj,-EY oX;Z'X{kI c_Δ@H=X˔@ԉ]&*Cn$!>b`Ɗ@LS[!Fc*m Dnar0X P%P [+ ˫X?ӻZˎea\n ض/6u7դ7u?Y>oXFy^?sdL\C1 8Qy4+CWbFæK=W<8R>ޜ2|Jڸl,J% d,.6GScM0 :Ex11`\wpaH Ҡb)9q%H-Kg{ 0PpƇ#!W} BNZŅ k#_s0 kuL76 [Y*&9P( gj6&TWSI24ws{>󴥘?< ǵ€ 7a bt~X$vb\\ ,4kEUulf5s`,d%(oY #,@.wϷjJG'Jg < ǰ!8:+sR@ !@I2cn' ]:,p !ϵ~'^E/멐-⠸0X`Lflu M+L֗Fe62n E4/<ɝx5udu"78jN}3ve&q݊u+~NUeHrLEjtoB JzZ1ٔ۴,U" KJBB( {!O+":IA2ֺիSF?'x S`@'xF_sQOwJ mlh5Ov`" =IWiOJە ;hQFR2xQ14o˺L2ES[#=7rS-`B#^UsS(w %:8TvrILoyt0)(ʰ7V5wHT:aߴ~J D 5Ϭ%ij,{q>P5ݼ@:6v2 0KR^Z3ݠ/u!Z|'[#z $'m6rp<~*Rui $tMAz!tz_{ߐw#bhNZq7;Yw9\~M6ȋ0Zv`0[0I4 ["%_}sx;}A W7,8H>{9<@:Co_gŒ픲K#1P6Wz|__f>?r:[S )Oa,iH鉶6(z SHi^w r*UQko!>uYmz2RU쟐Q3 T0B ?fxyS ,jQ(Z$}7'(Ld]Uw8ixfm4HѦ$Y9HYH;Pj}:%2fDZ±-H_$K[nqm T \ ~kC5v %^7da'`Yc`/`M1`SLmd2 PyO45dKuVFQrCHJK  ;L FpA&Q&zJ%|Fr\M6:A7͗*N2}_?JCr=ӡY- -_M$[bQg5L. 9CKPꑶʶz)".AU/Etå}, {Kr ̋Hh)\ܧo?YR 6æ)P=6 YVjTw%JBewlTyU v0E5=rHB| qmz {<j|SQqM?TZK: UPW.K X"yfju᯲=3 8ːr⢭3!M߉>8@Lƒ c?e;_TCn IDAT+ u NJq. >HYUqxIφ0\#I!)RUe026°s@ޫCrRYI;W^ SR5Tk& gCvW@_]%>Y$gi`֢ 3&_},GI@ dWCT7m)r/M@JwʞQlZ|Z*9oM1Fʌu1UdgITa5`i9NBԌ@:3dK%eFmTMȍV QBc|_|%PXRz (EkNε'η2Ln"^s GHjo:T8+:$' !Xh9c2`]JWA=G `k ~~fn p'@6>=Zޡ._ 2nS4L̴E?6uT: |Q0x S39YBT ;ZLCL-lM'=q`2)WYl̃XK#W>dF~J ,0LJ?N3BI%.FbƮ ]I:2U)l&3`uoo\38:4_o% @*oہzHta x]~t}<]8SV&~ژLJs1x{QN^*J'2Ep:2ZDd2np/$N^ZC^=U- Ju`>dMلVˢsbwK_8*(kȺkU uK|Z{ߑnGɩqlL^$E3Hy24EDbܛ'W:#*hEgʬC΀ԃYvkI3Iop?zh7⣑|=?K 6#nN۶l%}X:% ڽE ]Jh|cVzOouW I="SIw*uSom-j*Ҍr&h]J>v]l~!O;> 4]T&U:(V:چ|ҀP2>`\jx69H~5).b)PN@jP uc7N8w7hWweܤr$Ϯ BZ!2@Ό0o@9[%1a :+CqhpwgXH~N.aJoxhwp0:ZM,L, : 57AG'ϐ"QPEp[9 E#eMu*\2=rZu; ~,_ '?@A ʯv(.Uۿ4~^ju V"_LmG{u q\NrCMesd'*R6Q Š)j.,ڡ2׉E xӋP\q*v#ke6`UPeTJ#&Y>~R -bD@00XU_w2*3"Xq./K_RP&( W8>Of6ZOw/XB;M~5rM$g± {T.h@nCZJ zJƛB\>βb` pڌZ<h\u{2K̻k2q2 N<>N>XT=Qd`t>͢$Ac'=ض{Yt(.#vp~^j Nz"Q 5!wr^*_L׃uRǶzYx Bcsh<$ftJԌ4;C6ïҭx48mBD@n'U{k4N&2H HSJӿ8#,*x^IzKJf[EK~6qbT-ފk ‰E_,LTqgkq35K7aAGɯ>\dßٴ{w`Q/GXS1[2HT:ҰV( L~ۈ)Gpns5CUH+Y Δ_;qfث!`0A(l!'+G n? fG(G<|*C@'Mљ{T]y R9$iz٬I[fFt2 䪅)=?|7JYOt%e?!k[\)?D|#KHcqNbu9 n+uIuG4KlM/&%B@J8go%(7 ?P#S^o/c{3|SIn+CIW#Y5o;|^N]*G sF=|,ҴvuOIHV8௞8:YM6BbB}a;6Ej?4(`*t`AUРvf|[뇍HdBlCq:ӣ$ S NJϩ2hg?7iy}Ƴ-x*Y)wm ?~vX3S[[A BD#.&ݥkz<+~sdɎF0FUL؈. ppWn^NҸ->P{=JPz{խYM75d"-kxqbL5 (@`*KNM7d5YVlḽ>Jx_`@C 0}8#?A +gh4OPSTAA1/&:WJ7&Y˱`'_ _ E6Sjp@KoD&ei;PY}'8<2]:M|*fp>5E{¼1kǸy<;x>>0~15%Ė}7^Ta=5pѰ¹7??l1֧5ؘٿg$gcQDp_u7K(H|8 ~\p8;7ˑ0d֛Mn#zHO`eMY/ IUFis\U(tQ^mZ#)/khV'}N'i9{ ۧ.c\h^3ռ%+? #;6-3dN'P$ޞ!u!Bݞd;~w„-~ls A#~j8)Y5vvqTT BL*[HT !ʐ$/k 'e?E}FDA;i|YzdߝlS&x_ s7R%}[rV*ѰݸkwXط6iMN3-ŗ /9LqF*n>"?ݳ#<'e^odB_BiPxH\9.9IBaВyhh鬹`"Пud Tnh9v%hP"!p L%jipX'pCy- g8VY^w=tuZ~0e58Q0DN^4KotQT'/`]a2}>ˊ˾dASTFIx>tu .|ӜX=;߲:99*i ϭxy[)[QHzr0>`EG!9YpN#gxXRjd+ar9ҫ5IMh,S dzA]|n:Bb" e43el 8"\&&ݥ?xXfp11,M"Q=1@0dƁll>ҪS*ƺܱ<BXٚ_AE}h1B}4? @ Kӡ]CPZzugټԏU<*iEbCb53Sn>NP k%dyy)Aʅ,,Ze~B?,r+6 _ij%Ŝ׉!W@Bqw')IE.¸5zR|`e% 'HFk Ye$n1IAkV1%DͱIbT#hn0wʝvo){wK矁mTm| ><> Ѯ)eEdx>W'js /o8IU\ky\xvrYڲp!^e~s\>3|h7wmܟpTl7^ \-O$[8;,tr5%M*S˜?:E{cR#wǍPJz9-ţfBs,lj!}{bL:1c'RV2x] Q9 L8 ĘZMLM$L*K`nd7YeU)Y}=F %7-H_-wVQlgkɛ%x7!n)@#Q_FmuRN% Ut3߉3y(`PgDfrHB] !!&8^~ pW%2P8A:܏ xTENqyH (0::ā~u wmWVݳASRx!iz;m\a*8vZvCf yYE՞.{g?-i6zXyØ\7؍OBhei6M2r08yh; k'{Iw8Jm4 4dyZr|VP8LAţ3,tjA_4 f}]-,SJ), _.c RajAvX ˦T-ք:\߶|Ы kfFJU8tA_.ޮa6\Jkz2\l\JmHس}8o922 "RfISG4{S\2&Ϛ3y2kdqZWܡ%HVN:B_HJyl)NJ%aFBEeߢRi+ĬGF'*>R0PrMN+[V(i_&.6IX[Sn]oڔ6ڛ5fzF[|Cزb6LIV;qp)C2?Q q{:2zJӺ6Bk r爄\>ڔ1oW>1J_A8O:cu\~W;s@M|:6W$2)LHvxS等jJ~󅲦{rfWbu([Q1,Wd]nVA Ѹ2mLÁy,/ۼCʛU);Zc7rWhQ3}VRTO/ej`֍@PEB#0 oܞz~ d:0n~ce1.1T J0l""EiOZYN"v56a%2dQN =VtZBO*,;33g3q\ηZ]Pz"R Nϗ4W h(S}(\“ɧswt9> p(1nbMBg\DU%,st_{\p;U5&$2C>Xt6qܕP*.JiyW>dX7C:#xܒ9 s;Sz<-M BN~yy:_T[-#VzBDnʛX_4FmH6D>Jf.;f0 ˍFz:ߤgYi9ԞHV_XD̑꬙]4yΛiYU@jO#x$PӳlGϐ$f}Խf%?(cLB۞ȓc5!`~SbH?jryUU16O29p?