UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
Research Triangle Park. NC 2771 1
June 20, 1994
OFFICE OF
ADMINISTRATION
AND RESOURCES
MANAGEMENT
MEMORANDUM
SUBJECT: NDPD Operational Directives Manual
FROM: Tommie Rogers, Technical Manager 01. N*»ffa-"i^M-^
National Data Processing Division (MD-34)
TO: Addressees
Please replace your copy of the NDPD Operational Policies
Manual with the enclosed document.
A current copy of the NDPD Operational Directives Manual is
also available on-line on the IBM mainframe under data set
JUSD.DIRECTIV.MANUAL. Directives are also available for reading
with the ALL-IN-1 (Email) Videotex (VTX) facility.
Enclosure
-------
United Slates Office of Administration 265/001A
Environmental Protection and Resources Management
Agency National Data Processing Division
Research Triangle Park, NO 27711
<>EPA NDPD
Operational Directives
Manual
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: TABLE OF CONTENTS DATE: 5/19/94
100.00 MANAGEMENT DIRECTIVES
100 01 Introduction to NDPD Operational Policies Manual (3/21/94)
100.02 Contracts for Third Party Software Packages (12/14/93)
100.04 NDPD Directives Manual Review (5/13/92)
100.05 Production Control Services (10/18/93)
100.06 Submission of Requests for New or Revised NDPD Operational Directive
(3/31/94)
100.07 NDPD Rate Charges (2/22/89)
100.09 Preparation and Issuance of Formal NDPD Correspondence (5/6/93)
100.10 NDPD Prepared Papers (5/13/92)
100.12 Transfer of Computer Accounts among EPA Users (4/17/89)
100.14 Submission Timeframes: Planning and Funded Purchase Requisitions
(7/7/93)
100.18 At-Home Use of Agency-Owned Personal Computers (1/14/91)
100.19 NDPD PC Bulletin Board Services (10/3/91)
100.20 Macintosh Support (9/18/91)
110.00 Customer Services
110.01 NDPD Customer Support Services (9/23/91)
110.03 Customer Memo Preparation and Dissemination (9/23/91)
110.04 Electronic Broadcasts of Customer Information (9/23/91)
110.05 Micro/Minicomputer-to-Mainframe File Transfer (9/23/91)
120.00 Washington Information Center (WIC)
120.01 WIC Technical Center Operation (8/1/87)
120.02 WIC Weekend Processing (10/17/88)
120.04 WIC Payroll Processing (8/1/87)
120.07 WIC PC Systems Support (9/12/90)
120.08 WIC PC Satellite Support (9/19/90)
120.09 WIC Unix, CIS, and Minicomputer Services (4/8/94)
130.00 Central Data Base Administration
130.01 Central Data Base Administration (3/30/92)
130.02 Production ADABAS Performance Policy (3/30/92)
130.03 Development ADABAS Environment Availability Policy (3/30/92)
130.04 Data Base Environment Review Performance (4/7/93) r
130.05 DB2 Roles and Responsibility (3/30/92)
130.06 DB2 Environments Availability Policy (3/30/92)
130.07 DB2 Access (5/13/92)
130.08 ADABAS Data Restoration (3/10/92)
130.09 Production ADABAS Environment Availability (4/7/93)
130.10 RDBMS Platform Selection Standards (4/8/93)
130.11 SQL Programming Techniques (4/7/93)
-------
NDPD OPERATIONAL DIRECTIVE NO.: Table of Contents Page 2 of 5
140.00 RTF Information Centers
140.01 RTP PC User Support (11/1/93)
140.02 RIC I Operations/Production Support (11/1/93)
140.04 RTP LAN Support (11/27/93)
150.00 Reserved
200.00 OPERATIONAL DIRECTIVES
200.01 Archiving Tapes and Data Sets (7/24/91)
200.02 NDPD Records Management (7/1/91)
200.03 NCC UNIX Security (12/2/93)
210.00 NCC IBM Mainframe
210.01 System Management (5/26/93)
210.02 Service Levels (9/19/90)
210.03 Performance Management (5/11/89)
210.04 Change Management (5/26/93)
210.05 Problem Resolution (8/1/87)
210.06 Timeshare Accounting (8/1/87)
210.07 User Registration (8/1/87)
210.08 Security (2/17/93)
210.09 Data Management (4/14/93)
210.10 Configuration Management (5/22/90)
210.11 Started Tasks (10/17/88)
210.12 ADP Capacity Planning (10/22/90)
210.13 System Integrity (5/17/93)
210.14 Authorized Program Facility Library Usage (5/17/93)
220.00 Reserved
230.00 NCC Scientific Cluster
230.01 System Management (12/20/93)
230.02 Service Levels (12/20/93)
230.03 Performance & Capacity Monitoring (12/20/93)
230.04 Change Management (8/1/87)
230.05 Problem Resolution (8/1/87)
230.06 Timeshare Accounting (8/1/87)
230.07 User Registration (8/1/87)
230.08 Security (12/20/93)
230.09 Data Management (12/20/93)
230.10 Configuration Management (8/1/87)
230.11 Tape Management/Maintenance on the Scientific Cluster (12/20/93)
-------
NDPD OPERATIONAL DIRECTIVE NO.: Table of Contents Page 3 of 5
240.00 Prime
240.08 Security (2/1/90)
250.00 Image Processing Systems (IPS)
250.01 Maintenance (5/19/94)
250.02 Performance and Capacity Management (5/19/94)
250.03 Change Management (5/19/94)
250.04 Problem Resolution (5/19/94)
250.05 User Registration (5/19/94)
250.06 Security (5/19/94)
250.07 Data Management (5/19/94)
260.00 Reserved
270.00 Personal Computers (PCs)
270.01 Personal Computer (PC) System Management and Architectural Direction
(3/10/92)
270.02 Personal Computer (PC) Service Levels (3/10/92)
270.03 Agency Workstation Contract Personal Computer (PC) Problem Manage
ment (3/18/92)
270.04 Personal Computer (PC) Security (9/2/93)
270.05 Personal Computer (PC) Configuration and Inventory Management
(3/30/92)
270.06 Acquiring Personal Computers (PCs) (3/18/92)
300.00 TELECOMMUNICATIONS DIRECTIVES
300.01 Voice and Data Service Level Escalation (3/25/89)
300.02 Installation Requirements for Common Use Telecommunications Equip-
ment (9/11/89)
300.03 IBM SNA Network Performance and Capacity Management (10/20/89)
300.05 Change Management (7/2/90)
300.06 Disaster Recovery (9/12/90)
300.07 EPA International Telecommunications Support (3/5/93)
300.08 State Data Cpmmunications Connectivity to the EPA (6/25/92)
300.09 Telecommunications Considerations for Facilities Modifications
(10/21/92)
300.10 NDPD Telecommunications Support for National Conferences and
Demonstrations (12/16/91)
300.11 Network File System (NFS)(11/24/92)
300.12 EPA Radio Frequency Management (3/19/93)
300.13 EPA Support for Tolf-Free (800) Telecommunications Support (4/14/93)
-------
NDPD OPERATIONAL DIRECTIVE NO.: Table of Contents Page 4 of 5
310.00 Local Area Network (LAN)
310.01 Local Area Network (LAN) Planning (5/19/94)
310.02 Supported LAN Hardware and Software (5/19/94)
310.03 LAN System Management (5/19/94)
310.04 LAN Problem Determination and Resolution (5/19/94)
310.05 LAN Data Management (5/19/94)
310.06 LAN Performance Capacity and Monitoring (5/19/94)
310.07 LAN Naming Conventions (5/19/94)
310.08 LAN Communication Gateways and Interconnectivity (5/19/94)
310.09 LAN Security (5/14/94)
310.10 LAN Change Management (5/19/94)
310.11 LAN Timeshare Accounting (5/19/94)
310.12 Wiring and Optical Fiber Cabling for Voice and Data Telecommunica-
tions (5/19/94)
310.13 Use of Remote Access to EPA LANs (5/19/94)
320.00 EPA Email
320.01 Usage Guidelines (7/14/93)
320.02 Customer Registration (7/14/93)
320.03 Security (7/14/93)
320.04 Problem Resolution (7/16/93)
320.05 Customer Notification (7/16/93)
320.06 Education and Training (7/16/93)
320.07 Additional Services (7/16/93)
320.08 Report Generation (7/16/93)
320.09 System Management (7/16/93)
320.10 Configuration Management (II16/93)
320.11 Workload Forecasting (II16/93)
320.12 Enhancement/Feature Evaluation and Selection (7/16/93)
320.13 Connectivity Standards (7/16/93)
320.14 System Testing and Installation (7/16/93)
320.15 Operations (7/16/93)
320.16 System Requirements (7/16/93)
330.00 Voice Communications
330.01 National Voice Telecommunications (10/26/92)
330.02 FTS2000 Business Office (10/29/92)
330.03 Provision of FTS2000 Switched Voice Service to EPA Contractors
(10/29/92)
330.04 EPA Cellular Equipment/Services Acquisition and Use (9/10/93)
-------
NDPD OPERATIONAL DIRECTIVE NO.: Table of Contents Page 5 of 5
340.00 EPA Headquarters Telecommunications
340.01 Program Management (6/16/93)
340.02 Equipment, Services, and Support (7/9/93)
340.03 Service Requests (6/16/93)
340.04 Trouble Reporting (6/16/93)
340.05 Service Request and Trouble Reporting Quality Control (6/16/93)
340.06 EPA Headquarters Program Office Acquisition of Telecommunications
Equipment, Services, and Support (7/9/93)
340.07 Voice Processing Systems (6/16/93)
340.08 Locator Service (6/16/93)
340.09 Telephone Directory (6/16/93)
340.10 Domestic Telephone Credit Cards and Authorization Codes (6/16/93)
340.11 Audio Teleconferencing Center (6/16/93)
340.12 Print-Sharing Services (6/16/93)
400.00 NATIONAL ENVIRONMENTAL SUPERCOMPUTEVG CENTER (NESC)
DIRECTIVES
400.01 Mission (7/9/93)
400.02 Customer Interface (7/9/93)
410.00 Reserved
420.00 National Environmental Supercomputing Center (NESC)
420.01 System Management (7/9/93)
420.02 Service Levels (7/9/93)
420.03 Performance and Capacity Monitoring (7/9/93)
420.04 Change Management (7/9/93)
420.05 Problem Resolution (7/9/93)
420.06 Accounting (8/17/93)
420.07 Customer Registration (7/9/93)
420.08 NESC and UNICOS Security (7/9/93)
420.09 Data Management (7/9/93)
420.10 Configuration Management (7/9/93)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Introduction to NDPD Operational Directives Manual NO. 100.01
APPROVAL; £j0jjJL &^JLrJ3 DATE; 3 -£ /
1.0 PURPOSE
The NDPD Operational Directives Manual establishes a framework for defining and publishing
senior management direction related to the operation of Agency timesharing resources under the
jurisdiction of the National Data Processing Division (NDPD).
2.0 SCOPE & APPLICABILITY
Directives contained in this manual are applicable to all EPA and contractor staff personnel who
manage the operation of NDPD computer systems, who operate computer systems controlled by
NDPD, or who use computing resources provided by NDPD.
3.0 RESPONSIBILITIES
The Office of Management and Budget (OMB) and the General Services Administration (GSA)
require that each Federal agency establish internal policies and procedures for the efficient
management of ADP resources.
NDPD, under the authority of the Office of Information Resources Management (OIRM),
through the Office of Administration and Resources Management - RTF (OARM-RTP), provides
the following:
a. Computing and telecommunications services to Agency allowance holders at a
predetermined level as defined in general or specific Service Level Agreements
(SLAs). B
b. Implementation of oversight, management, operation, and acquisition of all
automatic data processing resources in the Agency.
c. Assessment and introduction of new computing and telecommunications resources
as required to maintain effective and efficient delivery of automatic data
processing services.
Under this authority, the NDPD is responsible for appropriate distribution and use of ADP
resources within the Agency. It is responsible for the full costing associated with this equipment
and for addressing issues associated with the management of these resources, both within the
Agency and with other government oversight agencies.
4.0 POLICY
The maintenance of an NDPD Operational Directives Manual is an ongoing process. Directives
will be added or amended to meet changing requirements. Directives contained in this manual
shall address all functional areas for which NDPD is responsible. This manual consists of the
following sections:
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.01 Page 2 of 2
100.00 Management Directives
200.00 Operational Directives by System
300.00 Telecommunications Directives
400.00 National Environmental Supercomputing Center (NESC) Directives
5.0 DEFINITIONS
Automatic Data Processing (ADP) resources are defined as any of the following:
a. Mainframe, large-scale computers located anywhere in the Agency.
b. Minicomputers located anywhere in the Agency.
c. Microcomputers used as desktop computing resources located anywhere in the
Agency.
d. Data telecommunications equipment, including switching, concentration, and
front-end processors, located anywhere in the Agency.
e. Data circuits used as intraoffice, interoffice, or broadband, backbone network
circuits.
f. Operating system software, telecommunications software, and multiuser third
party applications software, including standard minicomputer and microcomputer
software.
g. Voice telecommunications equipment and services.
h. Video conferencing equipment and services.
i. Agency wide electronic mail systems and services.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
Not applicable.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Contracts for Third Party Software Packages NO. 100.02
APPROVAL; L DATE;
1.0 PURPOSE
This policy provides guidelines for the acquisition of software packages and for the prevention
of unauthorized use of licensed software packages.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA personnel and EPA contractor staff personnel responsible for
purchasing or otherwise obtaining software for use on the NCC-supported (maintained) general
purpose computer systems.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
It is the responsibility of all individuals tasked with the preparation of documents relating to
specifications or procurement of third party software to conform to this policy.
Project managers for software migration projects are subject to items detailed in this policy.
4.0 POLICY
The Director, NDPD will be notified in writing of intent to procure and must, subsequently,
approve procurement of system level software that is to be installed on any NCC-mamtained
computer system.
Software contracts will contain the following provisions:
a. EPA retains the right to permit the use of this software to any internal or external
organization authorized by EPA provided that the software is resident on the
designated CPU or designated site (designated site for site license, designated
CPU for licenses by CPU).
b. EPA retains the right to move this software to any other computer system
managed by EPA at no extra cost provided a prior notice for such migration is
given to the vendor.
Exceptions to the above policy due to vendor negotiations will be noted in the NDPD contract
file and in Interagency Agreements.
Software migration notification will be a separate line item in any implementation plan when a
CPU upgrade occurs. The notification to vendor will be issued prior to actual migration.
Software will be installed on designated CPUs only unless the license is by site type.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.02 Page 2 of 2
Individually designated CPU software will not be copied except for disaster/backup CPUs. The
backup CPU's software will be destroyed as soon as operation returns to the designated CPU.
This item will become part of the procedures/checklists for disaster recovery/restore.
Copyright protection of software package documentation will be honored.
In accordance with contract requirements, old releases/versions of software and documentation
will be destroyed after new releases/versions are installed.
A contract file control system will be developed and maintained to include, at a minimum,
copies of the contract, subsequent modifications, and a checklist of documents to be maintained
in each contract file.
5.0 DEFINITIONS
System level software is defined as software requiring support from the NDPD staff.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
Not applicable.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD Directives Manual Review NO. 100.04
APPROVAL: |&SM &Jl
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.04 Page 2 of 2
d. Updates to the on-line Directives Manual (data set JUSD.DIRECTIV.MANUAL)
will be made within 5 working days after policies have been approved by the
Director, NDPD, unless an extension is authorized by the NDPD Technical
Manager.
7.0 PROCEDURE REFERENCE
Not applicable.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Production Control Services NO. 100.05
APPROVAL: fL ////> L M_ 0 DATE:
1.0 PURPOSE
Production Control Services provides the customer community with the tools necessary to
monitor and control the production-oriented use of the NCC computer systems.
2.0 SCOPE & APPLICABILITY
This policy applies to all customers who comply with Production Control standards and
procedures for the scheduling and monitoring of production batch work.
3.0 RESPONSIBILITIES
It is the responsibility of Production Control to provide its customers with the latest system
management tools to automate job submission and monitoring. Production Control will provide
the customer with training in the use of JOBTRAC, the NCC's automated scheduling product.
It is the responsibility of the customer to abide by all standards and procedures established by
Production Control for the submission and monitoring of production-oriented use of the NCC
computer systems.
4.0 POLICY
To receive production control support services, a customer must request, in writing, the services
that are required. Upon receipt of the request, NDPD will evaluate it in terms of compliance
with NCC production control standards. When approved, Production Control will contact the
customer and assign a unique JOBTRAC location to the user group. After JOBTRAC training
is scheduled and conducted, the customer will be responsible for creating his own schedules
using JOBTRAC. Before the new schedule is placed into production, the customer must provide
Production Control with an application runbook to document all features of the customer's
automated schedule.
a. The initial runbook produced by the customer will be forwarded to Production
Control for review, comments, and suggestions. Production Control will review
the runbook ensuring that all policies, procedures, and standards are followed.
Several updates to the runbook may be necessary before it is acceptable to
Production Control and to the customer.
b. Once accepted by Production Control, any changes to the runbook must be
provided by the customer.
c. The customer must authorize access to his JOBTRAC location for Production
Control so that Production Control may provide assistance when required.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.05 Page 2 of 2
5.0 DEFINITIONS
Automated Batch Job Scheduler: Automated scheduling software for the management of routine
daily batch computer processing. In an automated computer center, the scheduling functions are
returned to the computer customer. JOBTRAC is the NCC's automated batch scheduling
product.
Runbook: An electronic document which identifies all the requirements, standards, and
procedures supporting an application's batch process.
6.0 STANDARDS
The NDPD provides its customers with solutions to today's productivity and quality bottlenecks.
By using the NCC's automation tools, the customer can eliminate costly reruns due to human
error. Automated condition code checking, auto-restart, JCL check, and report distribution
management are all features of the NCC's automated data center. The following is a list of tools
provided by the NCC. The use of these tools is required for customers who request Production
Control support.
JOBTRAC. Automated job scheduler.
INFOPAC. Electronic report distribution system.
IOF. Interactive Output Facility. Online viewing package.
SDSF. System Display and Search Facility.
7.0 PROCEDURE REFERENCES
Procedures for complying with this policy are identified in the following documentation:
a. Goal Systems. (1992) JOBTRAC Users Guide. (Vendor documentation.)
b. System Display and Search Facility Tutorial (on the NCC IBM mainframe).
c. Fisher International Systems. (1991) IOF Users Guide, Release 7. (Vendor
documentation.)
d. Mobius. (1992) INFOPAC Users Guide. (Vendor documentation.)
e. Online IBM customer documentation in data set JUSD.USERS.REFER on the
NCC IBM mainframe.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Submission of Requests for New or Revised NO. 100.06
NDPD Operational Directive
APPROVAL: DATE: 3 - 3 / -
1.0 PURPOSE
This policy provides a common format for requesting issuance of a new policy or revision to an
existing policy.
2.0 SCOPE & APPLICABILITY
This policy applies to all persons/groups submitting suggestions/requests for new NDPD policies
or requesting changes to existing policies.
3.0 RESPONSIBILITIES
It is the responsibility of the preparer to conform to this policy in submitting requests for NDPD
consideration.
The NDPD Branch Chiefs are responsible for development and maintenance of appropriate
policies for their functional areas.
The NDPD Branch Chiefs, the Information Management Branch of OIRM/IMSD, the OIRM
Division Directors, and the Senior Information Resources Management Officials (SIRMOs) are
responsible for reviewing the policies before issuance.
The Chief, Program Management Support Branch, is responsible for the review process and
submitting new or revised policies to the Director, National Data Processing Division.
4.0 POLICY
a. All requests for a new policy will be submitted in the following format:
Required Paragraphs: Title
1.0 Purpose
2.0 Scope & Applicability
3.0 Responsibilities
4.0 Policy
5.0 Definitions
6.0 Standards
7.0 Procedure References
b. Revisions or changes to current policy will be submitted in the format specified
in Item 4.a. A copy of the current policy will be attached to the recommended
policy.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.06 Page 2 of 3
c. Draft policies will be reviewed by each NDPD Branch Chief, OIRM Division
Directors, and SIRMOs.
d. Final policies will be submitted to the Director, NDPD for final approval.
5.0 DEFINITIONS
Directive/Policy: A high level statement of direction or position made by top levels of
management within a particular organization.
Standard: A rule/objective against which conformance can be measured in support of policy
direction or position.
Procedure: A step-by-step process followed to meet requirements of a particular standard.
6.0 STANDARDS
a. All requests will be submitted to the following address for entry into the policy
process:
Policy Coordinator
Program Management Support Branch
National Data Processing Division (MD-34)
Research Triangle Park, NC 27711
b. Level 1 Policy Review is established to include the following:
Each NDPD Branch Chief will review policies and return
comments within 3 weeks.
Policy personnel of the Information Management Branch,
Information Management and Services Division, OIRM and OIRM
Division Directors will review for OIRM and return comments
within 3 weeks.
If no comments are received during the 3-week review period,
approval is assumed.
The NDPD Policy Coordinator will provide the review comments
to the submitter for possible revision/modification of the policy.
c. Level 2 Policy Review is established as follows for SIRMOs:
Each SIRMO will review policies and return comments within 3
weeks.
If no comments are received during the 3-week review period,
approval is assumed.
The NDPD Policy Coordinator will provide the review comments
to the submitter for possible revision/modification of the policy.
d. The final draft policy will be submitted through the Chief, Program Management
Support Branch, and the Deputy Director, NDPD to the Director, NDPD for final
approval.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.06 Page 3 of 3
e. The requirement for an additional review of any submitted policy will be at the
discretion of the Chief, Program Management Support Branch, and/or the
Director, NDPD.
7.0 PROCEDURE REFERENCE
Log sheets, routing forms, and copies of written comments are maintained by the Policy
Coordinator.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD Rate Charges
APPROVAL: lpi/*$'-L £:y-$'*v* »
No.: 100.07
DATE: Zfa/W
1.0 PURPOSE
In accordance with guidelines established in OMB Circular A-130, a full costing of all
personnel, hardware, software, and physical facility costs is performed yearly for all computer
systems operated or managed by EPA. The NDPD must account for the full cost of operating
the data processing facilities and allocate these costs to users according to the services they
receive.
2.0 SCOPE & APPLICABILITY
This policy applies to the following cost centers at the National Computer Center:
o IBM System (WIC 4381, Regional LMFs, IBM 3090s, Cincinnati 4381)
o NCC VAX Cluster
o CBI IBM 4381
o ASRL VAX
o Telecommunications
o Support Services (Prime, ORD VAX, MicroVAX II (optional), LANs, LIMS,
STARS)
3.0 RESPONSIBILITIES
The Chief, Program Management Support Branch, is responsible for the review and submission
of new or changed policy to the Director, National Data Processing Division.
4.0 POLICY
a. The major source of data for full costing is created by the automated NDPD
Budget Planning System. This system provides information concerning yearly
lease and maintenance costs for hardware and software, estimated costs for
purchases planned for the fiscal year, yearly contractor services costs, and data
center personnel costs. Categorization by service area within computer systems
is used to determine the yearly operating costs for each computer system.
There is a formal NDPD approval process that identifies each budget item as
either mandatory or discretionary. Mandatory items are included in the budget.
Discretionary items are categorized into the following priorities: high, medium,
or low. Discretionary items are included in the budget only if money is
available. This budget process must be completed by March IS.
Indicates revision.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.07 Page 2 of 3
b: Based upon data obtained from the full costing process, NDPD annually
performs the cost center analysis for each computer system/ADP service. This
process determines the costs of individual service provided for each system and
establishes the charge rates to recover these costs. Charge rates for the various
services provided are established as follows:
o Rates are to be structured to reflect the full cost of providing a service.
o To ensure equity in chargeback, users only pay for services received.
o Flat rate charges are used for services where usage is not directly
measurable.
o Services provided by commercial vendors are charged back to Agency
users at cost plus administrative handling fee.
o The Agency's capacity to provide requested service consistent with
"service level goals" is incorporated in the Agency pricing policies and
rate setting procedures.
c. NDPD input to the OIRM timeshare budget guidance memo is prepared by
April IS.
d. An RPIO timeshare impact analysis will be performed to determine the likely
impact of certain rate changes and/or rates for new services. The suggested
timeshare chargeback rate structure for all cost centers is presented to the
Director, NDPD, for review, comment, and approval by June IS.
e. The NDPD approved timeshare chargeback rate structure for all cost centers is
presented to the Director, OARM-RTP, for review, comment, and approval by
July 1.
f. The OARM-RTP approved timeshare chargeback rate structure for all cost
centers is presented to the Director, OIRM, and his staff for review, comment,
and approval by July 15.
g. The approved chargeback is published in a User Memo no later than August 31.
h. The approved chargeback is published in the WIC Connection no later than
September 1.
i. Management reports are prepared and distributed to the OIRM no later than the
5th working day of the following month. The TSSMS and management reports
are also sent to the Responsible Program Implementation Officers (RPIOs) and
ADP Coordinators the next day.
j. Once timeshare chargeback rates are approved and a User Memo announcing
rates has been issued, there will be no changes to the chargeback rate structure
for the upcoming fiscal year.
| Indicates revision.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.07 Page 2 of 3
k. If a new timeshare chargeback service is to be implemented at any time during
the fiscal year, the rate for this service must be approved by NDPD manage-
ment and a 30-day user notice issued prior to the effective date for the
chargeback.
| Indicates revision.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Preparation and Jssuance of NO. 100.09
Formal NDPD
APPROVAL:* DATE:
1.0 PURPOSE
This policy reaffirms NDPD directives that all formal correspondence adhere to the policies,
procedures, standards, and formats contained in the EPA Correspondence Manual. EPA
Transmittal 1320.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD staff personnel who write, edit, review, sign, type, file, or
control formal NDPD correspondence. The author will determine whether correspondence will
be formal or informal (Email).
3.0 RESPONSIBILrnES
The author and reviewer are responsible for the contents of the correspondence while the NDPD
secretarial staff is responsible for the grammar, spelling, format, and all other characteristics
associated with professionally acceptable correspondence. The Division Director's secretary is
responsible for advising, monitoring, coordinating, and otherwise ensuring adherence to this
established policy.
4.0 POLICY
a. All formal correspondence will adhere strictly to the guidelines contained in the
EPA Correspondence Manual.
b. Formal correspondence to individuals within EPA will be issued in memorandum
form while other correspondence, including that to other government agencies,
will be issued in letter format.
c. All correspondence prepared for the Director's signature will receive a minimum
two-level review which shall consist of the Branch Chief or Technical Monitor
and the NDPD Director's Secretary. All correspondence submitted for the
Director's approval shall be undated.
d. All updates to the EPA Correspondence Manual shall be distributed by the
Division Director's secretary to all NDPD EPA Correspondence Manual owners
within 1 week of NDPD's receipt of the updates.
e. The secretarial staff is encouraged to meet on an "as needed" basis to discuss
issues and practices that will improve the correspondence program.
f. The only acceptable exception to the EPA Correspondence Manual guidelines is
that the Director's Office will maintain a record of all outgoing formal correspon-
dence by subject rather than by the Division level reading file.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.09 Page 2 of 2
5.0 DEFINITIONS
Formal correspondence is defined as written forms of communication issued to individuals
outside of NDPD.
6.0 STANDARDS
EPA Correspondence Manual. EPA Transmittal 1320.
7.0 PROCEDURE REFERENCES
Not applicable.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD Prepared Papers NO. 100.10
APPROVAL: M >u^W' DATE:
1.0 PURPOSE
This policy provides a common format for the preparation of information/decision support papers
to be submitted to the NDPD Director for his information/signature.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff who author, edit, review, sign, type, or
control various documents identified in this policy.
3.0 RESPONSIBILITIES
The author will prepare a detailed outline of the proposed paper and have it approved by his/her
respective Branch Chief or Department Manager (if contractor employee) before the paper is
written.
The author and the reviewers are responsible for the content of the paper. The author's
secretarial staff is responsible for grammar, spelling, and other characteristics required of a
professionally acceptable document. If desired, the author may obtain editorial assistance from
the Facility Management Contractor's Publications section.
The author's Branch Chief or Department Manager will review and approve/disapprove all
submitted papers.
The author's Branch Chief or Department Manager will ensure that all approved papers are
routed through the NDPD Deputy Director before submission to the Director.
The NDPD Director's secretary will maintain a file and track the status of all papers submitted
to the Director in accordance with this policy.
4.0 POLICY
A detailed outline will be drafted by the author and approved by his/her Branch Chief or
Department Manager before the paper is written.
All papers identified in this policy and prepared for the Director's information/signature will
conform to the format specified in Section 6.1.
All papers will contain, at a minimum, the mandatory elements specified in Section 6.1.
However, additional information can be presented if desired. The format for the presentation
of additional information is also provided in Section 6.1.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10 Page 2 of 8
Semiannually, the NDPD Director's secretary will submit a list of open decision papers to the
NDPD Director's staff meeting for management review of status, progress, findings and
remaining actions. This status list will also note any pending decisions relative to a decision
paper. The NDPD Director will either implement, change, or reject the findings, and the
secretary will record the results. Once a decision paper is approved, copies will be forwarded
to all Branch Chiefs and Facility Managers.
All papers requested from the FM contractor by the NDPD Director will be reviewed by the FM
contractor Project Director before being forwarded to the NDPD Deputy Director. The Branch
Chief(s) who would benefit from this information will be provided with a copy of the paper.
Two copies of each paper will be submitted to the Director. One copy will be field in a central
file in the Director's office.
The original, or reproduction copy, of each paper will be catalogued and filed in the FM
contractor's Technical Library for future reference and reproduction. This copy should be
submitted to the Supervisor or Publications and Reproduction (MD-34A).
5.0 DEFINITIONS
None.
6.0 STANDARDS
6.1 TYPES AND FORMATS OF ACCEPTABLE PAPERS
(MANDATORY ELEMENTS)
The format of the two types of papers defined by this policy are presented below. Note that
subelements that relate to an element must immediately follow that element and must be
identified with the element number (i.e., 3.0 for Background with subelement numbers 3.1, 3.2,
3.3, etc., as necessary).
Additional information not related to an existing subelement will be presented as a new element.
This new element will take the next available number after the last mandatory number or the
previous new element number.
INFORMATION PAPER
1.0 TOPIC
2.0 EXECUTIVE SUMMARY
3.0 BACKGROUND
4.0 INFORMATION
5.0 REFERENCES
DECISION PAPER
1.0 REQUIREMENT/PURPOSE/ISSUE
2.0 EXECUTIVE SUMMARY
3.0 BACKGROUND
4.0 ASSUMPTIONS
5.0 CRITERIA FOR EVALUATION OF ALTERNATIVES
6.0 ALTERNATIVES
7.0 RECOMMENDATIONS
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10 Page 3 of 8
6.2 REPORT COVERS
If the length of a report warrants, the author may include a cover, title page, and table of
contents; however, one will not be used without the other. Covers will conform to the
requirements of the EPA Graphics Standards System manual. Covers will be printed in black
ink on white or colored bond unless distribution is limited (10 copies or less); in which case,
one color ink (blue or green) may be used. A sample cover from the EPA Manual is shown in
Figure 1. Explanatory remarks concerning the basic cover format requirements have been
added. Another sample cover is illustrated in Figure 2, indicating type face and point size.
Figure 3 contains sample covers prepared at the NCC. While the presentation of information
contained above Line A is mandatory, data below this line is at the author's discretion.
A sample title page is illustrated in Figure 4. Note that reports prepared by the FM contractor
will carry the contractor's EPA contract number in compliance with EPA regulations.
6.3 REPORT PREPARATION AND DISTRD3UTION
Personnel are encouraged to utilize the services provided by the FM contractor's Publications
and Reproduction section. These services include editorial, illustration, typing, reproduction,
and distribution assistance.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1977) US EPA Graphics Standards
System. U. S. Government Printing Office: 19770-247-563, Stock No. 055-000-
00169-3. For sale by the Superintendent of Documents, U. S. Government
Printing Office, Washington, DC 20402.
b. U. S. Environmental Protection Agency. (1981) Document Standards Manual
(Report No. 1/001A), Research Triangle Park: National Data Processing
Division. (Location: Publications Technical Library)
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
Page 4 of 8
Column 1. Agency Iden-
tifier. Logotype and
symbol are treated as
one unit.
Column 2. Full name
of Agency, title and
subtitle, if required.
Column 3. Office/-
Region, if applicable,
with address.
Column 4. Index
number, date of issue,
and special identi-
fication (Draft,
Final, etc.)/ if
applicable.
U**4M NVtlU*
C.1
&EPA Monitoring Series
Rationale and Methodology
for Monitoring Groundwater
Polluted by
Mining Activities
Figure 1. Sample Report Cover with Column Identification
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
Page 5 of 8
9 pt Univers 55
30 pt Univers 65
30 pt Univers 55
c/EPA
Environmental Draft
Impact Statement
Sacramento
Regional Wastewater
Management
Program
6 pi
30 pt
30 pt
30 pt
30 pt
Figure 2. Sample Report Cover with Type Specifications
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10 Page 6 of 8
Line A
United States Office of Administration J8S/001
Environmental Protection end Resources Management September 6 19(9
Agency National Data Processing Division
Research Triangle Park, NC 37711
v>EPA Decision Paper
Evaluation of
dBASE IV, Version 1.0
in Multi-User Mode
Figure 3. Sample NDPD Report Cover (Page 1 of 2)
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
Page 7 of 8
Line A
United States Oflle* ot Admlniatrallon J8SW01
Environmental Protection and Reseurcea Management Septembers 1989
Agency National Data Proceaalng Olvlalon
Research Triangle Park. NC 27711
SEPA Decision Paper
Evaluation of
dBASE IV, Version 1.0
in Multi-User Mode
Question: Should EPA adopt dBASE IV LAN as the
Agency standard, replacing dBASE III PLUS?
Recommendation: Yes.
Figure 3. Sample NDPD Report Cover (Page 2 of 2)
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
Page 8 of 8
EVALUATION OF dBASE IV, VERSION 1.0,
IN MULTI-USER MODE
September 6, 1989
Prepared for
Architectural Management & Planning Branch
Contract No. 68-01-7437
U.S. ENVIRONMENTAL PROTECTION AGENCY
NATIONAL DATA PROCESSING DIVISION
RESEARCH TRIANGLE PARK, NORTH CAROLINA
Figure 4. Sample Report Title Page
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Transfer of Computer Accounts among EPA Users NO. 100.12
APPROVAL: &£ DATE: f//7/f?
1.0 PURPOSE
This policy will ensure that the transfer of computer accounts among EPA organizations is
accomplished in a consistent and orderly manner.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all computer accounts registered with the Time Sharing Services
Management System (TSSMS) Office at the EPA National Computer Center.
3.0 RESPONSIBILITIES
FM Contractor personnel at the NCC are responsible for updating and maintaining necessary
files and for monitoring procedures to implement this policy.
4.0 POLICY
Transfer of computer accounts from one EPA organization to another will be accomplished as
follows:
a. YTD charges will be transferred with the account.
b. Budget ceiling will be transferred with the account. The OIRM Office (FTS 382-
2415) will be contacted by the ADP Branch Chiefs with budget transfer
information.
A few Interagency Agreements (lAG's) specify that when an account has exceeded its stated
expenditure limit, EPA will cover any additional costs out of the EPA timeshare budget. In this
instance, the Regional ADP Branch Chiefs will ensure that the following is accomplished when
a computer account is transferred:
a. Establish a new account and delete the old account. (Complete TSSMS forms
N251 and N258.)
b. Change the JCL of existing jobs to reflect the new account.
c. Rename data sets with the new account within 45 days or the data sets will be
deleted.
d. Reassign tapes to the new account within 45 days or the tapes will be released to
the scratch pool.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Submission Timeframe: Planning and NO. 100.14
Funded Purchase Requisitions
APPROVAL: ££&! ^jjr J! DATE: 7/7/93
1.0 PURPOSE
This policy establishes a common timeframe for the submission of NDPD planning and the
subsequently funded purchase requisitions (PRs) to the Office of Acquisition Management
(0AM).
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD staff personnel who prepare or approve NDPD planning or the
subsequent NDPD-funded purchase requisitions.
3.0 RESPONSIBILITIES
The originator of a purchase requisition must conform to the requirements of this policy.
However, the final and ultimate responsibility rests with the appropriate NDPD Branch Chief.
The Branch Chief of the Program Management and Support Branch is responsible for
implementing this policy, as wen as for ensuring that all approved requisitions are funded, if
required, and are submitted by NDPD to OAM within established timeframes.
4.0 POLICY
It is the policy of the Director of NDPD that all planning and funded PRs will be prepared and
submitted to NDPD in time to meet deadlines established by the OAM.
S.Q DEFINITIONS
Planning Purchase Requisition: A preliminary, unfunded purchase requisition which identifies
purchases planned for an upcoming period, usually the next fiscal year.
Funded Purchase Requisition: A purchase requisition which has been approved by all
appropriate levels in the organization.
6.0 STANDARDS
a. AH planning PRs will be prepared, signed by the Branch Chief, and submitted to
the NDPD Director's Office for final review and approval by June 1.
b. Planning PRs will be approved/disapproved by the Director's Office no later than
June IS.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.14 Page 2 of 2
c. All approved planning PRs will be submitted as a package from NDPD to the
various OAM Offices at least 3 days prior to the established OAM due date,
which differs by fiscal year. (For FY1994 planning PRs, the due date to OAM
is July 1, 1993.)
d. Final purchase requisitions for the ensuing fiscal year will be submitted by the
appropriate Branch Chief to the NDPD Administrative Officer by October 1.
e. All funded PRs will be submitted to OAM within 10 calendar days of fund
availability, availability of GSA or EPA contracts, or by October 1, whichever
is later.
f. To ensure adequate lead time within OAM, the NDPD Director will be notified
in writing of any contract renewal or new FY start-up that has not been submitted
to OAM by November 1, or within a month of fund availability for the start-up
fiscal year.
7.0 PROCEDURE REFERENCES
None.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: At-Home Use of Agency-Owned NO. 100.18
APPROVAL: W**^ Cf'
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.18 Page 2 of 2
Accountability for microcomputers and peripherals removed from government facilities under
the provisions of this policy will be maintained through existing procedures. In cases where
equipment will be used off government premises for a period of not more than 90 days, property
passes will be issued and the Property Control Office will be notified via Form N354, Report
of Status of Government Property. When equipment will be off government premises in the
possession of an employee for longer than 90 days, property records will be changed to show
the employee as the person responsible for the government-owned equipment.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD PC Bulletin^ Board Services NO. 100.19
APPROVAL: f^T*&£ CsW'/ <""*'> DATE: ,
1.0 PURPOSE
This policy specifies the support to be provided by NDPD in the use of Agency-wide electronic
Personal Computer Bulletin Board Services (PC BBS).
2.0 SCOPE & APPLICABILITY
This policy applies to all levels of NDPD's data processing support organization and to all PC
bulletin board services that EPA and its contractors operate.
3.0 RESPONSIBILITIES
NDPD is responsible for providing data processing support services to customers throughout the
Agency. Within NDPD, the Information Centers Branch (ICB) and the Telecommunications
Branch (TCB) are responsible for computer support activities most directly affected by this
policy. All employees of EPA, EPA contractors, and EPA grantees are responsible for
compliance with the provisions of this policy.
4.0 POLICY
Various EPA offices support over thirty electronic bulletin board services. These BBSs fulfill
an essential need for communication throughout the Agency, keeping BBS customers updated
on strategic information. Agency BBSs provide services such as electronic distribution of
documentation, notices of meetings, electronic conferencing and messaging on environmental
' areas of study, software updates, and computer programs. As the interest in BBSs has grown
within the Agency, so has the need for better PC BBS communications. Advertising the
existence of specialized BBSs is difficult for EPA offices. Various offices have requested NDPD
to provide BBS EPA network access and advertising for PC BBSs.
This policy defines the NDPD PC BBS network strategy and describes the management
requirement associated with connecting a PC BBS to the EPA network. Software and hardware
components necessary to provide PC BBS telecommunications services are enumerated. This
policy outlines procedures for applying for networked PC BBS connections and announces
NDPD advertising support for PC BBSs. This policy defines NDPD BBS system manager and
operator support.
An alternative to starting a new PC BBS is using an Agency MAIL BBS. A MAIL BBS can
provide electronic conferencing and binary file exchange, while retaining BBS management
under a system manager's control. NDPD encourages offices investigating how to start a PC
BBS to discuss the capabilities of MAIL BBS with NDPD's Program Management Support
Branch.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19 Page 2 of 5
4.1 PC BBS MANAGEMENT
NDPD requires that an EPA employee (BBS system manager) sponsor a proposed PC BBS for
connection to the EPA network. This employee will apply for an EPA network connection by
completing an NDPD Telecommunications Service Request (TSR). The TSR will be submitted
to the NDPD Telecommunications Branch with a memo stating whether the proposed network
PC BBS is available for public access. Refer to Section 4.3 for a detailed description of public
access PC BBS issues. The public access BBS system manager will ensure that there is no BBS
posting of EPA network access directions or telephone numbers. System managers converting
to public access will notify NDPD Telecommunications Branch 30 days before conversion
occurs. Public access through the EPA network to the BBS is prohibited and will be blocked
electronically. Public access through the PC BBS to the EPA network is also prohibited.
Duties of the BBS system manager include:
Managing the availability of the BBS.
Enforcing practices to ensure that the message and file information available to
BBS customers is appropriate and virus-free.
Maintaining and upgrading the BBS hardware and software as necessary.
Acting as "central point of contact" for NDPD management to resolve procedural
problems that may arise.
The technical operations of the BBS can be provided by the system manager or a system
operator who is sometimes a contractor. The system operator's duties include:
Creating bulletin board categories.
Working with NDPD technical staff to troubleshoot telecommunications problems.
Providing regularly scheduled tape backups for the PC BBS.
Running virus checker programs to maintain a virus clean PC BBS.
Purging old information.
Performing other PC BBS software and system-related duties.
4.2 PC BBS EPA NETWORK ACCESS
Bona fide EPA employees, state agency representatives, other government agency representa-
tives, EPA contractors, and EPA grantees will gain access to EPA PC BBSs through the EPA
network. NDPD Telecommunications Branch will support an X.25 synchronous communications
connection to a PC BBS, giving customers 9.6 kb or 19.2 kb access through EPA's packet
switched network. The X.25 PC BBS communications link can, theoretically, provide service
for up to 64 concurrent customers. Network service levels will vary with the speed of the
bulletin board service PC, the number of simultaneous customers, and the type of network traffic
generated by the customers (i.e., file transfer vs. reading BBS Email).
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19 Page 3 of 5
4.3 PUBLIC ACCESS TO EPA PC BBSs
This policy defines public access to a BBS as totally unrestricted access to an Agency-sponsored
PC BBS. Typical customers who are not classified as public access include EPA personnel,
EPA-related contractors, EPA-specified grantees, and members of EPA-associated state and
government organizations.
