| Title: | CHANGES REQUIRED IN TRANSMISSION OF PASSWORDS FOR SECURITY |
|---|---|
| Date: | 1995-05-01 |
| To: | abi |
| Links: | previous, next |
THE TREASURY INSPECTOR GENERAL (IG) RECENTLY CONDUCTED AN AUDIT OF CUSTOMS
AUTOMATED INFORMATION SYSTEM (AIS) SECURITY PRACTICES. AS A RESULT OF
THIS AUDIT, CUSTOMS IS REQUIRED TO CORRECT THE FOLLOWING DEFICIENCIES
BY OCTOBER 1, 1995:
* "800" NUMBER DIAL-IN CIRCUITS MUST BE PROTECTED
* BROKER PASSWORDS MUST BE SUBJECT TO TSS VALIDATION AND
AUTHENTICATION
* LEASED CIRCUITS MUST BE ENCRYPTED
IN ORDER TO SECURE OUR SYSTEM AND MEET IG REQUIREMENTS, SEVERAL CHANGES
TO OUR CURRENT PRACTICES MUST BE MADE. CUSTOMS WILL INSTALL ENCRYPTION
DEVICES AT BOTH ENDS OF ALL OF THE LEASED CIRCUITS USED TO ACCESS THE
CUSTOMS COMPUTER SYSTEM. TRADE PARTICIPANTS USING A DIAL-UP MECHANISM
(RJE/NJE) WILL BE REQUIRED TO CHANGE THEIR PASSWORDS EVERY 90 DAYS
ENABLING CUSTOMS SECURITY SOFTWARE (TSS) TO VALIDATE AND AUTHENTICATE
THEIR TRANSMISSIONS. ONCE A PASSWORD BECOMES MORE THAN 90 DAYS OLD, IT
WILL EXPIRE AND SYSTEM ACCESS WILL BE DENIED.
CUSTOMS AIS SECURITY STAFF IS CURRENTLY DEVELOPING THE SPECIFICATIONS FOR
THE IDENTIFICATION AND AUTHENTICATION VIA TSS FOR RJE/NJE USERS. THESE
SPECIFICATIONS WILL BE AVAILABLE FOR DISTRIBUTION TO THE TRADE IN THE
EARLY PART OF MAY.
CLIENT REPRESENTATIVES WILL WORK WITH THE TRADE PARTICIPANTS TO SUPPORT
THESE SECURITY MEASURES.
WE APPRECIATE YOUR COOPERATION IN THIS EFFORT.
CSMS #95-000559