$7J=>t$s᭒>zٖːx٬>&}Ϸ[F,zΌiVJ>],a_ӉK:Dמ#Ĥ}~S g&ӋlQS+,Zf;jF+ FL a}}⇥zy1E3IqǓ9/oQ䘟H'1S7%uHZoƢϒE-!F12*7U8u@/\X)ή3]cBYR;y 2TTog,T4ר[ǭ[b\V? /N~E:ݘɗ6Ϻ?aav` Hs X 'c 464|X$ё&Sә6sR蓉o]ÓUxJJ4&kzLߖD*CVS|KۇTlaJ0pfA36cf =Jqd_OSg3 >4ȗa@*n v׿M;v\4.Y?){S>a6~IxH 8ӈmmfpoi3ԛ,dPF.M7| x)}?o׸kn'^=v4Da"6Qu09XLZ FZR3U'YyכCfJra!_tG =||5+mkrw-RH})Lŏ;b3k6R~ѱ I&ARSޭ;Pք@RG ~uo{"jCڒ^7,ڸ۬"tdH$SggEDG65oSw;ogxZ47QV93 |Z~tweBA=0~ q0vu^6QqL¤4D˵[kz_(,Qӳ=ʟ2OuE'⟤*$[AR;w:hw:X0M68D+wL l W܁͵^=Iý?MiM]b+:G"8 JbXڞLVUw{wuVQGT'rśwt<>E)[ ?GST0\oTu0sa)?R-Ǭa=īE%2L&m6\#Ysl35w~S|HZr u&ƾ)Z~ZLMfhiۀq؊ zHnԇT́Bs{@qn[Z˼`$;pSV-:u{g p+q`+>\]oZ_}|;lP;uy) )rKLlzB^Lv:R:(i1NGjSwl Z6i@]1NrX0֯*>,E*H%,<&R/ .򩛅Mp+YV|5ެI\҇##z<2e*5B /s/bfV*]O|)3!s@[x "w.ђBWE0)c !S/T=ze$᣹f0Z!&gͶ!͂T/i{-wɘV U"7 ~StO54d C7}##-H[<$KB|ROۦkD/ g(9l O$¨V%Zc_P Yyy&~cA.%k~ӕU UD}W?sAH èlI?NDH>B'vDFYW KkH) UIwn#*iW/>9!U'/\ʰ|8P)e;>Ypʏ@3@_ET]6)h#&8؇0('F#T:Q_8A#~UJA~aifu8C ~[KÍhj*k'8W!|XBlFf$2cꂆ*{Cjbi/İʁUL@fG6P;eU#P-n&)Gi@,Iv)I?6#'dǤ:4UU~SAv )GHGy-4-|.3@U0Elv|gLj_5+ddF݅ +oq=@k#!%B[Z1yIgrŔuhl:ѻͤ(&j0pK[Y.5&[|Crf_P08m%/Q;?|cNk[Ӗ]/DXY"Y(cP(E|&SKd o]R佰 64S]ܧl1sU[8.mx^z:'}N t36XLg-|:όMp`vCHlQv>!7<0L1=u $R%GxA\s2C6sS&kc)8c bWOz Mti 9 (*O5 @TnOeEWxƔ%YP #q ƣF3fHz-vu_CZc6ij?Ԫ;S5w^!Y9S/6UnФa;kh5Xl,+{;X`N6v]Ù J?Hx~6=*N>#g5:YWCló+׌@0ݤl4`"/>txWa3c{ 4խ9G/I=-0P[ꅭYOmfJ!QKL(ؖmc\0ERM"?;XٓckS)?v/%Kw)JpL4tT+{?xʘG)c|seհ07!GBV-Z6U9$ "4˱v4˄GD _(]H.3i) (| @Q%QgK_@C)y(2 !>$ٶ< !j ;#歱;W|y4GkrH >kO*OBs3cGE+*1rz߷ [no ?h|O8h(?Q}ɼ=k%_NXK}K @i:z԰i^ BS1g}TBR$( njcQ`<.e>֥`b$&Cה5f|)-bȖ5Z3l| [$D2=a8O= ug" NjVޠtsM',85⊊e tɼ~@J0v07dx@mwbYV&)f Y7(B CJ΄/<i)@ykh>u\ꩽJ}p QvRl{kwh2"P M%!\bx2@z彗 `xH"5Z|<Σnmj VY`':1%P,߰\BϔJ}tW-_)3mznUbfr&Jbj5ݔc~'9arx/6 Q8[udU96 K:/ITH?c۾́Yl&Wv}.,ujj@R.W5"급L`Slb^c/OD`R(ՑUk-[$oyg}t-G3N"g 11r[JRLD|QG~EKaiqf N蔶N~DiҲMstpI~uuWg+T`_16Xג" @vdtyp ,9kAȥipߣ#ְݕմө<ң=bbwV&r_;I2JCy*YՃƄ,r..&`VRuQ3BBЊ-^9ζXr.畕x"x$ψߙR @n~};/ӛ.,-N$9yڛOʘ9آe?2;;\ݯo}͍4G1{;*QyxDHr;2* 'ͥ X_qDT"suC2ezSG}\IUBG#IQ9A *UMI:Ʒ])@rr"8?]bSOf4 c:m?lױ 픱>DҜ?7uf=)ҥϣ;(UWKS yKzJd /i63OdfZe{R-YS- $߻sC\6Zrjr61_AC>'*4ѥ߶mNxS[5!~U m{ti)aڷI) vFyٔ{6R()?~ܵ}\m>mz})=t^}_-̧pD'nRUh}d܇.·!:"=>j\HY'{!b6ᇂ`T6)3tlGd4s/ϔɗՄʼ@3xc՛|ʷ/B#Bk#ysUev JwXMˉ-&#vp|He`N\"D9If7,_G4IOrub ~mES^k׮١U;Jt *4i0oE@r8KQoPf*]"ʳ-O贵T,KG̽u)4G=c!ȕ9 /%x8 ޻_I=☓4Edy4SG)pxYi]Sufficient security relevant data is captured in system logs. AU-6Checks to see if the organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls. Checks to see that audit logs are retained for the required amount of time and are protected from tampering or deletion.Procedures: 1. Verify that logs are reviewed and analyzed on a periodic basis, and that the results of each review are documented and given to management. 2. Verify that security-related events are recorded in the logs and are available to Security and Telecomm Management staff members. This must include unsuccessful attempts to access firewalls (ACL violations and logon failures) 3. Verify that gaps in log data are treated as a possible sign of logging being disabled. Steps need to be taken to ensure that logging is enabled and functioning properly. 4. Verify that logging is configured such that all audit disabling or failures are recorded. 