Public access to the PC BBS using the EPA network is prohibited. A system manager of a
public access BBS must service these customers by request from NDPD for dial-in lines or toll-
free number lines to the BBS. Toll-free lines will be directly connected to the BBS and paid for
by the system manager's organization. Public access PC BBSs will be blocked from using toll-
free exchanges that permit direct access to the EPA network.
The technology connecting a public access BBS to the EPA network simultaneously provides
service to customers from the EPA network without interfering with dialup public access. The
BBS can service both types of customers at the same time since the telecommunication traffic
is not being mixed between dialup and EPA network access. It is the responsibility of the PC
BBS system manager that public access users do not gain access to EPA network dialup
procedures or telephone numbers, but remain limited to the direct dialup services of the PC
4.4 HARDWARE AND SOFTWARE REQUIRED FOR EPA NETWORK ACCESS
NDPD is certifying standard BBS telecommunications hardware, PC hardware, and PC BBS
software for EPA BBSs. Galacticomm is the only vendor whose BBS communications hardware
and software have been certified and approved with NDPD.
Certification of other BBS hardware and software configurations is possible. The requesting
office must set up a working PC BBS at the RTF National Computer Center and invest several
days testing a proposed configuration onsite with the Telecommunications Branch support staff.
BBS system managers can obtain more information about the certification program by contacting
the NDPD Telecommunications Branch. It is anticipated that from two to five certified
configurations will be supported in FY1992.
The difference between a certified and noncertified PC BBS is that NDPD will provide software,
telecommunications, and hardware system operator support only for certified BBSs.
Noncertified PC BBSs can be connected to the network, but the Telecommunications Branch will
support telecommunications up to the PC. PC hardware and software troubleshooting will not
be provided for noncertified BBSs.
Noncertified PC BBS configurations will be studied when an office submits a BBS TSR. NDPD
Telecommunications Branch will develop the best technical solution for connecting the BBS to
the EPA network.
Reference Section 4.8 for further information about NDPD PC BBS support.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19 Page 4 of 5
4.5 RESPONSIBILITIES FOR FUNDING PC BBS NETWORK ACCESS
The Telecommunications Branch will decide whether connecting a specific BBS to the EPA
network will result in a telecommunication savings to the Agency. This analysis will be based
on usage data for grandfathered BBSs, projected usage for proposed BBSs, number of
simultaneous EPA customers, and projected BBS longevity. This information must be submitted
with the BBS Telecommunications Service Request.
If placing a BBS on the EPA network is not a substantial savings to the Agency, the owner of
the BBS system must fund (non-timeshared funds) all telecommunication costs for connecting
the BBS to the network. The owner will fund NDPD-supplied modems and a dedicated line for
the EPA network connection. If the BBS is available for public access, the owner will always
fund all telephone dial-in lines and any toll-free requested lines. The BBS system manager can
contact the NDPD Telecommunications Branch for an estimate of the costs associated with
network access.
The BBS system manager will purchase the BBS PC hardware and software.
4.6 PROCEDURE FOR APPLYING FOR BBS NETWORK ACCESS
The BBS system manager must complete a BBS TSR and a memo stating whether or not the
proposed BBS will be made available for public access. The TSR must be signed by the system
manager's EPA ADP coordinator or IRM chief. The TSR must include a BBS deployment
schedule, software and hardware configuration, and information requested in Section 4.5.
NDPD Telecommunications Branch will process the BBS TSR and provide the installation cost
and yearly cost estimate to the submitting office. The office will then furnish NDPD with a
reimbursing purchase requisition.
4.7 ADVERTISING BBS ACCESS TO EPA CUSTOMERS
At the discretion of the system manager, the appropriate user communities will be notified of
each newly established BBS service. Each Region will have BBS as a telecommunication service
selection on the EPA network. NDPD will include a listing of the BBS in the National Locator
System and telephone directories.
4.8 SOFTWARE/HARDWARE/TELECOMMUNICATIONS SUPPORT
NDPD Telecommunications Branch will provide network and dial-in line troubleshooting support
in cooperation with the BBS system manager. NDPD Information Centers Branch will provide
BBS system operator support for each certified software configuration. BBS system operator
support is NDPD Information Centers Branch (ICB) provided telephonic support for BBS system
operators who need certified software setup, troubleshooting, and/or consultation assistance.
When new bulletin board software and hardware is certified by the NDPD Telecommunications
Branch, NDPD Information Centers Branch will obtain the software, hardware, and training
necessary to support the new certified BBS system operators.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19 Page 5 of 5
4.9 SYSTEM OPERATOR/SYSTEM MANAGER SPECIAL INTEREST GROUP
NDPD will establish an Agency MAIL-based BBS (named PCBBS) for system managers and
system operators. ICB will be responsible for the management of the PCBBS Email bulletin
board. PCBBS will provide improved communications among BBS system managers, system
operators, Information Centers Branch software support, and Telecommunications Branch
support staff. PCBBS will provide such services as announcing scheduled network maintenance,
status of network problems, availability of new software releases, and information on common
points of interest.
NDPD Telecommunications Branch will notify NDPD Information Centers Branch when a new
-PC BBS joins the EPA network. This notification will alert NDPD Information Centers Branch
that an additional system manager is to be added to the PC BBS MAIL system. The notification
will indicate the type of bulletin board software used by the new BBS.
4.10 DEFINITIONS
BBS System Manager: EPA employee legally responsible for management of an Agency BBS
as described under Section 4.1. A contractor may not be a BBS system manager.
BBS System Operator: EPA or contractor technical support employee who provides day-to-day
BBS operational, troubleshooting, and user support. The BBS system manager may be the BBS
system operator.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Macintosh Support NO. 100.20
APPROVAL: j&ftT^'&jJtf**^ DATE: ?////?/
?. ., 'tii
1.0 PURPOSE
This policy delineates the position of the National Data Processing Division with respect to
iing direct support related to the use of Macintosh microcomputers.
2.0 SCOPE & APPLICABILITY
This policy is Agency-wide in scope, and applies to all levels of NDPD's data processing
support organization.
3.0 RESPONSIBILITY
The Director, NDPD, is responsible for providing data processing support services for users
throughout EPA. Within NDPD, the Information Centers Branch and the Telecommunications
Branch are responsible for computer support activities most directly affected by this policy.
However, all employees of NDPD and its contractors are responsible for compliance.
4.0 POLICY
Within EPA, the Apple Macintosh (Mac) has been a supported computing platform for specific
applications for several years. Macintosh equipment has been available to EPA offices through
contracts administered by NDPD, and the Mac has become an integral part of the workplace in
some offices. NDPD will continue to provide limited support for Macintosh computers, but only
when those computers are being used for scientific applications for which solutions are not
available in the MS-DOS environment, or when those computers are being used as desktop
publishing systems. This policy is based on economies of scale and the dominance of available
DOS-compatible products for computing and telecommunications, and not on the merits of
Macintosh versus MS-DOS computer architecture.
4.1 VIABILITY OF ONGOING SUPPORT
A trend has been identified in requests for support from the Macintosh user community that
indicates Macintosh computers are being used for purposes other than those for which they were
intended. Requests for support and services reveal a growing use of Macs for general office
computing. These requests have been accompanied by petitions for networking and file transfer
capabilities comparable to those available to MS-DOS users. The resource expenditures required
to satisfy this growing demand for support and services are not justifiable in terms of the overall
percentage of microcomputers in the Agency represented by the Macintosh, as opposed to the
more widely-used MS-DOS PCs.
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.20 Page 2 of 2
4.2 SOURCES OF SUPPORT FOR THE MACINTOSH
Because the delivery of general Macintosh support on a national scale is not cost effective,
NDPD will provide centralized direct support for the Mac only insofar as it is being used as a
scientific workstation or as a desktop publishing system. Requests for such support should be
directed to NDPD.
4.3 FILE EXCHANGE BETWEEN THE MACINTOSH AND OTHER COMPUTING
ENVIRONMENTS
NDPD supports hardware and software tools that enable MS-DOS users to conveniently transport
files across hardware and geographic boundaries. The duplication of file transfer mechanisms,
or the addition to in-place mechanisms of a Macintosh/MS-DOS file transfer capability, is not
cost justifiable. Therefore, when individual users and groups who elect to use Macintosh
computers rather than MS-DOS machines need to transfer files across platforms, the
responsibility for providing and maintaining that capability lies with those individuals or groups.
4.4 NETWORKING OF MACINTOSH COMPUTERS
The fundamental differences between Apple Macintosh architecture and MS-DOS architecture
impede easy networking between those environments. NDPD fully supports connectivity to the
national telecommunications network for MS-DOS computers. Complete duplication of
supported telecommunications services for the Macintosh is not cost justifiable. However,
VAX/PCSA, a connectivity link to the DEC VAX environment for both MS-DOS and Macintosh
microcomputers, is fully supported. This service is cost-effective, since Macintosh support is
bundled into the product along with support for MS-DOS computers.
The NDPD Telecommunications Branch will not assist with the installation or maintenance of
Apple local area networks. Based on available expertise and resources, individual information
centers may elect to support local Macintosh networks at their respective sites. Offices at
Headquarters and in RTF must obtain prior approval from NDPD before installing wiring for
any local area network.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD Customer Support,Services NO. 110.01
APPROVAL: jfl^i ,.^<^N DATE: ?/23/?/
1.0 PURPOSE
This policy establishes operational conditions and objectives for the Customer Support group.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management and operation of the Customer Support group.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and perform the tasks necessary to meet policy
objectives.
The FM contractor will establish and maintain a source of assistance for customers in meeting
their computer needs. This customer support will be available for walk-in customers as well as
for customers telephoning for assistance.
FM contractor management personnel will ensure that staffing of the Customer Support group
is in compliance with the Government's direction.
4.0 POLICY
a. Hours of operation will be from 8:00 a.m. to 7:00 p.m. (Eastern time), Monday
through Fnday (except for holidays and declared emergency shutdowns).
b. Appropriate customer calls/requests will be entered into a problem management
system and assigned a tracking number.
c. A matrix of skill levels for the Customer Support group will be maintained,
denoting the capabilities of individual staff members.
d. Customer Support personnel will be responsible for updating assigned problem
management records.
e. The Customer Support Supervisor will ensure that customers whose jobs were
canceled the previous day are contacted and timeshare refund procedures are
explained.
f. The Customer Support Supervisor will ensure that News Alerts are properly
prepared, installed, and maintained.
-------
NDPD OPERATIONAL DIRECTIVE NO. 110.01 Page 2 of 2
g. The Customer Support Supervisor will monitor response time by contacting selected
customers on a regular basis.
h. The Customer Support group will strive to resolve customer problems as soon after
identification as possible in order to provide the highest level of service to the
customer community. Problems will be escalated in accordance with Problem
Management procedures.
i. Customers reporting problems will be contacted within 24 hours, except on
weekends and holidays, and advised of the progress made in seeking a solution to
their problems.
-------
TITLE:
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
Customer Memo Preparation and
Dissemination
APPROVAL:
NO. 110.03
DATE: 9/13/t/
1.0 PURPOSE
This policy provides guidance for the preparation and dissemination of Customer Memos and
' ' ification of the approvals required.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA NDPD and contractor personnel who either create, process,
and/or approve Customer Memos. This applies to IBM, Prime, VAX, PC, and LAN services
provided by NDPD.
3.0 RESPONSIBILITIES
Author
Immediate
Supervisor
Prepares memo.
Completes Form N406, Draft Checklist for Customer Memos: staples
the form to the memo; and delivers or forwards both the form and
memo to his immediate supervisor.
Makes changes as directed throughout the process, annotating Form
N407, Approval Checklist for Customer Memos.
Reviews/revises memo to ensure that information is necessary, timely,
detailed (to the appropriate level), technically accurate, and complete.
Completes Forms N406 and N407 as appropriate.
Security
Officer
Reviews memo to determine if it contains sensitive data and denotes
findings on Form N406.
Publications
Supervisor or
Technical
Writer/Editor
Reviews/revises memo to ensure that memo is organized, coherent,
clear, and concise, and that it is free of grammatical, punctuation, and
spelling errors.
Revises memo as necessary.
Delivers final memo with attached Forms N406 and N407 to Memo
Specialist.
Proofreads final copy, checks it against approved version, and verifies
that all changes have been made accurately.
| Indicates Change
-------
NDPD OPERATIONAL DIRECTIVE NO. 110.03
Page 2 of 3
Memo
Specialist
Follows established procedures for entering memo into Customer
Memo system and for obtaining approval copy (logging memo,
creating input and output files, proofing and correcting data entry,
etc.).
Files draft memo and Form N406.
Prints approval copy of memo, attaches Form N407, and forwards to
author.
When received from NDPD Branch Chief, revises memo and forwards
final copy to Publications.
When received from Publications, follows established procedures for
processing and distributing Customer Memos in the Customer Memo
system.
riles approval version of memo and Form N407.
NDPD Technical
Manager
Reviews memo for technical/informational accuracy and conformity
to NDPD policy; alters memo as necessary.
Completes Form N407 as appropriate.
NDPD Branch
Chief
Verifies that appropriate Unisys and NDPD staff Chief have reviewed
the memo and approves or disapproves the memo for final edit and
distribution.
Completes Form N407 as appropriate.
4.0 POLICY
a. Customer Memos identify significant data processing events that will have an impact
on the NCC customer community.
b. The author monitors the progress of the Customer Memo through the system.
c. Normal processing time (ready for mailing) for Customer Memos is 2 weeks. The
approving NDPD Branch Chief will be notified immediately by the author if
processing exceeds the 2-week limit.
d. Emergency Customer Memos will be prepared, approved, and ready for mailing within
4 work days. The author facilitates the process.
e. When a memo has completed the approval process, no changes will be made to it
unless those changes are in writing and are approved by the appropriate NDPD Branch
Chief.
f. Customer Memos are distributed to the following:
(1) Registered customers who have indicated their desire to receive Customer Memos
through their established profiles.
(2) Project Managers/ADP Managers/ADP Coordinators.
(3) Personnel identified as "need to know" but not registered as customers on NCC
systems.
| Indicates Change
-------
NDPD OPERATIONAL DIRECTIVE NO. 110.03 Page 3 of 3
g. Customer Memos will be prepared and distributed as separate, hardcopy documents.
However, after June 11, 1991, only those customers who have returned the Interest
Key form (Customer Memo 762) will continue to receive hard copies.
h. Customer Memos will be available for retrieval and customer site printing from on-line
data files.
i. Applicable information published in Customer Memos will be incorporated in the on-
line Customer's Reference Guide within 30 days from mailing.
j. Personal computer information will be disseminated through PC Site Coordinators via
the EPA Email system.
k. LAN information will be disseminated through the LAN Administrator via the EPA
Email system.
1. All Emails used to communicate with PC Site Coordinators and LAN Administrators
will be posted to the PC Bulletin Board maintained by the Washington Information
Center tor a period of 1 year.
m. The LAN technical guidelines will be updated with information from the LAN
Administrators' Emails as appropriate.
5.0 DEFTNTnONS
Examples of items that would require a Customer Memo are as follows:
a. A 30-day change notice (see NDPD Policies 210.04, 220.04, 230.04, and 240.04).
b. A change in scheduled operations.
c. Advertisements/changes to training offerings.
d. Rate/policy changes which directly affect customers.
Indicates Change
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Electronic Broadcasts of Customer Information NO.: 110.04
APPROVAL: i^^C S ../' -.' DATE: ?/ZJ/?/
1.0 PURPOSE
This policy provides guidance for the preparation and processing of Electronic Broadcasts of
customer information on NCC computer systems. This information is of short-term duration,
time critical, or a reminder to the customer of important issues (i.e., Customer Memo).
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA NDPD and contractor personnel, and to all customers with
interactive access to NCC computer systems.
3.0 DEFINITION
Electronic Broadcasts are informational messages whose titles appear at a customer's terminal
when he signs on to NCC computer systems. In addition, the Broadcast titles appear on header
pages of all printed output. (Also known as News Alerts.)
4.0 RESPONSIBILITIES
The author of an Electronic Broadcast is responsible for conforming to established formats and
procedures as issued by Customer Support.
Customer Support, as the broadcast issuing party, is responsible for monitoring and controlling
'Electronic Broadcasts.
In addition, Customer Support is responsible for developing and supplying authors and other
qualified personnel with procedures for implementing this policy.
5.0 POLICY
a. Only time-critical information or notification to customers of important issues will
be approved for Electronic Broadcast.
b. Authors must conform to established formats and procedures. This information is
available from Customer Support. In general, the procedures for Electronic
Broadcasts are as follows:
| Indicates revision.
-------
NDPD OPERATIONAL DIRECTIVE NO. 110.04 Page 2 of 2
(1) Author creates an on-line data set containing the desired information. He is
responsible for the data set's contents and for identifying the length of time it
is to remain on the system. He must provide a contact name and telephone
number where customers can call for clarification or additional information.
(2) Customer Support reviews the information for any conflict with NDPD policy.
(3) Customer Support issues an Electronic Broadcast to point the customer to the
appropriate on-line data set.
(4) Customer Support will not respond to requests for clarification of information
in Electronic Broadcasts submitted by Application System Managers, but will
refer the customer to the contact provided in the on-line data set.
c. The time that the cust9mer may be able to access the information will depend on the
nature of the information. Customer Support is responsible for the maintenance and
enforcement of information availability.
d.
Non-Application System Managers may also use the Electronic Broadcast mechanism
for time-critical information in accordance with Customer Support procedures.
| Indicates revision.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Micro/Minicomputer-to-Mainframe File Transfer NO.: 110.05
APPROVAL; DATE;
1.0 PURPOSE
Commonality among hardware and software components is required to operate the National
Computer Center network and to adhere to EPA's existing and planned computer architectural
strategy for compatibility of applications and connectivity. This policy ensures consistency in
the selection and use of software in the EPA environment.
This policy was designed to:
a. Prevent software acquisitions that threaten EPA's ability to provide quality support
to the customer community.
b. Provide a compatible environment for applications.
c. Preserve the stability and performance of the Agency's telecommunications network.
d. Avoid new procurements of software packages that provide capabilities already
supported.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of the Agency's network.
The following file transfer software packages have been approved by NDPD and will be fully
supported by EPA:
a. KERMTT: This software is used for asynchronous ASCII data connections.
b. SEND/RECEIVE Compatibles: PC 3270 board software packages that operate with
the IBM Host program INDSFILE are installed and supported on all Agency IBM
mainframes.
c. ARBITER: This software is used for a micro-to-mainframe link.
Items b. and c. above are also supported on Agency token-ring LAN's via LAN SNA gateways.
Indicates revision.
-------
NDPD OPERATIONAL DIRECTIVE NO. 110.05 Page 2 of 3
Two additional file transfer packages are supported with some restrictions:
a. Software AG's NATURAL Connection is supported for ADABAS/NATURAL
applications by Data Base Support Services. Prior written approval must be
obtained from the NDPD Central Data Base Administrator.
b. SAS CONNECT is supported by Customer Support Services with written approval
from the NDPD Customer Services Technical Manager.
3.0 RESPONSIBILrnES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency file transfer software.
NDPD will provide access to the Agency file transfer capabilities from anywhere within the
Agency's telecommunications network.
NDPD will provide customer support for problem determination and resolution relating to file
transfer packages.
NDPD will coordinate, maintain, and inform customers of all revisions to file transfer packages
installed on Agency PC's, gateways, and mainframes.
NDPD will maintain and support file transfer packages in a manner that provides acceptable
performance and throughput levels.
4.0 POLICY
a. To receive NDPD operations support, all file transfer software other than those
Agency-approved packages mentioned above must be approved in writing by the
NDPD Director.
b. Each customer request for file transfer software package support will be reviewed
on a case-by-case basis by the NDPD to determine compatibility and an appropriate
level of support. Requests must be submitted in writing to the Director, NDPD, in
the form of a Telecommunications Service Request (TSR), or a memorandum. The
NDPD "Decision Paper Process" will be used to document and formulate a support
decision for all new packages.
| Indicates revision.
-------
NDPD OPERATIONAL DIRECTIVE NO. 110.05 Page 3 of 3
5.0 DEFINITIONS
File Transfer Through Gateways At present, the only technology available for file
transfer through minicomputer SNA gateways is
Remote Job Entry (RJE). RJE allows only 80-byte
card image inputs and 132-byte card and print image
inputs. Examples of such gateways include Prime,
VAX, Perkin Elmer, Data General, Unisys, Harris,
Hewlett Packard, Plexus, and IBM minicomputers.
Indicates revision.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDFD OPERATIONAL DIRECTIVES MANUAL
TITLE: WIC Technical Center Operation NO. 120.01
APPROVAL: *Ai &Jv^l DATE: 1///S7
1.0 PURPOSE
These policies identify the primary functions of the Technical Center at the Washington
Information Center.
2.0 SCOPE & APPLICABILITY
These policies establish support requirements which are to be made available to all EPA and
contractor personnel, either on an informal, one-time basis or through a formal service
agreement. Formal service agreement customers will be granted priority service.
3.0 RESPONSIBILITIES
Technical Center personnel are responsible for providing ADP assistance in the microcomputer,
word processing and mainframe areas. Additionally, the Center will provide microcomputer and
mainframe graphics support.
4.0 POLICY
Personnel at the Washington Information Center will:
a. Provide consulting services in the areas of:
(1) Configuration planning, equipment installation, equipment start-up and
recovery.
(2) Procurement guidance, providing assistance in requirements analysis and
recommendations.
(3) General consulting services (i.e., general purpose development, applica-
tions consultation, debugging assistance, peripheral interface support, data
transfer and conversion assistance, personal training services, graphics and
data access support).
b. Provide seminars to develop novice, intermediate, and advanced levels of ADP
expertise.
c. Assist in the organization and development of user groups where an interest is
expressed and maintained for any area of ADP.
-------
NDPD OPERATIONAL DIRECTIVE NO. 120.01 Page 2 of 2
d. Produce a monthly publication to keep users abreast of current events as they
pertain to the Agency's policies and procurement of office automation equipment.
e. Hours of operation will be from 8:00 a.m. to 5:00 p.m., Monday through Friday,
except for holidays or declared emergency shutdowns.
f. Provide conference space for computer-related meetings.
g. Host an annual open house and a hardware/software show.
h. Maintain a library of technical manuals covering Agency standard hardware and
software.
i. Provide assistance to EPA and contractor facilities personnel in the start-up and
operations of field information centers.
j. Provide access to various terminals, PC's, graphics and optical scanner equipment
on a limited basis.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: WIC Weekend Processing NO. 120.02
APPROVAL: A^kC ,V 'A < i' DATE: '
1.0 PURPOSE
This policy specifies weekend services provided by the Washington Information Center (WIC).
2.0 SCOPE & APPLICABILITY
This policy applies to all personnel at the Washington Information Center. Services described
are for EPA and contractor personnel using the WIC computing facilities.
3.0 RESPONSIBILITIES
The FM contractor is responsible for adequately staffing the WIC in order to provide users with
weekend processing support. All personnel at the WIC will be instructed in weekend processing
procedures. An updated list of on-call personnel will be maintained and readily available.
4.0 POLICY
a. Production Services will be provided to all EPA and EPA contractors at the I/O
window until 4:30 p.m. on Saturday. The I/O window will reopen for service
at 10:00 a.m. on Sunday and remain open until 6:00 p.m.
b. Telephone support from the Computer Operations group will be available from
7:00 a.m. to 5:00 p.m. on Saturday, and from 10:00 a.m. until 6:00 p.m. on
Sunday.
c. All print and special forms requests submitted to the WIC will be printed by
end-of-day processing.
d. Telecommunications user support will be provided via telephone.
e. The Technical Center will provide telephone user support between the hours of
9:00 a.m. and 5:00 p.m. on Saturday, and from 10:00 a.m. until 6:00 p.m. on
Sunday.
f. The Technical Center and the Terminal Room will be open on Saturday until
4:30 p.m. and on Sunday until 6:00 p.m. for use by EPA and contractor
personnel.
g. The WIC will be closed from 5:00 p.m., Saturday, until 10:00 a.m., Sunday.
It will be closed again at 6:00 p.m. (or upon completion of end-of-day pro-
cessing) until 7:00 a.m., Monday.
Indicates change.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: WIC Payroll Processing NO. 120.04
APPROVAL: M £..?.' ^ DATE:
1.0 PURPOSE
These policies specify processing requirements for the EPA payroll at the Washington
Information Center.
2.0 SCOPE & APPLICABILITY
These policies apply to all personnel at the Washington Information Center and all EPA payroll
officers and contractors.
3.0 RESPONSIBILITIES
The WIC processes payroll for the EPA on a biweekly schedule on Tuesday night between 1600
A A i\r\ t T? A. _^^.AALL^. MM.MMII /I_?L7*V "DAM^I T*An«t«mt AM si A «trom10\ infAmnafrmn
and 2400 nours. Four tapes containing payroll (EFT, Bond, Treasury, and Awards) information
are transmitted from the NCC-IBM to the 4381 at the WIC. The Chief, WIC, will maintain the
IBM 4381 as a disaster backup site for the Payroll system on the mainframe computer.
4.0 POLICIES
a. The NCC-IBM operator will call and give the WIC operator job numbers for the
EFT, Bond, Treasury, and Awards tapes.
b. The WIC second shift operator will reconfigure the 4381 for processing the
payroll on scheduled nights.
c. The WIC operator will log on to the NCC-IBM 3090 to track the payroll tapes.
d. The WIC operator will mount, copy, and scan the tapes for errors.
e. The payroll tapes will be forwarded to WIC I/O Control for distribution to the
payroll bin located at the WIC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: WIC PC Systems Support NO. 120.07
APPROVAL: J . - ..', , ; DATE:
1.0 PURPOSE
This policy identifies the primary functions of the PC Systems Support Group at the Washington
Information Center (WIC).
2.0 SCOPE & APPLICABILITY
This policy establishes support requirements which are to be made available to all EPA and
contractor personnel whose offices are participating in the WIC's Operational Service Agreement
(OS A) program. Offices not participating in the OS A do not receive systems support from the
WIC. Provided support will be within the confines of sound operational and security practices
as defined in other NDPD policies and directives.
3.0 RESPONSIBILITIES
The Information Center's Branch Chief is responsible for defining the services to be offered by
WIC and for overseeing the implementation of the OSA that is signed by Headquarters offices.
Systems Support personnel are responsible for providing support for microcomputer equipment
and software.
4.0 POLICY
Personnel in the Systems Support Group will:
a. Respond to incoming calls for installation and troubleshooting assistance in
support of Agency approved/purchased hardware and software. The Group will:
(1) Monitor the dispatch desk from 8:00 a.m. to 5:00 p.m. , Monday through
Friday.
(2) Maintain a log of all incoming calls, assign "ticket numbers" to each call,
and route the calls to appropriate members in the Group.
(3) Respond to hardware and software troubleshooting calls within 2 working
hours after a request is received.
(4) Complete hardware installation calls within 3 working days after a request
is received.
(5) Complete software installation calls for Agency approved/purchased
software within 5 working days after a request is received.
(6) Maintain a data base of resolutions to problems, parts replaced, etc.
-------
NDPD OPERATIONAL DIRECTIVE NO. 120.07 Page 2 of 2
(7) Analyze the data base on a quarterly basis to identify recurrent problems.
Advertise problems through training classes or other methods of communi-
cation (e.g., newsletters, user memos, etc.).
b. Serve as the liaison between Headquarters offices and third party maintenance
vendors who need to be contacted to repair equipment. The Group will contact
the vendor, report a suspected problem, and monitor the performance of the
vendor to ensure that service calls are responded to within 8 working hours after
a call has been placed. If equipment is not repaired within 16 working hours
after a service call is received, the WIC will coordinate the installation of leaner
equipment (provided by the third party vendor) to replace the hardware
experiencing problems.
c. Maintain the EPA PC Bulletin Board Service (BBS):
(1) The Bulletin Board will remain operational 95 percent of the time during
a 24-hour period.
(2) New files for the Bulletin Board will be tested for viruses and uploaded
to the system within 10 working days after their receipt.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: WIC PC Satellite Support NO. 120.08
APPROVAL: &: * v .. DATE:
1.0 PURPOSE
This policy identifies the primary functions of the PC Satellite Support Group at the Washington
Information Center.
2.0 SCOPE & APPLICABILITY
This policy establishes support requirements which are to be made available to all EPA and
contractor personnel whose offices are participating in the WIC's Operational Service Agreement
(OSA) program. Offices not participating in the OSA do not receive satellite support from the
WIC. Provided support will be within the confines of sound operational and security practices
as defined in other NDPD policies and directives.
3.0 RESPONSIBILITIES
The Information Center's Branch Chief is responsible for defining the services to be offered and
for overseeing the implementation of the OSA that is signed by Headquarters offices. PC
Satellite Support Group personnel are responsible for providing onsite assistance to Headquarters
offices in the areas of microcomputers, word processing, local area networks, PC graphics, and
PC/mainframe data access support.
4.0 POLICY
PC Satellite Support Group personnel provide assistance in the areas requested by their Program
Office sponsors. Therefore, the scope of work performed by these individuals varies from
jgram Office sponsor.
a. Serve as liaison between the NDPD and the EPA Program Office.
b. Respond to incoming hardware and software calls within 4 working hours after
receipt of call.
c. Determine whether a call should be referred to the WIC and contact the WIC for
assistance as necessary.
d. Complete hardware installations within 3 working days after receipt of equipment.
e. Complete software installation within 5 working days after a request is received.
f. Resolve software troubleshooting calls within 8 working hours after the initial
response is made.
-------
NDPD OPERATIONAL DIRECTIVE NO. 120.08 Page 2 of 2
g. Complete hardware calls within 16 working hours after the initial response is
made.
h. Provide one-on-one and informal seminar training within 4 weeks after a request
is received from an office.
i. Conduct an informal meeting with a user within 2 weeks after an individual
within the office attends a full-day WIC training course.
j. Establish and maintain a PC inventory for the EPA office. This entails
determining serial numbers for hardware, determining the software installed on
all PC systems within the office, and entering inventory information into an
automated PC inventory tracking system.
k. Completing procurement requests within 2 weeks after they are requested by the
Program Office. Based on guidance provided by the office, the specialist will
determine a purchasing mechanism for the hardware or software desired, gather
necessary pncing information, and provide the Program Office with complete
ordering information. The analyst will also be responsible for tracking all
outstanding procurements, using an automated tracking system developed for the
office.
1. Provide assistance or complete Telecommunications Service Requests (TSR's)
whenever they are required. Specialists serving as LAN System Administrators,
in particular, will ensure that all the necessary paperwork is completed as the
LAN plan and installation proceed.
m. Perform hardware and software evaluations as requested by the Program Office.
These evaluations will encompass both new and upgraded products. A written
report will be provided to the Program Office and the Technology Assessment
Program as each evaluation is completed.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: WIC Unix, GIS, and Minicomputer Services NO. 120.09
APPROVAL:
1.0 PURPOSE
This policy identifies the primary functions of the Unix, Geographical Information Systems
(GIS), and minicomputer support group at the Washington Information Center (WIC).
2.0 SCOPE & APPLICABILITY
This policy establishes support requirements which are to be made available to all EPA and
contractor personnel whose offices are participating in the WIC's Operational Services
Agreement (OSA) program. Provided support will be within the confines of sound operational
and security practices as defined in other NDPD policies and directives.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The Information Centers Branch Chief is responsible for defining the services to be offered and
for overseeing the implementation of the OSA that is signed by Headquarters offices. The Unix,
GIS, and minicomputer support group personnel are responsible for onsite assistance to
Headquarter offices in the areas of Unix, GIS, minicomputer, mini/mainframe data access under
technical guidance and coordination from NDPD Unix, Data General, GIS, and VAX central
support staffs.
4.0 POLICY
Unix, GIS, and minicomputer support group personnel provide assistance in the areas requested
by their program office sponsors. The scope of work performed by these individuals varies
from person to person based on the requirements of the program office. Tasks performed by
the analyst encompass the entire realm of data processing support with the exclusion of
application programming, data entry, and tasks that would be interpreted as personal services.
5.0 DEFINITIONS
See Operational Service Agreement.
6.0 STANDARDS
The Operational Service Agreement describes the duties to be performed and measurements
specific to the program office needs. Other duties, however, can be added as needed upon the
review/approval of the EPA Technical Monitor.
-------
NDPD OPERATIONAL DIRECTIVE NO. 120.09 Page 2 of 2
7.0 PROCEDURE REFERENCES
See Satellite Workplan. Also see weekly reports, monthly reports, ad hoc reports, meeting
minutes, quarterly evaluations, and quality cards submitted to the EPA Technical Monitor.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Central Data Base Administration NO. 130.01
APPROVAL: jv-^. SiJleJz DATE:
1.0 PURPOSE
This policy governs the administration of the Central Data Base Management Environment,
which includes CICS and AD ABAS, mainframe RDBMS, and any accesses to these
environments (e.g., through CICS, TSO, Batch, FOCUS, Extract/A, PCLANs, APPC, and
GUI).
2.0 SCOPE & APPLICABILITY
This policy establishes the responsibilities of individuals and organizations using or providing
central data base environment such as the following:
End users, ad hoc users, and developers.
Application Data Base Administrators (ADBAs).
Application System Managers (ASMs).
Data Administrators (DA).
CICS System Administrator (SA).
Data Base Administration.
Central Data Base Administrator.
3.0 RESPONSIBILITIES
,3.1 CENTRAL DATA BASE ADMINISTRATOR (CDBA)
The CDBA is responsible for the establishment, operation, performance, maintenance, and
security of the ADABAS central data base environment.
3.2 TECHNICAL CONSULTANT (TC/DBSS)
The TC/DBSS supports the CDBA function as support staff by performing all required central
environment reviews. Through telephone reviews, the TCs help the ADBAs develop
applications that meet the performance requirements and standards of the Central Environment
in a cost-effective manner.
3.3 DATA ADMINISTRATOR
:The Data Administration function is performed under the general direction of the Office of
Information Resources Management (OIRM) and is directed toward managing data as an Agency
information resource and ensuring the appropriate use of Data Base Management System
(DBMS) technology.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01 Page 2 of 5
3.4 APPLICATION DATA BASE ADMINISTRATOR
Each application using a central DBMS environment will be supported by an ADBA. The
ADBA serves in a role similar to that of the DA and the CDBA, except that he/she focuses on
individual applications.
3.5 CICS SYSTEM ADMINISTRATOR (SA)
The SA supports the CDBA in fulfilling his/her responsibilities with regard to CICS.
3.6 APPLICATION SYSTEM MANAGER
The ASM is responsible for those functions ordinarily performed in the context of computer
application system development. For new applications, this includes the feasibility study,
general and detailed system design, program development, system testing, acceptance testing,
and implementation. For production applications, this includes testing and implementing
changes, corrections, and enhancements. The ADBA is responsible for this role if the ASM is
not assigned.
3.7 USERS
Users are responsible for adhering to all policies, procedures, and security requirements, and
for using the central environment in an efficient and responsible manner.
4.0 POLICY
Any Central DBMS Application using ADABAS will be supported, managed, or accessed using
the roles described in Section 3.0. The CDBA will control access and support ADABAS
applications in relationship to these roles and their corresponding responsibilities.
5.0 DEFINITIONS
5.1 CENTRAL DATA BASE ADMINISTRATOR
a. Operates the development and production environments during normal NCC-IBM
production hours, except for periods of unscheduled maintenance due to hardware
or software problems, and periods of scheduled maintenance due to the
unavailability of timely nonproduction test time. The goal for availability is that
scheduled and unscheduled maintenance will not exceed 5 percent of production
time during any quarter.
b. Establishes and maintains up-to-date procedures governing access and use of the
central environment, including ad hoc use and access.
c. Tests, implements, and maintains all central environment software and configura-
tions, including data bases, data base files, disk space, and accesses. ASMs,
ADBAs, DAs, and users will be notified before changes which impact them are
made. Notification will normally occur 30 days prior to the change being
implemented.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01 Page 3 of 5
d. Approves or disapproves the use of the central environment for each application
system.
e. Serves as principal contract and resolves all central environment issues and
technical problems.
f. Removes, corrects, or prevents the introduction of any application system that
unacceptably degrades the performance of the central environment or threatens
the integrity of data.
g. Provides technical consultation to ASMs, ADBAs, users, and DAs on the central
environment.
h. Establishes and maintains review requirements for the entire Software Develop-
ment Life Cycle (SDLC) for logical design, physical design, and test and
acceptance for application systems.
i. Schedules, reviews, and recommends acceptance, conditional acceptance, or
rejection of logical designs to the DA.
j. Schedules, reviews, and accepts, conditionally accepts, or rejects physical
designs.
k. Schedules, reviews, and accepts, conditionally accepts, or rejects application
systems for production operation through test and acceptance reviews.
1. Establishes security requirements for the central environment and minimum
security requirements for application systems within the central environment.
m. Establishes procedures for monitoring the performance of the central environ-
ment.
n. Controls the central environment and its configuration.
o. Controls and operates, on behalf of the ADBAs and ASMs, utilities that are not
released to them because of security or data integrity considerations.
p. Establishes policies and procedures related to the use of ancillary software and
hardware products that interface with the central environment.
q. Establishes and maintains a test environment for testing software and environmen-
tal configurations.
r. Establishes and chairs a standards committee for the preparation and approval of
standards for the central environment.
Note: The entire SDLC reviews for those applications or systems developed using I-Case,
upper-case, and/or lower-case tools may vary from the reviews provided in Item 5.1.1.
through S.l.k.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01 Page 4 of 5
5.2 DATA ADMINISTRATOR
a. Collects, controls, and manages information about the Agency's data.
b. Serves as a focal point for identifying and coordinating development of ADP
policies and procedures relating to Agency data and data sharing issues.
c. Establishes criteria relating to information required for an Agency dictionary.
d. Coordinates the establishment of naming conventions and of data element editing
and validation standards.
e. Ensures adherence to Agency data policies and standards.
f. Controls the Agency's central table system.
g. Establishes criteria relating to the appropriate use of data base technology.
h. Provides consultation support in the areas of feasibility study and logical data base
design.
i. Reviews all studies and approves or disapproves feasibility studies requesting the
useofADABAS.
j. Reviews all logical data base designs, taking into consideration the CDBA's
critique of the designs.
5.3 APPLICATION DATA BASE ADMINISTRATOR
a. Serves as the lead technical resource to assist the ASMs, developers, and end
users of the application.
b. Reviews application requirements analyses. Evaluates the use of data base
technology m general and ADABAS or a RDBMS in particular.
c. Assists and guides the Application Developers in the preparation of logical and
physical designs.
d. Reviews and approves logical and physical designs before they are sent to the DA
and CDBA for review and acceptance, consulting with the DA on Agency data
standards and potential data sharing.
e. Ensures the appropriate use of data base techniques in application design and
implementation, consulting with the CDBA.
f. Reviews and approves user acceptance test plans and CDBA Test and Acceptance
plans.
g. Reviews, approves, and enforces application quality assurance plans.
h. Monitors the performance efficiency of the application, investigates potential
areas for improvement, and guides the developers in implementing improvements.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01 Page 5 of 5
i. Serves as the principal application technical liaison among the ASM, DA, and
CDBA.
j. Ensures that the application is developed in compliance with all applicable ADP
and CDBA policies, procedures, and standards.
5.4 APPLICATION SYSTEM MANAGER
a. Recommends and justifies the use of data base technology in general and
ADABAS or RDBMS in particular in the feasibility study.
b. Develops the logical and physical designs under the guidance of the ADBA, DA,
and CDBA.
c. Develops the user acceptance test plan and the CDBA Test and Acceptance plan.
d. Develops the application, making appropriate use of data base techniques.
e. Monitors performance and improves efficiency.
f. Ensures that the application is developed in compliance with all applicable ADP
and CDBA policies, procedures, and standards.
5.5 USERS
a. Use the central environment in accordance with policies, procedures, and
standards.
b. Use the central environment in an efficient and responsible manner.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
National Data Processing Division. ADP Operations Management Branch.
(Location: NCC-IBM Mainframe, on-line data set, printable with the following
JCL: JUSD.ADABAS.DATA(ADBSADPM))
b. U. S. Environmental Protection Agency. (1990) CICS Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing
Division. ADP Operations Management Branch. (Location: NCC-IBM Main-
frame, on-line data set, printable with the following JCL:
JUSD.CICS.DATA(CICSADPM))
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Production AD ABAS Performance NO. 130.02
APPROVAL: f7
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.02 Page 2 of 3
5.0 RATIONALE
Two major performance problems involving an on-line ADABAS environment are command
volume and command complexity.
Command volume is the number of consecutive commands issued to ADABAS without an
interruption
(usually caused by terminal I/O). A large uninterrupted command volume tends to monopolize
the ADABAS buffer pool and other CICS resources.
Command complexity is the amount of work ADABAS must do to service a given command.
A good measure of complexity is the number of physical I/Os that a single command initiates.
Complex commands tend to cause a large number or blocks to be read into the ADABAS buffer
pool. These are usually accessed only once. Non-complex or simple commands tend to use a
small number of blocks repetitively. Examples of complex commands are S2 (FIND SORTED),
and S1/S4 (FIND) with multiple search criteria or highly skewed descriptor values. An example
of non-complex commands is S1/S4 (FIND) with a single descriptor. Although there are many
valid uses for complex commands, real time retrieval during prime time shifts is not one of
them. The biggest problem with complex command structures is that the end user must wait
beyond the normal 2 to 5 second range. Studies have shown that excessive response time leads
to user dissatisfaction with the system and loss of productivity.
6.0 ENFORCEMENT
The CDBA has the authority to deny Production ADABAS environment access to any program
that does not comply with NDPD policy. Any program which does not conform is subject to
removal from the environment after a 30-day grace period allowing for correction. Any
Production interactive session or Production batch job which violates this policy excessively
(such as consuming more than 25 percent of ADABAS resources) is subject to immediate
cancellation.
7.0 DEFINITIONS
None.
8.0 STANDARDS
a. See Policy 210.02, "NDPD IBM Mainframe Service Levels" for the requirements
related to on-line response time.
b. See Central Data Base Management Environment Standards, NAT2001,
"NATURAL 2 Program Coding Techniques," and NAT2005, "NATURAL 2
Program Process Techniques," for efficient coding techniques.
9.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
National Data Processing Division. ADP Operations Management Branch.
(Location: NCC-IBM Mainframe, on-line data set, printable with the following
JCL: JUSD.ADABAS.DATA(ADBSADPM))
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.02 Page 3 of 3
b. U. S. Environmental Protection Agency. (1990) CICS Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing
Division. ADP Operations Management Branch. (Location: NCC-IBM Main-
frame, on-line data set, printable with the following JCL:
JUSD.CICS.DATA(CICSADPM))
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Development AD ABAS Environment Availability NO. 130.03
JtV^fl rt « fit 0
APPROVAL: WU £u "--*< DATE:
1.0 PURPOSE
This policy establishes the availability of the NCC's ADABAS Development environment.