5. Verify that audit log data is protected from deletion or modificationThe organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls.Ensure all firewall changes and updates are documented in a manner suitable for review. Ensure request forms are used to aid in recording the audit trail of firewall change requests. Ensure changes and modifications to firewalls are audited so they can be reviewed. Ensure current paper or electronic copies of firewall configurations are maintained in a secure location. Ensure only authorized personn+E55el, with proper verifiable credentials, are allowed to request changes to routing tables or service parameters.Compare firewall configuration against standard secure configurations de< fined for the network device in use in the organization. The security configuration of such devices should be documented, reviewed, and approved by an organization change control board. Any deviations from the standard configuration or updates to the standard configuration should be documented and approved in a change control system. a) Have the ISSO provide copies of firewall change request forms for visual inspection; b) Have the ISSO provide copies of firewall change request forms for visual inspection; c) Interview ISSO and firewall administrator to verify compliance. 1Configuration management procedures are in place.AU-4aEnsure that the log server has the capacity to retain the logs for the required retention period.9Examine the available storage capacity of the log server.\The log server has enough disk space to retain the logs for the required retention period. SC-7Examine/ InterviewFirewalls shall be configured to prohibit any Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) service or other protocol/ service that is not explicitly permitted.hThe configuration displayed should show that that are not explicitly permitted, are flagged with "Deny".AU-8WThe firewall environment shall be time-synchronized with an authoritative time source. 3Ensure the firewall effectively restricts traffic. Interview6Ensure all default manufacturer passwords are changed.GEnsure the device is used only as a firewall and not another function. Check to see if the device utilizes any services or capabilities other than firewall software (e.g., DNS servers, e-mail client servers, ftp servers, web servers, etc.), and if these services are part of the standard firewall suite, they will be either uninstalled or disabled.The firewall or IDS will immediately alert the administrators by displaying a message at the remote administrative console, generate an alarm or alert, and page or send an electronic message if the audit trail exceeds 75 % percentage or more of storage capacity.0All new configuration rules beyond a baseline-hardened configuration that allow traffic to flow through network security devices, such as firewalls and network-based IPS, should be documented and recorded in a configuration management system, with a specific business reason for each change, a specific individual's name responsible for that business need, and an expected duration of the need. At least once per quarter, these rules should be reviewed to determine whether they are still required from a business perspective. Expired rules should be removed. 2IRS_Safeguards_SCSEM_Cisco_IOS_Release IV_v0.8.xls,SANS Critical Control 4 Note: An in-band management involves managing devices through the common protocols such as telnet or SSH, using the network itself as a media. In-band management refers to administrative access to the firewall over the same network that is used by the traffic being filtered. IRM 10.8.54DISA Firewall STIG v8r8SANS Critical Control 47SANS Critical Control 5 Note: For perimeter firewall. FW-01FW-02FW-03FW-04FW-05FW-06FW-07FW-08FW-09FW-10FW-11FW-12FW-13FW-14FW-15FW-16FW-17FW-18FW-19FW-20FW-21FW-22FW-23FW-24FW-25FW-28FW-29FW-30Run the command 'show config' and verify that the configuration file includes a command beginning with 'set banner motd' that contains an appropriate