2.0 SCOPE & APPLICABILITY
This policy applies to all Development regions and Development activities within the NCC
ADABAS central environment.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
It is the responsibility of the Central Data Base Administrator (CDBA) and the CDBA's Data
Base Support Services (DBSS) staff to adhere to and enforce this policy. It is the responsibility
of Application System Managers, Application System Project Officers, Application Data Base
Administrators (ADBAs), and application developers to adhere to this policy.
4.0 POLICY
a. The Development environment will be used for general ADABAS development
activities. Other regions may be available for special activity groups/applications.
b. The Development environment will normally be available during scheduled
production hours of the NCC-IBM. Planned maintenance that requires bringing
the environment down will be announced to the user community via User Memos
and/or News Alerts.
c. The data bases and NATURAL libraries will be backed up nightly and recovered
automatically when system software or hardware problems compromise the data
or libraries. Upon request from the ADBA, date base files and libraries will be
restored from a prior date if feasible. Restoration will normally be accomplished
within two working days.
d. Unless written agreement is obtained from the CDBA, application systems or
subsystems may be removed from the Development environment and archived
after 60 days of inactivity. The application will be reinstalled when a written
request justifying the need is received from the ADBA. The request must
indicate the approval of the CDBA. Artificial activities to avoid archiving will
be monitored and rejected.
e. Applications may not be run for Production purposes.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.03 Page 2 of 3
f. NDPD will provide sufficient ADABAS files and disk space to ensure that the
user community at all times has space available within the development
environment to develop, modify, and maintain ADABAS applications. To
achieve this:
(1) An application system or subsystem may not have data base files until the
logical design has been recommended, or conditionally recommended, for
acceptance to the Data Administrator by the CBDA. The ADBA must also
indicate that development is ready to begin.
(2) The number of files assigned to the application will be determined by the
CDBA based upon the number of unused files available and the apparent
number of files that will result from the approved physical design. The
number of files allowed will be adjusted at the time of the physical design
review.
(3) Normally, no more than two cylinders of data per file will be allowed.
Exceptions may be approved by the CDBA. A need for table files and
system testing are examples of exception requirements. Requests for
exceptions should be made in writing two months prior to the time of
need. The availability of disk space is not guaranteed.
(4) Prototyping of an application system or subsystem may be done. Written
notification justifying the need for prototyping and the duration of the
prototyping must be submitted to the CDBA for approval. Prototyping
will not be allowed until a conceptual design defining, describing, and
normalizing all data has been accepted by the CDBA. Only the minimum
number of files to fulfill the needs of the prototype will be provided;
normally this will be one file. If multiple files are needed to demonstrate
efficiency or cost, the results of the efficiency or cost analysis must be
submitted to the CDBA.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
National Data Processing Division. ADP Operations Management Branch.
(Location: NCC-IBM Mainframe, on-line data set, printable with the following
JCL: JUSD.ADABAS.DATA(ADBSADPM))
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.03 Page 3 of 3
b. U. S. Environmental Protection Agency. (1990) CICS Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing
Division. ADP Operations Management.Branch. (Location: NCC-IBM Main-
frame, on-line data set, printable with the following JCL:
JUSD.CICS.DATA(CICSADPM))
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
ase nvronmen evew erormance . .
&$. '&£<<: J< DATE: //?/* >j
TITLE: Data Base Environment Review Performance NO. 130.04
APPROVAL:
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04 Page 2 of 5
The ADBAs and/or System Managers will ensure that each review request is properly
documented and has met all the requirements given in the Application Development Procedures
manual, central environment standards, and other applicable standards or guidelines. Each
ADBA and/or System Manager will be able to access information in DBST related to his
application.
4.0 POLICY
The purpose of these written reviews is to provide positive feedback to the user application
groups that requested the reviews. Reviews can be on new applications (initial reviews) and on
existing applications (subsequent reviews) for the purpose of clarification, correction or
modification. Systems designed using one of the recognized CASE products (ADW, IEF, or
BACHMAN) must submit the minimum required information in machine readable format, to be
supplemented by any other required information in a format to be agreed upon.
a. Initial Reviews. All new applications in AD ABAS, CICS, and RDBMS
applications will be reviewed. DBSS will enter information into DBST on the
status of the review when a complete and acceptable request is received, when the
review is scheduled, and when the write-up of the review is completed. Data
entry will be completed within 1 workday of the event.
Initial reviews will be processed by type as follows:
(1) Logical, Physical, System, and Program Design Reviews. The goal is for
the CDBA to begin his reviews within 8 workdays of receiving the request
and all required documentation. Each review will be completed within 5
workdays (10 workdays for applications using CASE products) from the
start date. Written results of the review will be forwarded to the CDBA,
who will evaluate the review, resolye any differences with the DBSS
Technical Consultant, and publish their joint findings within 4 workdays.
At the option of the ADBA, a developer can submit a draft of Logical,
Physical, System, and Program Design Reviews. Due to the complexity
of CASE technology, this option is highly recommended for applications
designed using CASE products. These reviews will be processed in a
manner similar to that outlined above. The goal is for the Technical
Consultant to review these drafts within 12 workdays of receiving the
draft and required documentation. Written comments made by DBSS on
the review will be entered in the DBST system with an Email copy
forwarded to CDBA and the developer. Comments on the review will be
completed within 4 workdays.
(2) Test and Acceptance Review. The goal is for the Technical Consultant to
begin these reviews within 8 workdays of receiving the request and all
required documentation. The amount of time needed for these reviews is
governed by the size and complexity of the application and the quality of
the documentation. A nominal goal is one month. The review is then
sent to the CDBA, who will publish his findings within 5 workdays.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04 Page 3 of 5
(3) Special Consideration during Test and Acceptance Reviews. During the
Test and Acceptance Review, programs will be reviewed in consideration
of the environment in which they will be operating. Special consideration
will be given during the review process to those program(s) that have
already been reviewed as part of an existing application, system, or
subsystem (e.g., a common Batch Retrieval subsystem).
(4) Initial Production. After the Test and Acceptance Review has been
completed and approved, several critical events must occur before an
application can be placed into production status. These events are (a) all
production files must be established, (b) the initial production data must
be loaded, (c) NATURAL Security, ADABAS Security profiles, CICS
security and table changes, and Oracle or DB2 privileges must be
established for each file, relational object, library, user, and/or group of
the application, and (d) integration tests must be performed by the ADBA
to verify that the application will execute as expected. This process may
take from 3 to 8 days depending on the complexity of all security
requirements and the size and nature of the application data base. This
time must be considered in the implementation plans/schedules prepared
by the application owner or manager.
b. Subsequent Reviews. A request for a review is originated by the ADBA. The
reviews are written by the CDBA and returned to the requestor. The process can
be repeated for further changes. All changes and/or additions to production
applications must be reviewed. Proper and complete review request documents
shall be submitted to the CDBA and DBSS Technical Consultant before a formal
review can be undertaken. Reviews will be processed by type as follows:
(1) Routine Changes. Routine changes (having no significant effect on
efficiency or conformance with standards) will be accepted no more than
once a week per application system on a schedule set by the DBSS
Technical Consultant and the ADBA. The reviews will be completed
within 1 workweek and data entry will be made within 1 workday
following completion of the review.
(2) Urgent Changes. Urgent changes are those needed to make an application
usable. They will be given priority over all other reviews and, if
possible, reviews will be completed via Email or phone. DBST data entry
will be completed within 1 workday.
(3) Enhancements. Small or non-complex enhancements may be processed
as routine changes if agreed upon between the DBSS Technical Consultant
and the ADBA. Enhancements not processed as routine changes will be
processed as Test and Acceptance Reviews.
(4) Cumulative Changes. A DBSS review write-up is required when:
A Logical or Physical Data Base Design is changed by adding a
new file or deleting an existing file.
A series of small independent changes have cumulatively changed
the composition of the file design since the last formal review and
write-up.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04 Page 4 of 5
(Non-RDBMS only) Moderate changes are made to program or
program groups. Examples are the addition of a regional reporting
subsystem, a new or greatly changed batch retrieval system, a
reporting program with a new set of complex search criteria, or
when an existing application is converted from one major language
level to another.
c. Discontinuance of Review. Reviews may have to be discontinued because further
progress cannot be made until additional action is completed by the ADBA. For
example, if many of the programs fail, then performance efficiency cannot be
determined. The ADBA and CDBA must be informed of the needed action via
Email or phone within 1 workday. The schedule will be Devaluated when the
ADBA has completed the action. The delay and its cause will be entered into the
comments field of DBST. These discontinuances will not be reported as
exceptions.
5.0 DEFINITIONS
None.
6.0 STANDARDS
See data set JDMS.CDBA.STDS for ADABAS/NATURAL/RDBMS review memos:
Member Review
APLOG Logical Design for ADABAS and DB2
APPHY Physical Design for ADABAS
PHYRDBMS Physical Design for DB2 and Oracle
APTNAL Test & Acceptance (long form)
APTRDBMS Test & Acceptance for RDBMS (long form)
APTNAS Test & Acceptance (short form)
APTRDBMS Test & Acceptance for RDBMS (short form)
Also see member names beginning with GEN, NAT, PDIC, SQL, and STDF for other CDBA
policies, standards, and guidelines.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
National Data Processing Division. ADP Operations Management Branch.
(Location: NCC-IBM Mainframe, on-line data set, printable with the following
JCL: JUSD.ADABAS.DATA(ADBSADPM))
b. U. S. Environmental Protection Agency. (1990) CICS Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing
Division. ADP Operations Management Branch. (Location: NCC-IBM Main-
frame, on-line data set, printable with the following JCL:
JUSD. CICS. D ATA(CICS ADPM))
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04 Page 5 of 5
c. Platinum On-Line Guide. (1992) Updates made by the National Data Processing
Division. ADP Operations Management Branch. Research Triangle Park, NC:
Office of Information Resources Management (OIRM). (Location: NCC-IBM
mainframe, in Platinum On-Line Guide, printable within the Guide.)
d. U. S. Environmental Protection Agency. (1992) Relational Database Management
Systems (RDBMS) Policies, Procedures, Standards, and Guidelines (Document
No. 0055-003-PM-1022A). Office of Information Resources Management.
(Location: NCC-IBM Mainframe, in Platinum On-Line Guide, printable within
the Guide.)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: DB£ Roles and Responsibility NO. 130.05
APPROVAL: '$**^'&-J DAVE:
1.0 PURPOSE
The purpose of this document is to establish the roles and responsibilities of those who use or
provide support for the Database 2 (DB2) relational environments.
2.0 SCOPE & APPLICABILITY
This policy establishes the responsibilities of individuals and organizations using or providing
support to the central data base environment including: Central Data Base Administrator, Data
Administrator, Application Data Base Administrator, Application System Managers, Application
Developers, Security Administrator, and the users.
3.0 RESPONSIBILITIES
3.1 CENTRAL DATA BASE ADMINISTRATOR (CDBA-DB2)
The CDBA is responsible for the establishment, operation, performance, maintenance, and
security of the DB2 central data base environments.
3.2 DATA ADMINISTRATOR (DA)
The Data Administration function is performed under the general direction of the Office of
Information Resources Management (OIRM). The DA is responsible for managing data as an
Agency information resource and ensuring the appropriate use of DBMS technology.
3.3 APPLICATION DATA BASE ADMINISTRATOR-DB2 (ADBA-DB2)
Each application using a central DBMS environment will be supported by an ADBA. The
ADBA serves in a role similar to that of the DA and CDBA, except that he/she focuses on
individual applications.
3.4 APPLICATION SYSTEM MANAGER (ASM)
The ASM is responsible for those functions ordinarily performed in the context of computer
application system development. For new applications, this includes the feasibility study,
general and detailed system design, program development, system testing, acceptance testing,
and implementation. For production applications, this includes testing and implementing
changes, corrections, and enhancements. The ADBA is responsible for this role if the ASM is
not assigned.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05 Page 2 of 6
3.5 APPLICATION DEVELOPERS
The Application Developers are responsible for the development, coding and design of
applications using DB2.
3.6 SECURITY ADMINISTRATOR
The Security Administrator is responsible for providing the security needed to protect the use
of the data base resources at the application level.
3.7 USERS
Users are responsible for adhering to all policies, procedures, and security requirements, and
for using the central environment in an efficient and responsible manner.
4.0 POLICY
Any Central DBMS Application using DB2 will be supported, managed, or accessed using the
roles described in Section 3.0. The CDBA will control access and support DB2 application in
relationship to these roles and their corresponding responsibilities.
5.0 DEFINITIONS
5.1 CENTRAL DATA BASE ADMINISTRATOR (CDBA - DB2)
a. Operates the development and production environments during normal NCC-IBM
production hours, except for periods of unscheduled maintenance due to hardware
or software problems, and periods of scheduled maintenance due to the
unavailability of timely nonproduction test time. The goal for availability is that
scheduled and unscheduled maintenance will not exceed 5 percent of production
time during any quarter.
b. Establishes and maintains up to date procedures governing access and use of the
central environment, including ad hoc use and access.
c. Test, implements, and maintains all central environment software and configura-
tions. ASMs, ADBAs, DAs, and users will be notified before changes that
impact them are made.
Notification will normally occur 30 days prior to the change being implemented.
d. Advises application user groups of any application system that unacceptably
degrades the performance of the central environment or threatens the integrity of
data.
e. Provides technical consultation to ASMs. ADBAs, users, and DAs on the central
environment.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05 Page 3 of 6
f. Schedules, and reviews, and accepts, conditionally accepts, or rejects national or
important application systems for production operation through test and
acceptance reviews.
g. Establishes security requirements for the central environment and minimum
security requirements for application systems within the IBM central environment
as well as assisting groups on other platform environments in their security
requirements.
h. Establishes procedures for monitoring the performance of the central environment.
i. Controls the central environment and its configuration.
j. Controls and operates on behalf of the ADBAs and ASMs utilities that are not
released to them because of security or data integrity considerations.
k. Establishes policies and procedures related to the use of ancillary software and
hardware products that interface with the central environment.
1. Establishes and maintains a test environment for testing software and environmen-
tal configurations.
m. Establishes and chairs a standards committee for the preparation and approval of
standards for the central environment.
n. Serve as second level support for evaluating application file growth and space
utilization.
o. Provide second level data base backup and recovery.
p. Schedules, reviews, and recommends acceptance, conditional acceptance, or
rejection of logical designs to the DA.
q. Schedules, reviews, and accepts, conditionally accepts, or rejects physical
designs.
r. Schedules, reviews, and accepts, conditionally accepts, or rejects application
systems for production operation through test and acceptance reviews.
Note: Reviews for application or systems developed using I-CASE, Upper CASE,
and/or Lower CASE tools may vary from the standard review process.
5.2 DATA ADMINISTRATOR (DA)
a. Collects, controls, and manages information about the Agency's data.
b. Serves as a focal point for identifying and coordinating development of ADP
policies and procedures relating to Agency data and data sharing issues.
c. Establishes criteria relating to information required for an Agency dictionary.
s
d. Coordinates the establishment of naming conventions and of data element editing
and validation standards.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05 Page 4 of 6
e. Ensures adherence to Agency data policies and standards.
f. Controls the Agency's central table system.
g. Establishes criteria relating to the appropriate use of data base technology.
h. Provides consultation support in the areas of feasibility study and logical data base
design.
i. Reviews all studies and approves or disapproves feasibility studies requesting the
use of DB2.
j. Reviews all logical data base designs, taking into consideration any DA's or
CDBA's critique of the designs.
5.3 APPLICATION DATA BASE ADMINISTRATOR-DB2 (ADBA-DB2)
a. Serves as the lead technical resource to assist the ASMs, developers, and end
users of the application.
b. Reviews application requirements analyses. Evaluates the use of date base
technology in general and DB2 or a RDBMS in particular.
c. Assists and guides the Application Developers in the preparation of logical and
physical design.
d. Reviews and approves logical and physical designs before they are sent to the DA
and CDBA for review and acceptance, consulting with the DA and CDBA on
Agency data standards and potential data sharing.
e. Ensures the appropriate use of data base techniques in the application design and
implementation, consulting with the CDBA.
f. Reviews and approves internal unit acceptance test plans and the entire application
acceptance test plans that are submitted to the CDBA.
g. Reviews, approves, and enforces application quality assurance plans.
h. Monitors the performance efficiency of the application, investigates potential
areas for improvement, and guides the developers in implementing improvements.
i. Serves as the principal application technical liaison among the ASM, DA, and
j. Ensures that the application is developed in compliance with all applicable ADP
and CDBA policies, procedures, and standards.
k. Tests, implements, and maintains all application data bases, date base files, disk
space, and accesses. ASMs, CDBAs, DAs, and users will be notified before
changes that impact them are made. Notification will normally occur 30 days
prior to the change being implemented.
1. Approves or disapproves the use of the central environment for each application
system.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05 Page 5 of 6
m. Serves as principal contact and resolves all central environment issues and
technical problems.
n. Establishes and maintains review requirements for the entire Software Develop-
ment Life Cycle (SDLC) for logical design, physical design, and test and
acceptance for application systems.
5.4 APPLICATION SYSTEM MANAGER (ASM)
a. Recommends and justifies the use of data base technology in general and DB2 or
RDBMS in particular in the feasibility study.
b. Develops the logical and physical designs under the guidance of the ADBA, DA,
and CDBA.
c. Develops the user acceptance test plan and the CDBA Test and Acceptance plan.
d. Develops the application, making appropriate use of data base techniques.
e. Monitors performance and improves efficiency.
f. Ensures that the application is developed in compliance with all applicable ADP
and CDBA policies, procedures, and standards.
5.5 APPLICATION DEVELOPERS
a. Determines new application system design.
b. Performs programming or activities or enhancements for preparing data for table
population and writing SQL code for accessing DB2 data bases.
c. Conducts application design reviews before design is passed to the DAs and
ADBAs.
d. Executes performance and stress testing to meet performance objectives.
e. Implements data integrity rules through application code.
5.6 SECURITY ADMINISTRATOR
a. Maintains the groups needed in RACF for DB2 users.
*
b. Serves as the primary contact for adding new users to DB2 resources and RACF
groups.
c. Notifies the ADBA of any DB2 changes to the User-IDs and RACF groups.
d. Controls access to application data sets and resources.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05 Page 6 of 6
5.7 USERS
a. Use the central environment in accordance with policies, procedures, and
standards.
b. Use the central environment in an efficient and responsible manner.
c. Use, maintenance, and support of any ADHOC applications will be the
responsibility of the user.
6.0 STANDARDS
Central Data Base Administrator Standards/Guidelines as documented in "JDMS.CDBA.STDS".
7.0 PROCEDURE REFERENCE
7.1 CICS ENVIRONMENT
U. S. Environmental Protection Agency. (1990) CICS Application Development Procedures
Manual. Research Triangle Park, NC: National Data Processing Division. ADP Operations
Management Branch. (Location: NCC-IBM Mainframe, on-line data set, printable with the
following JCL: JUSD.CICS.DATA(CICSADPM))
7.2 DB2 ENVIRONMENT
U. S. Environmental Protection Agency, (publication pending) DB2 Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing Division. ADP
Operations Management Branch.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: DB2 Environments Availability NO. 130.06
APPROVAL: §&*«*££ VvJUe-P DATE: 3/30/9^
1.0 PURPOSE
This policy establishes the availability of the NCC's DB2 environments.
2.0 SCOPE & APPLICABILITY
This policy applies to all regions and activities within the NCC DB2 central environment. Any
deviation from this policy must be approved in writing by the NDPD Director.
3.0 RESPONSIBILITIES
It is the responsibility of the Central Data Base Administrator (CDBA) and the CDBA's Data
Base Support Services (DBSS) staff to adhere to and enforce this policy. It is the responsibility
of Application System Managers, Application System Project Officers, Application Data Base
Administrators (ADBA), and application developers to adhere to this policy.
4.0 POLICY
All DB2 environments will normally be available during scheduled production hours of the
NCC-IBM. Planned maintenance that requires bringing any environment down will be
announced to the user community via User Memos and/or News Alerts.
First level backup and recovery is the responsibility of the Application Data Base Administrator
responsible for that application.
The DBSS group will perform the function of backing up the data bases on a weekly basis.
Upon request from the ADBA, data base files and libraries will be restored from a pnor date
if feasible. Restoration will normally be accomplished within 2 working days.
5.0 DEFINITIONS
5.1 DEVELOPMENT ENVIRONMENT
5.1.1 Development for Production Applications
The development environment will be used for general DB2 development activities. These
activities will be migrated to the production environment through the QA environment. This
migration will ensure that adherence to all policies and standards has been met before an
application will be accepted as production. A Backup/Recovery Plan must be developed and
approved for applications before the application leaves the development environment.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.06 Page 2 of 2
5.1.2 Ad Hoc (Non-Production/Non-Supported) Applications
The development environment will be used for ad hoc (NPNS) applications. It is the
responsibility of the developer to backup their own application as deemed necessary. These ad
hoc applications are not moved into production without the reviews that ensure the application's
compliance with all applicable ADP and CDBA policies, procedures, and standards.
5.2 BETA & QA ENVIRONMENTS
The Beta/QA environment will be used for general DB2 beta or quality assurance activities. The
Beta area will be used as a pre-production QA environment. The QA area will be used for post-
production major enhancement QA testing. Applications will be moved to these environments
when the development cycle is complete and the application is ready for production. The
application will remain in these environments for 30-90 days. No changes are to be made to the
application in the QA environment.
5.3 PRODUCTION ENVIRONMENT
The production environment will be used for DB2 Production. Applications will be migrated
to production after first spending 30-90 days in the Beta or QA environments.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCE
7.1 CICS ENVIRONMENT
U. S. Environmental Protection Agency. (1990) CICS Application Development Procedures
Manual. Research Triangle Park, NC: National Data Processing Division. ADP Operations
Management Branch. (Location: NCC-IBM Mainframe, on-line data set, printable with the
following JCL: JUSD.CICS.DATA(CICSADPM))
7.2 DB2 ENVIRONMENT
U. S. Environmental Protection Agency, (publication pending) DB2 Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing Division. ADP
Operations Management Branch.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: DB2 Access NO. 130.07
APPROVAL: 8fei*ML o^v,''..,..- DATE:
1.0 PURPOSE
The purpose of this policy is to document and establish the access and authorization levels
needed to administer DB2 at the Environmental Protection Agency.
2.0 SCOPE & APPLICABILITY
This policy establishes the access levels needed for each of the DB2 environments and the level
of authorization needed to administer and develop DB2 applications.
3.0 RESPONSIBILITIES
It is the responsibility of the Central Data Base Administrator (CDBA) to establish the access
and authorizations needed by the Application Data Base Administrators (ADBAs) to administer
DB2 for their areas of responsibility. It is the responsibility of the ADBA in conjunction with
the Application RACF Security Administrator to ensure that all pertinent applications adhere to
NDPD policies.
S4.0 POLICY
The Environmental Protection Agency will use RACF Groups (Level 2-Secondary Authorization
IDs) to control access to DB2. The RACF Security Administrator (RSA) will work with the
Application Data Base Administrator (ADBA-DB2) to establish RACF groups associated with
different authorization levels necessary to implement a project.
5.0 DEFINITIONS
5.1 DB2 AUTHORIZATION LEVELS
DB2 Version 2 Release 1 has three levels of Authorization available:
Primary ID - This represents the user of the session. Individual authorization is
established and accounted for under this ID. This ID is known as the user's valid
IBM mainframe User-ID authenticated through RACF.
Secondary Authorization IDs - These are used to supplement the Primary ID
during RACF and DB2 authorization checking. The Secondary ID can represent
additional privileges for a user using the RACF Group authorization to which the
user belongs. This can be used effectively to reduce the load on the security
checking within DB2, and a user can be easily added/removed from a group
without impact upon DB2 by just connecting/disconnecting the User-ID from the
* RACF Group for which the authorization is defined.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
Page 2 of 7
SQL Authorization ID - This is used for authorization checking when issuing
DYNAMIC SQL statements. It can also be changed without terminating the
THREAD connection.
5.2 DB2 FUNCTIONAL AUTHORITIES
The following is a list of DB2 function levels broken down into two different groups: System-
Wide Authorities and Data Base-Wide Authorities.
Svstem-Wide Authorizations:
SYSADM
SYSOPR
BINDADD
BSDS
CREATEDBA
CREATEDBC
CREATEDSC
DISPLAY
RECOVER
STOPALL
STOSPACE
TRACE
RLIMIT
- Allows the user total control over any DB2 resource and may grant and/or
revoke from any other user the authority to access any resources.
- Allows the user the ability to issue certain DB2 commands but allows no
access to the data.
- Allows the user to create new application plans using the BIND
subcommand with the ADD option.
- Allows the user to issue the RECOVER BSDS command.
- Allows the user to create new data bases and automatically gives DBADM
authority over those data bases.
- Allows the user to create new data bases and automatically gives DBCTRL
authority over those data bases.
- Allows the user to create new storage groups.
- Allows the user to display system information by issuing the DISPLAY
command.
- Allows the user to issue the RECOVER INDOUBT command.
- Allows the user to issue the STOP DB2 command.
- Allows the user to use the STOSPACE utility.
- Allows the user to start and stop DB2 traces using the -START TRACE
and STOP TRACE commands.
- Allows the start and stop of the Resource Limit Facility (RLF) using the
-START RLIMIT and -STOP RLIMIT commands.
Data Base-Wide Authorizations:
DBADM - Allows the user total control over those data bases granted at this level.
DBCTRL
- Allows the user access to the utilities, to create tables and tablespaces but
not to access the data in the tables that have been created by another user
without being given access.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
Page 3 of 7
DBMAINT
CREATETAB
CREATETS
DISPLAYDB
DROP
IMAGCOPY
LOAD
RECOVERDB
REORG
REPAIR
iSTARTDB
STATS
STOPDB
- Allows the user access to the utilities that do not update. It does not allow
access to the tables created by another user.
- Allows the user to create tables in any existing tablespace in this data base.
- Allows the user to create tablespaces in this data base.
- Allows the user to check the data base and tablespaces in this data base
through the execution of the DISPLAY command.
- Allows the user to DROP the data base.
- Allows the user to run the COPY and MERGECOPY utilities against
tablespaces in this data base.
- Allows the user to run the LOAD utility to load tables in this data base.
- Allows the user to run the RECOVER and MODIFY utilities against table
spaces in this data base.
- Allows the user to run the REORG utility against tablespaces in this data
base.
- Allows the user to run the REPAIR utility against tablespaces in this data
base.
- Allows the user to start this data base by issuing the START
DATABASE command.
- Allows the user to run the RUNSTATS and CHECK utility against
tablespaces and indexes in this data base.
- Allows the user to stop this data base by issuing the STOP DATABASE
command.
6.0 STANDARDS
6.1 ACCESS TO DB2 ENVIRONMENTS
Access to DB2 RACF-defmed resources (DSNR) and DB2 TSO PROCs will be open to all users
with a valid IBM User-ID.
For applications which use ISPF to access Agency DB2 applications, a CLIST must be created
which allocates the application libraries to the Agency libraries. This CLIST will automatically
be executed at logon time. At a minimum, the application CLIST should reallocate the
SYSPROC DD so that application CLIST libraries are allocated before the Agency CLIST
libraries.
Access to development applications will be controlled by the ADBA through the DB2 PLAN
authorizations using either RACF groups to control access or by GRANTing the PLAN to
PUBLIC to allow global access.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
Page 4 of 7
Access to the data in any DB2 data base will be granted to RACF groups. The user will be
added to the RACF group by the Application Data Base Administrator (ADBA) assigned to
his/her project.
Access to DB2I (SPUFI) will be treated as an application and controlled by one or more RACF
groups. The use of SPUFI will be limited to the development environment.
Access to the Production environment will be controlled via RACF access groups. It is the
responsibility of the ADBA to maintain the access list for these RACF access groups.
6.2 DB2 AUTHORIZATIONS
6.2.1 DB2 Roles/Responsibilities and Authorizations Needed
The following is a list of the roles/responsibilities and the DB2 authorization level needed to
accomplish those responsibilities.
Function
Responsibility
Authorization
Level
Systems
Programmer
(Central Data Base
Administrator)
Installs DB2 and related software
Resolves internal software problems
Applies necessary software maintenance
SYSADM
Systems
Administrator
(Central Data Base
Administrator)
Assists in product installation
Creates backup/recovery procedures for
system tables
Resolves system-wide performance problems
Monitors DB2 performance
Supports attachment facility access and other
subsystem interfaces
Develops migration policies and procedures
Develops and maintains naming conventions
Evaluates and tests DB2-related software
SYSADM
Applications Data
Base Administrator
(ADBA-DB2)
Assumes all production data responsibility
Creates data oases for project DBAs
Grants DBADM authority to project DBAs
Develops and maintains naming conventions
Grants BIND plan for each project plan to
project DBAs
Reviews and approves requested table
changes for production
Monitors performance
Creates backup/recovery procedures for
production
Performs production system migration
procedures
CREATEDBA
BINDADD
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
Page 5 of 7
Function
Responsibility
Authorization
Level
Data Administrator
Assumes all logical data model responsibility
Develops logical design model and approved
physical table structures
Maintains data dictionary/directory
Supports system integration and design
projects
SELECT on
system catalog
tables
Project Data Base
Administrator
(ADBA-DB2)
Grants BIND to programmers for plans they
are working on
Creates tables/views as needed as they are
approved
Defines synonym values for tables and views
Makes sure table/view definitions stay in
sync
Ensures naming convention compliance
Develops test backup/recovery procedure
Presents table/view change request to
Applications ADBA
Creates synonym value and DCLGEN from
synonym data bases for Applications ADBA
to grant.
DBADM on
assigned data
bases
Application System
Manager (ASM)
Define plan/program names based on
naming conventions
Develop security/authorizations requirements
for production implementation
Develop application migration plans for
assigned programs/plans
BINDADD
SELECT on
system catalog
BIND, EXE-
CUTE as req-
quired
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
Page 6 of 7
Function
Responsibility
Authorization
I.PVP!
Application
Developers (Pro-
grammers)
Create own needed synonyms
Ensure naming conventions compliance
Bind for assigned program/plans
BINDADD
SELECT on
system catalog
BIND, EXE-
CUTE as re-
quired
Security
Administrator Per-
sonnel
Controls external access to DB2 thru RACF
Ensures DB2 internal authorization is
correct catalog
SELECT on
system
System Operators
Monitors DB2
Informs systems programmer and/or
Systems Administrator of problems
SYSOPR
End User
Personnel
Process and access data needed for performance
of position
EXECUTE for
necessary
plans
SELECT, IN-
SERT, DE-
LETE, UP-
DATE as re-
quired
6.2.2 Sample RACF Structure
SYSl
Systems
JD2B
I
DB2D
I
DB2
DEVL
PROCS
SDB2TST
SDB21EF
ID2C
DTAXNDBA
DTAXON
DIEFDBA
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07 Page 7 of 7
Group Definitions:
Name Description
PROCS ISO LOGON PROCSs
JD2B DB2 System Administrators (CDBA)
DEVLP Development ISO PROCs
DB2D Development data set resources
JD2C DB2 Technical Consultants (CDBA)
DTAXNDBA CREATEDBA for Taxonomic data base (ADBA)
DTAXON Taxonomic data base (end user's)
DIEFDBA CREATEDBA for IEF Encyclopedia (ADBA)
7.0 PROCEDURE REFERENCE
7.1 CICS ENVIRONMENT
U. S. Environmental Protection Agency. (1990) CICS Application Development Procedures
Manual. Research Triangle Park, NC: National Data Processing Division. ADP Operations
Management Branch. (Location: NCC-IBM Mainframe, on-line data set, printable with the
following JCL: JUSD.CICS.DATA(CICSADPM))
7.2 DB2 ENVIRONMENT
U. S. Environmental Protection Agency, (publication pending) DB2 Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing Division. ADP
Operations Management Branch.
7.3 RACF SECURITY
U. S. Environmental Protection Agency. (1992) RACF Security Administrator's Guide (Report
No. 462/001 A) Research Triangle Park, N.C.: National Data Processing Division. Security.
(Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: ADABAS Data Restoration NO. 130.08
ji.
APPROVAL: Kfe&L ,' DATE:
1.0 PURPOSE
This policy establishes data restoration requirements for all ADABAS data bases.
2.0 SCOPE & APPLICABILITY
This policy establishes ADABAS data base and ADABAS file restoration requirements.
3.0 RESPONSIBILITIES
It is the responsibility of the Central Data Base Administrator (CDBA) and the FM contractor
to ensure that the necessary processes are in place to adhere to NDPD policy. It is the
responsibility of the Application Data Base Administrator (ADBA) to ensure that the
specifications described herein are adequate for each application.
4.0 POLICY
NDPD shall provide restore capabilities for ADABAS data bases/files after failures of hardware,
system software, and application software, and also after application management failures.
Based on NDPD's ADABAS experience since 1983, the recovery time periods described herein
are appropriate for data restoration requirements for ADABAS data bases and files. Exceptions
to these time periods and special circumstances, e.g., major application enhancements, that
would warrant additional backups can be negotiated with and detailed in writing to the CDBA.
5.0 DEFINITIONS
Critical data bases are those defined in the Critical Applications Disaster Recovery Plan manual
(Report No. 379/001F).
6.0 STANDARDS
Restoration Specifications:
a. All Data Bases - Daily Backup (onsite). All ADABAS data bases/files will be
recpverable to a point not older than 24 hours (not counting Sundays) from the
desired point of restoration for a period of 21 days.
b. All Data Bases - Biweekly Backup (every two weeks) (onsite). All ADABAS
data bases/files will be recoverable to a point not older than 2 weeks (not
counting Sundays) from the desired point of restoration for a period of 3 months.
For data bases specifically designated by the CDBA, this period is extended to
6 months.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.08 Page 2 of 2
c. Critical Data Bases - Daily Backup (offsite). All critical AD ABAS data
bases/files will be recoverable, from disaster recovery tapes, to a point not older
than 24 hours (not counting Sundays) from the time of a disaster for a period of
5 days.
d. All Data Bases (except Cincinnati Disaster Site Data) - Biweekly Backup
(offsite). All important (noncritical) ADABAS data bases/files will be recover-
able, from disaster recovery tapes, to a point not older than 2 weeks (not counting
Sundays) from the time of a disaster for a period of 28 days.
e. All Data Bases - Backup Every 6 Months (offsite). All ADABAS data
bases/files will be recoverable, from remote storage facility tapes, to a point not
older than 6 months (not counting Sundays) from the time of a disaster for a
period of 6 months.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1991) ADABAS Application Development Procedures
Manual (Report No. 220/001). Research Triangle Park, NC: National Data Processing Division.
ADP Operations Management Branch. (Location: NCC-IBM Mainframe, on-line data set,
printable with the following JCL: JUSD.ADABAS.DATA(ADBSADPM))
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Production ADABAS Environment Availability NO. 130.09
APPROVAL: mb£&*" /"* DATE:
1.0 PURPOSE
This policy establishes the availability of the NCC's ADABAS production environment.
2.0 SCOPE & AVAILABILITY
This policy applies to all production regions and production activities within the NCC ADABAS
central environment.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
It is the responsibility of the Central Data Base Administrator (CDBA) and the CDBA's Data
Base Support Services (DBSS) staff to adhere to and enforce this policy. It is the responsibility
of Applications System Managers, Application System Project Officers, Applications Data Base
Administrators (ADBAs), and application developers to adhere to this policy.
4.0 POLICY
a. The production environment will be used to support the production operation of
applications.
b. The production environment will normally be available during scheduled
production hours of the NCC-IBM. Periodic ADABAS system and data base
maintenance is needed and sometimes will require bringing down all or part of
the production environment during normal NCC operating hours. Normally,
NCC will conduct this maintenance Sunday afternoons beginning at noon. These
periods of unavailability will be announced via a News Alert. It may be
infrequently necessary to bring down all or part of the production environment
for longer periods of time. These periods of unavailability will be announced via
User Memos or News Alerts.
c. NCC will provide recovery capability for data bases and NATURAL libraries as
stated in Directive 130.08 and automatically recover them when system software
or hardware problems compromise the data or libraries.
Upon request from the ADBA, data base files and libraries will be restored from
a prior date if feasible. Restoration will normally be accomplished within 2
working days.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.09 Page 2 of 3
d. Unless written agreement is obtained from the CDBA, applications systems or
subsystems may be removed from the production environment and archived after
60 days of inactivity. The application will be reinstalled when a written request
justifying the need is received from the ADBA. The request must indicate the
approval of the CDBA. Artificial activities to avoid archiving will be monitored
and rejected.
e. NDPD will usually provide sufficient ADABAS file and disk space to ensure that
the user community at all times has space available within the production
environment to operate all production applications.
To achieve this:
(1) An application system or subsystem may not have permanent data base
files until test and acceptance of the application has been completed, and
the application has been accepted or conditionally accepted.
(2) The number of files assigned to the application will be determined by the
CDBA based upon the number of files specified in the approved physical
design.
(3) The amount of space allocated to each file will be determined by the
CDBA and will be based upon application provided initial sizing and
growth estimates provided with the physical design, as amended.
(4) ADBAs must provide growth estimates every 6 months, or as needed, to
the CDBA who will consider the estimates in reallocating space.
(5) The DASD space allocated will be charged to the application using normal
TSSMS billing procedures.
NCC does not guarantee that sufficient DASD space will be available for new
applications or for applications that grow significantly beyond their original size.
The application owners may be required to provide funding for the additional
hardware needed.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
National Data Processing Division. ADP Operations Management Branch.
(Location: NCC-IBM Mainframe, on-line data set, printable with the following
JCL: JUSD.ADABAS.DATA(ADBSADPM))
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.09 Page 3 of 3
b. U. S. Environmental Protection Agency. (1990) CICS Application Development
Procedures Manual. Research Triangle Park, NC: National Data Processing
Division. ADP Operations Management Branch. (Location: NCC-IBM
Mainframe, on-line data set, printable with the following JCL:
JUSD.CICS.DATA(CICSADPM))
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: RDBMS Platform Selection Standards NO. 130.10
AmtOVAL! DATE:
1.0 PURPOSE
The purpose of this policy is to define the Relational Data Base Management System (RDBMS)
platform selection standards and applicability.
2.0 SCOPE & APPLICABILITY
This policy establishes the platform selection standards for all RDBMS application development.
It is applicable to Application System Managers, Application Data Base Administrators, and
Application Developers for all applications developed for and/or deployed by EPA.
Any deviation from this policy must be approved in writing by the Director, NDPD.
Additional information for Local Area Network (LAN) application development may be found
in NDPD Operational Policies Series 310.xx and in the EPA LAN Operating Guidelines and
-Procedures. UNIX users should refer to NDPD policies on administration and application
development under UNIX (to be developed).
-3.0 RESPONSIBILITIES
3.1 CENTRAL DATA BASE ADMINISTRATOR (CDBA)
The CDBA is responsible for establishment and support of the RDBMS platform selection
policy. The CDBA is also responsible for ensuring compliance through logical design reviews.
«
3.2 APPLICATION SYSTEM MANAGER (ASM)
The Application System Manager is responsible for ensuring that the application platform
selection is based on this policy and that the feasibility study and logical design document the
criteria and reasoning used in platform determination.
3.3 APPLICATION DATA BASE ADMINISTRATOR (ADBA)
The Application Data Base Administrator is responsible for reviewing the logical design to
ensure that platform selection criteria has been met and adequately documented.
3.4 APPLICATION DEVELOPERS
The Application Developers are responsible, as directed by the Application System Manager,
for producing the application logical design.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.10 Page 2 of 4
4.0 POLICY
Any RDBMS application will be implemented on a platform determined as acceptable under the
standards of this policy. The Central Data Base Administrator will review and monitor RDBMS
environments to ensure compliance.
5.0 DEFINITIONS
Data Base Server: A data base server is a computer platform operating a Relational Data Base
Management System and providing a standard Structured Query Language (SQL) interface that
is used to manipulate the data on that data base server over a network interface.
Client: A client is a computer platform operating tools or applications that utilize a network
interface to manipulate data on an SQL data base server.
Single Data Base Server with Local Clients or Users: This platform consists of a single RDBMS
with all users located within a single metro Local Area Network (LAN). This includes both
RDBMS servers with local metro LAN clients and RDBMS hosts with locally connected terminal
users.
Central RDBMS and Users: This platform is DB2 operating on the mainframe located at the
National Data Processing Division (NDPD) with nationally connected terminal users.
Single Data Base Server with National Clients: This platform consists of a single RDBMS
server with clients distributed nationally.
Multiple Data Base Servers with National Clients: This platform consists of multiple RDBMS
servers interconnected via a Wide Area Network (WAN) and located at multiple metro areas
with clients located at each metro area.
Multiple Data Base Servers, Central Data Base, and National Clients: This platform consists
of multiple RDBMS servers located at multiple metro areas interconnected via a Wide Area
Network to the Central RDBMS with clients located at each metro area.
6.0 STANDARDS
6.1 SINGLE DATA BASE SERVER WITH LOCAL CLIENTS OR USERS
Applications using this platform should have anticipated total data size with indexes in the 1 to
1000 megabyte range that is self-sufficient to the local site. Application size should be of a
small to moderate nature. Total users may be up to approximately 30 concurrently active when
using a microcomputer as a server platform. This number may be reduced for high data volume
and/or more complex applications.
This platform is well suited to local administrative applications and may be used for a national
application by establishing a complete data base/software configuration for each metro site. This
platform is not suitable for applications that need to share data between sites, applications with
higher data volumes, or applications that are highly complex.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.10 Page 3 of 4
It is important that the ASM, ADBA, and Application Developers recognize that the potential
bottleneck between the application and the data base is the LAN performance. This vanes from
1 to 4 megabit/sec depending on physical location of the components. Application modules must
take care to only request the data required from the data base by using SQL properly to
eliminate rows that are not needed. Application modules that frequently sequentially process
entire large tables may saturate the LAN and may not be suitable for client server technology.
6.2 CENTRAL RDBMS AND USERS
Applications using this platform should have total data size with indexes greater than 500
megabytes. The nature of this data is such that all users need frequent access to all portions of
the data. Application size should be of the moderate to complex nature. Users may be in the
100's with many of them concurrently active. Application modules that must frequently process
large quantities of data are also good candidates for this platform.
The presence of any one of these conditions may be adequate to make this platform the desired
choice. It is important for the ASM, ADBA, and Application Developers to recognize that this
platform is the most costly to implement, maintain, support, and enhance. Implementing
applications that do not have these requirements on this platform can be successful but is not
likely to be cost effective.
6.3 SINGLE DATA BASE SERVER WITH NATIONAL CLIENTS
Applications using this platform should have total anticipated data with indexes in the 1 to 1000
-megabyte range. The nature of this data is such that all users need occasional access to all
portions of the data. Total concurrent users should be up to 30 concurrently active when using
a micro computer as a data base server. Application size should be of small to moderate nature.
Application modules may not process large volumes of data within the application code. Larger
data base sizes may be supported by using the central data base as the single data base server.
..This platform is suitable for national applications with infrequent use and a moderate amount of
data. An administrative system used on a weekly basis by a few users per site would be a good
example.
It is important to recognize that the data communications between the data base and the
application modules is limited to the speed of the Wide Area Network which may be only 56
kilobits/sec. Because of this application, modules must only process a few rows per transaction.
Additionally, to avoid using an inordinate amount of time on the WAN, sites should only
generate a few transactions per day.
High usage applications are not suitable for this platform. If the high usage/high data portions
of the application can be restricted to the site where the data base server is located, appropriate
conditions could exist. An example of this would be a summary report that processes large
amounts of data may be executed at the data base server site and then 'Emailed' or file
transferred to the remote sites.
6.4 MULTIPLE DATA BASE SERVERS WITH NATIONAL CLIENTS
Applications using this platform should have data with indexes that are limited to 1 to 1000
megabytes per data base server. The data should also be predominately self-sufficient.
Complete application may be anywhere from small to complex. Data base servers and data
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.10 Page 4 of 4
should be located -in the same metro area as the group of users responsible for the majority of
the data on that server. Total users per site may be up to approximately 30 concurrently active.
This platform is well suited for applications with data that can be broken up by site with each
site responsible for maintaining their portion of the data. This platform will support referencing
of data at other sites but this should be infrequent and limited to reading. This platform also
facilitates maintaining redundant data across all sites that is fairly static in nature such as code
tables. Statistical summaries of the data located across all the servers can be located at a single
server at a lead location. This should be maintained by periodic batch updates, not interactively.
It is important to recognize that the Wide Area Network is the limiting factor for inter-data base
server communications and that this resource must be shared with many users. Applications that
would require frequent (more than once a day) maintenance of redundant data at all sites are not
good candidates for this platform. Applications that require frequent access to data located on
remote data base servers are also not suited to this platform.
6.5 MULTIPLE DATA BASE SERVERS, CENTRAL DATA BASE, AND NATIONAL
CLIENTS
This platform may be used to maintain a single complete copy of national data and local copies
of portions of that data on each data base server. As with other platforms using data base
servers, the data with indexes should be limited to 1 to 1000 megabytes per data base server and
the total concurrently active users per data base server should be limited to approximately 30.
The data must be read only either at the central data base or at the local data base servers. In
one scenario the application can allow all the users to enter and update data on the central data
base and then read a site copy of their portion of the data locally. The second scenario allows
each local group of users full access to enter, update, and read their data on the central data
base. The potential for disaster when attempting to allow updates on multiple copies of data and
simultaneously keep them synchronized is very high.
This platform is a good choice for applications that need frequent access to data on the local data
base server and occasional access to data from the central data base. It avoids the problem of
needing to know which remote data base server contains the additional data as the central data
base has a complete copy of all the data.
This platform is not a good choice if the data is frequently updated and inconsistencies between
the central copy and the local copies is a concern. The ASM, ADBA, and Application
Developers must evaluate either data maintenance scenario for the volume of data that will be
moved to maintain the redundant copy and the frequency that the update will occur.
Full replacements of any sizable amount of data will likely take hours to perform. Combining
this with numerous sites can place a significant load on the central data base. Updating changed
data only can alleviate this but requires careful design and monitoring to ensure that the central
and local copies of the data do not get out of sync. These factors may outweigh any
performance gains.
7.0 PROCEDURE REFERENCES
U. S. Environmental Protection Agency. NDPD Directive 130.05, RDBMS Roles and
Responsibilities. NDPD Operational Directives Manual (Report No. 285/001). Research Triangle
Park, NC: National Data Processing Division. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: SQL Programming Techniques NO. 130.11
APPROVAL: DATE:
1.0 PURPOSE
This policy addresses the technical limitations of current RDBMS environments and establishes
NDPD policy to reasonably monitor Structured Query Language (SQL) programming techniques
in order to optimize the utilization of existing resources.
"l.Q SCOPE & APPLICABILITY
This policy addresses the use of Data Definition Language (DDL) statements to ensure security
across distributed data paths and Data Manipulation Language (DML) statements to ensure
optimum utilization of RDBMS multi-user resources.
This policy applies to software designed to access relational data bases that reside on the
following platforms:
Platform RDBMS
IBM-MVS DB2
Novell NetWare Oracle Server for NetWare
IBM OS/2 Oracle Server for OS/2
DG UNIX Oracle for DG UNIX
This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in the design,
development, administration, and/or maintenance of national or network data base applications.
Any deviation from this policy must be approved in writing by the Director, NDPD.
Additional information for Local Area Network (LAN) application development may be
in NDPD Operational Directives Series 310.xx and in the EPA LAN Operating Guidelin
found
elines and
Procedures. UNIX users should refer to NDPD policies on administration and application
development under UNIX (to be developed).
3.0 RESPONSIBILITIES
3.1 CENTRAL DATA BASE ADMINISTRATOR (CDBA)
It is the responsibility of the Central Data Base Administrator and the CDBA's Data Base
Support Services (DBSS) staff to review software designed and produced for national and
network applications and enforce adherence to this policy.
3.2 APPLICATION SYSTEM MANAGER
The Application System Manager is responsible to ensure that software developed for national
and network applications adheres to this policy.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11 Page 2 of 5
3.3 APPLICATION DEVELOPER
Application Developers, as directed by the Application System Administrators, are responsible
to ensure that software practices used in developing national and network applications adhere to
this policy.
4.0 POLICY
NDPD will support national and network applications accessing RDBMSs that reside on the
hardware platform defined in the scope of this policy and that adhere to the rules for SQL
programming as stated in Section 6.0 STANDARDS.
5.0 DEFINITIONS
5.1 STRUCTURED QUERY LANGUAGE
SQL is divided into three components:
Data Definition Language (DDL) is used to create, alter, and drop relational
objects.
Data Control Language (DCL) is used to grant and revoke privileges on relational
objects and system resources to users.
Data Manipulation Language (DML) is used to select data, update columns, insert
rows of data, or delete rows of data.
This policy identifies supported techniques for using SQL Data Manipulation and Definition
Language constructs. Relational objects referred to in these techniques include the following:
DATABASE A name given to a collection of tables, their associated indexes,
and the space that contains them.
DATABASE LINK A named connection to a remote data base.
TABLESPACE A physical space to hold or store tables.
TABLE A collection of rows.
COLUMN Data elements that are grouped into logical tables.
INDEX An ordered set of pointers to rows in a table.
VIEW A subset of one or more tables.
SYNONYM An alias name for a table, DB link or view.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11 Page 3 of 5
5.2 NATIONAL AND NETWORK DATA BASE APPLICATION
A National/Network Data Base Application is characterized by data accessed over a Wide Area
Network and/or the application distributed to multiple EPA locations. Platforms as defined in
Directive 130.10 RDBMS Platform Selection Standards are Central RDBMS and Users, Single
Data Base Servers and National Clients, Multiple Data Base Servers with National Clients, and
Multiple Data Base Servers, Central Data Base, and National Clients. Platforms are defined in
Table 1 below:
CHARACTERISTICS
Application distributed internally
Application distributed externally
LOCAL DATA
Local Application
National Application
REMOTE DATA
Network Application
National and Network
Application
Table 1. Platform Definitions
6.0 STANDARDS
The following is a list of standards for SQL Relational Objects and programming techniques.
These standards apply to any RDBMS unless specifically identified for a particular platform in
a corresponding subsection.
6.1 DATA BASE LINKS
PUBLIC data base links may not be created with default users and/or passwords. PUBLIC links
are created by users with DBA privileges and connect to accounts on the remote data base.
Users then have access to the data objects available to their remote account.
SYNONYMs should be used to access tables located at remote data bases. SYNONYMs
facilitate reference to the remote data object and provide first level location transparency.
6.2 DEVELOPMENT ON WAN
All SQL developed for national or network applications must have reasonable response times for
query and transaction processing assuming a 56kbs network between client and server. The
weakest link in the current client server network architecture is the 56kbs Wide Area Network
(WAN). Thus, minimized traffic over WAN connections will optimize available network
resources.
6.3 OTHER SQL RULES
Transactions must commit as soon as possible after completion to avoid holding locks on data
for extended periods.
Do not use special characters in column names. They are not supported in SQL.
Do not use the phrase SELECT *. Name only the columns needed for the programs. Every
column retrieved means additional CPU.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11
Page 4 of 5
Whenever possible, JOINs should be used instead of sub-queries. Sub-queries, if required,
should be correlated to the main query if possible. Sub-queries that return a large number of
rows are inefficient.
The SELECT statement is the only SQL statement permitted over network data base links.
INSERTS, UPDATES, and DELETES require 'two-phase' commits to operate properly and 'two-
phase' commits are not yet available. Great care should be taken when accessing data remote
to the 'connected' data base as communication lines are limited. No JOINs or UNIONS will be
allowed in cross platform applications using DB2 or Oracle Version 6. Other querying
capabilities will be restricted as described in the table below:
SELECT STATEMENT CLAUSES
FROM single table
FROM multiple tables
Sub-query - FROM single table
Sub-query - FROM multiple tables
GROUP BY (FROM single table)
GROUP BY (FROM multiple tables)
CONNECT BY/START WITH
ORACLE - ORACLE
Local/Remote Tables
Local Tables only
Local Table only
Local Tables only
Local/Remote Tables
Local Tables only
Local/Remote Table
CROSS PLATFORM
Local/Remote Tables
Local Tables only
Local Table only
Local Tables only
Local/Remote Tables
Local Tables only
Local/Remote Table
Table 2. Query Limitations for Data Base Links
Cross platform JOINs may be done if all platforms are using Oracle Version 7 and it has been
determined that the JOIN is the most efficient path. Alternatively, multiple platforms may be
referred to with individual SQL statements for each platform.
6.3.1 DB2
Plan names must be unique within a single DB2 subsystem.
Plans will be bound with the Cursor Stability (CS) option (unless deferred update processing is
used). Cursor Stability allows for concurrent reads of the data and reduces the chances of
deadlocks.
Lock duration will be USE and COMMIT. The USE parameter will only acquire locks and
open tablespaces when the program first uses them. The COMMIT parameter will release the
resources at each commit point.
Always use the VALIDATION (BIND) parameter. The VALIDATION (BIND) parameter will
perform full validity checking during the BIND process.
All applications will create their own PLAN_TABLE and use the EXPLAIN(YES) parameter
to determine access path and indexes used.
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11 Page 5 of 5
6.3.2 Oracle Tablespaces
Applications will be allocated a tablespace to contain data tables applicable to that application.
.All tables created for an application must reside in its tablespace with the exception of tables
shared with other applications. Shared tables reside in the tablespace of the first application for
which they are created.
7.0 PROCEDURE REFERENCES
7.1 DB2 ENVIRONMENT
a. DB2: The Complete Guide to Implementation and Use. Second Edition. Jeff D.
Vowell, QED Information Sciences, Inc.
b. Platinum Guide for DB2. Platinum Technology, Inc.
c. U. S. Environmental Protection Agency. NDPD Operational Directives 130.05
through 130.08. NDPD Operational Directives Manual (Report No. 285/001).
Research Triangle Park, NC: National Data Processing Division. (Location:
Publications Technical Library)
7.2 ORACLE ENVIRONMENT
a. U. S. Environmental Protection Agency. Oracle Server for NetWare, Guidelines
& Procedures. (Report 551/001) Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library)
b. ORACLE, Building High Performance Online Systems, W. H. Inmon, QED
Information Sciences, Inc., (1989)
c. ORACLE RDBMS Database Administrator's Guide, Version 6.0, Oracle
Corporation, October 1990.
d. SQL Reference Manual, Version 6.0, Oracle Corporation, February 1990.
e. ORACLE RDBMS Performance Tuning Guide, Version 6.0, Oracle Corporation,
February 1990.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: RTF PC User Support NO. 140.01
APPROVAL:
1.0 PURPOSE
This policy identifies the primary personal computer support responsibilities of the Information
Centers Branch (ICB) in Research Triangle Park, NC.
2.0 SCOPE & APPLICABILITY
This policy establishes the support services that are available to all government and contractor
personnel in EPA's Research Triangle Park (RTF) facilities.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The Chief, RTF Library and Information Centers is responsible for defining the services to be
offered by the RTF Information Centers (RICs). The ICB-RTP staff is responsible for providing
direct support to users of personal computers and peripherals, including microcomputer hardware
and software support. Assistance will also be provided in connecting personal computers with
other operating platforms, such as EPA's IBM mainframe and exchanging data between those
platforms and users' PCs.
4.0 POLICY
During normal business hours, the ICB-RTP staff will provide basic customer assistance services
by telephone and on a walk-in basis at the RIC facilities in the EPA-RTP campus.
5.0 DEFINITIONS
Basic Customer Assistance Services: Assistance in the use of the hardware and software in the
RICs including access to technical documentation and publications.
ICB-RTP: The Information Centers Branch in Research Triangle Park, NC. ICB-RTP staffs
the RTF Information Centers, the LANs-R-US group, and Agencywide systems-level support
for Microsoft Windows.
Normal Business Hours: From 8:00 am until 4:30 pm Monday through Friday.
RICs: The Research Triangle Park Information Centers~RIC I in the EPA Administration
Building, RIC II in the Environmental Research Center, the MIC in the Mutual Building in
Durham, NC.
-------
NDPD OPERATIONAL DIRECTIVE NO. 140.01 Page 2 of 2
6.0 STANDARDS
PC User Support will be provided in accordance with industry standards for sound operational
and security practices and as specified in pertinent NDPD policies and directives.
7.0 PROCEDURE REFERENCE
None.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: RIC I Operations/Production Support NO. 140.02
APPROVAL:
1.0 PURPOSE
This policy identifies the primary Research Triangle Park Information Center (RIC I) computer
operations responsibilities of the Information Centers Branch (ICB) in Research Triangle Park,
NC.
2.0 SCOPE & APPLICABILITY
This policy outlines the operational hardware support provided for the Contracts Management
Division of the Office of Administration and Resources Management (OARM).
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The Chief, RTF Library and Information Centers is responsible for defining the computer
operations support services to be offered by RIC I. The ICB-RTP RIC I staff is responsible for
providing computer operations support.
4.0 POLICY
During normal business hours, the ICB-RTP RIC I staff will provide computer operations
support in the EPA-RTP Administration Building. In addition to normal operations support, the
following specific services will be provided:
a. Perform daily incremental backups and weekend full backups on the Prime
computer system.
b. Monitor all printers and controllers in the RIC I production facility.
c. Upon request, deliver IBM mainframe printer output.
d. Provide connectivity support for all Prime terminal connections in the EPA-RTP
Administration Building.
5.0 DEFINITIONS
ICB-RTP: The Information Centers Branch in Research Triangle Park, NC. ICB-RTP staffs
the RTF Information Centers, the LANs-R-US group, and Agencywide systems-level support
for Microsoft Windows.
Normal Business Hours: From 8:00 am until 4:30 pm Monday through Friday.
RIC I: The Research Triangle Park Information Center I in the EPA Administration Building.
-------
NDPD OPERATIONAL DIRECTIVE NO. 140.02 Page 2 of 2
6.0 STANDARDS
Computer operations support will be provided in accordance with industry standards for sound
operational and security practices and as specified in pertinent NDPD policies and directives.
7.0 PROCEDURE REFERENCES
RICI Prime Procedures Guide (unnumbered, unedited draft).
RIC I Information Center Procedures Guide (unnumbered, unedited draft).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: RTR-LAN Support NO. 140.04
APPROVAL: /^^ 1^-JjJL DA »'"
1.0 PURPOSE
This policy identifies NDPD's primary responsibilities for Local Area Network (LAN)
Administration.
2.0 SCOPE & APPLICABILITY
This policy establishes LAN support responsibilities for all EPA-RTP LANs designated by
NDPD.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
-The Chief, RTF Library and Information Centers is responsible for defining services to be
offered and for monitoring service delivery. The ICB-RTP staff is responsible for performing
the LAN administrator function.
4.0 POLICY
ICB-RTP will provide LAN Administrative support for RTF-area LANs designated by NDPD
to receive such support, and for LANs covered by Operational Service Agreements with client
organizations. For those LANs, in accordance with NDPD LAN Operational Procedures and
Standards, the ICB-RTP LAN support staff will:
a. Act as LAN Administrator for all EPA-RTP LANs designated by NDPD.
b. On LANs for which LANSYS's centralized backup service in not a viable option,
perform appropriate backups.
c. Assist LAN users in the use of LAN-based applications software; provide
operating system support upon request. ~
d. Provide installation support for LAN users. This includes the installation of
token-ring boards in PCs, diagnosis of LAN workstation hardware problems, and
assistance to the Telecommunications Service Request (TSR) group in running and
building token-ring cables.
e. Provide LAN users with LAN-oriented materials such as keyboard overlays,
manuals, and supplies for LAN printers and plotters.
f. Evaluate and test LAN hardware and software. When appropriate, this activity
is performed in cooperation with other NDPD operational groups.
-------
NDPD OPERATIONAL DIRECTIVE NO. 140.04 Page 2 of 2
S.O DEFIMTIQNS
ICB-RTP: The Information Centers Branch in Research Triangle Park, NC. ICB-RTP staffs
the RTP Information Centers, the LANs-R-US group, and Agencywide systems-level support
for Microsoft Windows.
LAN: Local Area Network. In EPA, the standard is an Intel processor-based, token-rine
topology. 6
LANSYS: NDPD's LAN System Support Group.
RIC I: The Research Triangle Park Information Center I in the EPA Administration Building.
TSR: Telecommunications Service Request. A standard NDPD form that, when completed,
provides the information needed to approve, schedule, and monitor connectivity changes or
changes to the EPA national network.
6.0 STANDARDS
As specified Report 397/001B, LAN Operational Procedures and Standards, Revised March 15,
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1993) LAN Operational Procedures and Standards.
(Report No. 397/001B), Research Triangle Park, NC: National Data Processing Division,
Telecommunications. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Archiving Tapes and Data Sets NO. 200.01
APPROVAL: W 5- DATE;
1.0 PURPOSE
This policy establishes procedures and goals for archiving tapes at the National Computer Center
(NCC). Adherence to these procedures will ensure that archived tapes are utilized to the
maximum degree possible at the NCC.
2.0 SCOPE & APPLICABILITY
This policy assigns responsibilities to those individuals who archive tapes.
Any deviation from this policy must be approved in writing by the Director of the NDPD.
3.0 RESPONSIBILITIES
The FM Contractor will develop, update, and monitor procedures to implement this policy.
The customer community will comply with the provisions of this policy and EPA Directive
200.02, NDPD Records Management, when archiving tapes.
4.0 POLICY
a. The NCC will provide a secure and environmentally correct archival facility for
the storage of tapes containing data that must be maintained but has no immediate
processing need. This policy is applicable to both cartridge and reel tapes.
b. NDPD has developed procedures and maintains the necessary software for
automatic archiving of customer disk data sets. (Customers should archive data
sets from disk whenever possible.) Data set archives are processed by the storage
management subsystem and utilize overhead tape volumes to their maximum
potential. Customers should copy tapes to disk data sets and mark the data sets
for archive; the system will process the archival of data from this point.
Archived data sets are normally retained for 1 year, but the customer may request
retention for up to 3 1/2 years.
Customers who archive tapes are required to utilize at least 70 percent of a tape.
Customers may telephone, Umail, Email (K. Strickland), or submit a written
request to Data Management for physical tape archival.
c. If the request is for a cartridge tape, Data Management will approve and forward
the request to Data Processing Support Services (DPSS). DPSS will issue a
preassigned tape number (D number) to the tape and notify the customer. The
customer will then copy the data to the preassigned labeled tape.
| Indicates change.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.01 Page 2 of 2
d. The customer will be given 5 workdays to copy data to tape. Upon successful
completion, DPSS will store the tape offsite in the archive vault.
e. Customers requesting that round tapes be archived must follow the same
guidelines outlined in Step b. Once the tape is approved for archiving, Data
Management will forward the request to DPSS. When a round tape is archived,
it loses its former tape number; DPSS will assign a "C" (DEC) or "D" (IBM)
number to the tape. Archived tapes are in "inactive" status and are file-protected
and labeled NO WRITE RING on the face and back of the tape to ensure the data
is not overwritten.
f. A tape may be archived for up to 3 1/2 years. When this timeframe has been
met, the tape is automatically released to the customer.
g. Customers will receive a monthly tape list of all archived tapes.
h. Customers may request that tapes be returned or dearchived. Upon receipt of the
request, DPSS will return the tape within 24 hours. A $10.00 retrieval fee will
be charged to the customer account. (Customers are charged $10.00 per trip, not
per tape.)
i. Only the owner of a tape or the appropriate Account Manager or ADP Coordina-
tor will receive the services outlined above.
j. All archived tapes will be rewound before being returned to the customer at
expiration time.
k. Annually, a statistical sample (384 tapes) will be read by the data center to ensure
that the tapes are in good condition and are readable.
1. The FM contractor will ensure that all tapes containing sensitive information and
released for destruction are degaussed on an approved degausser.
Indicates Change.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NQPD^Records Management NO.: 200.02
APPROVAL: Bffc^'-C'^-^:.-^' DATE: 7/J/?/
1.0 PURPOSE
This policy provides customers of NDPD resources and contractor staff with guidance on the
management of files and records, both temporary and permanent, to ensure that the EPA meets
all requirements outlined in the National Archives and Records Administration Articles.
This NDPD policy provides procedures for the following:
a. Scheduling records for disposition.
b. Inventorying electronic records.
c. Applying General Records Schedules (GRS) containing disposition instructions for
temporary electronic records common to many agencies..
d. Scheduling records not covered by the GRS.
e. Identifying potentially permanent electronic records.
f. Transferring permanent and/or temporary records to the local EPA archive vault.
g. Transferring permanent records to the National Archives.
h. Maintaining and using electronic records.
t
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel and to all customer personnel
who are responsible for the management, maintenance, and disposition of magnetic media.
Any deviation from this policy must be approved in writing by the Director of the NDPD and
the Records Officer of the EPA.
3.0 RESPONSIBILITIES
"The FM contractor will develop, update, and monitor procedures and provide utilities and
facilities for the archival of Agency records.
The customer will comply with the provisions of this policy in the management, maintenance,
and disposition of Agency records.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.02 Page 2 of 2
4.0 POLICY
a. NDPD customers are responsible for inventorying and scheduling all records,
ensuring that the Agency saves important data and deletes disposable data when
no longer needed.
b. Following an inventory, the Agency Records Manager will determine whether the
information in any system is covered by disposition instructions in the GRS issued
by the National Archives and Records Administrator (NARA).
c. An SF115 must be submitted by the Records Manager to the NARA for all
records not covered by the GRS.
d.
NDPD will provide a secure, environmentally appropriate facility for the archival
of machine readable records identified in the GRS.
e. The Agency Records Manager will provide technical and administrative assistance
for the permanent archival of machine readable records to the National Archives.
f. The FM contractor will provide labeling guidelines for all records scheduled for
archival.
g. The FM contractor will maintain the archival facility in compliance with the
NARA's regulations on Electronic Records Management.
h. The FM contractor will provide a policy for archiving tapes and data sets. (See
NDPD Operational Directive 200.01, Archiving Tapes and Data Sets.t
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC UNK Security . NO. 200.03
APPROVAL:
1.0 PURPOSE
This policy establishes a set of security standards and practices for Agency standalone or
network connected computer systems which use UNIX or UNIX-based operating systems and
are supported or owned by EPA's National Data Processing Division (NDPD). These standards
are in compliance with generally accepted security standards and practices and with Federal
regulations and directives referenced in Section 7.0, PROCEDURE REFERENCES, of this
policy.
2.0 SCOPE & APPLICABILITY
This policy applies to all customers of NDPD supported or owned computer systems which use
a UNIX or UNIX-based operating system and to all personnel who provide for the use,
operation, maintenance, support, or telecommunications services of those systems.
.Any request for an exemption to this policy must be provided in writing to the Director, NDPD
and, if approved, must be approved in writing. Email is an acceptable medium for requesting
and receiving an exemption under this policy. Provisions in this policy might be superseded by
future policies developed for public access and which are subsequently reviewed and approved
by the NDPD Computer Security Officer. Provisions in public access are regarded as approved
exemptions to this policy.
3.0 RESPONSIBILITIES
a. NDPD is responsible for:
1. Providing a secure environment for all UNIX or UNIX-based computer
systems covered by this policy.
2. Ensuring that this policy is consistent with all Federal regulatory statutes
and directives.
3. Requesting exemptions to Federal regulatory statutes and directives when
required by considerations unique to the operating environment of the
computer systems covered by this policy.
4. Appointing an NDPD Computer Security Officer responsible for
implementing, maintaining, and reviewing compliance with this policy.
5. Participating in NDPD's Computer Emergency Response Team (CERT)
as described in NDPD policies and procedures for that team.
6. Approving, in writing, any exemptions to this policy.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 2 of 16
b. The NDPD Computer Security Officer is responsible for:
1. Establishing all procedures necessary for the implementation and
maintenance of this policy.
2. Reviewing and approving all security environment changes allowable
under this policy, and reviewing and approving all system-wide special
privileges for all UNIX or UNIX-based systems covered by this policy.
3. Directing efforts of NCC contract personnel in security matters pursuant
to provisions of the NCC primary support contract.
4. Coordinating any exemptions to Freedom of Information or Public Access
Acts regarding access to data processed on data processing systems
covered by this policy.
5. Participating in NDPD's Computer Emergency Response Team as
described in NDPD policies and procedures for that team.
6. Monitoring system compliance with this policy.
c. The management of each technical support function (e.g., UNIX, Scientific
Visualization, Supercomputer, CIS) established by NDPD for the support and
maintenance of computer systems covered by this policy is responsible for:
1. Adhering to all policy provisions.
2. Subscribing to and using industry security risk bulletin boards for the
purpose of identifying potential security exposures in the UNIX or UNIX-
based environment.
3. Coordinating with the NDPD Computer Security Officer or his delegate,
System Managers, and System Administrators:
(a) Policy provision implementations, monitoring, and maintenance.
(b) Configuration, according to security policy standards of all UNIX
or UNIX-based operating systems, utilities, and applications for
which it provides central distribution, support, or maintenance.
(c) Reporting, defensive, and corrective actions related to system
security exposures, breaches, and virus attacks.
4. Participating in the NDPD Computer Emergency Response Team as
described in NDPD polices or procedures for that team.
d. Each Agency Program Office is responsible for:
1. Adhering to all provisions of this policy.
2. Ensuring the physical security of its sites used to house or access
computer systems covered by this policy and the data processing
peripherals and other devices used for that access.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 3 of 16
3. Appointing a System Manager and a System Administrator for computer
systems covered by this policy and which reside at its site(s).
4. Maintaining the security of each of its UNIX or UNIX-based computer
systems and the applications residing on them in a manner consistent with
this policy and all Federal regulations and directives.
5. Developing and performing local procedures, risk analyses, and other
mechanisms for determining, enacting, monitoring, and maintaining
computer system and application security requirements under provisions
of this policy.
e. Each System Manager and System Administrator will be responsible for:
1. Adhering to all provisions of this policy.
2. As directed by the Program Office, ensuring that provisions in this policy
governing the office are implemented, monitored, and maintained.
3. Subscribing to and using industry security risk bulletin boards for the
purpose of identifying potential security exposures in the UNIX or UNIX-
based environment.
4. Coordinating with NDPD technical support management, System
Managers or System Administrators:
(a) Policy provision implementations, monitoring, and maintenance.
(b) Configuration, according to security policy standards, of all UNIX
or UNIX-based operating systems, utilities, and applications for
their system(s).
(c) Reporting, defensive, and corrective actions related to system
security exposures, breaches, and virus attacks.
(d) Implementation of system warning notices during system logon to
provide legal protection from unauthorized access attempts.
(e) Aiding NCC computer security staff with security audits.
5. Participating in the NDPD Computer Emergency Response Team as
described in NDPD policies or procedures for that team. "
6. Conducting risk analyses and security assessments under the provisions of
the EPA Information Security Manual and maintaining documentation
(copies) on the findings.
7. Not allowing"trusted" or "open" access to the system without consulting
with the System Manager or System Administrator.
8. Ensuring users of their systems comply with provisions of this policy.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 _ Page 4 of 16
f. The EPA NDPD security function is a commercially contracted responsibility of
the contractor as provided for in Attachment A of OMB Circular A-76. All NCC
departments and personnel engaged in the operation, support, or maintenance of
g. Each user of a UNIX or UNIX-based computer covered by this policy is
responsible for:
1. Adhering to all provisions of this policy.
2. Practicing sound password management (i.e., will not use trivial, easily
guessed passwords, and will not share User-IDs and passwords).
3. Securing data based on an evaluation of the sensitivity of the data.
4. Not allowing "trusted" or "open" access to the system without consulting
with the System Administrator.
4.0 POLICY
The computer systems covered by this policy will be used for official Government business only.
Unauthorized use of any of these systems is a criminal offense under Title 18 of the United
States Code, Section 641, and may subject violators to a fine of up to $10,000 and/or
imprisonment of up to 10 years.
The security of UNIX or UNIX-based computer systems, and the facilities within which they
reside and which are owned, operated, or supported by EPA will be implemented, maintained,
and monitored in compliance with generally accepted security standards, with Federal regulations
and directives, and specifically, with Federal regulations and directives and UNIX security
vulnerability documentation referenced in Section 7.0, PROCEDURE REFERENCES of this
policy.
Agency UNIX or UNIX-based computers and data residing on those computers will be protected
from unauthorized access.
Any Agency-owned or operated UNIX or UNIX-based computer system attached to the Agency
network must demonstrate conformity to this policy to the NDPD Security Officer within 90
days of attachment. Demonstration of confprmance will be measured by the completion of a
UNIX security review questionnaire. Failure to demonstrate conformance may result in
removing the computer system's attachment from EPA's wide area network.
UNIX and UNIX-based systems are inherently implemented in a non-secure manner as UNIX
was initially designed to promote ease of use and data sharing. Advancements in UNIX
operating system security now permit utilization of software and components meeting Federal
policy guidelines for C2 (discretionary access control). EPA UNIX systems covered by this
policy will, as a design goal, meet C2 security requirements.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 5 of 16
5.0 DEFINITIONS
Industry Standard: For the purpose of this policy, industry standards are defined through the
documents in Section 7.0, PROCEDURE REFERENCES, of this policy, industry bulletin boards
referenced in those documents, and Security Administrator guides for each computer system.
Federal Trusted Computing Base (C2) Discretionary Access Control: C2 level of security is
described in the Trusted Computer System Evaluation Criteria. CSC-STD-001-83 and is partially
reproduced here:
1. Discretionary Access Control
The TCB (trusted computing base) shall define and control access between named users
and named objects (e.g., files and programs) in the ADP system. The enforcement
mechanism (e.g., self/group/public controls, access control lists) shall allow users to
specify and control sharing of those objects by named individuals, or defined groups of
individuals, or by both. The discretionary access control mechanism shall, either by
explicit user action or by default, provide that objects are protected from unauthorized
access. These access controls shall be capable of including or excluding access to the
granularity of a single user. Access permission to an object by users not already
possessing access permission shall only be assigned by authorized users.
2. Object Reuse
When a storage object is initially assigned, allocated, or reallocated to a subject from the
TCB's pool of unused storage objects, the TCB shall assure that the object contains no
data for which the subject is not authorized.
3. Accountability - Identification and Authentication
The TCB shall require users to identify themselves to it before beginning to perform any
other actions that the TCB is expected to mediate. Furthermore, the TCB shall use a
protected mechanism (e.g., passwords) to authenticate a user's identity. The TCB shall
protect authentication data so that it cannot be accessed by any unauthorized users. The
TCB shall be able to enforce individual accountability by providing the capability to
uniquely identify each individual ADP system user. The TCB shall also provide the
capability of associating this identity with all auditable actions taken by that individual.
4. Accountability - Audit
The TCB shall be able to create, maintain, and protect from modification or unauthorized
access or destruction an audit trail of accesses to the objects it protects. The audit data
shall be protected by the TCB so that read access to it is limited to those who are
authorized for audit data. The TCB shall be able to record the following types of events:
use of identification and authentication mechanisms, introduction of objects into a user's
address space (e.g., file open, program initiation), deletion of objects, and actions taken
by computer operators and system administrators and/or system security officers. For
each recorded event, the audit record shall identify: date and time of the event, user type
of event, and success or failure of the event. For identification/authentication events die
origin of request (e.g., terminal ID) shall be included in the audit record. For events
that introduce an object into a user's address space and for object deletion events the
audit record shall include the name of the object. The ADP system administrator shall
be able to selectively audit the actions of any one or more users based on individual
identity.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 6 of 16
6.0 STANDARDS
6.1 SYSTEM CONFIGURATION AND OPERATION
a. The design goal for the operating system of all computers covered under this
policy will be C2.
b. Security recommendations contained in Security Administrator guides and other
documentation provided by the vendor of each UNIX or UNIX-based operating
system will be implemented.
c. All industry documented fixes for known UNIX security vulnerabilities will be
applied as described in Improving the Security of Your UNIX System referenced
in Section 7.0. PROCEDURE REFERENCES. This includes, but is not limited
to:
1. The use of non-secure trivial file transfer protocol (TFTP) is not
permitted. To determine whether your version of trivial file transfer is
secure, enter the following sequence of commands following the prompts:
%tftp
tftp> connect yourhost (substitute your host name)
tftp>get/etc/motd tmp
If your version does not respond with "File not Found" and instead
transfers the file, your version of trivial file transfer should be replaced
with a newer one. In particular, versions of SunOS prior to release 4.0
are known to have this problem.
2. Only secure versions/implementations of File Transfer Protocol (FTP)
(versions later than December 1988) are allowed.
3. Recommendations in Section 2.2.5 of Improving the Security of Your
UNIXSystem referenced in Section 7.0, PROCEDURE REFERENCES.
will apply for sendmail. Specifically, newer versions of sendmail will be
obtained as described in that document and the following actions will be
taken:
(a) Remove the "decode" alias from the aliases file (/etc/aliases or
/usr/lib/aliases).
(b) If you create aliases that allow messages to be sent to programs,
ensure that there is no way to obtain a shell or send commands to
a shell from these programs.
(c) Make sure the "wizard" password is disabled in the configuration
file, sendmail.cf.
(d) Make sure your sendmail does not support the "debug" command.
This can be done with the following commands:
% telnet localhost 25
debug
quit
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 _ Page 7 of 16
If your sendmail responds to the "debug" command with "200
Debug set", then you are vulnerable to an attack using sendmail
and should replace your sendmail with a newer version.
4. Only the latest version of fmgerd will be allowed.
5. Modems will be configured to prevent inadvertent access of one cus-
tomer's interrupted session by another customer. Most modem and
terminal server manuals cover in detail how to properly connect these
devices to your system. In particular, you should pay close attention to
the "Carrier Detect," "Clear to Send," and "Request to Send" connections.
At a minimum the following checks should be made.
(a) If a user dialed up to a modem hangs up the phone, the system
should log him out. If it does not, check the hardware connections
and the kernel configuration of the serial ports.
(b) If a user logs off, the system should force the modem to hang up.
Again, check the hardware connections if this does not work.
(c) If the connection from a terminal server to the system is broken,
the system should log the user off.
(d) If the terminal server is connected to modems and the user hangs
up, the terminal server should inform the system that the user has
hung up.
d. All files residing on the computer system will be backed up at least weekly and
monthly. Backups will be protected from unauthorized access and alteration.
Storage of the backups will be at a location removed from that of the computer
system itself.
6.2 SYSTEM DIRECTORY AND FILE PROTECTION
Files and directories that comprise the operating system must have ownership and permission
: ---- u ---------------------- ._ . ^ writg access to thcse files must be reserve£i for
administrator or root. System files include, but
es "/", "/etc", n/usr/binlf, "/usr/etc","/usr/lib",
"/usr/ucb".
6.3 DEVICE PROTECTION
6.3.1 Non-Terminal
a. UNIX system device files are used to access system peripherals (e.g., printers,
terminals, networks, disks, system memory) and must be protected from
unauthorized access. Files comprising device definitions must be protected from
unauthorized access.
b. All device files must be located in the "/dev" directory.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 8 of 16
c. Disk devices, "/dev/mem", "/dev/kmem", "/dev/drum", "/dev/swap" and others
typically contained in group "kmem" must never be world-readable.
d. Memory and disk devices must be owned by "root" and their access permissions
must generally be:
1. Owner - READ and WRITE.
2. Group - READ.
3. World - No access.
e. Memory devices must belong to group "kmem".
f. Disk devices must belong to group "operator".
g. All other non-terminal devices must be owned by the operating system equivalent
of system administrator or "root".
6.3.2 Terminals
a. Terminal devices must be owned by the operating system equivalent of system
administrator or "root".
b. Access permissions must be READ and WRITE for owner, group, and world
when non-allocated devices (except for printers controlled by die queue manager).
c. Only the system console device for file servers and dataless systems should be
configured as "secure" in "/etc/ttytab" or equivalent file(s). Diskless workstations
must be set up as "nonsecure" in "/etc/ttytab" or equivalent file(s).
6.4 NETWORK
6.4.1 System Warning Notice
Each computer covered by this policy which is attached to the Agency telecommunications
network will display the following message at login:
WARNING: The use of this computer is for official Government business only.
Unauthorized use of this computer is a criminal offense under Title 18
United States Code, Section 641, and may subject violators to a fine of up
to $10,000, or imprisonment of up to 10 years, or both.
6.4.2 Remote Access
a. No wild-carding may be permitted in the "/etc/hosts.equiv" file.
b. No local hosts located in public areas should be configured in the
"/etc/hosts.equiv" file as "trusted".
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 9 of 16
c. ".rhosts" files are not allowed.
d. TCP wrappers distributed by NDPD will be installed.
6.4.3 NFS
a. Each entry in "/etc/exports" will have an associated "access=hostlist" parameter.
b. No entry in "/etc/exports" may specify the "root=hostlist" parameter.
c. If an entry in "/etc/exports" contains netgroup entries, the host name must be
specified and the domain field must contain a "-" if it is not used.
6.4.4 UUCP
Only news and rmail may be accessible through the UUCP system.
6.5 ACCOUNT SECURITY
6.5.1 Registration
a. Procedures will be developed by local system administrators for obtaining an
account, password, group, or password reset and updating system authentication
files.
b. Except for the purpose of anonymous FTP, an account is required for access to
any computer system covered by this policy.
c. Only one account per customer is allowed.
d. Accounts may not be shared.
6.5.2 Disabled Accounts
Disabled accounts will be periodically reviewed by the System Administrator to determine if any
of them should be removed from system authorization files.
6.5.3 Duplicate User-IDs
Each account will be identified with a unique User-ID. Duplicate User-IDs are not allowed.
6.5.4 Guest Accounts
Guest and Shared accounts are not allowed. Anonymous File Transfer Protocol access is
permitted for READ only. FTP for writable files requires an exemption to this policy. In all
cases the FTP server must be configured as described in the CERT advisory, SECTION 6.12.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 10 of 16
6.5.5 Account Activity
a. Accounts that have not been accessed for 60 days will be reviewed by the System
Administrator to determine if the account should remain in system authorization
files.
b. A review will be conducted at least once a year to determine accounts that have
not been used to access the system since their assignment. These accounts will
be removed from system authorization files.
6.6 CUSTOMER FILE PROTECTION
Customer files, such as ".login", ".cshrc", ".profile", and any shell scripts must be protected
by default such that only the owner can, by default, read, write, and execute them.
6.7 PASSWORD SECURITY MANAGEMENT
a. The password file must be protected such that non-administrative personnel
cannot view passwords in clear text.
b. All accounts must have passwords.
c. Do not use trivial passwords.
d. Passwords will consist of at least six characters, and will contain at least one
alpha and one numeric character unless a dictionary containing easily guessable
passwords is used by the system for password validity checking.
e. A maximum of four unsuccessful login attempts will be allowed by each
workstation. Upon the fifth attempt, the User-ID will be disabled and worksta-
tion access denied.
f. A password will expire and have to be changed to a unique value by the user to
whom it is assigned a maximum of 90 days after initial assignment, reset, or
change.
g. The system will warn the customer at login of a system required password change
10 days in advance of the required change.
h. The system will display, at login, the date and time of the last successful and
unsuccessful login to the customer.
i. Passwords will be protected from disclosure. Any file which requires a
hardcoded password will be encrypted.
j. The Screen Lock feature will be set for a maximum of 20 minutes inactivity.
6.8 FILE SYSTEM SECURITY
a. All directories and files established or created by or for a workstation customer
will be protected at a default level from unauthorized access (read, write, execute)
by anyone other than the owner.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 11 of 16
» ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - ^^^^^^^^^^^^i^^^^^
b. No directory should have World Write access unless required for system
functionality.
c. No files should have World Write access unless required for system functionality.
d. In order to prevent the inadvertent propagation of privileges, no SUID or SGID
programs will be allowed in any directories other than "/bin", "/etc", "/usr/bin",
/usr/ucb", or "/usr/etc". Setuid and setgid shell scripts which have not been
reviewed and approved by the System Administrator are not allowed. If used, the
associated process will not allow an uncontrolled exit from the process.
e. No file will be owned by an undefined owner.
f. To ensure system file integrity and to promote ease of auditing, only system level
files and utilities will be allowed in /usr directories. These directories will be
owned by root and will only be writable by root or the operating system
equivalent.
6.9 PHYSICAL SECURITY
a. At sites where computer systems and associated peripherals are contained in a
central location, procedures will be developed and implemented to grant, deny,
and monitor access to the central location, and the central location will be:
1. Protected from unauthorized access by industry accepted access control
devices (e.g., badge readers, key locks).
2. Protected from environmental hazards through use of industry accepted
environmental protection devices (e.g., sprinkler and uninterruptible
power supply systems).
b. Individual workstations will employ power strips or other industry accepted
devices to protect the workstation from electrical hazards. A fire extinguisher
will be within reasonable proximity to each work station location to allow for
quick response to any fire hazard occurrence.
c. Individual workstation users will be responsible for protecting the workstation
against unauthorized access (e.g., logging off when not in use or keyboard locks,
if available).