warning banner.jInterview the SA and examine user accounts and user account groups with privileged access to the firewall.1. Review the firewall configuration to ensure that the console is accessible only to authorized IP addresses for in-band management.The latest stable version of a network device's inter-network operating system (IOS) or firmware must be installed within 30 days of the update being released from the device vendor. Obtain firewall OS version/build. Examine vendor product support website and validate compliance.LThe firewall OS is updated to the latest stable version per vendor guidance.VFirewall traffic is segmented based on a defined set of protocols (and certain ports).Note: Within the context of this policy, a rule set is the functional requirement for controlling the port endpoints, network protocols, and network service propagations. Protocols (and certain ports) are placed into three traffic categories: a. Allowed protocols are authorized for passing traffic through the firewall; b. Restricted protocols are authorized for passing traffic through the firewall with some conditions such as outbound only, inbound, IP restricted, etc.; c. Denied protocols are denied the ability to pass through the firewall. Port, protocol, and service requirements shall support least privilege and least functionality.Firewall traffic is controlled based on the RULE SETS tab of this SCSEM. Note: Inbound traffic is coming from the untrusted networks/hosts. Outbound traffic is from trusted to untrusted. IRM 10.8.4 RFC 3330: http://www.rfc-archive.org/getrfc.php?rfc=3330 Private IP Address Ranges: 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255 Multicast groups are defined in RFC 1112.UTraffic is restricted based on the set of conditions provided in the Test Procedures.<1. Ensure the firewall shall reject requests for access or services where the source address received by the firewall specifies a loopback address. 2. Deny traffic per the following requirements: a. Inbound traffic from a non-authenticated source system with a destination address of the firewall system itself; b. Inbound traffic with a source address indicating that the packet originated on a network behind the firewall; c. Inbound or Outbound traffic from a system using a source address that falls within the address ranges set aside in IETF RFC 1918 as being reserved for private networks; d. Inbound traffic containing IP Source Routing information; e. Inbound or Outbound network traffic containing a source or destination address of 127.0.0.1 (localhost); f. Inbound or Outbound network traffic containing a source or destination address of 0.0.0.0; g. Inbound or Outbound traffic containing directed broadcast addresses; h. Special use IP address spaces found in RFC 3330; i. IP address spaces reserved for private internets; j. Addresses used to define multicast groups..Internet mail. Traffic must be authenticated.Review the global configuration for all service and user accounts with the SA. Have the SA demonstrate that all default manufacturer passwords are changed.?The device is used only as a firewall and not another function.[Ensure storage mechanisms send alerts upon audit logs approaching maximum storage capacity.Examine firewall configuration settings and ensure audit log mechanisms are in place to alert an SA when a storage device begins to exceed 75% capacity.3SNMP is configured to use the most current version.Examine firewall settings. Ensure that if SNMP is implemented, the device is configured to use SNMP Version 3 Security Model with FIPS 140-2 compliant cryptography (i.e., SHA authentication and AES encryption). &SNMP is configured to use Version 3.0.eConfiguration management activities (updates to the baseline) are recorded in baseline documentation.hThe agency maintains a configuration management change process which ensures all changes are documented.aThe agency maintains a access control list restricting traffic from known malicious IP addresses.The agency routinely updates a list of denied IP addresses. Tests are performed routinely to ensure successful blocking of malicious IP addresses.Examine firewall configuration documentation and Interview the SA. The agency denies communications with (or limit data flow to) known malicious IP addresses (black lists) or limit access to trusted sites (white lists). Tests are performed periodically by sending packets from bogon source IP addresses into the network to verify that they are not transmitted through network perimeters. Note: Lists of bogon addresses (unroutable or otherwise unused IP addresses) are publicly <zavailable on the Internet from various sources, and indicate a series of IP addresses that should not be used for legitimate traffic traversing the Internet.Check to see if the firewall uses a Network Time Protocol (NTP) time server to synchronize its time. Example: NIST (http://tf.nist.gov/tf-cgi/servers.cgi)QThe firewall is configured to synchronize type with an authoritative time source./All default manufacturer passwords are changed.% NIST Control Name&Full name which describes the NIST ID.Deny hMinor update to correct worksheet locking capabilities. Added back NIST control name to Test Cases Tab.NIST Control NameCM-38Identification and Authentication (Organizational Users)(Device Identification and AuthenticationSystem Use NotificationAuthenticator ManagementLeast PrivilegeAccount ManagementInformation Flow EnforcementConfiguration SettingsAccess EnforcementContent of Audit Records%Audit Review, Analysis, and ReportingConfiguration Change ControlAudit Storage CapacityBoundary Protection Time Stampsu% NIST SP 800-53 Rev. 4, Recommended Security Controls for Federal Information Systems and Organizations (April 2013)a% IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies)Update test cases based on NIST 800-53 R4SC-8&Access Control Policy and Procedures *Transmission Confidentiality and Integrity4Verify that the authentication server's configuration parameters meet the following requirements: a) Minimum password length of 8 characters b) Passwords must contain at least one number or special character, and a combination of at least one lower and uppercase letter. c) Maximum password age of 60 days for privileged user and 90 days fro standard user accounts. d) Minimum password age of 1 days e) Password history for the previous 24 passwords f) Prohibit the use of a username within a password g) Prohibit the use of dictionary words or common passwords h) Prohibit the use of words from a customized list of dictionary words and common passwords i) Administrators can override minimum password age limits when changing passwords j) Users are forced to change their initial password during their first logonHPlease submit SCSEM feedback and suggestions to SafeguardReports@IRS.govHObtain SCSEM updates online at http://www.irs.gov/uac/Safeguards-Program#No major updates. Template update.FW-26FW-27FW-31[Firewall should be configured to require multi-factor authentication for device management.SA-22Unsupported System ComponentsSI-2Flaw RemediationNVerify that system patch levels are up-to-date to address new vulnerabilities.