6.10 RISK ANALYSIS AND SECURITY ASSESSMENT
Organizations planning to implement a UNIX system should use the following tables and
worksheets extracted from the EPA Information Security Manual as a guideline for determining
the sensitivity of applications and data in terms of availability, integrity, and confidentiality:
TABLE FOR SENSITIVITY EVALUATION. This table is referenced as Table
4-1 in the EPA Information Security Manual.
DETERMINING RELEVANT SECURITY OBJECTIVES AND DEGREE OF
SENSITIVITY worksheet. This worksheet is referenced as Table 4-2 in the EPA
Information Security Manual.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 12 of 16
SENSITIVE APPLICATION CERTIFICATION WORKSHEET. This worksheet
is referenced as Exhibit B-l in Appendix B of the EPA Information Security
Manual.
RISK ANALYSIS WORKSHEET. This worksheet is referenced as Exhibit C-l
in Appendix C of the EPA Information Security Manual.
A file should be maintained with these worksheets and should be updated when new applications
are added to the existing environment.
6.11 MEASUREMENT
a. System Managers or System Administrators will periodically, at least monthly,
monitor the following files (or system-specific equivalents) to establish a baseline
of customer usage for the purpose of detecting patterns outside of that baseline
which may indicate a system abuse or intrusion:
1. /usr/adm/lastlog
2. /etc/utmp
3. /usr/adm/wtmp
4. /usr/adm/acct
5. system syslog
Events to monitor include, but are not limited to, invalid UIDs, invalid password
attempts, invalid data accesses, use of system administrator privileges, and
granting of those privileges.
b. Security review software will be obtained by the NDPD Computer Security
Officer for reviews of computer systems covered by this policy. Additional
supplemental software and/or procedures required to fully review policy
compliance will be developed under the auspices of the NDPD Computer Security
Officer. An initial review will be performed within 90 days of computer system
installation or attachment to the Agency telecommunications network -- whichever
occurs first. Subsequent reviews will be performed by System Managers and/or
System Administrators at least every 3 years as required by Federal regulations.
Each System Manager and/or Administrator will provide the results of reviews
to the NDPD Computer Security Officer for review.
c.
compliance reviews as required for quality assurance. The NDPD Computer
Security Officer will provide for the reviewer all resources (software, equipment,
etc.) required for the review.
d. Vulnerabilities identified by software provided for system reviews, and which are
not specifically noted in this policy, are subject to the provision in Section 6.I.e.
of this policy.
e. Findings from system reviews for locally owned and operated NDPD systems will
be presented for review and action by the Director, NDPD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 13 of 16
6.12 ANONYMOUS FTP CONFIGURATION GUIDELINES
Anonymous FTP can be a valuable service if correctly configured and administered. Section
6.12.1 provides general guidance in initial configuration of an anonymous FTP area. Section
6.12.2 addresses the issues and challenges involved when a site wants to provide writable
directories within their anonymous FTP areas. Section 6.12.3 provides information about
previous CERT advisories related to FTP services.
The following guidelines are a set of suggested recommendations that have been beneficial to
many sites. CERT recognizes that there will be sites that have unique requirements and needs,
and that these sites may choose to implement different configurations.
6.12.1 Configuring Anonymous FTP
a. FTP daemon.
Sites should ensure that they are using the most recent version of their FTP
daemon.
b. Setting up the anonymous FTP directories.
The anonymous FTP root directory (-ftp) and its subdirectories should not be
owned by the ftp account or be in the same group as the ftp account. This is a
common configuration problem. If any of these directories are owned by ftp or
are in the same group as the ftp account and are not write protected, an intruder
will be able to add files (such as a .rhosts file) or modify other files. Many sites
find it acceptable to use the root account. Making the ftp root directory and its
subdirectories owned by root, part of the system group, and protected so that only
root has write permission will help to keep anonymous FTP service secure.
Here is an example of an anonymous FTP directory setup:
drwxr-xr-x 7 root system 512 Mar 1 15:17./
drwxr-xr-x 25 root system 512 Jan 4 11:30../
drwxr-xr-x 2 root system 512 Dec 20 15:43 bin/
drwxr-xr-x 2 root system 512 Mar 12 16:23 etc/
drwxr-xr-x 10 root system 512 Jun 5 10:54 pub/
Files and libraries, especially those used by the FTP daemon and those in
~ ftp/bin and - ftp/etc, should have the same protections as these directories.
They should not be owned by ftp or be in the same group as the ftp account, and
they should be write protected.
c. Using proper password and group files.
It is strongly advised that sites not use the system's /etc/passwd file as the
password file or the system's /etc/group as the group file in the -ftp/etc
directory. Placing these system files in the -ftp/etc directory will permit
intruders to get a copy of these files.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 14 of 16
These files are optional and are not used for access control.
It is recommended to use a dummy version of both the -ftp/etc/passwd and
~ ftp/etc/group files. These files should be owned by root. The dir command
uses these dummy versions to show owner and group names of the files and
directories instead of displaying arbitrary numbers.
Sites should make sure that the -/ftp/etc/passwd file contains no account names
that are the same as those in the system's /etc/passwd file. These files should
include only those entries that are relevant to the FTP hierarchy or needed to
show owner and group names. In addition, the user should ensure that the
password field has been cleared. The examples below show the use of asterisks
(*) to clear the password field.
Below is an example of a passed file from the anonymous FTP area on cert.org:
ssphwg:*:3144:20:site Specific Policy Handbook Working Group::
cops:*:3271:20:COPS Distribution::
eert:*:9920:20:CERT::
tools:*:9921:20:CERT Tools-
ftp: *:9922:90:Anonymous FTP::
mst:*:9923:90:NIST Files-
Here is an example group file from the anonymous FTP area on cert.org:
cert:*:20:
ftp:*:90:
6.12.2 Providing Writable Directories in an Anonymous FTP Configuration
There is a risk to operating an anonymous FTP service that permits users to store files. CERT
strongly recommends that sites do not automatically create a "drop off directory unless thought
has been given to the possible risks of having such a service. CERT has received many reports
where these directories have been used as "drop off directories to distribute bootlegged versions
of copyrighted software or to trade information on compromised accounts and password files.
CERT has also received numerous reports of file systems being maliciously filled causing denial
of service problems.
This section discusses three ways to address these problems. The first is to use a modified FTP
daemon. The second method is to provide restricted write capability through the use of special
directories. The third method involves the use of a separate directory.
a. Modified FTP daemon.
If your site is planning to offer a "drop off service, CERT suggests using a
modified FTP daemon that will control access to the "drop off directory. This
is the best way to prevent unwanted use of writable areas. Some suggested
modifications are:
1. Implement a policy where any file dropped off cannot be accessed until
the system manager examines the file and moves it to a public directory.
2. Limit the amount of data transferred in one session.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 15 of 16
3. Limit the overall amount of data transferred based on available disk space.
4. Increase logging to enable earlier detection of abuses.
For those interested in modifying the FTP daemon, source code is usually
available from the vendor. Public domain sources are available from:
wuarchive.wustl.edu - ftp/packages/wuarchive-ftpd
ftp. uu. net - ftp/systems/unix/bsd-sources/libexec/ftpd
gatekeeper.dec.com - ftp/pub/DEC/gwtools/ftpd.tar.Z
The CERT Coordination Center has not formally reviewed, evaluated, or
endorsed the FTP daemons described. The decision to use the FTP daemons
described is the responsibility of each user or organization, and we encourage
each organization to thoroughly evaluate these programs in consultation with
NDPD before installation or use.
b. Using protected directories.
If the site is planning to offer a "drop off service and is unable to modify the
FTP daemon, it is possible to control access by using a' maze of protected
directories. This method requires prior coordination and cannot guarantee
protection from unwanted use of the writable FTP area, but has been used
effectively by many sites.
Protect the top level directory (-ftp/incoming) giving only execute permission
to the anonymous user (chmod 751 -ftp/incoming). This will permit the
anonymous user to change directory (cd), but will not allow the user to view the
contents of the directory.
drwxr-x-x 4 root system 512 Jun 11 13:29 incoming/
Create subdirectories in the -ftp/incoming using names known only between
your local users and the anonymous users that you want to have drop off
permission. The same care used in selecting passwords should be taken in
selecting these subdirectory names because the object is to choose names that
cannot be easily guessed. Please do not use our example directory names of
jAjwUth2 and MhaLL-iF.
drwxr-x-wx 10 root system 512 Jun 11 13:54 jAjwUth2/
drwxr-x-wx 10 root system 512 Jun 11 13:54 MhaLL-iF/
This will prevent the casual anonymous FTP user from writing Mies in an
anonymous FTP file system. It is important to realize that this method does not
protect a site against the result of intentional or accidental disclosure of die
directory names. Once a directory name becomes public knowledge, this method
provides no protection at all from unwanted use of the area. Should a name
become public, a site may choose to either remove or rename the writable
directory.
c. Using a single disk drive.
If your site is planning to offer a "drop off service and is unable to modify the
FTP daemon, it may be desirable to limit the amount of data transferred to a
single file system mounted as - ftp/incoming.
-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 Page 16 of 16
If possible, the user should dedicate a disk drive and mount it as ~ ftp/incoming.
If this dedicated disk becomes full, it will not cause a denial of service problem.
The system administrator should monitor this directory (- ftp/incoming) on a
continuing basis to ensure that it is not being misused.
6.12.3 Related CERT Advisories
The following CERT Advisories directly relate to FTP daemons or impact on providing
FTP service:
CA-93:06.wuarchive.ftpd.vulnerability
CA-92:09.AIX.anonymous.ftp. vulnerability
CA-88:01.ftpd.hole
Past advisories are available for anonymous FTP from cert.org.
7.0 PROCEDURE REFERENCES
a. Office of Management and Budget. Circulars A-76, A-123, and A-130,
(Available from the Government Printing Office). These publications, while not
strictly procedurally directive, are important components in the administration of
security in the Agency. They set the guidelines for policies and procedures at the
operational levels.)
b. U. S. Environmental Protection Agency. (1989) EPA Information Security
Manual (Report No. 431/001). Washington, DC: Office of Information and
Resources Management, Information Management and Services Division.
(Location: Publications Technical Library).
c. Computer Security Act of 1987. (Available from the Office of Information and
Resources Management).
d. Curry, David A., Improving the Security of Your UNIX System. Information
and Telecommunications Services and Technology Division, SRI International.
(Available from the NDPD ADP Security Officer).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe System Management NO. 210.01
' " (
APPROVAL: .J&1. fJLff-M DATE:
1.0 PURPOSE
The NCC IBM Mainframe System Management policy establishes:
a. Objectives for managing the system.
b. Functions which will be managed to meet the objectives.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and Primary Support Contractor staff personnel responsible for
the management, operation, or maintenance of the NCC IBM mainframe.
Any deviations from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The Primary Support Contractor will develop, update, and monitor procedures to implement this
policy.
The Primary Support Contractor will adhere to NDPD policies and perform the tasks necessary
to meet policy objectives.
4.0 POLICY
a. The NCC IBM mainframe system will be managed in a manner which provides
cost-effective service to the user community.
b. The NCC IBM mainframe will be managed to meet the service levels defined by
the Director of NDPD.
c. While the organizational structure of NDPD and the Primary Support Contractor
may change from time to time, the following major areas of responsibility will
be managed:
(1) System Operations.
(2) System Software Maintenance.
(3) Data Communications Facilities Support.
(4) System Performance Tuning.
(5) Capacity Planning.
(6) User Service Activities.
(7) Contract Administration Services.
(8) Data Management.
(9) System Integrity.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.01 Page 2 of 3
d. The Primary Support Contractor will, in concert with NDPD technical managers,
ensure that NDPD operational procedures are implemented for each of the areas
identified above.
5.0 DEFINITIONS
a. System Operations consists of console and peripheral equipment operation,
physical facilities management, data storage management, preventative and
remedial hardware maintenance scheduling, change management, and production
control.
b. System Software Maintenance consists of installing and maintaining all vendor-
supplied software. This includes IBM system and program products, as well as
software supplied by third party vendors.
c. Data Communications Support consists of installing, maintaining, and monitoring
the performance of all data links and associated equipment in use at NCC.
d. System Performance Tuning consists of all activities required to ensure that the
goals defined in the service level policy are met on a daily basis.
e. Capacity Planning consists of all activities required to predict future workload and
to identify resources which must be acquired to meet the service level policy
objectives in the future.
f. Customer Services Activities consists of customer support activities for problem
resolution, customer registration and billing, training, and central data base
administration.
g. Contract Administration Services consists of all activities required to order and
maintain the hardware and software components of the NCC IBM mainframe
system.
h. Data Management consists of ensuring data integrity of customer data on DASD
disk packs, maintaining maximum space availability, and promoting optimal use
of disks within the data center.
i. System Integrity consists of all activities required in order to maintain a rigid
adherence to a standard of values. These values include guidelines for using
system resources in the areas of availability, useability, reliability, protection, and
documentation.
6.0 STANDARDS
The NCC IBM mainframe processing services will be available to the customer community from
0700 each Monday until 2000 each Sunday (Eastern Time) throughout the year. Exceptions to
these times may occur because of emergency maintenance or system testing for emergency
changes. If a non-emergency change requires extended testing (e.g., Benchmark running), a 7-
day notice will be given to customers. Any time changes will be posted in the online dataset
'JUSD.HOURS.'
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.01 Page 3 of 3
7.0 PROCEDURE REFERENCE
U.S. Environmental Protection Agency. (1993) MVS Systems Standards and Procedures Manual
(draft) (Report No. 569/001) Research Triangle Park, NC: National Data Processing Division,
Office of Administration and Resource Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD IBM Mainframe Service Levels NO.: 210.02
APPROVAL: v. ,7 r DATE:
1.0 PURPOSE
The NDPD Service Level policy establishes:
a. Scheduled hours of operation.
b. Service level goals for each class of work.
c. System stability goals.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management, operation, or maintenance of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of the NDPD.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and procedures to ensure that service level
objectives are met. The FM contractor will also advise NDPD of potential problems which
might have an adverse impact on the NCC IBM mainframe system.
4.0 POLICY
All times listed in this policy are Eastern Standard Time (RTP local).
a. The full system is available to the user community 24 hours each day of the week
from 7:00 a.m., Monday, through 8:00 p.m., Sunday, with the following
exceptions.
(1) The system will be unavailable when maintenance or equipment
installation must be performed on Sunday. Users will be given as
much advance notice as possible before the system is taken down.
(2) ADABAS will be unavailable on Sunday from noon until 8:00
p.m. for data base reorganizations, software maintenance, and
DASD defragmentations, when required.
(3) Telecommunication interruptions will occur on Thursdays from
4:00 a.m. until 6:00 a.m. for software maintenance.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.02 Page 2 of 4
b. IBM user support services will be available from 8:00 a.m. until 7:00 p.m.,
Monday through Friday only.
c. The response time goals for interactive processing are:
(1) Complete 90% of short TSO transactions within 1 second.
(2) Complete 90% of medium TSO transactions within 5 seconds.
(3) Complete 90% of long TSO transactions within 1 minute.
(4) Complete 90% of all TSO transactions within 5 seconds.
(5) Complete 90% of all CICS transactions within 2 seconds. (Service
level objectives apply to Production CICS regions only.)
(6) Response times for TSO and CICS will be measured between the
hours of 10:00 a.m. until noon, and from 2:00 p.m. until 4:00
p.m.
d. The job completion goals for batch processing are:
(1) Batch performance will be measured during two time periods:
8:00 a.m. to 5:00 p.m. and 5:00 p.m. to 9:00 p.m.
(2) Batch performance measurements will include all jobs not delayed
by user actions within each class, regardless of the job priority.
(3) The following user induced delays will cause a batch job to be
excluded from the batch service level measurement computations:
(a) The presence of a /*AFTER statement in the job stream.
(b) The presence of a /*BEFORE statement in the job stream.
(c) Duplicate job names submitted before the previous job
completes execution.
(d) The presence of a /*CNTL statement requesting exclusive
resource control.
(e) A job requesting exclusive access to a data set held by
another job.
(0 A job placed in HOLD status.
If any of the above criteria are met, the job in question will be
reported in the total job count, but will not be reported as either
having met or missed the service level objective.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.02
Page 3 of 4
(4) The batch service level objectives are:
CLASS
Q
A
V*
X**
B
E
W*
Y**
H
U*
z**
D
F
F
G
G
MAX CPU TIME
3 seconds
IS seconds
IS seconds
IS seconds
30 seconds
2 minutes
2 minutes
2 minutes
5 minutes
5 minutes
5 minutes
5 minutes
20 minutes
20 minutes
None
None
f.
PRIORITY OBJECTIVE
2 10 minutes
2 30 minutes
2 1 hour
2 1 hour
2 1 hour
2 4 hours
2 4 hours
2 4 hours
2 6 hours
2 6 hours
2 6 hours
1 6:00 a.m., next day
2 6:00 a.m., next day
1 6:00 a.m., Monday
2 6:00 a.m., next day
1 6:00 a.m., Monday
* PADABAS
**DADABAS
NCC IBM mainframe stability goals are:
(1) A quarterly up-time percentage of at least 99 percent of
scheduled production time for the processor complex.
(2) A quarterly up-time percentage of at least 99 percent of
scheduled production time for each major telecommunications
circuit.
(3) Stability goals will be computed for only the scheduled hours
of service listed previously.
The following service levels will apply to data set retrieval from HSM migration
volumes. In every instance, the goals apply to 90 percent of data sets being
recalled. The goals are in effect during extended prime shift (8:00 a.m. to 8:00
p.m.) only. No goals have been established during other time periods due to
low data set recall activity and delays induced by mandatory data management
functions.
(1) TSO originated Migration Level 1 (ML1) recalls on the TSO
system. ML1 is data set migration to disk.
Data sets < 0.5 MB in size will be recalled in 30 seconds.
Data sets < 20 MB in size will be recalled in 60 seconds.
Data sets > 20 MB in size will be recalled in 120 seconds.
(2) TSO originated Migration Level 2 (ML2) recalls on the TSO
system. ML2 is data set migration to tape.
Data sets < O.S MB in size will be recalled in 3 minutes.
Data sets < 20 MB in size will be recalled in 4 minutes.
Data sets > 20 MB in size will be recalled in 10 minutes.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.02 Page 4 of 4
(3) No goals have been established for TSO originated recalls on
the ADABAS system since TSO is not available to the general
user community on this system.
(4) Batch originated ML1 recalls on the TSO and ADABAS
systems:
Data sets < 0.5 MB in size will be recalled in 30 seconds.
Data sets < 20 MB in size will be recalled in 60 seconds.
Data sets > 20 MB in size will be recalled in 240 seconds.
(5) Batch originated ML2 recalls on the TSO and ADABAS
systems:
Data sets < 0.5 MB in size will be recalled in 3 minutes.
Data sets < 20 MB in size will be recalled in 4 minutes.
Data sets > 20 MB in size will be recalled in 10 minutes.
g. Periodic reports will be submitted to NDPD management to verify compliance
with this policy.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Performance Management NO.: 210.03
APPROVAL: JM^MffM DATE:
1.0 PURPOSE
The NCC IBM Mainframe Performance Management policy is intended to establish procedures
for the measurement, evaluation, and reporting of mainframe systems performance.
Performance management objectives include the following:
a. Regular performance management data collection and reporting to document the
utilization of key system resources and service levels provided to major
workloads and/or users.
b. Systems tuning to improve and/or maintain overall performance.
c. Configuration analyses and planning to support the most efficient and effective
use of systems resources.
d. Performance prediction studies to assess the impact of workload balancing and
data placement on overall performance.
e. Regular systems monitoring and analyses to prevent and/or correct performance
problems.
2.0 SCOPE AND APPLICABILITY
This policy applies to all NDPD staff, facilities management (FM) contractor, and periodic
expert consultant personnel responsible for the NCC IBM mainframe performance management
activities. Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The Automatic Data Processing Operations Management Branch (ADPOMB) is responsible for
the development, implementation, and management of performance management activities for
the NCC mainframe systems. The FM contractor and consultant contractors will assist
ADPOMB in developing, updating, and monitoring procedures to implement this policy and alert
NDPD management to potential performance problems.
4.0 POLICY
Performance management activities include, but are not limited to, the following:
a. Systems performance and resource utilization monitoring to ensure compliance
with the objectives of Directive 210.02, NDPD IBM Mainframe Service Levels.
within systems capability. Data will be routinely collected to highlight the
utilization and performance of key systems resources, analyze the effects of
system workload levels, report the average service levels, and analyze/correct
performance problems. Consideration and allowances are given for performance
issues resulting from system capacity shortages.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.03 Page 2 of 3
b. Systems performance data will be captured and analyzed with commercially
available software. Local code, written to support this effort, will be minimized
to the greatest degree possible consistent with the objectives of this policy.
c. Systems performance, stability, availability, and resource utilization statistics will
be summarized and reported to NDPD management daily. Average service levels
compared with service level agreements and systems workload trends will be
summarized and reported monthly.
d. Deficiencies in systems performance, stability, or resource availability will be
corrected as soon as possible consistent with the provisions of Directive 210.04,
NCC IBM Mainframe Change Management. Systems tuning analyses will be
performed as necessary to reduce systems contention for resources due to
input/output (I/O) subsystem bottlenecks, paging configuration, Direct Access
Storage Device (DASD) contention, or data set placement.
e. Modifications and/or adjustments to systems configurations will be performed as
necessary to improve overall systems performance. These activities include
workload balancing on Central Processing Units (CPU's) and channels, shared
DASD management, and switching. Performance prediction studies will be
conducted to assess the impact of any configuration changes and/or workload
migration prior to implementation.
f. Applications that use any central data base facility will be reviewed before going
into production to guard against practices that adversely affect system
performance.
g. ADPOMB is primarily responsible for performance management, while AMPB
is primarily responsible for capacity planning (as described in NDPD Operational
Directive 210.12, NCC IBM Mainframe ADP Capacity Planning). The
relationship of these responsibilities requires a high degree of cooperation and
communication. The interactions required by ADPOMB are summarized below:
(1) ADPOMB will be responsible for monitoring and analyzing trends in the
major NCC workloads (i.e., TSO, batch, CICS, ADABAS) and for
assisting the Architectural Management and Planning Branch (AMPB) in
evaluating the overall system impacts of these continuing trends.
(2) ADPOMB will work with AMPB to define and analyze the potential
resource utilization, performance, and capacity impact of major new
applications.
(3) ADPOMB will routinely advise AMPB of any strategies and planning
information pertinent to performance and capacity issues (e.g., planned
modifications to system parameters and/or data collection routines that
might impact AMPB's analytic modeling efforts).
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.03 Page 3 of 3
5.0 REPORTING
ADPOMB will produce monthly performance reports that document the average levels of service
provided by the NCC mainframe systems during both prime and non-prime processing periods.
At a minimum, these performance reports should include the following:
Overall processor utilization.
Processor utilization by major subsystem.
Batch turnaround statistics.
Interactive response times.
Major workload levels and trend highlights (i.e., batch jobs, TSO transaction
volume, CICS transaction volume).
Any performance problems, causes, and resolutions.
Graphical presentation will be used to the greatest extent possible.
6.0 DEFINITIONS
Performance management is one of two components (the other being capacity planning)
comprising capacity management. The following definitions are included to distinguish these
terms and related activities:
Capacity Management The activity that controls, measures, and plans the
configuration required to meet the organization's current
and future information processing requirements. Capacity
management is composed of two components: performance
management and capacity planning.
Performance Management The function that measures, evaluates, and reports data
processing performance, and prevents or corrects
performance problems. Performance management deals
with the tactical issue of providing acceptable data
processing service to the user community.
Capacity Planning The process of determining the hardware, software,
features, organization, and facilities required for the
continuous delivery of acceptable service to users.
Capacity planning primarily deals with the strategic issue
of forecasting the necessary resources required to support
future data processing demand.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Change Management NO. 210.04
APPROVAL: fo*,.; . " DATE:
1.0 PURPOSE
The NCC IBM Mainframe Change Management policy establishes:
a. Change management objectives.
b. System components and types of changes subject to this policy.
c. Review process required for hardware or software changes.
d. Customer notification requirements for system changes.
This policy is designed to ensure that all changes are applied in a timely manner without
disrupting system stability or performance.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and Primary Support Contractor staff personnel responsible for
the management or implementation of hardware and system software changes to the NCC IBM
mainframe system.
The following system components are subject to this policy:
a. The processor complex.
b. All peripheral devices attached to the processor either through a channel or a
front-end processor.
c. Electrical, air conditioning, and chilled water systems vital to the operation of the
processor or any of its peripheral devices.
d. All IBM system products or program products installed on the NCC IBM
mainframe.
e. All third party and customer-developed software available to the general customer
community.
f. The batch initiator structure.
g. The domain multiprogramming levels.
h. The system dispatching priority structure.
i. All changes to parameter libraries for system products or program products
installed on the NCC IBM mainframe.
Any deviation from this policy must be approved in writing by the Director of the NDPD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.04 Page 2 of 3
3.0 RESPONSIBILITIES
The Primary Support Contractor will develop, update, and monitor procedures to implement this
policy and will review stability reports to assess compliance with this policy.
The Primary Support Contractor will adhere to NDPD policies and procedures to ensure that the
terms of Directive 210.02, NDPD IBM Mainframe Service Levels, are met.
4.0 POLICY
a. New local code development will be approved by NDPD Technical Performance
Monitor (TPM) before the task is initiated. This approval will be in writing via
the Task Definition Form. System software changes requiring local code changes
will be specifically noted in the change control record. Local code implementa-
tion will be with the approval of the Change Management Council (CMC). These
requirements can only be waived in an emergency by the Director of NDPD.
b. A Change Management Council representing the Primary Support Contractor and
NDPD will review and approve changes to the components listed above.
c. All emergency changes must be approved by the Primary Support Contractor's
managers: Network Systems, Customer Services, Data Center Operations and
Production Services, and Telecommunications Services. The ADP Operations
Management Branch Chief must grant approval for emergency changes if the
Primary Support Contractor's department managers specified above cannot be
reached. Approval for emergency changes can be obtained in writing, in person,
or over the telephone.
d. All required changes will be submitted to the Change Management Council for
review and approval before installation. The impact of proposed changes on
system stability and performance must be considered before approval is granted.
e. All IBM and third party software products will be maintained at a release level
which is no more than one level behind the current release level supported by the
vendor unless there is a known stability, performance, or functional problem with
the new release. Periodically, vendor supplied maintenance will be applied, as
a preventative measure, to ensure that each release level is maintained at a
functional level.
An audit trail for all software changes will be maintained. The audit trail of a
software change will be composed of change management records as a general
tracking mechanism. A control data set will be maintained for each software
product that provides the following information:
Software checklist.
Test plan.
Backout plan.
Installation notes.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.04 Page 3 of 3
Products that are SMP/E installable will be installed using SMP/E. Vendor
installation procedures will be followed. All deviations from the vendor's
procedures will be documented in the installation notes contained in the control
data set.
Whenever possible, TCB and ADPOMB will encourage vendors to supply their
software in SMP/E format.
f. A customer memorandum will be issued 30 days prior to the performance of any
non-emergency maintenance activity which is not transparent to the customer
community.
5.0 DEFINITIONS
Local Code: System level code not written by the vendor that either utilizes the vendor supplied
exits in the software or modifies the vendor source code.
Required System change: Normal hardware or system software maintenance not needed to
correct a current stability problem.
Emergency System change: Activities required to correct a current stability or performance
problem.
Stability: The considerations of availability, reliability, serviceability and security.
Controlling Software: Software which manages the installation of other systems providing a
tracking mechanism for the actual installation process.
6.0 STANDARDS
Change requests may be submitted by anyone having authority to access the Change
Management System. All changes affecting the NCC operating environment are candidates for
review by the Change Management Council. All requests must be approved for consideration
by the NpPD's ADPOMB Chief or PMSB Chief prior to implementation. Any change not
submitted in accordance with CMC procedures will be denied.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1992) Change Management Procedures
Manual (Draft) (Report No. 245/001F). Research Triangle Park, NC: National
Data Processing Division, Office of Administration and Resources Management.
b. U. S. Environmental Protection Agency. (1993) MVS Systems Standards and
Procedures Manual (Report No. 569/001) Research Triangle Park, NC: National
Data Processing Division, Office of Administration and Resources Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Problem Resolution NO. 210.05
APPROVAL: i - DATE:
1.0 PURPOSE
The NCC IBM Mainframe Problem Resolution policy establishes:
a. Problem resolution objectives.
b. Problem classifications.
c. Problem resolution responsibilities.
d. User notification requirements.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC IBM mainframe system and for providing support to the
user community.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and procedures to ensure that problems are
resolved expeditiously.
4.0 POLICY
a. NCC will strive to resolve problems with the IBM mainframe as soon after
identification as possible in order to provide the best possible level of service to
the user community.
b. Problems encountered with the NCC IBM mainframe will be categorized as
hardware, software, performance, telecommunications, or user problems.
c. All problems will be entered into the Problem Management System by close of
business on the day the problem was encountered.
d. The Central Problem Administrator will report to NDPD management the status
of unresolved problems on a daily basis.
e. The Central Problem Administrator will post news alerts for any problem which
may result in user job failures or user data loss.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.05 Page 2 of 2
f. The User Support staff will serve as the point of contact for resolving user
reported problems. User Support staff personnel will forward problems which
they cannot resolve to a central problem management contact. Users may not call
the FM contractor technical staff directly to obtain assistance.
g. The Central Problem Administrator will submit monthly reports to NDPD
identifying the number and nature of problems addressed during the reporting
period.
h. The Director of NDPD will be immediately notified by the Technical Manager
of User Support of any data loss experienced by the user community.
i. Users reporting problems will be called within 24 hours, excluding weekends and
holidays, to advise them of progress being made in seeking a solution.
j. . Closed problem reports will be archived for a period of 3 years from the date the
problem was logged.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Timeshare Accounting NO. 210.06
APPROVAL: Ai^ ii/ _. A ('/ DATE: 2/1/
1.0 PURPOSE
The NCC IBM Mainframe Timeshare Accounting policy establishes:
a. Timeshare accounting objectives.
b. Methodology for determining the cost of timeshare services.
c. Reporting requirements for advising ADP Coordinators and Agency budget
officials of timeshare charges allocated to them.
2.0 SCOPE & APPLICABILITY
This policy applies to all NCC IBM mainframe users and to NDPD and FM contractor staff
personnel responsible for the management or operation of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
The user community will rely on the terms of this policy to manage their timeshare allowance.
4.0 POLICY
a. NDPD will conform to the requirements of OMB Circular A-130 in accounting
for, and full cost allocation of, providing data processing services to the user
community.
b. Charges for data processing services will be applied in the following areas:
(1) Processor Utilization.
(2) Printing.
(3) Telecommunications.
(4) DASD and Tape Utilization.
(5) Production Control Support.
-------
NDFD OPERATIONAL DIRECTIVE NO. 210.06 Page 2 of 2
c. The rate for services rendered will be reviewed and adjusted annually to reflect
changes in the cost of providing these services. The rate for the new fiscal year
will be published in the last quarter of the current fiscal year.
d. Each system transaction will be charged for the actual resources consumed if the
data can be captured accurately and the cost of capture does not outweigh the cost
recovery of the resource.
e. NDPD may apply premiums or discounts for certain processing priorities or
techniques in order to encourage efficient resource utilization.
f. Charges will be refunded if a transaction fails due to console operator error,
system hardware failure, or system software error. Jobs using more than 2 hours
of CPU time must be checkpointed to be eligible for a refund. The refund will
not exceed charges greater than those incurred during 2 hours of CPU utilization.
g. NDPD will provide a summary of each month's timeshare charges by the 5th day
of the following month to ADP Coordinators and IAG contacts.
h. TSSMS management reports will be distributed monthly by the 5th day of the
following month to ADP Coordinators and Senior Budget Officers.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe User Registration NO. 210.07
APPROVAL: &/*M J, J* DATE: *// 1 8 7
^»
1.0 PURPOSE
The NCC IBM Mainframe User Registration policy establishes:
a. Policy objectives.
b. User registration requirements.
c. Reporting requirements for managing the user registration process.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC IBM mainframe system, and to the NCC IBM mainframe
user community.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and procedures in performing the tasks
necessary to implement this policy.
The TSSMS Office will be responsible for conducting user registration services.
The user community will follow the NDPD procedures derived from this policy to gain access
to the NCC IBM mainframe system.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring that users
are registered on the NCC IBM mainframe for the purpose of conducting legitimate Agency
business only.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring user
identification termination for all EPA, contractor, or subcontractor employees upon the
termination of a project or resignation of employees under his jurisdiction.
Every APD Coordinator and Account Manager will receive a periodic report identifying the
accounts and user identification codes for which he is responsible.
Users are responsible for changing passwords every 90 days.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.07 Page 2 of 2
4.0 POLICY
a. User registration procedures will conform to the objectives of this document and
the terms of Policies 210.06, Timeshare Accounting, and 210.08, Security.
b. System utilization will be recorded for authorized individual users, for accounts
which may include multiple users, and for FIMAS codes which may include
multiple accounts.
c. New accounts may be created by EPA ADP Coordinators only.
d. Each user will be assigned a unique user identification code and will be associated
with one or more accounts as requested by the EPA ADP Coordinator or EPA
Account Manager.
e. User identification codes previously assigned to a user no longer registered on the
NCC IBM mainframe may be reassigned to another user.
f. Telephone requests for account or user registration will be honored, but signed
hardcopy verification of all requests are required within 2 weeks to retain the
registration.
g. The ID of a user terminating employment will be removed from the system. All
resources associated with this user identification code must be assigned to another
user or deleted at the discretion of the ADP Coordinator or Account Manager.
h. Accounts and user identification codes which have not been accessed for 1 year
may be deleted from the system. Users and Account Managers will be notified
at least 30 days prior to deletion of an account or user identification code.
i. Passwords not changed every 90 days will be revoked and can only be reset by
request from the responsible ADP Coordinator or Account Manager.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM-Compatible Mainframe Security NO. 210
« /./' ()
APPROVAL: &$ffM&lL 3<«f'/W DATE:
1.0 PURPOSE
This policy establishes a set of distinct interrelated security facilities required to provide a secure
environment for EPA National Data Processing Division (NDPD) owned, operated, or supported
IBM-compatible mainframes and IBM-compatible mainframe logical partitions, and the computer
facilities within which they reside in compliance with accepted industry security standards and
practices and with Federal regulations and directives referenced in Paragraph 7.0, Procedure
References, of this policy.
2.0 SCOPE & APPLICABILITY
This policy applies to all customers of NDPD operated or supported IBM-compatible mainframes
and IBM-compatible mainframe logical partitions, and to all personnel responsible for the
operation, maintenance, or provision of computer facilities and support services for those
mainframes.
Any request for a deviation from this policy must be provided for approval in writing to the
Director of NDPD and, if approved, must be approved in writing. Provisions in this policy
regarding use of User-IDs and passwords might be superseded by policies developed for Public
Access and subsequently reviewed and approved by the NDPD ADP Security Officer.
Provisions in such policy for the use of User-IDs and passwords for Public Access are regarded
as approved exemptions to this policy.
3.0 RESPONSIBILITIES
a. The Director, NDPD, is responsible for:
1. Providing a secure environment for all IBM-compatible mainframes covered by this
policy.
2. Ensuring that this policy is consistent with all Governmental regulatory statutes and
directives.
3. Requesting exemptions to Governmental statutes and directives when required by
considerations unique to the IBM-compatible mainframe security environment.
4. Appointing an NDPD ADP Security Officer responsible for implementing and
maintaining this policy. The NDPD ADP Security Officer will be an EPA manage-
ment official knowledgeable in information technology and security matters.
-------
Page 2 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
b. The NDPD ADP Security Officer is responsible for:
1. Implementing and establishing all procedures necessary for the implementation of this
policy.
2. Reviewing and updating policy provisions.
3. Reviewing and approving all security environment changes allowable under this
policy.
4. Establishing and coordinating a security awareness program and Resource Access
Control Facility (RACF) administration training program for the IBM-compatible
mainframe security environment.
5. Directing efforts of NCC Primary Support Contract personnel in security matters
pursuant to provisions of the NCC Primary Support Contract.
6. Coordinating any exceptions to Freedom of Information or Public Access acts
regarding access to data processed on IBM-compatible mainframes covered by this
policy.
7. Monitoring compliance with this policy and establishing all procedures required for
this function.
8. Implementing procedures required for system audits specified in this policy.
9. Directing efforts of NCC Primary Support Contract personnel in security audit
matters pursuant to provisions of the NCC Primary Support Contract.
10. Allocating RACF privileges as described in the Request for RACF Privileges
checklist.
c. Each Agency Program Office (EPA organizational entity such as Program Office, Lab,
etc.) is responsible for:
1. Adhering to all provisions of this policy.
2. Ensuring physical security of their sites used to access IBM-compatible mainframes
covered by this policy.
3. Identifying to the NDPD ADP Security Officer all Program Office personnel
designated as RACF Security Administrators.
4. Conducting each application security program consistent with this policy and other
Federal laws and regulations.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08 Page 3 of 16
5. Developing and performing local procedures, risk analyses, and other mechanisms for
determining and enacting application security requirements under provisions of this
policy.
6. Implementing local security awareness training programs based on resources provided
by NDPD and the Agency.
7. Providing RACF assistance to Program Office customers, including investigating and
resolving instances of revoked User-IDs.
d. Each RACF Security Administrator (RSA) for an application will be responsible for
the management of the application's security through RACF. Specifically each RSA will
be responsible for the following:
1. Determining and maintaining the application's security requirements.
2. Determining and maintaining the RACF structure required to implement the
application's security requirements.
3. Coordinating transactions required by the application's RACF security requirements
with the application's ADP management and/or the Time Sharing Services Manage-
ment System (TSSMS).
4. Altering (configuring) application User-ID RACF profiles to conform to application
security requirements.
5. Resetting passwords for application User-IDs.
6. RACF protecting application data sets, tapes, and other data processing resources.
7. Determining access requirements for those resources and granting access as required.
8. Coordinating with application Data Base Administrators, LAN administrators, and
administrators of other application data processing platforms to ensure that application
security procedures and policies are consistent and cohesive.
9. Performing other account/user registration functions as defined in account/user
registration policy.
e. The EPA NDPD security function is a commercially contracted responsibility of the
Primary Support Contractor as provided for in Attachment A of OMB Circular A-76.
All NCC Facilities Management departments and personnel are responsible for adhering
to these policy provisions and for conducting security-related activities as directed by the
NDPD ADP Security Officer under provisions of the Primary Support Contract.
-------
Page 4 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
1. The Primary Support Contract Network Systems Department is the primary
department responsible for the installation verification of all operating system software
and is responsible for evaluating the System Access Facility (SAP) interface for all
new software products and for evaluating the SAP impacts of maintenance upgrades
for existing software. Personnel in the department will serve as primary RACF
administrators.
2. Other installers of operating system software are responsible for installation verifica-
tion of software they install, for evaluation of the SAP interface of new software, and
for evaluation of impacts to the SAP interface for product maintenance upgrades.
3. The Primary Support Contract Customer Services Department is responsible for:
a. Testing and maintaining a test package for testing new releases of operating
system software for operational continuity and new features.
b. Providing support services in a secure manner.
c. Administering the account/customer registration system in a secure manner.
d. Reporting to the NDPD ADP Security Officer violations of provisions of this
policy which are detected in the course of providing assistance to the customer
community.
e. Detecting and removing from RACF User-IDs which have been inactive for 1
year with no system access.
f. Conducting local and other security awareness programs under the direction of
the NDPD ADP Security Officer.
g. Conducting RACF Administrator certification training for Program Office
personnel identified for that function.
h. Performing the account/user registration function for the NCC, including
maintenance of RACF required for that function.
i. Removing from the system User-IDs which have been in revoked status longer
than 6 months.
4. The Production Services Department is responsible for the security of the NDPD
computer facilities and for operation of job scheduling and automation software in a
manner consistent with the provisions of this policy.
5. Personnel responsible for the evaluation or procurement of system operating software are
responsible for coordinating operating system integrity and other related security issues
with the Primary Support Contractor security staff.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08 Page 5 of 16
6. The computer security staff is responsible for coordinating security issues and concerns
with the NDPD ADP Security Officer and for all system security monitoring and audit
functions.
7. All other personnel are individually responsible for adhering to the provisions of this
policy.
4.0 POLICY
The security of IBM-compatible mainframes, IBM-compatible logical partitions, and the
computer facilities in which they reside and which are owned, operated, or supported by EPA's
NDPD will be implemented, maintained, and monitored in compliance with industry security
standards, with Federal regulations and directives, and, specifically, with Federal regulations and
directives referenced in Paragraph 7.0, Procedure References, of this policy.
USE OF NCC IBM-COMPATIBLE MAINFRAME
The IBM-compatible mainframe will be used for official Government business only.
Unauthorized use of the mainframe is a criminal offense under Title 18 of the United States
Code, Section 641, and may subject violators to a fine of up to $10,000 and/or imprisonment
of up to 10 years.
5.0 DEFINITIONS
System Integrity System integrity is the ability of an operating system to prevent the
bypassing of its security mechanisms. An individual operating system
component may, however, require system-level privileges in order to
perform its function. It must acquire and exercise these privileges in a
manner that is controlled, consistent with system integrity, and capable of
being audited.
Operating System Operating system software is defined as any software which:
Software
a. Is installed in an Authorized Program Facility (APF) library or which
becomes system authorized in any other fashion.
b. Has an entry in the Program Properties Table (PPT).
c. Issues non-IBM-supplied SVCs.
d. Is loaded as part of the system IPL.
e. Is initiated as a started task and is either privileged or trusted.
-------
Page 6 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
Operating System An operating system privilege is defined as:
Privilege
a. The ability to issue MVS operating system commands.
b. The ability to access or modify a resource belonging to a system
customer without the knowledge or consent of that customer.
c. The ability to control or alter the operation of a system software or
hardware component.
RACF Resource Control Access Facility. An IBM-compatible software product
which interfaces with the computer's operating system to provide for
computer security.
RACF Security An individual appointed by application management and who has attended
Administrator appropriate training in the use of RACF for application security manage-
ment.