*The latest security patches are installed.ARefer to the vendors support website and cross reference the latest security patch update with the systems current patch level. Check to ensure that known vulnerabilities (i.e., Heartbleed) vulnerabilities have been remediated. Note: This test requires the tester to research the current vendor supplied patch level.SC-10Network DisconnectREnsure the timeout for administrative access is set for no longer than 30 minutes.hVerify that SSH session timeout is configured to log out a user session after 30 minutes of inactivity. 4SSH sessions timeout after 30 minutes of inactivity.3/3/14: Updated to 30 minutes. Agency Code: Closing Date:Shared Agencies:SEnsure that the latest stable Operating System (OS) is implemented on the firewall.71. Review each FW s configuration to ensure that all TCP and UDP ports, that are not explicitly permitted, are blocked. The command should look similar to the following: show access-list The configuration should look similar to the following: Extended IP access list 101 deny icmp any any permit ip any any aEnsure that all in-band management connections to the device require multi-factor authentication.# HFirewalls should be managed using multi-factor authentication and encrypted sessions. Only true multi-factor authentication mechanisms should be used, such as a password and a hardware token, or a password and biometric device. Note: Requiring two different passwords for accessing a system is not multi-factor authentication. y1. Review firewall configuration to verify that management sessions are encrypted using FIPS 140-2 validated encryption.sThe FW should utilize the most current supported version of Secure Shell (SSH) with all security patches applied. Ensure in-band management access to the device is secured using Federal Information Processing Standard (FIPS) 140-2 validated encryption with Secure Shell (SSH) or Secure Sockets Layer (SSL). Ensure that the device only allows in-band management sessions from authorized Internet Protocol (IP) addresses from the internal network.#6 Review firewall configurations for local accounts defined to firewall. Note: If an authentication server is being used, examine those accounts with access to the firewalls. >Update test objective and test procedures for FW-01 and FW-13. % CriticalityAll SCSEM Test Results JFinal Test Results (This table calculates all tests in the Test Cases tab) Overall SCSEM StatisticsPassedFailed Additional Information RequestedWeighted Pass RateTotalsWeighted Score Risk RatingWeightDevice Weighted Score: CriticalityIssue Code MappingModerate SignificantLimited Criticality Rating (Do Not Edit)Criticality RatingsCriticalHCM3HSI2HAC11HAC14HRM1HAC7HSC15HAU15HAU3HRM5HCM11 % SCSEM Version: 1.5' % SCSEM Release Date: January 29, 2015.A baseline risk category has been pre-populated next to each control to assist agencies in establishing priorities for corrective action. The reviewer has the discretion to change the prioritization to accurately reflect the risk and the overall security posture based on environment specific testing.sAdded baseline Criticality Score and Issue Codes, weighted test cases based on criticality, and updated Results TabHAC21 HAC7 HAC100HPW12 HAC7 HAC10HAC19 HCM12 HCM1 HCM12 HAC11 HCM4 HCM7 HAU7 HAU100HCM9 HAU11 HAU12HSC19 HCM9 HAC11HSC19 HAC27 HPW100 HCM10 HCM100HAU100 HCM7 HCM1PossibleActualTotal Number of Tests Performed- %opV3E# . ?"eS[ k>)c   ?>nQg! 6"L v" " # )0&4</8!b9T?:1<A C rDdRKDLMxNLN>PPRQDccB T8 /!Y_ma  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?M6Microsoft XPS Document WriterX odXXLetterDINU"L r SMTJMicrosoft XPS Document WriterInputBinFORMSOURCERESDLLUniresDLLInterleavingOFFImageTypeJPEGMedOrientationPORTRAITCollateOFFResolutionOption1PaperSizeLETTERColorMode24bpp MXDW"d??&U} $ k} ik} $ k/;;h@@     @@ j j i l m q n  n  n op q r sk t sl t sm t sn t so t uv w x y z y] z y z y z y^ z y_ z y z yh z y< z w@ x {| y } y } y } y ~Dl   !"#$%&()*,`-`.` y } !{| "y "} #y #} $y $} %y %~ &y &} (A )I *J ,k -k .kJ(   J A:??:The official logo of the IRSPicture 1The official logo of the IRS"ÙPK!9^[Content_Types].xmlAN0EH%NY tA*T0'E2 JMN vi{ɖz$cȢ*%2鉣-uAg>zӶ/3[0߀:r5a8>GT8Wr>wOo?aΫǮUv_PK!Jdrs/picturexml.xmlU_o0`b(@%UiRU]\0#MRM;IuCSwum6\#&+Us*K12ʚ %YӏvΩZ&E[k׹e5j$X;jW~w I|֌֦e. V͙Lӎ>V])1 |Gʉ}54NIDt]tT;qsI`oV@d$N! p$ nͫ_nxuG_7wHbh f(f<  RpBcdp dt 6P4[U4cQ.T̬YeC p$G%_]s,IJ٪=7 =˥s}BHhc{vmxҼ2-eyQ,,ެG^RxqoW [^L,SZĎWZ؋Ju~l_DQǵZ=΅F* \_'n)~!80"7aI:2 #Av%$ʢEy-l_ַbFun4e 8=8ѼRhY (,l?e\~ Τ]PK|G7ꆿPK!)ldrs/downrev.xmll[K1C7mq6[Jm7IIv;m"s&䛌'noEhL%aAB֠O0IOOjTح& GJBjĹk J $] T[>"j Pj?:}Zyv3g(Y7 ?釂pi:BJ];5ym+/?9@涕0~)KAB"n?uH.`aoX* ޅj/~PK-!9^[Content_Types].xmlPK-! 1_rels/.relsPK-!J.drs/picturexml.xmlPK-!)lHdrs/downrev.xmlPKTbi]&J`>@Pwd ?Identify OS or App Version and include Service Packs and BuildsX 3Insert unique identifier for the computer or deviceBudsH #Insert tester name and organization odeO *Insert City, State and address or building Sheet1ggD T8 {  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?M 901 15th St - Room 4025 - Xero ߁ odLetterPRIVx-ArialUntitled0:0:0:0:0dX222222222SYSTEMLettero o o o 1'v"d??&U}  }  }  } m } m }  } $} $ hBBBBBBB B  @ @ @@@@@ ``` LB$MMMMMMMMMMMMMMN O$PPPPPPPPPPPPPPQ Rc$SSSSSSSSSSSSSST&RSSSSSSSSSSSSSST Rd$SSSSSSSSSSSSSST Re$SSSSSSSSSSSSSST&]UUUUUUUUUUUUUUV& k  l m  n  o p q   r  h     +  ;6PassAZ+  ;6FailAZ+  ;6InfoAZ*  ;6N/AAZ!  D D  (D s %  ;6B! ?@ D D % ?@ ;6B  CCCCC WWWWW t  WWWWW u .    v     DDDDD~  @) ? ;@@DAZ?)#;@@D;@@DB?)#;@@D;@@DB?)#;@@D;@@DB  CCCCC~  @) 1@;@@DAZ?)#;@@D;@@DB?)#;@@D;@@DB?)#;@@D;@@DB~ $@)@e@DDD! DD CCCCC~  @) (@;@@DAZ?)#;@@D;@@DB?)#;@@D;@@DB?)#;@@D;@@DB~ @)>@DDD! DD CCCCC~  ?) ?;@@DAZ?)#;@@D;@@DB?)#;@@D;@@DB?)#;@@D;@@DB~ ?)?DDD! DD CCCCC wz dD 0%p%d?&%%dB CCCCC&             4666*66**<X.B2*   PH 0(  >@Z   w  ; 0(   {+{  Sheet4ggD T8 $nbԟ  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ } $ } $ $ @ @  @@@@@@@@@@  F  r  s  " C  D  E  " !  6  G   H  7  1  -  . 2  I  J  K 3  L  M 8  N  O f  9 g  P  Q 5  R  S  V  T  U ;  W  X B X2222&222&2H<HHH<<H<H<HH<H<<<<H @!"# :  4  !j ! !! ""         ! "#"#########$ ,<HH&PH00(  >@PA %%% !# w Sheet6ggD T8 1˨  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS oALetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"A??&U} $ k} } } $ k} k} 4k} k} k} $ k} k} k} } } m0k} $ k}  k} $ ktt  1 @%@@ @  @   @ @ b@@@@@ @j@  .    1  =      "  >  x  y } K P Q  `   KiK     @D Critical qD  Significant JD Moderate &D Limited """B K R S  T V UKiK  {  @ LCritical qL Significant JLModerate &LLimited """B K  3     KiK   {  @ K  4     KiK   z  @ K  3   h  KiK   {  @ K  5     KiK   |  ? K  4     KiK   z  @  K  6   H  KiK z  @  K  7     KiK {  @  K  8     KiK z  @  K  3  b c O KiK {  @  K  9  g   KiK {  @ K  F  f d e KiK   {  @ K E G     KiK   {  @ K  :     KiK   z  @ K  ;     KiK   {  @ K  <     KiK   z  @ K  =     KiK   z  @ K 2 >     KiK   {  @ K  ?     KiK   z  @ K  @   a  KiK   {  @ K  A   * + KiK   z  @ K   :     KiK    {  @ K   9     Ki  K    {  @ K   ;    , KiK   {  @ KL  :     KiK   {  @ KM  :      KiK   z  @ K  W X  Y Z [ i  \   z  @ K   :  ! " # KiK   {  @ K  :  $  % KiK   z  @ Dl:DK !" # $ % & ' ( ) * + , - . / 0  KN  ;  & ( ' Ki K) {  @! !