6.0 STANDARDS
6.1 IDENTmCATION AND AUTHENTICATION OF USERS
a. User-IDs, accounts, and User-ID passwords will be used for IBM-compatible mainframe
access. The owner will protect passwords from disclosure to any other individual.
b. User-IDs and accounts will be registered through EPA NDPD's Time Sharing Services
Management System and entered into the IBM Resource Access and Control Facility
(RACF) data base by TSSMS.
c. TSSMS will provide procedures and mechanisms required for registration of and entry
into the RACF data base of all IBM-compatible mainframe User-IDs and accounts.
d. TSSMS will ensure that only authorized ADP management or RSA personnel can request
and receive account/User-ID registration transactions and information. TSSMS will
maintain a list of authorized personnel.
e. TSSMS will maintain the TSSMS data bases synchronous with the RACF data base. A
TSSMS data base is defined as any file containing account/User-ID information accessed
in a manual or automated fashion.
f. TSSMS will ensure secure entry of User-IDs and accounts into the RACF data base and
will conform to RACF parameters in those entries. User-ID passwords will be randomly
derived. TSSMS will exclude from entry into RACF any User-IDs which are not to be
used for system access, or used for operating system software operation.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08 Page 7 of 16
g. TSSMS will remove from RACF those User-IDs which have been inactive (have not
accessed the system) for 365 days. This will be performed at a minimum of once a
quarter. The only exception is that the ADP Coordinator and the Account Manager will
always be connected to the RACF account that they manage. They will not be deleted
from that group or from the NCC system.
h. At least once each quarter, TSSMS will remove those User-IDs from RACF which have
been in revoke status for at least 6 months.
i. TSSMS will coordinate with responsible personnel the disposal of resources and their
RACF profiles belonging to deleted User-IDs and accounts. TSSMS will provide for the
removal of deleted User-IDs and accounts from resource access lists.
j. TSSMS will provide for the unique identification of all User-ID owners. Shared User-
IDs and ownership of multiple User-IDs by one individual will not be allowed except
where a demonstrated production control use of the User-ID or an application operational
hardship is documented in writing by the application's ADP management to die NDPD
ADP Security Officer and a written waiver to the policy has been obtained. Violating
User-IDs will be disabled by TSSMS and deleted from the system 90 days after disabling
unless alternate administrative action is obtained. TSSMS will coordinate appropriate
administrative action with the User-IDs ADP management. Where coordination cannot
be obtained within 10 working days, TSSMS will coordinate administrative action with
the Primary Support Contract computer security staff.
k. TSSMS will notify the new customer or RACF Security Administrator of his/her User-ID
and password. TSSMS will provide tracking and disabling from system access for new
customer User-IDs.
1. The use of automated logon scripts for system access which contain embedded passwords
are not permitted.
m. ADP management will use TSSMS procedures to request and receive account/User-ID
transactions.
n. ADP management will ensure that TSSMS information about the owner of a User-ID is
accurate.
o. Program Office RACF Administrators will alter RACF profiles of User-IDs after their
initial entry into RACF to conform to application security requirements.
p. Program Office RACF Administrators will reset passwords required for User-IDs for
which they are responsible.
q. Surrogates are not allowed for a User-ID with RACF privileges.
-------
Page 8 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
6.2 SECURITY ADMINISTRATION
a. IBM's Resource Access Control Facility is subject to provisions included in Section 4.2
of this policy.
b. RACF is the approved software used to enforce system security and operational and
application security features. All operating system software with a RACF interface will
use the interface for any required security and operational control and enforcement.
Where allowed by the RACF interface, access will be based on groups.
c. RACF will be used to enforce system and Program Office application security and
operational requirements as determined by OIRM risk assessment methodology. RACF
will be used to provide for separation of duties and access of data as determined by
personnel job functionality and application requirements.
d. RACF hierarchical capabilities will be used to establish administrative domains based on
NDPD and Program Office operational and security requirements. Each Program Office
will designate personnel responsible for administration of its respective domains. The
NDPD ADP Security Officer will approve personnel responsible for administration of
NDPD related domains.
e. Each Program Office RACF Administrator will be:
1. Certified through NDPD-sponsored training in RACF administration.
2. Granted sufficient and minimal RACF privileges for the performance of adminis-
trative duties within the domain as specified by the Program Office or the NDPD
ADP Security Officer. The following RACF functions will be available to each
Administrator for his domain:
(a) Changing a password for a User-ID.
(b) Denying and resuming a.User-ID's access to the system.
(c) Changing the RACF parameters for a User-ID.
(d) Protecting data sets, tapes, and other application resources.
(e) RACF Group Administrative authorities.
3. Required to adhere to provisions of this policy.
f. All other RACF administrative functions concerned with account/user registration are
reserved for the Time Sharing Services Management System (TSSMS). These personnel
will be certified through NDPD-sponsored training in RACF administration.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08 Page 9 of 16
g. Global RACF privileges will be restricted as follows:
1. RACF SPECIAL will be reserved for the NDPD RACF Administrator personnel
approved by the NDPD ADP Security Officer for the maintenance of RACF and its
parameters. RACF SPECIAL may also be assigned to NCC Customer Support and
account/user registration personnel as required to provide administrative and customer
support.
2. RACF OPERATIONS is reserved for Data Management personnel.
3. RACF AUDITOR is reserved for NCC and OIRM computer security staff.
h. RACF parameters will be used to enforce password change intervals and password rules
and syntax to limit the number of allowable unsuccessful access attempts and to control
disposition of unused User-IDs. The NDPD ADP Security Officer will determine values
for the parameters which are subject to normal NDPD review processes. Values in effect
as of the date of this policy are:
Logon Attempts 4
Password Interval 90 days
Password Rule Minimum length of six characters, maximum of eight.
Password must contain at least one alpha and one numeric
character.
Password History 10
Unused User-IDs Disabled (located in the RACF data base but not usable for
system access until re-enabled) by RACF after 99 days.
Data Set Protection PROTECTALL in FAIL mode.
i. RACF account numbers, User-IDs, and passwords will be required for system access.
The owner will protect passwords from disclosure and misuse.
j. New features made available in RACF version upgrades which have been reviewed and
approved by the NDPD ADP Security Officer will be installed as required to enhance or
improve the overall security environment provided for in this policy. Such features will
supersede current policy provisions designed to maintain system integrity and accountabil-
ity in the absence of these features.
6.3 DATA SECURITY AND INTEGRITY
a. The RACF PROTECTALL parameter in FAIL mode will be used to ensure that all data
residing on mainframes covered by this policy is protected through a RACF profile after
the RACF decentralization effort is complete.
b. User data sets will be protected through RACF.
-------
Page 10 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
c. Generic RACF data set profiles are the preferred method of protection and are strongly
recommended to the customer community. Use and support by NDPD of discrete RACF
profiles will be on an exception basis only.
d. RACF profiles for user data sets should notify the owner of those attempting to access
the data without authorization.
e. Users of sensitive applications will protect job output with NDPD mechanisms installed
for that purpose.
f. Owners of sensitive data will use the ERASE ON SCRATCH option in the data file's
RACF profile and will establish degaussing procedures with Data Processing Support
Services (DPSS) for tapes containing sensitive data.
g. TSSMS will notify NCC Data Management of User-IDs and accounts to be deleted from
the system. NCC Data Management will provide responsible ADP management with a
listing of all data resources and RACF data resource profiles, and will coordinate with
ADP management a disposition for those resources. NCC Data Management will notify
TSSMS when this has been completed so that the User-ID can be removed from "revoke"
status and deleted.
h. All system level files will be protected through RACF generic profiles. NCC Network
Systems will designate a person or persons responsible for protecting and maintaining the
RACF protection of system level data sets. A level of protection will be maintained to
ensure against compromise of system and application security, integrity, and operation.
i. Job Control Language (JCL), programs, and CLISTs for production control applications,
and job schedulers for their execution, will be protected through RACF at a level
sufficient to prevent their unauthorized access or destruction, as well as prevent
unauthorized changes to their RACF profiles.
j. Personnel responsible for maintaining automated job schedulers will develop procedures
to prevent exploitation of identified and inherent security exposures.
6.4 OPERATING SYSTEM INTEGRITY
a. Security Review
Operating system software will be evaluated as to the need and appropriateness of its
privileges and authorizations:
All operating system software installs, modifications, or maintenance for test,
development, or production will be subject to Change Management procedures.
Operating system software requirements as defined in Paragraph 5.0, DEFINITIONS,
will be documented in the Change Management item.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08 Page 11 of 16
The NDPD ADP Security Officer will review the requirements for need and
appropriateness. The software installer will document to the NDPD ADP Security
Officer, at his request, any known or identified integrity exposures. If the software
accesses resources in an environment in which it is not installed, any integrity
exposure(s) to that environment will be identified to the NDPD ADP Security Officer.
b. Installation and Maintenance
All operating system software will be installed in accordance with the vendor license
agreement for the software.
All operating system software installs, modifications, and maintenance will be
conducted in a controlled, accountable, and auditable manner.
All operating system software will be protected from unauthorized access through
RACF data set profiles. All access attempts will be audited through RACF.
An inventory of system operating software will be maintained by Network Systems.
Software subject to the definition in Paragraph 5.0 which is outside the direct control
and supervision of NDPD will not be installed without express approval of the NDPD
ADP Security Officer. If approved, NDPD will provide NDPD staffing and funding
appropriate for the review and audit of the software during its life cycle.
c. Privileges
Operating system privileges will be restricted to the minimum required by designated
individuals or processes for the purpose of the specific system operation to be
performed and will be approved by the NDPD ADP Security Officer.
NCC Primary Support Contract Network Systems will develop and maintain
procedures for requesting, granting, and rescinding privileges granted through
operating system software. The procedures will provide for the maintenance of a list
of privileges and personnel granted those privileges.
6.5 DATA BASE SECURITY
6.5.1 ADABAS
a. Applications designated by the application owner as sensitive will not be placed in any
central version data base which allows access based on a User-ID which (1) has not been
authenticated through a call to RACF by the data base, or (2) has not been authenticated
by RACF prior to acceptance by the data base for access checking. Deviations from this
policy must be approved by the Central Data Base Administrator.
-------
Page 12 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
b. Central version data base administrators will be responsible for establishing procedures
to ensure that User-IDs in data base user authentication files are valid and are under
current RACF control.
c. All files associated with central version data bases will be protected through RACF at a
level sufficient to prevent unauthorized access or destruction of the data, or unauthorized
alteration of the RACF control associated with the file.
6.5.2 DB2 ,
a. DB2 applications designated by the application owner as sensitive will be protected
through RACF groups (secondary authorization groups). All access to the applications
will be maintained and controlled by the ADBAs and the RACF Security Administrator.
b. Any application granted as "PUBLIC" will be available for all DB2 users to access
without restriction. (See Directive 130.07 for additional information.)
6.6 PROVISION OF NCC SERVICES
a. NCC services, including problem resolution, dissemination of information to the public
and to the customer community, and access to the public and the customer community
of NCC data, will be conducted in a secure manner.
b. Authentication of a customer based on TSSMS information for the customer is required
prior to the provision of any services to the customer.
c. Provision of documentation and services will be consistent with the Freedom of
Information and Public Access acts as interpreted by OIRM and EPA Headquarters
policies. A policy exception granted by the NDPD ADP Security Officer is required for
deviation from EPA Agency policies.
6.7 PHYSICAL ACCESS TO NCC COMPUTER FACILITIES
a. Access to Data Center areas or other NDPD designated secure areas will be controlled
through a badge access reader system. The currently approved badge reader system is
owned and operated by EPA's Facilities Management and Services Division (FMSD).
b. All access to the OTS computer area must be approved by the NCC CBI Document
Control Officer and will not be granted prior to his/her approval.
c. NDPD management is responsible for identifying to FMSD those NDPD and OARM
personnel requiring computer area access.
-------
NDPD OPERATIONAL DIRECTIVE 210.08 Page 13 of 16
d. FMSD is responsible for controlling access to Data Center computer areas by Facility and
Facility Support personnel.
e. The Production Services Department is responsible for controlling access to computer
areas by hardware and software maintenance vendors.
f. Unrestricted, full-time access to Data Center areas containing computer equipment will
be limited to personnel whose duties require daily access to those areas. Facility and
Facility Support personnel and hardware maintenance vendors who may not access the
computer areas on a daily basis may be retained on the access list to achieve operational
or emergency response objectives. I/O Control will grant access to other personnel on
an "as required" basis with temporary badges. I/O Control will develop and maintain
procedures for the use of these temporary badges.
g. After-hours access to controlled non-computer room areas will be granted only to
personnel with offices in those areas. NDPD, OARM, Primary Support Contractor
management, or managers of the affected areas may request exceptions from the
managers responsible for the areas.
h. Operations will maintain a list of personnel allowed to open the Data Center during
periods of unattended operation.
i. Data Center areas containing computer support utilities (e.g., water chillers) will be
protected from unauthorized access.
6.8 DISASTER RECOVERY PLAN
a. A disaster recovery manual will be maintained to provide a mechanism for processing
critical Agency applications in the event of extended system unavailability.
b. Functional managers are required to develop workable procedures and plans and to
update the manual at least annually and prior to each drill to ensure success of the overall
recovery effort.
c. NDPD will establish periodic paper drills to ensure that disaster recovery plans and
procedures are adequate.
-------
Page 14 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
MEASUREMENT:
a. Vulnerability Assessments
Security vulnerability assessments will be performed periodically as required by Agency
oversight directives. The vulnerability assessments will be based on a process flow
methodology which evaluates the internal controls of the system as the system request or
transaction passes through the system. This methodology is described in OMB A-123,
Section 8.c. The results of vulnerability assessments will be provided via "to do"
meetings or other administrative vehicles for review and appropriate administrative action
by the Director, NDPD. Alternately, a risk analysis may be accomplished based on
guidance from OIRM/IMSD or the EPA Information Security Manual.
b. Compliance Monitoring and Auditing
Daily audits of system and system file access attempts will be performed each business
day by the NDPD ADP Security Officer or designee using the RACF Report writer.
Monthly system audits will be performed using the RACF DSMON report.
The following audit criteria will be used for each daily audit report:
1. System logon attempts performed from the same location utilizing multiple random
User-IDs and occurring within approximately the same time period.
2. System logon attempts performed outside normal business hours. Additional weight
will be given to those attempts occurring from the same location utilizing random
multiple User-IDs.
3. Repeated password changes involving the same User-ID which indicate an attempt to
circumvent RACF password uniqueness and change interval parameters.
4. Attempts to modify or alter the contents or RACF protection of operating system
files.
5. Use of RACF privileges for purposes other than those defined in this policy.
6. Use of RACF privileges by individuals not authorized for those privileges.
The following constitute auditable events for each monthly audit report:
1. Individuals with RACF privileges who have not requested or been granted those
privileges.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08 Page 15 of 16
2. Absence of RACF protection for critical operating system files (e.g., APF authorized
libraries).
3. Changes/additions/deletions to system exits.
4. Changes/additions/deletions to system started tasks.
5. Changes/additions/deletions affecting the Program Properties Table.
6. Failure to collect audit statistics for appropriate RACF classes as determined by a
review of the RACF class descriptor table.
The NDPD ADP Security Officer or designee will coordinate with appropriate technical
and management personnel to investigate patterns indicating system penetration attempts
or unauthorized alterations or modifications of operating system files. Appropriate
technical and management personnel are defined as those individuals responsible for the
resources needed and required to track the access attempt through the telecommunications
network and the system.
If the investigation reveals that the incident is a prosecutable offense under existing
statutes, the NDPD ADP Security Officer will coordinate appropriate actions, including
notification of local legal counsel, the Office of the Inspector General, and local and
Federal law enforcement officials. If the investigation of the access attempt reveals an
exploitable system or procedural vulnerability, the NDPD ADP Security Officer will
coordinate with appropriate management and technical personnel to ensure that the
vulnerability is addressed. The NDPD ADP Security Officer will create and retain a
Security Incident Report detailing the nature of the incident, personnel involved, and
actions taken. Information for this report will be obtained from management and
technical personnel participating in the investigation and resolution of the incident.
Security impacts of change to the NCC IBM-compatible security environment will be
documented in the Change Management System record for the particular change. Where
possible, unique searchable and displayable fields will be established within the Change
Management System for this purpose.
7.0 PROCEDURE REFERENCES
a. Office of Management and Budget. OMB Circulars A-76, A-123, and A-130. (Available
from the Government Printing Office.) (These publications, while not strictly
procedurally directive, are important components in the administration of security in the
Agency. They set the guidelines for policies and procedures at the operational levels.)
b. U. S. Environmental Protection Agency. (1989) EPA Information Security Manual
(Report No. 431/001). Washington, DC: Office of Information and Resources
Management, Information Management and Services Division. (Location: Publications
Technical Library).
-------
Page 16 of 16 NDPD OPERATIONAL DIRECTIVE NO. 210.08
c. Computer Security Act of 1987. (Available from the Office of Information and Resources
Management).
d. U. S. Environmental Protection Agency. (1992). NCC Security Manual (Report No.
046/001E). Research Triangle Park, NC: National Data Processing Division.
(Location: Publications Technical Library).
e. U. S. Environmental Protection Agency. (1992) EPA/NCC Critical Applications Disaster
Control Manual (Report No. 379/001G). Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library).
f. U. S. Environmental Protection Agency. (1992) RACF Procedures for the TSSMS Office
(Report 418/001). Research Triangle Park, NC: National Data Processing Division.
(Location: Publications Technical Library).
g. U. S. Environmental Protection Agency. (1992) RACF Decentralization Procedures for
the TSSMS Office (Report 510/001). Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library).
h. U. S. Environmental Protection Agency. (1991) Customer's Guide to NCC's Registration
System (Report 471/001). Research Triangle Park, NC: National Data Processing
Division. (Location: Publications Technical Library).
i. U. S. Environmental Protection Agency. (1992) Request for RACF Privileges. Research
Triangle Park, NC: National Data Processing Division. (Location: NCC ADP Security
Officer).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Data Management NO.: 210.09
APPROVAL: Mfo-jlst $;--><-c-^ DATE:
=2:" ""'- ..}.
1.0 PURPOSE
The NCC IBM Mainframe Data Management policy establishes:
a. Data management objectives.
b. Data storage requirements.
c. Data storage media performance and capacity requirements.
2.0 SCOPE & APPLICABILITY
This policy applies to all NCC IBM mainframe customers and to NDPD and FM contractor staff
responsible for the management or operation of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The Primary Support Contractor will develop a data management plan and update and monitor
procedures to implement this policy.
The Primary Support Contractor will perform the tasks necessary to meet the objectives of this
policy.
The customer community will rely on the terms of this policy to manage their data storage
requirements.
NDPD will manage the data storage devices of the NCC IBM mainframe to meet the storage
requirements of the customer community in a secure and cost-effective manner. Data storage
devices will also be managed to enhance system performance.
4.0 POLICY
a. All data sets not catalogued or not conforming to NCC naming conventions will
be deleted from the NCC IBM mainframe system. All data sets that have no data
set organization will be deleted. All data sets that are empty and unused for 7
days will be deleted.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.09 Page 2 of 4
b. DASD data sets which are unused for a designated number of days are routinely
migrated off of primary DASD. The number of days of nonuse is determined by
the DASD management staff and may be lengthened or shortened depending upon
DASD usage and space availability to ensure sufficient DASD space to meet
customer requirements.
c. A procedure will be provided to enable customers to archive to tape their own
DASD data sets. Data sets may be archived for 2 to 7 years.
d. A procedure will be provided to enable customers to restore DASD data sets from
archive tapes.
e. NCC will perform nightly backups of customer DASD data sets on customer
packs which have been created or changed during the day. Nightly backup tapes
will be retained for 35 days.
f. A procedure will be provided to enable customers to restore their data sets from
the nightly backup tapes.
g. All non-VSAM DASD data sets that have a secondary allocation will routinely
have excess space released.
h. DASD volumes will be fully copied to tape biweekly. These tapes will be
retained for 4 weeks before being reused.
i. Private DASD volumes are not allowed.
j. A DASD utilization report will be submitted quarterly to NDPD to indicate
available data storage capacity.
k. Channel and device utilization will be monitored daily to prevent system
performance degradation. Data sets or volumes will be relocated when necessary
to provide optimal system performance. All proposed relocations will be
coordinated with the IBM Performance Group before relocation takes place. In
the event of conflict between system performance and DASD economy, every
effort will be made to favor system performance.
1. Tape data sets created on the NCC IBM mainframe will be controlled by a
software tape management system to prevent accidental erasure of data.
m. The default retention period for tape data sets created on the NCC IBM
mainframe will be 5 days. Customers may explicitly specify other retention
periods.
-------
NDPD OPERATIONAL DIRECTIVE 210.09 Page 3 of 4
n. Foreign tapes can be used interchangeably from system to system. When the
customer submits a foreign tape, Data Processing Support Services (DPSS)
assigns it a 'B' number to eliminate any conflicts of volume serial numbers.
When DPSS personnel notify the customer of the 'B' number for the tape, they
ask if the customer will be writing to the tape or reading the tape only. If the
customer is reading the tape only, DPSS personnel will remove any write ring
and attach a 'No Write Ring' sticker to both the front and back of the tape. If die
tape is a cartridge, the cartridge has a wheel which can be turned to show a white
dot indicating the tape is write-protected. A 'No Write Ring* sticker is placed on
the tape. If the tape is file protected, and the customer wishes to write to the tape,
he/she must call DPSS to ask that a write ring be inserted. DPSS will verify that
the tape does belong to that customer, that a write ring is inserted, and that the
'No Write Ring' sticker is removed. Customers are advised that NO protection
exists for accidentally overwriting a tape that is not file guard protected.
o. Customers may be exempted from standard procedures with proper justification
and NDPD approval.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1993) EPA-NCC IBM Data Manage-
ment Plan (Report No. 575/001). Research Triangle Park, NC: National Data
Processing Division. ADP Operations Management Branch. (Location:
Publications Technical Library)
b. U. S. Environmental Protection Agency. (1985, currently being revised) Change
Management Procedures Manual (Report No. 245/00IF). Research Triangle Park,
NC: National Data Processing Division. ADP Operations Management Branch.
(Location: Publications Technical Library)
c. U. S. Environmental Protection Agency. NCC IBM Data Management Handbook.
Research Triangle Park, NC: National Data Processing Division. ADP
Operations Management Branch. (Location: On-line in data set
JMAS.HANDBOOK)
d. U. S. Environmental Protection Agency. DF/HSM Handbook for NCC Data
Management. Research Triangle Park, NC: National Data Processing Division.
ADP Operations Management Branch. (Location: On-line in data set
JMAS.DOCUMENT)
-------
NDPD OPERATIONAL DIRECTIVE 210.09 Page 4 of 4
e. U. S. Environmental Protection Agency. SMS Handbook for Data Management.
Research Triangle Park, NC: National Data Processing Division. ADP
Operations Management Branch. (Location: On-line in data set
JMAS .DFSMS .DOCUMENT)
f. IBM Corporation. MVS Storage Management Library. San Jose, California.
g. Platinum On-Line Guide. (1992) Updates made by the National Data Processing
Division. ADP Operations Management Branch. Research Triangle Park, NC:
Office of Information Resources Management (OIRM). (Location: NCC-IBM
Mainframe, in Platinum On-Line Guide, printable within the Guide)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Configuration NO.: 210.10
Management
APPROVAL: fcOffiC1.-. +;'&&$ *-3( DATE:
1.0 PURPOSE
The NCC IBM Mainframe Configuration Management policy establishes:
a. Configuration management objectives.
b. Activities required to meet configuration management objectives.
c. Review requirements to ensure compliance.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. The IBM mainframe system will be managed in a manner which provides:
(1) A current inventory of all system components.
(2) A current system hardware and software configuration.
(3) A current system telecommunications configuration.
(4) A mechanism for processing hardware, software, and maintenance
procurement requests in a timely manner.
b. An on-line data base containing the information required to meet policy objectives
will be maintained and updated within 5 working days of any system
configuration change.
c. The on-line data base will contain sufficient detail to enable technical personnel
to obtain system hardware and software configurations or parameters necessary
for the customary performance of their duties.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.10 Page 2 of 2
d. The FM contractor will review and certify the accuracy of the configuration
management data base quarterly.
e. All procurement requests for changing the NCC IBM mainframe hardware
configuration must bear the concurrence of the Chief, ADP Operations
Management Branch. In the context of this policy, the NCC IBM mainframe
configuration consists of the IBM processor complex and all attached peripheral
devices. The ADPOMB Branch Chief will concur with NCC IBM mainframe
hardware configuration changes after consultation with the IBM Performance
Group in order to ensure that system performance will not be degraded as a result
of hardware configuration changes.
f. All system software residing on the NCC IBM mainframe must be installed and
maintained by Technical Services in compliance with the provisions of the Change
Management Policy. In the context of this policy, system software consists of all
vendor-supplied products accessible by the general user community. It also
includes all system control and monitoring software, plus NCC developed exit
code that supports these products. Technical Services may delegate table
maintenance functions in support of system software products to other Unisys
organizations. However, Technical Services and the EPA Technical Managers
bear the ultimate responsibility for system software integrity.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Started Tasks NO.: 210.11
APPROVAL: ^ DATE:
1.0 PURPOSE
The NCC IBM Mainframe System Management policy establishes:
a. Guidelines for determining started tasks.
b. Oversight responsibility for new and routine started tasks.
c. Maximum, effective use of the Common Storage Area (CSA).
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management, operation, or maintenance of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and perform the tasks necessary to meet policy
objectives.
4.0 POLICY
a. No test mode started tasks (CICS, AD ABAS, S2K, JES2, etc.) are to run on the
IBM system on a production day without NDPD approval.
b. The normal production started tasks will be identified by Technical Services.
NDPD will receive a new copy of a production started task list whenever a
change is made. The list will explain the purpose of each started task address
space.
c. No new started tasks will be put into production without approval of Technical
Services. All requests for new started tasks must include an estimate of CSA
requirements.
d. Console operators will not use the FORCE command to terminate started tasks
without the permission of Technical Services.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.11 Page 2 of 2
e. S2K developers can ask the console operators to start or stop the S2K address
space. However, console operators must use the standard procedures in
performing these activities. If normal procedures fail, the operators will contact
Data Base Support Services (DBSS) for additional instructions to solve the
problem. Under no circumstances will console operators take additional
instructions from the S2K development group.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: ADP Capacity Planning NO.: 210.12
APPROVAL; &£ ^v-AU?DATE: !6/22/9t>
1.0 PURPOSE
The NCC ADP Capacity Planning policy is intended to ensure that sufficient ADP resources are
continuously available to accomplish the Agency's mission. Capacity planning objectives include
the following:
a. Production of capacity planning reports to document anticipated workload growth,
ADP resource requirements and justification, and hardware configuration
forecasts and delivery schedules.
b. Effective management of long-term hardware contracts.
c. Input and support for an Agency information resources management strategic
plan.
d. Improved accuracy, consistency, and timeliness of capacity analyses to support
hardware planning and decision-making.
2.0 SCOPE AND APPLICABILITY
This policy applies to all NDPD staff, Facilities Management contractor, and periodic expert
consultant personnel responsible for the NCC hardware capacity management and planning
activities. Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The Architectural Management and Planning Branch (AMPB) is responsible for the development,
implementation, and management of capacity planning activities for the NCC mainframe
systems, scientific processors (when implemented), and backbone networks. The FM contractor
and consultant contractors will assist AMPB in defining appropriate capacity planning analyses;
determining necessary staffing levels, technical requirements, and responsibilities; conducting
capacity planning activities as described below; and evaluating alternatives to capacity planning
issues and recommending the most efficient and effective solutions.
4.0 POLICY
Capacity planning activities include, but are not limited to, the following:
a. Developing a strategic hardware capacity plan to define NCC hardware
requirements over a 2-year time span, which will require updates every 6 months,
at a minimum, or as required by changes to the Agency's "business plan".
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.12 Page 2 of 4
b. Conducting workload analyses and trending.
c. Soliciting user communication and involvement to determine more accurate
workload growth projections and service requirements.
d. Evaluating capacity impacts and conducting alternatives analyses.
e. Analyzing new technology impacts to ADP capacity.
f. Assisting Regional Offices with technical capacity analyses as required.
g. Participating in specialized technical studies as required to support the research
and analysis of capacity planning issues.
h. Communicating all pertinent information to Agency personnel responsible for the
development of Agency information resources management (IRM plans).
i. AMPB is primarily responsible for capacity planning, while the Automatic Data
Processing Operations Management Branch (ADPOMB) is primarily responsible
for performance management of mainframe systems (as describee by NDPD
Operational Directive 210.03, NCC IBM Mainframe Performance Management).
and the Telecommunications Branch (TCB) is primarily responsible for
performance management of the network (as described by NDPD Operational
Directive 300.03, IBM SNA Network Performance and Capacity Management).
The relationship of these responsibilities requires a high degree of cooperation
and communication. The interactions required by AMPB are summarized below:
(1) AMPB will assist ADPOMB and TCB in defining and analyzing the
potential resource utilization, performance, and capacity impact of major
new applications.
(2) AMPB will monitor and analyze trends in major NCC user applications
(both existing and emerging) and assist ADPOMB and TCB in evaluating
the overall system impacts of these continuing trends.
(3) AMPB will consult with ADPOMB for review and concurrence with its
draft quarterly capacity reports on mainframe systems.
(4) AMPB will consult with TCB on the development and implementation of
a network capacity planning policy.
5.0 REPORTING
AMPB will regularly analyze capacity of the NCC systems to determine (1) the consistency of
actual workload growth with user forecasts, and (2) the current NCC mainframe systems reserve
capacity. The following reports are planned:
a. AMPB will produce a quarterly capacity forecast for each NCC mainframe
system to define the capacity requirements for three distinct time periods: the
balance of the current Fiscal Year (FY), die following FY or operating budget
year (FY+1), and the next FY or planning budget year (FY+2).
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.12 Page 3 of 4
This forecast will include a complete description of the analyses performed and
all assumptions contributing to the capacity predictions. Graphical presentation
will be used to the greatest extent possible to show:
(1) Current capacity in use.
(2) Amount of reserve capacity.
(3) Anticipated timeframe of system saturation.
(4) Alternatives to resolving and/or delaying capacity problems.
b. AMPB will develop hardware equipment forecasts to assist the management and
execution of the multi-year mainframe contract. These forecasts will be produced
at least 4 months prior to the required delivery of the equipment.
c. AMPB will produce special capacity reports as required to support long-term
budget planning and/or to assess the impact of new or changing ADP
requirements. These reports may include detailed workload characterizations,
special analytic modeling scenarios to evaluate hardware alternatives, or studies
to answer specific "what if capacity questions from NDPD management.
6.0 DEFINITIONS
Capacity planning is one of two components (the other being performance management)
comprising capacity management. The following definitions are included to distinguish these
terms and related activities:
Capacity Management The activity that controls, measures, and plans the
configuration required to meet the organization s current
and future information processing requirements. Capacity
management is composed of two components: performance
management and capacity planning.
Performance Management The function that measures, evaluates, and reports data
processing performance, and prevents or corrects
performance problems. Performance management deals
with the tactical issue of providing acceptable data
processing service to the user community.
Capacity Planning The process of determining the hardware, software,
features, organization, and facilities required for the
continuous delivery of acceptable service to users.
Capacity planning primarily deals with the strategic issue
of forecasting the necessary resources required to support
future data processing demand.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.12 Page 4 of 4
Master Facility Planning- Capacity planning data is used to produce a Master Facility
Plan, which is intended to ensure that facility support
equipment is in place to accommodate the growth of the
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe System Integrity NO. 210.13
APPROVAL: &V;^V; >V--:'- ' /» DATE:S//7/?3
' "'
1.0 PURPOSE
The NCC IBM Mainframe System Integrity policy establishes:
a. Objectives for maintaining system integrity.
b. Functions which will be managed to meet the objectives.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and primary support contractor staff personnel responsible for
the management and maintenance of the NCC IBM mainframe system.
Any deviations from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The Primary Support Contractor will develop, update, and monitor procedures to implement this
policy.
The Primary Support Contractor will adhere to NDPD policies and perform the tasks necessary
to meet policy objectives.
4.0 POLICY
a. The NCC IBM mainframe system resources will be managed in a manner which
provides maximum availability to the customer community.
b. The NCC IBM mainframe system resources will be managed in a manner which
provides maximum useability to the customer community.
c. The NCC IBM mainframe system resources will be managed in a manner which
provides maximum reliability to the customer community.
d. The NCC IBM mainframe system resources will be managed in a manner which
provides maximum protection to the operational environment by maintaining a
logical separation of both the test and development environments from the
production environment.
e. The NCC IBM mainframe system resources will be thoroughly documented.
Documentation will include developing specific procedures to ensure system
integrity and updates to these procedures on a regular basis.
f. The Primary Support Contractor will, in concert with NDPD technical managers,
ensure that NDPD operational procedures are implemented for each of the areas
identified above.
-------
NDFD OPERATIONAL DIRECTIVE NO. 210.13 Page 2 of 2
5.0 DEFINITIONS
a. System availability is defined as ensuring NCC IBM mainframe system resources
are accessible for use by the general customer community. Documented
procedures will be developed and maintained by the Primary Support Contractor
to support maximum system availability.
b. System useability is defined as ensuring NCC IBM mainframe system resources
are adequately maintained and operating at manufacturer's standards. Document-
ed procedures will be developed and maintained by the Primary Support
Contractor to support maximum system resource useability.
c. System reliability is defined as ensuring NCC IBM mainframe system resources
are dependable and function in the intended manner. Documented procedures will
be developed and maintained by the Primary Support Contractor to support
maximum system resource reliability.
d. System protection is defined as minimizing the risk of unauthorized access in such
a manner that security controls specified for the system cannot be compromised.
Documented procedures will be developed and maintained by the Primary Support
Contractor to support maximum system resource protection.
e. System documentation will include specific procedures employed by the Primary
Support Contractor to accomplish the above guidelines. These procedures will
be developed and maintained by the Primary Support Contractor, approved by
NDPD technical management, and centralized in one manual.
6.0 STANDARDS
The NCC IBM mainframe processing services will be available to the customer community from
0700 each Monday until 2000 each Sunday (Eastern Time) throughout the year. Exceptions to
these times may occur because of maintenance or system testing. Any time changes will be
posted in the online dataset 'JUSD.HOURS.'
7.0 PROCEDURE REFERENCE
U.S. Environmental Protection Agency. (1993) MVS Systems Standards and Procedures Manual
(Draft). (Report No. 569/001) Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resource Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Authorized Program Facility Library Usage NO. 210.14
APPROVAL: i^g&i 'ZM. L: / V -'.; DATE: *//7/t3
1.0 PURPOSE
This policy identifies the requirements for request and usage of Authorized Program Facility
(APF) Libraries.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and primary support contractor staff personnel responsible for
creation and support of APF Libraries.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
It is the responsibility of the preparer to conform to this policy in submitting requests for APF
Library authorization.
The Primary Support Contractor will develop, update and monitor procedures to implement this
policy.
The Primary Support Contractor will adhere to NDPD policies and perform the tasks necessary
to meet policy objectives.
NDPD will ensure that APF Library update access is controlled through RACF profiles.
4.0 POLICY
APF Library authorization shall be provided when:
a. The requestor (e.g., Vendor, Primary Support Contractor, NDPD Personnel) has
a clearly documented requirement to create the APF Libraries.
b. The requirement is defined in a Change Management Record. Requirements for
the Change Record will be detailed in the Network Systems MVS Systems
Standards and Procedures Manual.
c. Update access to APF libraries will be limited to personnel maintaining the APF
library. Access control will be determined by RACF profiles.
Access to SYS1.PARMLIB, which contains the method by which APF libraries are authorized,
will be limited to personnel required by job function to maintain these system libraries.
APF Library authorizations and access privileges to SYS1.PARMLIB will be reviewed annually.
-------
NDPD OPERATIONAL DIRECTIVE NO. 210.14 Page 2 of 2
5.0 DEFINITIONS
APF Library: An authorized library that contains modules which perform IBM MVS/ESA
operating system restricted functions. To use restricted functions, the programs utilizing those
functions must reside in an installation authorized library. Authorized Libraries are defined in
a MVS/ESA operating system parameter library member.
6.0 STANDARDS
APF Library authorization must be requested by a Department or Group Manager/Supervisor.
All requests will be submitted through the Change Management System and must be submitted
in accordance with Change Management procedures. A change item must be opened by
requester for the production environment. A request to create an APF library for the test
environment must be stipulated in the description text area of the production change item. ALL
requests will be reviewed at the weekly Change Management meeting.
7.0 PROCEDURE REFERENCE
U.S. Environmental Protection Agency. (1993) MVS Systems Standards and Procedures Manual
(draft) (Report No. 569/001). Research Triangle Park, NC: National Data Processing Division.
Office of Administration and Resource Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC Scientific Cluster System Management NO. 230.01
APPROVAL: f)^ /)lf\ rfD D DATE:/Z ~
1.0 PURPOSE
The NCC Scientific Cluster Management policy establishes:
a. Objectives for managing the system.
b. Functions which will be managed to meet the objectives.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and all Primary Support Contractor (PSC) staff personnel
responsible for the management, operation, or maintenance of the NCC Scientific Cluster.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will adhere to NDPD policies and perform the tasks necessary to meet policy
objectives.
4.0 POLICY
a. The NCC Scientific Cluster will be managed in a manner which provides cost-
effective, reliable, available, and accessible service to the customer community.
b. The NCC Scientific Cluster will be managed to meet the service levels defined
in the Scientific Standards section of Policy 230.02, NCC Scientific Cluster
Service Levels.
c. While the organizational structure of NDPD and the PS contractor may change
from time to time, the following major areas of responsibility will be managed:
(1) System Operations.
(2) System Software Maintenance.
(3) Data Communications Facilities Support.
(4) System Performance Tuning.
(5) Capacity Planning.
(6) Customer Service Activities.
(7) Contract Administration for System Components.
d. The PSC will, in concert with NDPD technical managers, ensure that NDPD
operational policies are implemented for each of the areas of responsibility
identified above.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.01 Page 2 of 2
5.0 DEFINITIONS
System Operations: Console and peripheral equipment operation, physical facilities manage-
ment, data storage management, preventive and remedial hardware maintenance scheduling,
change management, and production control.
System Software Maintenance: Installing and maintaining all vendor-supplied software. This
includes DEC system and program products as well as software supplied by third-party vendors.
Data Communications Support: Installing, maintaining, and monitoring the performance of all
data links and associated equipment in use at NCC.
Performance Tuning: All activities required to ensure that the goals defined in the service level
policy are met on a daily basis.
Capacity Planning: All activities required to predict future workload and to identify resources
which must be acquired to meet the service level policy objectives in the future.
Customer Services: Customer support activities for problem resolution, customer registration
and billing, and central data base administration.
Contract Administration Services: All activities required to order and maintain the hardware and
software components of the NCC Scientific Cluster.
6.0 STANDARDS
Refer to Policy 230.02, NCC Scientific Cluster Service Levels, for more information about
standards.
7.0 PROCEDURE REFERENCES
U. S. Environmental Protection Agency. (1993) Operations Handbook for the Scientific VAX-
Cluster (Report No. 508/001). Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resources Management (Location: Publications
Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC Scientific Cluster Service Levels NO. 230.02
APPROVAL, - DATE: /*-
1.0 PURPOSE
The NCC Scientific Cluster Service Level policy establishes:
a. Scientific Cluster components.
b. Access rules for Cluster components.
c. Scheduled hours of system availability.
d. System stability goals.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and PSC staff personnel responsible for the management,
operation, or maintenance of the NCC Scientific Cluster and to users of this computing resource.
The NCC Scientific Cluster consists of multiple processors and data storage for the support of
scientific applications for regions, programs, and the Office of Research and Development
(ORD). Also included are the associated RTF local area networks and the EPA telecommunica-
tions network.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will adhere to NDPD policies and procedures to ensure that service level objectives
are met. The PSC will also advise NDPD of potential problems which might have an adverse
impact on the NCC Scientific Cluster.
The customer community will comply with the utilization provisions of this policy.
4.0 POLICY
a. NDPD will maintain a list of supported system software. This list will be
updated quarterly and will be available to customers.
b. NDPD will negotiate additional Service Level Agreements (SLAs) with customers
for services to include guaranteed access, private CPU and disk resource, and
software services. NDPD may restrict access to these resources as required to
meet these SLAs.
c. All customers will, under normal circumstances, be granted interactive access to
the general purpose processors.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.02 Page 2 of 2
d. Batch queues will be provided on all processors in the Cluster. The queue
assignments for individual batch jobs will be determined by the job's runtime
requirements. Access to some queues may be restricted by additional SLAs.
e. In the event of an extended failure of resources, NDPD will reconfigure the
remaining resources to best meet the needs of all users, including any covered by
additional SLAs.
f. Customer support services will be available during the designated hours.
g. Stability goals will be computed only for the scheduled hours of service.
h. In the absence of monitoring software, no goals have been established for
interactive response or batch turnaround times. However, resource utilization
quotas will be established to ensure a level of service considered to be satisfactory
by a majority of the customer community.
i. Periodic reports will be submitted to NDPD management to verify compliance
with this policy.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. The full Cluster will be available to the customer community 24 hours a day, 7
days a week, except when it is unavailable due to a scheduled maintenance.
(1) A console operator will be present from 8:00 a.m. Monday through 6:00
p.m. Sunday.
(2) Systems time is reserved from 8:00 p.m. Sunday until 4:00 a.m. Monday
for system maintenance and preventive maintenance. Additional systems
time may be required and will be published to the customer community
via news alerts and customer memos.
b. Customer support services will be available from 8:00 a.m. until 5:00 p.m.,
Monday through Friday.
c. The NCC Scientific Cluster stability goal is a quarterly uptime percentage of at
least 99 percent of scheduled production time for the processor complex.
7.0 PROCEDURE REFERENCES
None.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC Scientific Cluster Performance and NO. 230.03
Capacity Monitoring
APPROVAL: /\~ iO U \ fiLO DATE: /£-
1.0 PURPOSE
The NCC Scientific Cluster performance and capacity monitoring activities include performance
analysis, stability analysis, and capacity planning.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and all Primary Support Contractor (PSC) staff and personnel
responsible for the management, operation, or maintenance of the NCC Scientific Cluster.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy and will alert
NDPD to potential performance problems.
The PSC will adhere to NDPD policies and offer recommendations designed to meet the policy
objectives.
4.0 POLICY
a. System performance will be monitored to ensure compliance with the objective
or Policy 230.02, NCC Scientific Cluster Service Levels.
b. Workload trends will be monitored to identify potential future resource
constraints.
c. The potential resource utilization of major new applications will be assessed to
determine their impact on system performance.
d. System performance and capacity data will be captured and analyzed with
commercially available software. Local code written to support this effort will
be minimized to the greatest degree possible consistent with the objectives of this
policy.
e. System performance, stability, and resource utilization will be summarized and
' to NDPD management daily.
f. Deficiencies in system performance, stability, or resource availability will be
corrected as soon as possible consistent with the provisions of Policy 230.04,
NCC Scientific Cluster Change Management.
g. The system's capacity to support projected growth in workload will be evaluated
and reported to NDPD management quarterly.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.03 Page 2 of 2
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
Digital Equipment Corporation, Maynard, MA. (1993) Polycenter Performance Adviser User
Guide. PN:AA-PH6SB-TE. (Location: DEC Technical Services).