/! ! $k %k &k 'k (k ) * ,~ - .{ /z 0|&@B | @ -h(  R  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR   C  ]F ! d ZR   C   ]F ! d ZR   C   ]F ! d ZR   C   ]F ! d >@PA w.      ;     *Pass;     ?@Fail;     Info  ;     *Pass;     ?@Fail;     Info{+{  {+{  {+{  {+{ {+{ {+{ ?  %)*  /  %%( 7  %-0   Sheet2ggDh4h Range1h6hRange1_1h8h  Range1_1_1 T8 +  dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage    &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} } $ } } 3B      LtMMMM ^u ^v ^w ^x ^y z { | / } ~                    {     % &'  ~ I@    ~ I@        ~ {@    ~ 9@           JJJJJJJJ4P FFFFFBF8FFFFFBB PHP 0(   >@dA  ggD T8   dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ X} $ X} $ XYYYYYYYY @ @ @ @@@@@@ L# MMMMMMMMMMMMN _$ ````````````a ZY [[[[[[[[[[[[\ RC SSSSSSSSSSSST RB SSSSSSSSSSSST R SSSSSSSSSSSST R SSSSSSSSSSSST R SSSSSSSSSSSST "]UUUUUUUUUUUUV bp ccccccccccccd e) ffffffffffffg ZZ [[[[[[[[[[[[\ R[ SSSSSSSSSSSST ]\ UUUUUUUUUUUUV b( ccccccccccccd e' ffffffffffffg Z] [[[[[[[[[[[[\ R^ SSSSSSSSSSSST R_ SSSSSSSSSSSST R` SSSSSSSSSSSST "]UUUUUUUUUUUUV b% ccccccccccccd e& ffffffffffffg Za [[[[[[[[[[[[\ Rb SSSSSSSSSSSST "]UUUUUUUUUUUUV 822222222&22222222222&2222>@PURA w Sheet7ggD T8   dMbP?_*+%# &CIRS Office of Safeguards SCSEM&L&F&RPage &P of &N&?'?(?)?MAdobe PDFS odLetterPRIV0''''0\KhCFFSMTJAdobe PDF ConverterResolution1200dpiPageSizeLetterPageRegionLeadingEdgeInputSlotOnlyOne0EBDAStandard"d??&U} $ } mT} mB      L- MMM ^* ^+ ^, ^?E?F@ G0 E?~ F,@ 0 E^@FH@ GD GE@`@Fa@ K GEa@Fj@ i GE?I @  HEFHH EFHH EFGG EIGG EIGG EIGGJJJJJJJJ082<2222 PH`0(  >@PA w Sheet8ggD   !"#$%&'()*+,-./012345689:;<=>? This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision. DocumentLibraryFormDocumentLibraryFormDocumentLibraryForm Oh+'0 hp    IRS Office of Safeguards SCSEM$IT Security Compliance EvaluationBooz Allen Hamiltonusgcb, stig, pub1075The IRS SummaryInformation( c0DocumentSummaryInformation8tCompObjkstrongly recommends agencies test all SCSEM settings in a development or test environment prior to deployment in production. In some cases a security setting may impact a systems functionality and usability. Consequently, it is important to perform testing to determine the impact on system security, functionality, and usability. Ideally, the test system configuration should match the production system configuration. Prior to making changes to the production system, agencies should back up all critical data files on the system and if possible, make a full backup of the system to ensure it can be restored to its pre-SCSEM state if necessary.Masood, Taimur [USA]Microsoft Excel@/p+@s@Fg՜.+,D՜.+,l `h|  ) securityOffice of SafeguardsInternal Revenue Service  DashboardResults Instructions Test Cases Rule Sets Appendix Change LogAppendix!Print_Area'Change Log'!Print_AreaDashboard!Print_AreaInstructions!Print_AreaResults!Print_Area'Rule Sets'!Print_Area'Test Cases'!Print_Area'Test Cases'!Print_Titles  Worksheets Named Ranges h-5AMy    _PID_LINKBASE_NewReviewCycleSubject Keywords_Author _Category Categories Approval Level _Comments Assigned To$IT Security Compliance Evaluationusgcb, stig, pub1075Booz Allen Hamilton securityThe IRS strongly recommends agencies test all SCSEM settings in a development or test environment prior to deployment in production. In some cases a security setting may impact a systems functionality and usability. Consequently, it is important to perf FMicrosoft Excel 2003 WorksheetBiff8Excel.Sheet.89q