Digital Equipment Corporation, Maynard, MA. (1993) Polycenter Performance Data Collector
and Utilities User Guide. PN:AA-PH6YB-TE. (Location: DEC Technical Services).
Digital Equipment Corporation, Maynard, MA. (1993) Polycenter Capacity Planner User
Guide. PN:AA-PH6LB-TE. (Location: DEC Technical Services).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC VAX Cluster Change Management NO. 230.04
APPROVAL: $ -. ' . DATE:
1.0 PURPOSE
This policy is designed to ensure that all changes are applied in a timely manner without
disrupting system stability or performance.
The NCC VAX Cluster Change Management policy establishes:
a. Change management objectives.
b. System components and changes subject to this policy.
c. Review process required for hardware or software changes.
d. User notification requirements for system changes.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or implementation of hardware and system software changes to the NCC VAX
Cluster and the associated RTF local area network.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.
The following system components are subject to this policy:
a. The processor complex.
b. All peripheral devices attached to the network through DECNET via ETHERNET
and X.25 or SNA. Peripheral devices attached to processors not owned by
NDPD are exempt.
c. Electrical, air conditioning, and other components vital to the operation of the
processor or any of its peripheral devices.
d. All DEC licensed and third party vendor software products installed on the NCC
VAX Cluster and supported by NCC, or NCC-supported software products
installed on remote VAX systems connected to the Cluster through DECNET via
ETHERNET and X.25 or SNA.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy, and
will review stability reports to assess compliance.
The FM contractor will adhere to NDPD policies and procedures to ensure that the terms of
Policy 230.02, NCC VAX Cluster Service Levels, are met.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.04 Page 2 of 2
4.0 POLICY
a. A Change Management Council representing the FM contractor and NDPD will
review and approve changes to the components defined above. Members of the
VAX Cluster Coordinating Committee may sit as observers on the Change
Management Council.
b. All emergency changes must be approved by the FM contractor's department
manager for User Services and Operations. The EPA ADP Operations
Management Branch Chief must grant approval for emergency changes if the FM
contractor's department managers specified above cannot be reached. Approval
for emergency changes can be obtained in writing, in person, or over the
telephone.
c. All required changes will be submitted to the Change Management Council for
review and approval before installation. The impact of proposed changes on
system stability and performance must be considered before approval is granted.
d. Local code is considered system level code not written by the vendor that either
utilizes the vendor supplied exits in the software or modifies the vendor source
code.
Local code development will be approved by NDPD before the task is initiated.
This approval will be in writing either through formal memorandum or by
utilizing the software checklist. System software changes requiring local code
changes will be specifically noted in Change Control.
Local code implementation into production will be with the approval of Change
Control. This approval requires complete testing, documentation, and supervisory
level code review. These requirements can only be waived in emergencies by
NDPD.
e. All DEC and third party software products will be maintained at a release level
which is no more than one level behind the current release level supported by the
vendor unless there is a known stability, performance, or functional problem with
the new release. The Director of NDPD must approve all cases of delayed
maintenance.
f. A user memorandum will be issued 30 days prior to the application of any
software maintenance.
5.0 DEFINITIONS
System changes are classified either as "required" or "emergency." Hardware or system
software maintenance required to correct a stability or performance problem constitutes an
emergency change. Required system changes are routine activities needed to upgrade the
hardware or software configuration.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC VAX Cluster Problem Resolution NO. 230.05
APPROVAL: $&&&£ *., .>' -V DATE:
1.0 PURPOSE
The NCC VAX Cluster Problem Resolution policy establishes:
a. Problem resolution objectives.
b. Problem classification.
c. Problem resolution responsibilities.
d. User notification requirements.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC VAX Cluster and for providing support to the user
community.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and procedures to ensure that problems are
resolved expeditious! y.
4.0 POLICY
a. NCC will strive to resolve problems with the VAX Cluster as soon after
identification as possible in order to provide the best possible level of service to
the user community.
b. Problems encountered with the NCC VAX Cluster will be categorized as
hardware, software, performance, telecommunications, or user problems.
c. All problems with NCC-supported hardware or software will be entered into the
Problem Management System by close of business on the day the problem was
uncovered.
d. The central problem resolution contact will report to NDPD management the
status of unresolved problems on a daily basis.
e. The central problem resolution contact will post news alerts for any problem
which may result in user job failures or user data loss.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.05 Page 2 of 2
f. The User Support staff will serve as the point of contact for resolving user
problems. The User Support staff will forward user problems which they cannot
resolve to a central problem management contact. Users may not call the FM
contractor Technical Services staff directly to obtain assistance.
g. The User Support staff will submit monthly reports to NDPD identifying the
number and nature of user problems addressed during the reporting period. The
reports will be shared with the VAX Cluster Coordinating Committee.
h. The Director of NDPD will be immediately notified of any data loss experienced
by the user community.
i. User reporting problems will be called within 24 hours to advise them of progress
being made in seeking a solution.
j. Closed problem reports will be archived for a period of 3 years from the date the
problem was logged.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC VAX Cluster Timeshare Accounting NO. 230.06
APPROVAL: jft^UL #;. - "/'-!< DATE: W* 7
1.0 PURPOSE
The NCC VAX Cluster Timeshare Accounting policy establishes:
a. Timeshare accounting objectives.
b. Methodology for determining the cost of timeshare services.
c. Reporting requirements for advising ADP coordinators and Agency budget
officials of timeshare charges allocated to them.
2.0 SCOPE & APPLICABILITY
This policy applies to all NCC VAX Cluster users, and to all NDPD and FM contractor staff
personnel responsible for the management or operation of the NCC VAX Cluster.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
The user community will rely on the terms of this policy to manage their timeshare allowance.
4.0 POLICY
a. NDPD will conform to the requirements of OMB Circular A-130 in accounting
for and in full cost allocation of providing data processing services to the user
community.
b. Charges for data processing services will be applied in the following areas:
(1) Processor utilization.
(2) Printing.
(3) Telecommunications.
(4) Disk utilization.
c. The rate for the services will be reviewed and adjusted annually to reflect changes
in the cost of providing these services. The rate for the new fiscal year will be
published in the last quarter of the current fiscal year.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.06 Page 2 of 2
d. Every system transaction will be charged for actual resources consumed if data
can be captured accurately and the cost of capture does not outweigh the cost
recovery of the resource.
e. NDPD may apply premiums or discounts for certain processing priorities or
techniques to encourage efficient resource utilization.
f. Charges will be refunded if a transaction fails due to console operator error,
system hardware failure, or system software error. Jobs using more than 2 hours
of CPU time must have user defined save and restart capability to be eligible for
a refund. The refund will not exceed charges greater than those incurred during
2 hours of CPU utilization.
g. NDPD will provide a summary of each month's timeshare charges by the 5th day
of the following month.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC VAX Cluster User Registration NO. 230.07
APPROVAL: $4*&H *...'' ". -/ DATE: B/J/g 7
-
1.0 PURPOSE
The NCC VAX Cluster User Registration policy establishes:
a. User registration objectives.
b. User registration requirements.
c. Reporting requirements for managing the user registration process.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC VAX Cluster system, and to the NCC VAX Cluster user
community.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to implement this policy.
The TSSMS Office will be responsible for conducting user registration services.
The user community will follow the NDPD procedures derived from this policy to gain access
to the NCC VAX Cluster system.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring that users
are registered on the NCC VAX Cluster for the purpose of conducting legitimate Agency
business only.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring user
identification termination for all EPA, contractor, or subcontractor employees upon the
termination of a project or resignation of employees under his jurisdiction.
4.0 POLICY
a. User registration procedures will conform to the objectives of this document and
the terms of Policies 230.06, Timeshare Accounting, and 230.08, NCC VAX
Cluster Security.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.07 Page 2 of 2
b. ASRL Meteorology and general users will be registered on both the large models
and general purpose processors to allow transfer of workload as specified in
Policy 230.01, NCC VAX Cluster Service Levels.
c. System utilization will be recorded for authorized individual users and for
accounts which may include multiple users.
d. New accounts may be created by EPA ADP Coordinators only. Provisions will
be made for group designations and the use of Access Control List facilities.
e. Each user will be assigned a unique user identification code and will be associated
with one or more accounts as requested by the EPA ADP Coordinator or EPA
Account Manager.
f. User identification codes previously assigned to a user no longer registered on the
NCC VAX Cluster may be reassigned to another user.
g. Telephone requests for account or user registration will be honored, but signed
hardcopy verification of all requests are required within 2 weeks to retain the
registration.
h. A user terminating employment will be removed from the system. All resources
associated with this user identification code will be assigned to another user or
deleted at the discretion of the ADP Coordinator or Account Manager.
i. Accounts and user identification codes which have not been accessed for 1 year
will be deleted from the system. The user and Account Managers will be notified
at least 30 days prior to deletion of an account or user identification code.
j. Every ADP Coordinator and Account Manager will receive a periodic report
identifying the accounts and user identification codes for which he is responsible.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC VAX Security NO. 230.08
APPROVAL: Aj0tjL$(j^ujiL-£L_ DATE:
1.0 PURPOSE
This policy establishes a set of security standards and practices for Agency standalone or
network connected computer systems which use the DEC VAX VMS Operating environment and
are owned or supported by EPA's National Data Processing Division (NDPD). These standards
are in compliance with generally accepted security standards and practices and with Federal
regulations and directives referenced in Paragraph 7.0 of this policy.
2.0 SCOPE & APPLICABILITY
This policy applies to all customers of NDPD owned or supported computer systems which
provide for the operation, maintenance, support, or telecommunications services of those
systems.
Any request for a deviation from this policy must be provided in writing to the Director, NDPD
and, if approved, must be approved in writing. Email is an acceptable medium for requesting
and receiving an exemption under this policy. Provisions in this policy might be superseded by
future policies developed for public access and which are subsequently reviewed and approved
by the NDPD Computer Security Officer. Provisions in Public Access policies are regarded as
approved exemptions to this policy.
3.0 RESPONSIBILITIES
a. The Director, NDPD is responsible for:
1. Providing policy for a secure environment for all VMS-based computer
systems covered by this policy.
2. Ensuring that this policy is consistent with all federal regulatory statutes
and directives.
3. Requesting exemptions to federal regulatory statues and directives when
required by considerations unique to the operating environment of the
computer systems covered by this policy.
4. Appointing an NDPD Computer Security Officer responsible for
implementing, maintaining, and reviewing compliance with this policy.
The NDPD Computer Security Officer will be an EPA management
official knowledgeable in information technology and security matters.
5. Participating in NDPD's Computer Emergency Response Team (CERT)
as described in NDPD policies and procedures for that team.
6. Approving, in writing, any approved exemptions to this policy, and
notifying the NDPD Computer Security Officer of any such approvals.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 2 of 12
b. The NDPD Computer Security Officer is responsible for:
1. Establishing and implementing all procedures necessary for the implemen-
tation and maintenance of this policy.
2. Reviewing and approving all security environment changes allowable
under this policy, and reviewing and approving all system-wide special
privileges for all VMS based systems covered by this policy.
3. Establishing and coordinating a security awareness program for data
processing systems covered under this policy.
4. Directing efforts of NCC Primary Support Contractor (PSC) personnel in
security matters pursuant to provisions of the NCC primary support
contract.
5. Coordinating any exemptions to Freedom of Information or Public Access
Acts regarding access to data processed on data processing systems
covered by this policy.
6. Participating in NDPD's Computer Emergency Response Team (CERT)
as described in NDPD policies and procedures for that team.
7. Monitoring system compliance with this policy.
8. Implementing procedures required for system reviews specified in this
policy.
9. Directing efforts of NCC PSC personnel in security review matters
pursuant to provisions of the NCC primary support contract.
c. The management of each technical support function established by NDPD for the
support and maintenance of computer systems covered by this policy is
responsible for:
1. Adhering to all policy provisions.
2. Subscription and use of industry security risk bulletin boards and products
for the purpose of identifying potential security exposures in the VMS-
based environment.
3. Coordination with the NDPD Computer Security Officer or his delegate,
System Managers and System Administrators:
(a) Policy provision implementations, monitoring, and maintenance.
(b) Configuration, according to security policy standards of all VMS-
based operating systems, utilities, and applications for which it
provides central distribution, support or maintenance.
(c) Reporting, defensive, and corrective actions related to system
security exposures, breaches and virus attacks.
(d) Security awareness information dissemination.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 3 of 12
4. Participating in the NDPD Computer Emergency Response Team (CERT)
as described in NDPD policies or procedures for that team.
d. Each Agency Program Office is responsible for:
1. Adhering to all provisions of this policy.
2. Ensuring the physical security of their sites used to house or access
computer systems covered by this policy and the data processing
peripherals and other devices used for that access.
3. Appointing a system Manager and a System Administrator for computer
systems covered by this policy and which reside at their site(s).
4. Maintaining the security of each of their VMS-based computer systems
and the applications residing on them in a manner consistent with this
policy and all Federal regulations and directives.
5. Developing and performing local procedures, risk analyses, and other
mechanisms for determining, enacting, monitoring, and maintaining
computer system and application security requirements under provisions
of this policy.
6. Implementing local security awareness training programs based on
information provided by NDPD and the Agency.
e. Each System Manager and System Administrator will be responsible for:
1. Adhering to all provisions of this policy.
2. As directed by the Program Office, ensuring that provisions in this policy
governing the office are implemented, monitored, and maintained.
3. Subscriptions and use of industry security risk bulletin boards for the
purpose of identifying potential security exposures in the VMS-based
environment.
4. Coordinating with NDPD technical support management and System
Administrators:
(a) Policy provision implementations, monitoring, and maintenance.
(b) Configuration, according to security policy standards, of all VMS-
based operating systems, utilities, and applications for their
system(s).
(c) Reporting, defensive, and corrective actions related to system
security exposures, breaches and virus attacks.
(d) Local dissemination of security awareness information.
(e) Implementing system warning notices during system logon to
provide legal protection from unauthorized access attempts.
(f) Aiding NCC Computer Security Staff with security audits.
-------
NDFD OPERATIONAL DIRECTIVE NO. 230.08 Page 4 of 12
f.
S. Participating in the NDPD Computer Emergency Response Team (CERT)
as described in NDPD policies or procedures for that team.
The EPA NDPD security function is a commercially contracted responsibility of
the Primary Support Contractor as provided for in Attachment A of OMB
Circular A-76. All NCC PSC departments and personnel engaged in the
operation, support, or maintenance of VMS-based systems covered by this policy
are responsible for adhering to these policy provisions and for conducting
security-related activities as directed by the NDPD Computer Security Officer
under provisions of the primary support contract.
4.0 POLICY
The computer systems covered by this policy will be used for official Government business only.
Unauthorized use of any of these systems is a criminal offense under Title 18 of the United
States Code, Section 641, and may subject violators to a fine of up to $10,000 and/or
imprisonment of up to 10 years.
The security of VMS-based computer systems, and the facilities within which they reside and
which are owned, operated, or supported by EPA's NDPD will be implemented, maintained,
and monitored in compliance with generally accepted security standards, with Federal regulations
and directives, and specifically, with Federal regulations and directives referenced in Paragraph
7.0, Policy Reference, of this policy.
Access to Agency VMS-based computers and data residing on those computers will be protected
from unauthorized access from computer systems not covered by this policy.
Any Agency owned or operated VMS-based computer system attaching to the Agency network
must demonstrate conformity to this policy to the NDPD Security Officer within 90 days of
attachment. Demonstration of conformance will be measured by 1) the completion of a VMS
security review checklist and 2) coordinating with the NCC Computer Security Officer for the
execution and review of security software provided by the NDPD Computer Security Officer.
Failure to demonstrate conformance will result in removing the computer system's attachment
from EPA's wide area network.
Advancements in VMS operating system security now permit utilization of software and
components meeting Federal policy guidelines for C2 (discretionary access control) as outlined
in the Department of Defense Trusted Computer System Evaluation Criteria (The Orange Book),
CSC-STD-001-83, dated 15 August 1983. EPA VMS systems covered by this policy will, as
a design goal, meet C2 security requirements.
5.0 DEFINITIONS
a. Federal Trusted Computing Base (C2) Discretionary Access Control - C2 level
of security is described in the Trusted Computer System Evaluation Criteria,
CSC-STD-001-83. Please refer to The Orange Book for C2 specifications. The
system design goals includes the concepts of:
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 5 of 12
1. Discretionary Access Control.
2. Object Reuse.
3. Accountability - Identification & Authentication.
4. Accountability - Audit Trail.
5. Operational Assurance.
6. Life-Cycle Assurance.
7. Security Documentation.
6.0 STANDARDS
6.1 SYSTEM CONFIGURATION AND OPERATION
a. The design goal for the operating system of all computers covered under this
policy will be C2.
b. Security recommendations contained in Security Administrator guides and other
documentation provided by the vendor of each VMS-based operating system will
be implement
c. All documented fixes for known VMS security vulnerabilities will be applied.
d. All files residing on the computer system will be backed up at least weekly for
incremental and monthly for full backups. Backups will be protected from
unauthorized access and alteration. Storage of the backups will be at a location
removed from that of the computer system itself.
e. User-IDs used by vendors for system hardware or software maintenance by non-
VAX site personnel (e.g., FIELD, SYSTEST) will be controlled by the VAX
System Manager and disabled when not in use. AUTHORIZE qualifiers
/FLAGS =DISUSER and /FLAGS=LOCKPWD will be used.
f. All system privileges, with the exception of TMPMBX and NETMBX, will be
restricted to the minimum number of personnel possible and will be granted based
on a requirement for the privilege in order to perform assigned tasks.
g. Establish procedures to grant access authorities to any VAX computer, limit
assignment of privileges to those required to perform assigned task(s), and deny
access or privileges to that person when his/her requirement for access or
privileges has expired.
h. The VAX System Manager will accept responsibility for auditing critical system
events (e.g., system access attempts, resource violations, etc.) and for overall
security management of his/her system. The VAX System Manager will permit
a member of the NCC Computer Security staff to access his/her VAX system to
audit security policy compliance. The NCC Computer Security staff member will
be given a pnvileged account for this purpose, but only for the duration of the
review.
i. Each VAX System Manager is responsible for coordinating enforcement of this
policy with the NCC Security Office and will be responsible for coordinating
resolution of security incidents and other security issues with that office.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 6 of 12
j. Each VAX System Manager is responsible for disseminating information and for
training local operations staffs and users concerning Agency VAX policy,
procedures, and system changes.
6.2 SYSTEM DIRECTORY AND FILE PROTECTION
a. As a minimum, default security applied to system files by DEC will be
maintained.
b. Access to the SYSUAF.DAT, SYSALF.DAT, and NETUAF.DAT files will be
restricted to the System Administrator or those personnel responsible for user
registration.
c. Write access to the DECnet-VAX data base will be restricted to the VAX System
Manager.
d. All operating system files and user data files must be backed up commensurate
with the level of user activity exhibited. The backup interval cannot be greater
than biweekly.
6.3 DEVICE PROTECTION
a. System resources will be protected from unauthorized access which could result
in harm to the VAX operating environment. These include disk volumes, global
section, devices, logical name tables, and queues.
b. On-line storage resources will be protected to ensure the integrity of each user's
designated data files.
c. Memory and disk devices must be owned by "SYSTEM."
d. All other non-terminal devices must be owned by "SYSTEM".
e. RMSJFILEPROT must be set at "FAOO" or modified to provide tighter default
protection.
6.3.1 Terminals
a. Access permissions must be READ and WRITE for system, owner, group, and
world.
6.4 NETWORK
6.4.1 System Warning Notice
a. Each computer covered by this policy which is attached to the Agency telecom-
munications network will display the following message at login:
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 7 of 12
WARNING: The use of this computer is for official Government business only.
Unauthorized use of this computer is a criminal offense under Title 18 United
States Code, Section 641, and may subject violators to a fine of up to $10,000 or
imprisonment of up to 10 years, or both.
6.4.2 Remote Access
a. Proxy accounts will be allowed, subject to the following rules and restrictions:
1. Proxy accounts will not be permitted for User-IDs with system privileges
unless approved by NDPD.
2. Proxy accounts will establish a one-to-one correspondence between User-
IDs and their remote proxies. Multiple remote User-IDs may not be
"proxied" into a single User-ID on one system, and a single User-ID may
not have multiple proxies on a given remote system.
3. All requests for a proxy account must be signed by both the applying user
and his ADP Coordinator. The organization implementing the proxy must
also verify that the name of the requesting user is the same in Authoriza-
tion files on both systems.
4. Procedures for proxy registration and annual recertification of the
justification for each proxy is required.
5. An approved exception to the above proxy account restrictions is between
systems at locations where authorization is controlled by the same
organizational unit, namely the establishment of proxies among members
of a VAX Cluster.
b. All dial-in ports will be configured for modem control and terminals will be
configured with the /MODEM/HANGUP parameters.
6.4.3 DECnet Security
a. Default VAX Account (e.g., FAL - File Access Listener) and other User-
IDs/accounts established to aid intermachine communications will not be
established as privileged accounts unless required for system operation.
Privileges, if granted, will be limited to the minimum required by the system for
the User-ID/account to perform its designated task(s).
b. In addition to DEC recommendations concerning security for a DECnet node as
described in the Guide to VAX/VMS Security, the following will be
implemented:
1. No device will be connected to the EPA DECnet without prior approval
from NDPD.
2. No VAX or MicroVAX covered under this policy will be connected to
any non-EPA network without prior approval from NDPD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 8 of 12
3. The password for the DECnet User-ID will be changed after system
ation.
4. The DECnet User-ID will be allowed no interactive access.
5. The DECnet User-ID will be removed from the executor data base. The
entry in the data base will be replaced by a non-used User-ID to assist in
problem tracking and auditing.
6. The DECnet User-ID should be added to the MAIL and PHONE network
data bases.
7. A File Access Listener (FAL) User-ID will be created with NO WRITE
access to its root directory.
8. Open access to the TASK object will be disabled.
9. Network passwords will be enforced for all DECnet dial-up nodes. Site
VAX transmit/receive passwords will not be revealed to dial-up sites.
10. Define the NETSERVERSTIMEOUT parameter to "000 00:00:10".
6.5 ACCOUNT SECURITY
6.5.1 Registration
a. Procedures will be developed by local system administrators for obtaining an
account, password, group, or password reset, and updating system authentication
files.
b. An account is required for access to any computer system covered by this policy.
c. Only one account per customer is allowed.
d. Accounts may not shared.
6.5.2 Disabled Accounts
a. Disabled accounts will be kept to a minimum.
b. Disabled accounts will be periodically reviewed by the System Administrator to
determine if any of them should be removed from system authorization files.
6.5.3 Duplicate UIDs
a. Each account will be identified with a unique UIC. Duplicate UICs are not
allowed except for SYSTEST and SYSTEST_CLIG as [1,7] and DEC.
b. Each user must have his/her own User-ID.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 9 of 12
6.5.4 Group Accounts
a. Guest accounts are not allowed. A visitor must utilize the normal account user
registration procedure for accountability.
b. An auto-login account will not be used unless the account is a captive,
nonprivileged account of a process which ensures that the user is not allowed
general system access to the site VAX or access to any node in the
DECnet/ETHERNET environment. Auto-login accounts must be configured
through AUTHORIZE as /NODIALUP, /NONETWORK, and /NOREMOTE.
c. Group accounts require a documented exemption through NDPD.
6.5.5 Account Security Management
a. A review will be conducted at least once a year to determine accounts which have
not been used to access the system since their assignment. These accounts will
be removed from system authorization files.
b. A User-ID will be disabled after four consecutive unsuccessful logon attempts
between session initiations. For this purpose, attempts independent of the
terminal used will be considered. The following SYSGEN parameter settings will
be used:
LGI BRK LIM=4
LGI'BRK TERM=0
LGI BRK~TMO=300
LGrBRK_DISUSER=l
6.6 PASSWORD SECURITY MANAGEMENT
a. All User-IDs will be configured with a password. The minimum password length
will be six character. The AUTHORIZE qualifier /PWDMINIMUM will be set
equal to 6 through the use of the AUTHORIZE ADD/MODIFY command.
b. Passwords for new users and reset passwords will be set as expired through the
use of the AUTHORIZE ADD/MODIFY command to set the AUTHORIZE
qualifier /PWDEXPIRED.
c. Passwords for new users and re-issued passwords will be unique for each user
and non-trivial in nature and will not be set to any password previously used for
that user. The AUTHORIZE ADD/MODIFY command should be considered to
set the /GENERATE_PASSWORD qualifier of AUTHORIZE.
d. All passwords will have an expiration period not to exceed 90 days. The
AUTHORIZE ADD/MODIFY command will be used to set the AUTHORIZE
qualifier /PWDLIFETIME.
e. All passwords will contain at least one alpha and one numeric character unless a
dictionary is used by the system for password validity checking.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 10 of 12
f. A password will expire and have to be changed to a unique value by the user to
whom it is assigned a maximum of ninety days after initial assignment, reset, or
change.
g. The system will warn the customer at login of a system required password change
10 days in advance of the required change.
h. The system will display, at login, the date and time of the last successful or
unsuccessful login to the customer.
i. Passwords will be protected from disclosure. Any file which requires a
hardcoded password will be encrypted.
j. Screen locks which require a password for computer system access will be used
to control access to unattended/inactive workstations.
6.7 FILE SYSTEM SECURITY
a. All directories and files established or created by or for a workstation customer
will be protected at a default level from unauthorized access (read, write, execute)
by anyone other than the owner. Use RMS_FILEPROT to "FAOO."
b. No file will be owned by an undefined owner except [1,1].
c. To ensure system file integrity and to promote ease of auditing, only system level
files and utilities will be allowed in the system disk (e.g. DUAO) directories.
These directories will be owned by the system and will only be writable by the
system.
d. Enforce the following policies regarding software installed at the VAX site:
(a) No software which requires installation as a privileged process or image
or which alters or enhances the security environment will be installed
without notifying NDPD.
(b) Software requiring privileges to function will be granted the minimum
privileges required and win be linked with the NOTRACE qualifier.
(c) All software distributed to each VAX site by NDPD will be installed
according to time and installation specifications provided by NDPD.
6.8 PHYSICAL SECURITY
Each VAX site manager will physically and procedurally provide for a secure, controlled access
environment for each VAX computer system. Specifically, each VAX Site Manager will:
a. Develop and implement procedures to grant, deny, and monitor access to the
central processing location. The procedures must include access control of
maintenance personnel, visitors, and unauthorized access while unattended.
b. Protect the central processing location from unauthorized access by industry
accepted access control devices (badge readers, key lock, e.g.).
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 11 of 12
c. Protect all hardware and software from environmental hazards through use of
industry accepted environmental protection devices (e.g., sprinkler system for the
central processing location, uninterruptible power supplies, power surge
protection, and fire extinguishers).
d. Individual workstation owners/operators will be responsible for protecting the
work station against unauthorized access (e.g., logging off when not in use,
keyboard locks if available).
e. Safeguard computer and other property assets through procedures providing for
their receipt, tracking, and disposal.
f. Site safety procedures which comply to applicable safety regulations and fire
regulations are required.
6.9 MEASUREMENT
a. System Managers or System Administrators will monitor their audit trails daily
using the Analyze Audit DCL command.
b. System Managers or System Administrators will periodically, at least monthly,
monitor the system files (or system specific equivalencies) to establish a baseline
of customer usage for the purpose of detecting patterns outside of that base-line
which may indicate a system abuse or intrusion.
c. Security review software will be obtained by the NDPD Computer Security
Officer for reviews of computer systems covered by this policy. Additional
supplemental software and/or procedures required to fully review policy
compliance will be developed under the auspices of the NDPD Computer Security
Officer. An initial review will be performed within 90 days of computer system
installation or attachment to the Agency telecommunications network - whichever
occurs first. Subsequent reviews will be performed by System Managers and/or
System Administrators at least every three years as required by Federal
regulations. Each System Manager and/or Administrator will provide the results
of reviews to the NDPD Computer Security Officer for review.
d. The NDPD Computer Security Officer may authorize periodic independent policy
compliance reviews as required for quality assurance. The NDPD Computer
Security Officer will provide for the reviewer all resources (software, equipment,
etc.) required for the review.
e. Vulnerabilities identified by software provided for system reviews, and which are
not specifically noted in this policy, are subject to the provision in Section 6.1.c
of this policy.
f. Findings from system reviews for NDPD locally owned and operated NDPD
systems will be presented via TO-DO Meetings or other mechanisms for review
and action by the Director, NDPD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08 Page 12 of 12
7.0 PROCEDURE REFERENCE
a. Office of Management and Budget. OMB Circulars A-76, A-123, and A-130.
(Available from the Government Printing Office.) (These publications, while not
strictly procedurally directive, are important components in the administration of
security in the Agency. They set the guidelines for policies and procedures at the
operational levels.)
b. U. S. Environmental Protection Agency. (1989) EPA Information Security
Manual (Report No. 431/001). Washington, DC: Office of Information and
Resources Management, Information Management and Services Division.
(Location: Publications Technical Library).
c. Computer Security Act of 1987. (Available from the Office of Information and
Resources Management).
The following Digital Equipment Corporation, Maynard, MA, publication was used in the
development of this policy and constitutes the accepted reference for implementation of security
in the VAX/VMS environment: (1989) Guide to VMS System Security, PN:AA-LA40B-TE
(Location: DEC Technical Services).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC Scientific Cluster Data Management NO. 230.09
APPROVAL: ]> DATE:
1.0 PURPOSE
The NCC Scientific Cluster Data Management Policy establishes:
a. Data management objectives.
b. Data storage requirements and projections.
c. Data storage media performance and capacity requirements.
2.0 SCOPE & APPLICABILITY
ic Cluster customers and to NDPD and Primary Sup
ICC
This policy applies to all NCC Scientific Cluster customers and to NDPD and Primary Suppor
Contractor (PSC) staff personnel responsible for the management or operation of the NCC
Scientific Cluster.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Data Management personnel.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will perform the tasks necessary to meet the objectives of this policy.
The customer community will rely on the terms of this policy to manage their data storage
requirements.
4.0 POLICY
a. NDPD manages the data storage devices of the NCC Scientific Cluster to meet
the storage requirements of the customer community in a secure and cost-effective
manner. Data storage devices are also managed to enhance system performance
and data integrity.
b. Daily reports are generated to reflect disk space usage on public disks. Customer
accounts and files will be relocated when necessary to provide optimal system
performance and to maintain disk space requirements on public packs. Customers
are notified in the event of the account relocation. System-wide disk logicals are
maintained in order to provide transparency of the physical disk location to the
customer.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.09 Page 2 of 3
c. NCC performs daily incremental backups of disk files on both public and private
packs which have been created or changed since the previous backup. Daily
incremental backup tapes are retained for one (1) month.
d. Full volume disk backups for both public and private packs are performed
biweekly. The biweekly disk to tape copies are retained for one (1) month.
e. System full volume backups are performed biannually for disaster precautions and
tapes are stored offsite. A standalone backup of the system disk is performed
biannually.
f. It is the customer's responsibility to project additional disk requirements at least
90 days in advance. A new customer is automatically allocated 5,000 blocks of
disk space by default and may request an additional 10,000 blocks without
approval. Any disk space requested in excess of 10,000 blocks will require
wntten approval and justification by the customer's ADP Coordinator.
g. Daily monitoring occurs on disk errors and file access failures resulting from disk
hardware failures. Customers are notified in the event a disk volume becomes
unavailable for repair and/or restoration.
h. Disk media and software errors are analyzed to determine if files are corrupted
and repairable. Customers are notified in the event a file has to be restored.
i. A procedure is provided to enable customers to backup their own disk files to
tape. The tape management system prevents accidental erasure of data.
j. A procedure is provided to enable customers to archive their own disk files to
tape. Archived files may be retained for 2 years. Files may be archived in
accordance with NDPD archival policy. (Ref: Guide to NCC Services.)
k. A procedure is provided to enable customers to restore files from the daily system
backup and archive tapes. (Ref: Guide to NCC Services.)
1. Temporary space is available for customers to store large temporary files online
for a short period of time. Three-day and seven-day scratch volumes are used for
this purpose. Expired files are automatically deleted. NCC will not perform
system backups on scratch volumes.
m. Deletion of customer directories and files are performed on accounts that have
been marked for removal. The customer's ADP Coordinator has the option to
retrieve subject files prior to deletion.
n. Deletion of customer directories and files are performed on accounts that have
been inactive for one (1) year. Directories and files are archived to tape prior to
deletion. Notification of inactive customer ID deletions are provided to the
customer's ADP Coordinator.
o. Customer data on public packs which are unused for a designated number of days
will be archived to tape. The number of days of nonuse is determined by the
Data Management staff and may be lengthened or shortened upon disk usage and
space availability to ensure sufficient disk space to meet customer requirements.
Customers will be sent an electronic mail message notifying them of the situation.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.09 Page 3 of 3
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. In order to provide a methodology for optimum disk utilization and a more
efficient means for customers to report and project disk requirements, NCC
maintains and monitors Disk Quotas on the customer's default login disk on the
NCC Scientific Cluster.
b. A utility is used to generate Disk Space Statistics on wasted disk space, to locate
space-management problems and to report the overall status of disks. Customers
are contacted and encouraged to clean-up expired files and to archive unused files
to tape.
c. Private disk volumes may be obtained with proper justification. They will be
retained only if their utilization conforms to efficient practices and procedures.
Private volumes are discouraged. Disk quotas are not allocated on private packs.
Customers are responsible for maintaining disk space on their private packs.
d. A special project disk is set aside for Shared Project Directories where multiple
customers share the same files. Disk quotas are maintained for customers on this
volume.
e. A tape management utility is used by NCC to perform System Backups and disk
file restorations on the Scientific Cluster.
f. A utility is used to defragment non-contiguous and fragmented files on the
Scientific Cluster. The defragmenter enhances file access and file creation
performance.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency (1991) Guide to NCC Services, VAX
Cluster Ready Reference. Research Triangle Park, NC: National Data
Processing Division.
b. U. S. Environmental Protection Agency. NCC VAX Data Management
Handbook. Research Triangle Park, NC: National Data Processing Division,
ADP Operations Management Branch. (Location: On-line in data set
JMAS.HANDBOOK)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC VAX Cluster Configuration Management NO. 230.10
APPROVAL: A « fi H. BJ,jO DATE:
1.0 PURPOSE
The NCC VAX Cluster Configuration Management policy establishes:
a. Configuration management objectives.
b. Activities required to meet the configuration management objectives.
c. Review requirements to ensure compliance.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC VAX Cluster system and associated RTF local area
network.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.
3.0 RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. The VAX Cluster system will be managed in a manner which provides:
(1) A current inventory of all system components.
(2) A current system hardware and software configuration.
(3) A current system telecommunications configuration.
(4) A mechanism for processing hardware, software, and maintenance
procurement requests in a timely manner.
b. An on-line data base containing the information required to meet policy objectives
will be maintained and updated within 5 working days of any system configura-
tion change.
c. The on-line data base will contain sufficient detail to enable technical personnel
to obtain system hardware and software configurations or parameters necessary
for the customary performance of their duties.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.10 Page 2 of 2
d. The FM contractor will review and certify the accuracy of the configuration
management data base quarterly.
e. The configuration data base, or reports from the configuration data base, will be
made available to NDPD and shared with the VAX Cluster Coordinating
Committee on request.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Tape Management/Maintenance on the NO. 230.11
Scientific Cluster
APPROVAL: DATE: /*-** "93
1.0 PURPOSE
This policy establishes guidelines and requirements for the management and maintenance of
Scientific Cluster reel and cartridge tapes at the National Computer Center.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD staff and Primary Support Contractor (PSC) personnel who
require access to the Scientific cluster at the National Computer Center.
3.0 RESPONSIBILITIES
Data Processing Support Services at the NCC is responsible for performing the following
activities:
a. Maintaining a scratch pool of cartridge tapes for the customer community.
b. Updating the status of cartridge tapes in the Scientific Cluster data base on a daily
basis.
c. Performing necessary maintenance of cartridge tapes, daily and on demand.
d. Monitoring Problem Management records and daily reports for current and
potential tape problems.
e. Informing customers and Customer Support personnel whenever problems have
been encountered with a requested tape (e.g., tape, is unavailable).
4.0 POLICY
a. Customers of the Scientific cluster may allocate system tapes which will
automatically receive a default expiration date of 14 days, extendable to a
maximum of 13 months. Customers must contact Data Processing Support
Services to extend expiration dates beyond 13 months. Extensions will be granted
based on tape usage and space availability.
b. Before cartridge resident system tape has reached its expiration or scratch date,
the customer may request one of the following actions:
(1) That the tape be archived for a maximum of 3 1/2 years.
(2) That the tape be purchased by the customer.
-------
NDPD OPERATIONAL DIRECTIVE NO. 230.11 Page 2 of 2
If the customer does not notify DPSS to the contrary prior to the expiration date,
the tape will be scratched on its expiration date.
c. Seven days prior to the expiration date, customers will be notified via Electronic
Mail that their tape is scheduled to be scratched.
d. If Operations receives a request for a tape which is not labeled, the job will be
aborted. Operations personnel will open a Problem Management record and
transfer it to appropriate personnel (DPSS), if necessary. A message will be
logged to the customer, requesting that DPSS be contacted.
e. If a tape requires relabeling, the customer must submit a request to DPSS.
(Customers are not allowed to relabel system tapes.) Tapes containing data to be
retrieved at a later date should not be relabeled. The data will be lost. Instead,
the customer should contact Customer Support for assistance.
f. Tape data sets created on the NCC Scientific Cluster will be controlled by a
software tape management system to prevent accidental erasure of data.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
U. S. Environmental Protection Agency. (1991) Guide to NCC Services: VAX Ready
Reference. Research Triangle Park, NC: National Data Processing Division, Office of
Administration and Resources Management. (Contact Customer Support)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Prime Security NO: 240.08
APPROVAL: &**? ;t £>!) DATE:
1.0 PURPOSE
The objective of this policy is to provide a secure Prime operating environment.
This policy:
a. Defines Prime management and Prime user responsibilities for physical , software,
and data security of the Prime.
b. Defines NDPD responsibilities for Prime security.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA personnel and their agents who are providing services for
and/or using EPA Prime computers.
3.0 RESPONSIBILITIES
NDPD is responsible for:
a. Defining policy.
b. Reviewing policies annually for needed modification and/or enhancement.
c. Monitoring adherence to security policies by Prime sites.
d. Distributing to Prime sites, in a timely manner, Agency standard Prime operating
system and NDPD provided software and documentation for its operation.
NDPD will develop and provide to each site a mechanism suitable for security
auditing and for detecting unauthorized access attempts.
e. Evaluating requested exceptions to this policy.
Prime site management is responsible for:
a. Implementing and adhering to Prime security policies. Prime sites may
implement more restrictive security policies as required by the site.
b. Reporting detected breaches of the security policies to NDPD.
c. Coordinating resolution of security breaches and security issues with NDPD.
d. Installing operating system software and other standard Agency software
distributed by NDPD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08 Page 2 of 5
e. Providing default protection for data consistent with the sensitivity and value of
the data and assisting Prime users in determining and implementing additional
levels of protection beyond default protection.
f. Obtaining NDPD approval for exceptions to this policy.
4.0 POLICY
a. NDPD will distribute Agency standard Prime operating systems and any other
software deemed appropriate by NDPD for the implementation and enforcement
of this policy.
b. Prime security procedures developed by NDPD will be consistent with other
NDPD policies.
c. Each Prime Site Manager will physically and procedurally provide for a secure,
controlled access environment for each Prime system to protect it from loss
caused by fire, natural or unnatural acts of man or nature, or machine failure.
Specifically, each Prime Site Manager will:
(1) Establish procedures for evaluating and granting physical access to the site
and its computers and monitoring access.
(2) Control access to the site and its computers through GSA and industry
accepted physical control mechanisms (e.g., locks, badge readers).
(3) Protect the physical environment by establishing and monitoring GSA and
industry accepted environmental controls and fire suppression systems.
(4) Protect the physical operating environment by establishing procedures
governing the physical safety of the computers, their operators, and their
users.
(5) Safeguard computer and other property assets through procedures
providing for their receipt, tracking, and disposal.
d. Each Prime System Manager will provide for secure logon access to the site's
computers. Specifically, each Prime System Manager will:
(1) Enforce the following policies for computer passwords:
(a) The minimum password length will be six characters. Password
conditioning rules requiring at least one alpha and one numeric
character will be used to prevent trivial and easily guessed
passwords.
(b) Passwords from new users and reissued passwords will be unique
for each user and non-trivial in nature and will not be set to any
previously used password for that user.
Password changes by the owner of a User-ID will not allow any
of the 10 previously used passwords to be used.
-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08 Page 3 of 5
(c) The option to allow a user to enter his/her password on the logon
line will be disabled. A user must be prompted to enter his/her
password.
(d) The system will force each user to change his/her password at 90
day intervals.
(2) Enforce the following policies for computer User-ID's and accounts.
(a) User-ID's will not be shared. Each registered user must have
his/her own User-ID. User-ID's which have not been used to
access the system within a 99 day period will be disabled. A
User-ID will be purged from the system after 1 year if it has not
been used in that time.
(b) An association of a Project-ID with a User-ID may be made to
provide an additional level of login security as described in the
System Administrator's Guide.
(c) No more than 30 minutes of terminal idle time will be allowed
before a user is logged off the system due to inactivity. Only four
unsuccessful logon attempts will be allowed between session
initiations. After four consecutive unsuccessful logon attempts
between sessions, the User-ID will be automatically disabled by
the system and will only be re-established by the Prime Site
Manager after appropriate security follow-up.
(d) An account which allows a user to access the system without
manually adhering to the logon process and its controls will be
restricted such that the account allows access only to a specific
application environment and must be safeguarded against use by
nonapplication users.
(e) User-ID's used by vendors for system hardware or software
maintenance by non-Prime site personnel must be strictly
monitored and controlled. The environment for these User-ID's
will be closely coupled with the minimum privileges required for
the performance of the user's task(s). The User-ID will be
disabled immediately upon departure of maintenance personnel
from the site.
(3) Enforce the following policies concerning system files and resources:
(a) File protection will be applied to all system and user directories
and tiles commensurate with the harm or loss that would ensue
from unauthorized access to or destruction of the directories or
files. Password protection of user and system directories should
not be used. Access Control Lists (ACL's) provide better
protection.
(b) AH operating system files and user data files will be backed up on
a weekly schedule.
-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08 Page 4 of 5
(4) Enforce the following policies regarding software installed at the Prime
site:
(a) Software requiring installation as a privileged process or image
which enhances or alters the security environment of the Prime
will not be installed without NDPD approval.
(b) Software requiring privileges to function will be granted the
minimum pnvileges required for it to function.
(c) All software distributed to each Prime site by NDPD will be
installed according to time and installation specifications provided
by NDPD.
(S) Establish policies and procedures for sign-on (access) authority to any
Prime, limit assignment of privileges allowed by the system to those
necessary for a person to perform assigned task(s), and deny access or
privileges to that person when his requirement for access or pnvileges has
expired.
(6) Accept responsibility for auditing computer access and investigate access
incidents as indicated by the audit. The audit must include a daily review
of unsuccessful login attempts and use of sensitive system commands.
(7) Permit access to the Prime system by a member of the NCC Computer
Security staff who will review computer security policy compliance. The
NCC Computer Security staff member will be given a privileged account
for this purpose, but only for the duration of the review.
(8) Enable display of all unsuccessful login messages at a supervisor terminal.
(9) A user whose terminal or terminal line is disconnected will be logged out.
(10) Allow 30 minutes as the maximum time for a terminal to remain idle.
After that time, the user will be logged out.
(11) Establish the length of time for a user login to be no more than 3 minutes.
(12) AMLTIM (login time) parameters should remain enabled at recommended
Prime values.
(13) At a minimum, Prime recommendations for a "moderately secure"
environment, as described in the Prime System Administrator's Guide,
should be followed.
e. Each Site Manager will be responsible for coordinating enforcement of this policy
with the NCC Security Office and will be responsible for coordinating resolution
of security incidents and other security issues with that office.
-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08 Page 5 of 5
5.0 REFERENCES
The following Prime documents were used to develop this policy and constitute the accepted
references for implementing security in the Prime environment:
Administrator's Guide. Revision 22
Prime/SNA Administrator's Guide rDOC8908-2LA)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS Maintenance NO. 250.01
APPROVAL: l\
1.0 PURPOSE
Hardware and software require regular maintenance in order to operate effectively. This policy
is designed to encourage consistent maintenance of the EPA Image Processing Systems (IPS)
based on AS/400 minicomputers and workstations connected to the AS/400 via a token ring
Local Area Network
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services to the EPA
Image Processing Systems as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy enforcement and will annually review policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.
NDPD is responsible for recording and tracking all system software malfunction incidents in
NDPD's Central Problem Management data base, and for contact with vendors regarding
software malfunctions.
The IPS System Administrator is responsible for contact with vendors regarding hardware
malfunction incidents and the scheduling of repairs.
The IPS System Administrator is responsible for scheduling all preventive maintenance.
4.0 POLICY
Image Processing System hardware and software will be maintained to ensure the availability
of the IPS for use.
5.0 DEFINmONS
a. Software as used herein refers to operating system software and any program
product or application software that affects the performance or configuration of
the system.
b. Hardware maintenance includes the following:
(1) Preventive maintenance performed on a routine, scheduled basis, such as
modifications or replacements of hardware units or hardware microcode.
(2) Repairs as a result of a hardware malfunction.
-------
NDFD OPERATIONAL DIRECTIVE NO. 250.01 Page 2 of 2
6.0 STANDARDS
a. The IPS site will fund (or arrange to provide funding for NDPD to do so) and
serve as Project Officers for all hardware and system software maintenance
contracts.
b. No modifications will be allowed to any hardware, system software, licensed
program, or application program components unless approved via the NDPD
Change Management process.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1992) The System Administrator's and Operator's
Guide to the Image Processing System. (Report No. 568/001), Research Triangle Park, NC:
National Data Processing Division, ADP Operations Management Branch. (Location:
Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS Performance and Capacity Management NO.: 250.02
APPROVAL; (JL^tLDATE; 5-
1.0 PURPOSE
The large capital investment for EPA's Image Processing Systems (IPS), based on AS/400
minicomputers and workstations connected to the AS/400 via a token nng Local Area Network
(LAN), requires that they be managed to provide maximum performance and to minimize
required upgrades. Adherence to this policy will encourage the attainment of these goals.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services for the EPA
IPS as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy enforcement and will annually review policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.
4.0 POLICY
The System Administrator will manage the Image Processing System for maximum performance.
NDPD will assist upon request of the System Administrator.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. Each IPS site will control the number of batch jobs and interactive users running
on its system at any given time. NDPD will tailor system tuning parameters to
meet the performance requirements of each site.
b. NDPD will provide a jobstream to generate performance monitoring reports on
a periodic basis. These reports will contain data on key system performance
indicators.
c. The IPS System Administrator will monitor the system's components and
determine if the components are inside or outside the tolerance levels set by
NDPD.
d. The monitoring frequency will be determined by the System Administrator unless
a specific frequency is requested by NDPD to resolve problems.
-------
NDPD OPERATIONAL DIRECTIVE NO. 250.02 Page 2 of 2
e. The System Administrator will notify NDPD when system components are outside
the tolerance levels and NDPD will investigate the situation and provide a
resolution.
f. A workload performance data base will be defined and compiled on a monthly
basis by NDPD.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1992) The System Administrator's and Operator's
Guide to the Image Processing System. (Report No. 568/001), Research Triangle Park, NC:
National Data Processing Division, ADP Operations Management Branch. (Location:
Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS Change Management NO.: 250.03
APPROVAL: )L U^JjL DATE: 5-. /.
1.0 PURPOSE
This policy is designed to promote consistency and commonality of hardware and software in
the EPA Image Processing System (IPS) environment based on AS/400 minicomputers and
workstations connected via token ring Local Area Networks (LANs).
The objectives of the EPA IPS Change Management policy are to:
a. Ensure that necessary changes to the IPS are made with minimum disruption to
users.
b. Provide a formal structure for stable IPS changes.
c. Define NDPD and IPS staff responsibilities for Change Management.
This policy will provide EPA with an effective method of monitoring and controlling all changes
to the IPS.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services to the EPA
Image Processing Systems as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy enforcement, and will annually review policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.
Each IPS System Administrator is responsible for coordinating Change Control activities between
NDPD support personnel and the IPS site, and for notifying users of changes to the system.
The IPS System Administrator is responsible for monitoring and reporting the stability impact
of system changes to NDPD support personnel.
4.0 POLICY
No changes to software, hardware, or telecommunications configurations or features will be
made unless approved through the Change Management process.
5.0 DEFINITIONS
Software is defined as operating system software and any program products or applications that
require or cause changes to the IPS configuration or performance.
-------
NDFD OPERATIONAL DIRECTIVE NO. 250.03 Page 2 of 2
6.0 STANDARDS
a. Software changes installed on any IPS system will be duplicated on all systems
within 60 days.
b. NDPD maintains the Change Management process.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1992) Change Management Procedures Manual (Draft)
(Report No. 245/001F), Research Triangle Park, NC: National Data Processing Division, Office
of Administration and Resources Management. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS Problem Resolution NO.: 250.04
APPROVAL: DATE: S--
1.0 PURPOSE
Problems will arise in a resource as.complex as the Image Processing System (IPS). This policy
establishes a framework for resolving these problems when they occur on EPA IPS based on
AS/400 minicomputers and workstations connected to the AS/400 through a token ring Local
Area Network (LAN).
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and NDPD contractor personnel who provide services for
or use the EPA Image Processing Systems as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement in consultation with IPS System
Administrators. NDPD will review policies annually for needed modification and/or
enhancement.
The IPS System Administrator serves as the initial contact with NDPD.
4.0 POLICY
The IPS System Administrator and NDPD support personnel will report all problems involving
the Image Processing System.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. Problems will be classified as to cause: equipment, telecommunications, system
software, or application.
b. NDPD's Central Problem Management data base will be used to track problem
resolution. NDPD systems support personnel and the application support team
will be required to use Central Problem Management to log IPS problems and to
record the actions taken to resolve them.
c. The IPS System Administrator will report hardware problems to the vendor for
correction.
-------
NDFD OPERATIONAL DIRECTIVE NO. 250.04 Page 2 of 2
d. System software problems will be resolved by NDPD support personnel.
Application problems will be reported to the support contractor for resolution.
Only the IPS System Administrator or his designated backup may directly call
NDPD personnel or the application support contractor for problem resolution.
e. NDPD support personnel will be available to the IPS System Administrator from
8:00 a.m. to 5:00 p.m., Monday through Friday.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1992) The System Administrator's and
Operator's Guide to the Image Processing System. ([Report No. 568/001),
Research Triangle Park, NC: National Data Processing Division, ADP Operations
Management Branch. (Location: Publications Technical Library)
b. U. S. Environmental Protection Agency. (1991) Centralized Problem Manage-
ment System Workshop (Report No. 357/001) Research Triangle Park, NC:
National Data Processing Division. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS User Registration NO.: 250.05
APPROVAL:
1.0 PURPOSE
This policy defines NDPD and IPS System Administrator responsibilities for user registration,
and provides guidelines for the development of user registration procedures for each EPA IPS
based on AS/400 minicomputers and workstations connected to the AS/400 through token ring
Local Area Networks (LANs). Adherence to this policy is required for effective management
of the IPS resource.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services for or use
the EPA Image Processing Systems as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy enforcement, and will annually review policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.
The IPS System Administrator will designate one person and a backup who will be responsible
for coordinating communications to NDPD regarding registration matters.
4.0 POLICY
Each IPS user must have his own User-ID; User-IDs will not be shared.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. User registration on the AS/400 IPS will be performed by the IPS System
Administrator. If registration of the same user on the NCC host is necessary, it
will be performed by the TSSMS Office upon receipt of an Email request from
the IPS site or through the standard NCC registration procedure. Registration on
NCC hosts will be completed within 24 hours of receipt of the request.
b. Users of applications based on the AS/400 Electronic Filing Cabinet must have
their own User-IDs, which are identical to the AS/400 User-ID.
-------
NDFD OPERATIONAL DIRECTIVE NO. 250.05 Page 2 of 2
c. User-IDs not used to access the IPS within a 90-day period will be disabled.
User-IDs not used within 1 year will be deleted.
7.0 PROCEDURE REFERENCE
a. IBM Corporation. AS/400 Programming: Security Concepts and Planning.
Rochester, MN.
b. U. S. Environmental Protection Agency. (1992) The System Administrator's and
Operator's Guide to the Image Processing System. (Report No. 568/001),
Research Triangle Park, NC: National Data Processing Division, ADP Operations
Management Branch. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS Security NO.: 250.06
APPROVAL: DATE; f-
1.0 PURPOSE
Protection of data and the Image Processing System (IPS) resource from theft, damage, and
unauthorized use requires specific security measures, and adherence to Federal laws regarding
sensitive data is mandatory. This policy defines security objectives and enforcement
requirements on EPA IPS based on AS/400 minicomputers and workstations connected to the
AS/400 through a token ring Local Area Network (LAN).
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services for or use
the EPA Image Processing Systems as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy determination and will review its policies annually for needed
modification and/or enhancement. NDPD will monitor adherence to these policies by IPS sites.
NDPD is responsible for all IPS system software security, and will provide each IPS System
Administrator with initial training in IPS security.
The IPS System Administrator is responsible for:
Implementing the IPS security policy, which includes training the IPS users in
security, reporting security incidents to NDPD, and coordinating the resolution
of security incidents with NDPD.
Providing default data protection consistent with the value of the data, and for
assisting users in implementing additional protection beyond the established
default upon request.
Obtaining NDPD approval for policy exceptions.
4.0 POLICY
Image Processing Systems and their data will be protected from unauthorized use, damage, and
theft.
5.0 DEFINITIONS
None.
-------
NDFD OPERATIONAL DIRECTIVE NO. 250.06 Page 2 of 3
6.0 STANDARDS
a. NDPD will:
(1) Develop and provide each IPS site with a security auditing mechanism
capable of detecting unauthorized computer access attempts and the use of
sensitive system-level commands.
(2) Require a security level (QSECURTTY) of thirty for each AS/400-based
IPS to provide both password and resource security. The other two
security levels, ten and twenty, do not provide adequate security for EPA
IPS.
(3) Assume responsibility for the protection of the operating system and
licensed programs supplied by NDPD.
b. Each IPS System Administrator will:
(1) Control access to the site and the IPS through industry-accepted locks and
badge readers, and develop procedures for granting and monitoring
physical access.
(2) Protect the physical environment of the IPS site through installation and
use of industry-accepted environmental controls and fire suppression
devices, and through enforcement of procedures governing the physical
safety of the IPS.
(3) Protect all licensed programs installed by the site according to the
vendors' specifications.
c. Each IPS System Administrator will enforce the following concerning User-IDs:
(1) Only four unsuccessful logon attempts will be allowed between successful
logons. After four consecutive failures, the User-ID and the terminal will
be automatically disabled by the system.
(2) No more than 30 minutes of terminal idle time will be allowed before a
user is logged off by the system.
(3) Vendor User-IDs used for system hardware or software maintenance must
be strictly monitored and controlled. The minimum number of privileges
needed for a specific task should be granted. These User-IDs should be
disabled immediately after the vendor's activity is completed.
d. The IPS System Administrator will enforce the following regarding passwords:
(1) Passwords will be a minimum of six characters. Passwords must contain
at least one alpha and at least one numeric character and must not contain
repetitive strings of digits or characters. Passwords should not be easily
guessed. This is an EPA Security Manual requirement.
(2) Passwords must be changed at least every 90 days. Passwords for
privileged User-IDs must be changed at least every 30 days.
-------
NDPD OPERATIONAL DIRECTIVE NO. 250.06 Page 3 of 3
(3) A password for a new User-ID will be unique to that User-ID. A
password that has been previously used cannot be reissued.
(4) Valid password changes by the owner of the User-ID will exclude the
previous 10 passwords used for the User-ID.
e. The IPS System Administrator will enforce the following:
(1) File protection will be applied to all user directories and files commensu-
rate with the harm or loss that would ensue from unauthorized access to,
or destruction of, the directories or files. This is an EPA Security Manual
requirement.
(2) All operating system files and user data files will be backed up on a
weekly schedule. This is an EPA Security Manual requirement.
(3) No software requiring installation as a privileged process or image,
altering the security environment of the IPS, will be installed without
NDPD approval. Software requiring privileges to function will be granted
the minimum privileges required for the function.
(4) If the IPS is based on an AS/400 processor, users will not be allowed
access to programs owned by the Security Officer, SECOFR, or Security
Administrator, SECADM.
(5) The System Administrator will review at least weekly the IPS audit log for
logon and data access problems. Problems will be reported to local EPA
management and NDPD security personnel.
luguii cuiu uaia ai«i*;ss jjiuiuciiia. nuuicilla v
management and NDPD security personnel.
(6) NDPD security staff will be permitted to access the IPS in order to
monitor security policy compliance. The NDPD security staff member
will be given a pnvileged User-ID for this purpose during the announced
review period.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1989) EPA Information Security
Manual (Report No. 431/001). Washington, DC: Office of Information and
Resources Management, Information Management and Services Division.
(Location: Publications Technical Library).
b. IBM Corporation. AS/400 Programming: Security Concepts and Planning (SC21-
8083). Rochester, MN. 5V
c. IBM Corporation. AS/400 Security and Auditing Considerations (GG24-3501).
Rochester, MN.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IPS Data Management NO. 250.07
DATE:
1.0 PURPOSE
Data must be managed so that it is available when needed. Good management practices are
demanded by the economics of data storage devices and their maintenance and operation. To
meet these conditions, this policy:
a. Provides guidelines for ongoing management of all data sets residing on Information
Processing System (IPS) Direct Access Storage Devices (DASDs).
b. Defines DASD management responsibilities of IPS site and NDPD personnel.
c. Provides IPS site and NDPD personnel with guidelines for DASD allocation and use.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services for or use
the EPA Image Processing Systems based on AS/400 minicomputers and workstations connected
to the AS/400 through a token ring Local Area Network (LAN).
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy enforcement and will review policies annually for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.
NDPD is responsible for installing and maintaining OS400, which is the primary software tool
for IPS DASD management.
4.0 POLICY
Image Processing System data will be managed so that it is available when needed.
5.0 DEFINITIONS
Backup: To make a copy of computer data to be used for recovery following loss of the original
data.
6.0 STANDARDS
a. As part of DASD management, the IPS System Administrator will identify and store
critical backup tapes for disaster recovery.
-------
NDPD OPERATIONAL DIRECTIVE NO. 250.07 Page 2 of 2
b. IPS DASD management problem resolution is the responsibility of the IPS System
Administrator. When assistance is required from NCC support personnel, the IPS
System Administrator will act as the single point of contact for all such requests.
c. NDPD will develop the jobstreams and procedures needed to run DASD backups.
These procedures will include provisions for the following activities:
(1) Incremental Backup. This should be done daily and will consist of the
SAVCHGOBJ and SAVSECDTA operations. The tapes created should
be kept for 7 days. Because SAVCHGOBJ saves objects which have
changed since the last SAVLIB, each day's backup contains cumulative
changes.
(2) Weekly Backup. This activity is performed once each week and consists
of the SAVLIB(*NONSYS) and SAVDLO operations. The tapes should
be retained for 14 days.
(3) Full System Backup. This activity is performed through the SAVSYS,
SAVLIB(*NONSYS), and SAVDLO operations. The full system backup
is only necessary after a configuration change or system installation.
d. NDPD will provide the procedures and jobstreams required to perform backup of
data stored on optical storage libraries.
e. The IPS System Administrator will ensure that optical disk backup is performed on
all optical library storage that is unique to the IPS site.
f. NDPD will perform optical backup of image data stored in the optical disk library
of the Supenund Cost Recovery IPS Central Processing Facility.
7.0 PROCEDURE REFERENCE
a. IBM Corporation. AS/400 Programming: Backup and Recovery Guide. Rochester,
MN.
b. U. S. Environmental Protection Agency. (1992) The System Administrator's and
Operator's Guide to the Image Processing System. (Report No. 568/001), Research
Triangle Park, NC: National Data Processing Division, ADP Operations Manage-
ment Branch. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Personal Computer (PC) System Management NO. 270.01
and Architectural Direction
* *4 '* /
APPROVAL: &**&. fryJ;-- . DATE:
1.0 PURPOSE
The purpose of this policy is to ensure that the National Data Processing Division's (NDPD's)
PC customers are offered products that are common to and essentially compatible with
Environmental Protection Agency (EPA) architectural directions.
2.0 SCOPE & APPLICABILITY
This policy covers PC system management and architectural direction for all personnel
responsibilities, hardware, and software associated with the operation and management of PC
systems by the EPA.
3.0 RESPONSIBILITIES
The Chief of the Architectural Management and Planning Branch (AMPB) is responsible for
providing the management and architectural direction specified in this policy.
4.0 POLICY
NDPD will ensure that PC customers are offered products that are consistent with EPA hardware
and software standards and support EPA Information Resource Management (IRM) architectural
directions.
5.0 DEFINITIONS
PC Customer: An employee, contractor, or designated group or individual that presently has or
previously had a requirement and an authorization to use one or more of the Agency contracts
for PC hardware, software, training, maintenance, or support services in support of EPA
missions.
PC System: The total complement of Central Processing Unit (CPU), operating software,
application software, and peripherals required to operate as an integrated computing workstation.
6.0 STANDARDS
a. PC hardware and software standards will be provided in AMPB's "EPA IRM
Hardware and Software Standards Document." These standards cover the lease,
purchase or rental of microcomputer and personal computer equipment, software,
and peripheral equipment.
b. Individual software upgrades can be purchased through the credit card program
or standard purchase request.
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.01 Page 2 of 2
c. PC technology upgrades will be accomplished through contract modifications,
Delegation of Procurement Authority (DPA) modifications, or establishment of
new contracts.
d. AMPB will conduct technology assessments prior to contract modifications or
changes in standards to ensure compatibility with architectural directions.
e. AMPB will maintain an expert system for use in configuration management that
contains all current agency contract hardware and software.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) EPA IRM Hardware and
Software Standards (Report No. 469/001). Research Triangle Park, NC: National
Data Processing Division, Architectural Management and Planning Branch.
(Location: Publications Technical Library).
b. U. S. Environmental Protection Agency. (1992) Technology Upgrades, PC
Contract. Research Triangle Park, NC: National Data Processing Division,
Program Management Support Branch. (Location: Program Management Support
Branch).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Personal Computer (PC) Service Levels NO. 270.02
APPROVAL: $*»JJ[ ?ffj£ Q DATE:
" V-.*.«£.«« tgjf
+
1.0 PURPOSE
The purpose of this policy is to ensure that PC customers have access to support when hardware
and software problems occur.
2.0 SCOPE & APPLICABILITY
This policy covers service levels for all personnel responsibilities, hardware, and software,
associated with the operation and management of PC systems by the Environmental Protection
Agency (EPA).
3.0 RESPONSIBILITIES
The Chief of the Program Management Support Branch (PMSB) is responsible for ensuring
support of the PC Contract.
The Chief of the Information Centers Branch is responsible for on-going PC customer support
for the Information Centers at Research Triangle Park, NC and Washington, DC.
The local Information Centers are responsible for customer support within their areas.
4.0 POLICY
PMSB will ensure contractor compliance with all hardware maintenance warranties purchased
from PC Contracts. The local Information Centers will make available on-going customer
support and technical assistance for all approved hardware and software if resources are
available.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. Hardware warranty maintenance service levels are established within the PC
Contract.
b. The customer is responsible for planning for hardware maintenance service after
the one year warranty period.
c. Customer support will be provided by the vendor's PC Hotline, software vendors
(where applicable), and the Information Centers. Support will not be rendered to
customers for products that have not been approved by the National Data
Processing Division (NDPD).
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.02 Page 2 of 2
d. PMSB will ensure that catalogs and bulletin boards listing PC products and
updates are available to PC Contract customers.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1992) Warranty Maintenance Service,
PC Contract. Research Triangle Park, NC: National Data Processing Division,
Program Management Support Branch. (Location: Program Management Support
Branch).
b. U. S. Environmental Protection Agency. (1992) Hotline Support, PC Contract.
Research Triangle Park, NC: National Data Processing Division, Program
Management Support Branch. (Location: Program Management Support Branch).
c. U. S. Environmental Protection Agency. (1991) Guide to WIC Services.
Washington, DC: Information Centers Branch, WIC (OSA). (Location:
Information Centers Branch, Washington, DC).
d. U. S. Environmental Protection Agency. (1992) Catalog, PC Contract. Research
Triangle Park, NC: National Data Processing Division, Program Management
Support Branch. (Location: Program Management Support Branch).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Agency Workstation Contract NO. 270.03
Personal Computer (PC) Problem Management
APPROVAL: '"'*'** DATE:
1.0 PURPOSE
The purpose of this policy is to ensure that a problem resolution path is in place that will provide
solutions to personal computer hardware and software problems.
2.0 SCOPE & APPLICABILITY
This policy covers problem management for all personnel responsibilities, hardware, and
software associated with the operation and management of PC systems purchased from the
Agency Workstation Contract by the Environmental Protection Agency (EPA).
3.0 RESPONSIBILITIES
The National Data Processing Division (NDPD) is responsible for providing problem
management support.
The Program Management Support Branch is responsible for PC Contract support including PC
Hotline and Maintenance Services.
At Headquarters, the Washington Information Center (WIC) is responsible for reporting and
resolving local problems (including the review of products delivered and received from the PC
Contract) and arranging for maintenance services after warranty periods are expired. These
services are available to offices participating in the WIC's Operational Service Agreement (OSA)
program.
Outside of Headquarters, Personal Computer Site Coordinators (PCSCs) are responsible for
reporting and resolving local problems (including the review of products delivered and received
from the PC Contract), and arranging for maintenance services after warranty periods are
expired. PCSCs also escalate problems to NDPD that require broad expertise or central problem
resolution.
4.0 POLICY
NDPD will have a problem management plan prepared for personal computer problem
determination and resolution.
5.0 DEFINITIONS
None.
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.03 Page 2 of 2
6.0 STANDARDS
a. PCSCs or WIC personnel, in conjunction with PC Customers, will make the
initial determinations of problems with PC hardware/software.
b. Problems will be reported to appropriate areas by PCSCs or WIC personnel.
PCSCs will then seek assistance from the appropriate support group (PC Hotline,
NDPD Customer Support, Maintenance Contractor, ICB Support) and will be
responsible for monitoring the status of the problem until a resolution is reached.
The PCSC may delegate this responsibility to a PC customer or support staff.
c. Problems concerning hardware/software that are under warranty will be reported
to the vendor's PC Hotline. The Hotline will document the problems and report
(monthly) on problem status and resolution. The PC Contract Project Manager
will monitor the monthly report to assure resolution of all warranty problems.
d. The Information Centers will be contacted where applicable. Support is offered
in the forms of technical (hardware and software), and maintenance services.
e. PCSCs will monitor the delivery of orders shipped from the PC Contract (within
20 days of receipt) to ensure that the products shipped are in good working order.
f. Telecommunications support and problem resolution will be provided only for
NDPD supported telecommunications hardware and software configurations. PCs
attached to LANs must be configured and managed per the current NDPD LAN
policies in section 310.00 the NDPD Operational Directives Manual.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1985) PCSC Job Description, PCSC
Manual. Research Triangle Park, NC: National Data Processing Division,
Program Management Support Branch. (Location: Program Management Support
Branch).
b. U. S. Environmental Protection Agency. (1992) Warranty Maintenance
Procedures, PC Contract. Research Triangle Park, NC: National Data Processing
Division, Program Management Support Branch. (Location: Program Manage-
ment Support Branch).
c. U. S. Environmental Protection Agency. (1991) WIC/RIC Services. Washington,
DC: National Data Processing Division, Information Centers Branch. (Location:
Information Centers. Washington, DC).
d. U. S. Environmental Protection Agency. (1992) Inspection and Acceptance, PC
Contract. Research Triangle Park, NC: National Data Processing Division,
Program Management Support Branch. (Location: Program Management Support
Branch).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Personal Computer (PC) Security NO. 270.04
APPROVAL: \L ilCl jj\^ ^ ~ 0 DATE:
1.0 PURPOSE
This policy documents a prudent but minimal security control environment required by the
Agency to protect personal computer (PC) systems and resources from theft, damage, and
unauthorized use. This policy defines PC security objectives and security requirements as
defined by the EPA Information Security Manual (Report 431/001) and the EPA Information
Security Manual for Personal Computers.
The security design for each PC will be based on individual usage and risk requirements
representing a consensus of the office responsible for that PC and the need to meet applicable
Federal laws and regulations and Office of Information and Resources Management (OIRM)
policies. Each PC shall meet a minimal level of security identified below. Compliance with
these security policies is a prerequisite for connection to the Agency Local Area Network (LAN)
backbone and for support by the National Data Processing Division (NDPD). This policy
addresses physical security, system security, media protection, and protection from virus attacks.
EPA information security objectives include:
System availability - prevention from physical loss.
. Data confidentiality - prevention of disclosure.
Data integrity - prevention of information corruption.
Implementation of the attached policies will significantly improve our computer security
environment and help EPA achieve its information security objectives. Any data considered
non-sensitive remains EPA responsibility and must be protected as government property. Non-
sensitive data in its aggregate form can be sensitive in terms of protection requirements to ensure
integrity.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees and all agents (including
State agencies, contractors, and grantees) of EPA who are involved in the design, development,
acquisition, installation, operation, maintenance, and use of PCs supported by NDPD. This
policy applies to stand-alone PC computers. Refer to Policy No. 310.09, LAN Security, for
more information regarding LANs.
3.0 RESPONSIBILITIES
Senior Information Resource Management Officials (SIRMOs) are responsible for:
Ensuring PC user compliance within their jurisdiction concerning this policy.
Indicates change.
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.04 Page 2 of 4
Coordinating the organization-wide security program.
| Identifying PC owners, users, and custodians (property owners).
NDPD is responsible for:
| Monitoring security policy maintenance.
Assisting each EPA PC Site Coordinator (PCSC) in determining the security
requirements for his or her PC domain and recommending security implementa-
tion to ensure the integrity of the data and applications on that PC.
Making recommendations for corrective action on security incidents reported by
the PCSC.
The application owner (information system owner) is responsible for:
Determining information sensitivity.
I Assuring application operational compatibility with Agency standard architecture
I and security requirements.
Specifying and approving security controls and requirements.
| PC owner is responsible for:
The security of his/her equipment.
Implementation of minimal controls such as virus prevention, physical security,
and authorized network access.
Determining level of security required based on usage and data sensitivity.
Ensuring Agency work performed on a PC can continue if the original PC is
unavailable.
PC Site Coordinators are responsible for:
Planning, installing, and managing day-to-day PC security implementation in
accordance with this policy.
Training and advising users on the importance of the certification process and the
policies.
Coordinating with LAN System Administrators and customers on LAN
connectivity policy requirements.
j Indicates Change.
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.04 Page 3 of 4
Reporting any security violation to the NCC Computer Security Staff.
Assessing the security requirements for each PC system in accordance with the
EPA Information Security Manual.
| Ensuring PC user compliance within their jurisdiction concerning this policy.
| PC users are responsible for:
Adhering to the policies and procedures outlined in EPA PC Security policy,
Federal and Agency requirements, and the additional protection requirements of
the information and application owners.
Reporting any observed security violations to the PC Site Coordinator.
Protecting the information their PCs store, process, or transmit by determining
the proper level of sensitivity and security for information created.
Reading the EPA Information Security Manual and all security policies on
systems which are accessed.
4.0 POLICY
The National Data Processing Division will ensure that guidelines are in place that allow PC
Customers to secure PC hardware, software, and data.
a. Software security will be provided by all PC users by ensuring that all copyright
and licensing agreements are maintained. Only EPA authorized software is
permitted to be stored and/or executed on an Agency owned PC.
b. Data security will be provided by all PC users by ensuring that passwords are
protected and proper back-up procedures are followed.
c. Virus prevention will be provided by all PC users by utilizing a PC virus
scanning utility before loading any software on to the PC. This includes software
downloaded from a bulletin board or any other PC based platform.
d. Communications security will be provided by controlling access to NDPD
communications. AH PC users will adhere to all policies and procedures
applicable to network communications and connectivity.
e. PC users who store and/or process Agency sensitive information must adhere to,
in addition to NDPD policies, all processing policies and procedures established
by the Program Office responsible for the management and oversight of that
sensitive data.
5.0 DEFINITIONS
Software Virus: A software program that spreads by replicating a portion of itself onto another
program. When the infected program is executed, it will process a set of instructions that will
infect other programs and/or damage files.
Indicates Change.
-------
NDPD OPERATIONAL POLICY NO. 270.04 Page 4 of 4
PC Owner: Owners possess (or have physical custody of) the ADP equipment. For example,
for PCs, the owner is the individual to whom the PC is assigned; that is, the person responsible
for the equipment.
| PC User: Person who uses a PC as a productivity tool to accomplish work related tasks.
6.0 STANDARDS
I a. Physical security must be provided whenever possible. The EPA Information
Security Manual provides detailed physical security controls guidance for PC
users.
b. Environmental security should be provided by ensuring that fire extinguishers
I suitable for extinguishing an electrical fire are near the PC area. Uninterruptible
power supplies and surge protectors should be used to protect against data loss
in the areas of power loss and surges. PC users should be educated to protect
their systems from extreme temperatures, magnetic fields, food and drinks,
| smoke, weather, dust, water leaks, and other environmental concerns.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1992) Software/Hardware Registration,
PC Contract. Research Triangle Park, NC: National Data Processing Division,
Program Management Support Branch. (Location: Program Management Support
Branch).
b. U. S. Environmental Protection Agency. (1990) Property Management Policy
Manual. Washington, DC: Facilities Management and Services Division.
(Location: Facilities Management and Services Division, Washington, DC).
c. U. S. Environmental Protection Agency. (1991) Virus Prevention, Policy 310.09,
NDPD Operational Policies Manual. Research Triangle Park, NC: National Data
Processing Division, Telecommunications Branch, LANSYS Group. (Location:
Publications Technical Library).
d. U. S. Environmental Protection Agency. (1991) LAN Security, Policy 310.09,
NDPD Operational Policies Manual. Research Triangle Park, NC: National Data
Processing Division, Telecommunications Branch, LANSYS Group. (Location:
Publications Technical Library).
e. U. S. Environmental Protection Agency. (1989) EPA Information Security
Manual for PCs, OIRM Policy Manual. Washington, DC: Office of Information
and Resources Management, Information Management and Services Division.
(Location: Information Management and Services Division, Washington, DC).
Indicates Change.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Personal Computer (PC) Configuration NO. 270.05
and Inventory Management
APPROVAL: jSftvM JL-,'1'V -£' DATE:
1.0 PURPOSE
The purpose of this policy is to ensure that Agency PC configurations are properly recorded,
safeguarded, tracked, and inventoried.
2.0 SCOPE & APPLICABILITY
This policy covers configuration management for all personnel responsibilities, hardware, and
software associated with the operation and management of PC systems by the Environmental
Protection Agency (EPA).
3.0 RESPONSIBILITIES
The Chief of the Program Management Support Branch (PMSB) is responsible for ensuring
policy compliance with regard to tracking quantities and types of products purchased (only at
point of purchase) from Agency contracts.
Senior Information Resources Management Officials (SIRMOs) are responsible for the tracking
and inventorying of all PC products once that product reaches the shipping destination.
4.0 POLICY
The National Data Processing Division (NDPD) will ensure that contract records and the original
shipping locations for all system configurations purchased from Agency PC Contracts will be
recorded and stored for seven years.
Upon delivery of PC products to their areas, SIRMOs will be responsible for tracking and
inventorying all PC equipment and software at their locations.
5.0 DEFINITIONS
Configuration: The structural arrangement of personal computer hardware and software
components resulting in a PC system comprised of compatible and complementary parts.
6.0 STANDARDS
a. NDPD (along with the PC contractor) will maintain records of all PC systems
ordered, system burn-in logs, and original system configuration data. These
records will include the recipient's name, location, and Assistant Administrator
(AA) organization. These data allow NDPD to examine statistics concerning the
inventory and installed base of software.
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.05 Page 2 of 2
b. Property Management will maintain an inventory of each PC system purchased
and will tag each hardware piece that is worth $1000.00 or more.
c. SIRMOs will track and inventory all PC hardware and software within their areas
of responsibility.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1992) Burn-in and Technical Support
Services, PC Contract. Research Triangle Park, NC: National Data Processing
Division, Program Management Support Branch. (Location: Program Manage-
ment Support Branch).
b. U. S. Environmental Protection Agency. (1990) Property Management Policy
Manual. Washington, DC: Facilities Management and Services Division.
(Location: Facilities Management and Services Division, Washington, DC).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Acquiring Personal Computers (PCs) NO. 270.06
APPROVAL: j^/^fSJl \. $f .0 DATE:,
^* * "*"-"'' f t^-v^
1.0 PURPOSE
The purpose of this policy is to ensure that guidelines are in place that will advise PC customers
regarding the purchase of personal computer hardware, software, and peripherals.
2.0 SCOPE & APPLICABILITY
This policy covers acquiring PC systems for all personnel responsibilities, hardware, and
software associated with the operation and management of PC systems by the Environmental
Protection Agency (EPA).
3.0 RESPONSIBILITIES
The Chief of the Program Management Support Branch is responsible for managing the agency
PC (workstation) contract.
Senior Information Resources Management Officials (SIRMOs) are responsible for managing the
PC acquisition process within their areas.
4.0 POLICY
The National Data Processing Division (NDPD) will assure that guidelines are in place that
advise PC customers regarding the purchase of personal computers. SIRMOs will ensure that
customers will abide by the Office of Information Resource Management (OIRM) Delegation
of Authority for Microcomputer Requisitions (OIRM 1-10A) when planning the purchase of
personal computers.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. OIRM will ensure that each office will prepare a PC plan. SIRMOs will ensure
that the PC plan as mentioned in "Guidance for Preparing the Personal Computer
Acquisition and Management Plan" is followed by PC Site Coordinators (PCSCs).
b. NDPD will provide guidance to assist PC customers in configuring personal
computer systems which will be ordered from Agency standard contracts.
c. NDPD will ensure that PC customers are aware of the established lead times that
have been developed for PC contract ordering and delivery schedules.
-------
NDPD OPERATIONAL DIRECTIVE NO. 270.06 Page 2 of 2
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) OIRM Document OIRM 1-10A.
Washington, DC: Office of Information and Resources Management. (Location:
Management Planning and Evaluation Staff).
b. Pesachowitz, A., Director OIRM. (1992) FY1992 PC Acquisition and Manage-
ment Plan (Memorandum). Washington, DC: U. S. Environmental Protection
Agency, Office of Information and Resources Management. (Location: Manage-
ment Planning and Evaluation Staff).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Voice and Data Service Level Escalation NO.: 300.01
APPROVAL: * *o- -'--< DATE:
1.0 PURPOSE
Complex service organizations, especially those with the scope of services provided by the
National Computer Center (NCC), experience operational problems from time to time. This
policy establishes a hierarchy of personnel to notify when telecommunications problems occur
based on the type of problem and its duration.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of the NCC telecommunications
network.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
components of the NCC telecommunications network.
4.0 POLICY
a. The local Network Control staff of technicians is responsible for problem
reporting and management.
Technicians will identify problems and classify them as hardware, system
software, or application related. Technicians will initially attempt to resolve all
problems.
b.
c. When appropriate, technicians will identify and report hardware problems to the
specific hardware vendor for resolution.
d. When appropriate, technicians will identify and report applications software
problems to a departmental group or vendor for resolution.
e. Table 1, Voice and Data Problem and Installation Escalation Service Levels, will
be referenced and will dictate the way in which a problem is escalated (when and
to whom the problem will be referred).
f. All problems will be tracked via NDPD's Central Problem Management (CPM)
system in accordance with standard NDPD procedures.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.01 Page 2 of 4
Table 1. VOICE AND DATA PROBLEM AND INSTALLATION
SERVICE LEVEL ESCALATION
PROBLEM ESCALATION
Type Escalate After Submit To
Major Problem* Immediately Contractor Project Director
EPA Division Director
EPA Deputy Director
Level 1 2 Hours Contractor Department Manager
EPA Technical Manager
Level 2 4 Hours EPA Branch Chief
Level 3 8 Hours Contractor Project Director
EPA Division Director
EPA Deputy Director
*Major Problem = Events that interrupt connectivity for more than 25 users for less than
30 minutes, or which affect less than 25 users for more than 30 minutes.
INSTALLATION ESCALATION
Type Escalate After Submit To
Level 1 Install 60 Days Contractor Department Manager
EPA Technical Manager
Level 2 Install 120 Days Contractor Department Manager
EPA Technical Manager
Level 3 Install 240 Days Contractor Department Manager
EPA Technical Manager
Level 4 Install No Commitment
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.01
Page 3 of 4
5.0 DEFINITIONS
Service levels are determined by the following criteria:
Service Level 1
Service Level 2
Service Level 3
Must be an ACS Telecommunications Service Request (TSR).
User requirements are fully understood.
Cable is installed.
Hardware is in inventory or at customer site.
Standard software required.
Facilities requirements are met.
Funding has been approved.
No circuit is required.
Standard technical solution.
No procurement required.
No planning required.
Any type of TSR.
Minor unresolved issues in terms of user requirements.
Cable available or minimal cable order.
Hardware is on current contract.
Software is on current contract.
Facilities can be completed by FM contractor.
Funding has been approved.
Circuit required, but less than $50K/year.
Standard technical solution needs minor modification.
No major procurement required.
Minor planning required.
Any type of TSR.
Some unresolved issues regarding user requirements.
Cable is required and user has agreed to standards.
Additional hardware required.
Additional software required.
Major facilities changes, but on existing contract.
Funding approved.
Circuit required, but less than $SOK/year.
Non-standard technical solution needs to be tested.
Major procurement needed, but meets following requirements:
JOFOC required on GSA and <$50K.
JOFOC. required not on GSA and <$25K (small business)
or <$10K (large business).
PWA mod, new PWA, or EPA additional budget required.
Minor planning required.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.01 Page 4 of 4
Service Level 4 Any type of TSR.
Major unresolved issues regarding user requirements.
Major cable requirements; no agreement on standards.
Major additional hardware required.
Major additional software required.
Major facilities changes required.
Funding not approved.
Circuit required >$50K/year.
No current technical solution.
Major procurement required:
JOFOC required on GSA and >$50K.
JOFOC required not on GSA and >$25K.
PWA mod, new PWA, or EPA additional budget required.
Major procurement, but not on any contract.
Major planning needed.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Installation Requirements for Common Use NO.: 300.02
Telecommunications Equipment
elecommunications Eauipi
jK&aJ/J?
APPROVAL: gC^flv*-*. «0ufc-f e-A' DATE:
1.0 PURPOSE
The National Computer Center deploys many types of common use telecommunications
equipment throughput Agency facilities. Providing a proper environment for this equipment is
essential to maintain high network availability and reliability. The purpose of this policy is to
ensure that common use equipment is installed so as to maximize its benefits to the user
community.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who use EPA common use
telecommunications equipment at their facilities.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement, and will review policies annually
for needed modification and/or enhancement. The NDPD Telecommunications Branch will
develop and implement procedures to ensure that common use telecommunications equipment
installations follow this policy.
4.0 POLICY
All Agency common use telecommunications equipment will be provided with an environment
of adequate power (quantity and quality); heating, ventilation, and air conditioning (HVAC);
security; and environmental monitoring where needed. The equipment will be installed in such
a manner as to ease field maintenance. All common use equipment must, at a minimum, be
installed in compliance with the manufacturers1 recommendations, with security and access
procedures to protect the equipment.
The following guidelines have been established to aid in implementation of this policy:
a. NDPD Controlled Space. All necessary facility modifications will be included
in the Telecommunications Service Request (TSR) requesting the installation of
the common use equipment. All needed facility modifications will be completed
before installation of the equipment.
b. Non-NDPD Controlled Space. The planning process will include a facilities
survey of the space designated for the common use equipment. The survey may
be conducted by NDPD or contractor staff, or by local Agency personnel or
contractor staff. If a planned facility does not provide a proper environment, the
NDPD Telecommunications Branch will work with the organization controlling
the space to either select an alternate location that meets requirements or develop
a facilities modification plan to improve the planned space. All needed facilities
modifications must be completed before the common use equipment is installed.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.02 Page 2 of 2
c. Variance. If the NDPD Telecommunications Branch finds that it cannot place
common use telecommunications equipment in a proper environment, the
Director, National Data Processing Division, must approve a variance.
The request for a variance shall include:
(1) A copy of the TSR requesting the installation of common use equipment.
(2) The deficiency in the environment.
(3) The costs and schedule to correct the deficiency.
(4) The reason for the request for variance (i.e., why the deficiency is not
being corrected).
(5) A risk/benefit analysis showing the impact to telecommunications
availability, reliability, or stability if the variance is granted. User needs
which will not be met if the variance is not granted.
(6) Alternatives for providing service that will meet environmental standards.
(7) Any other pertinent information.
5.0 DEFINITIONS
Common Use Telecommunications Equipment: Telecommunications equipment used by more
than one work group or organization. Examples include, but are not limited to, front-end
processors, data switches (port selectors), X.2S switches, PABX equipment, and multi-
organization LAN bridge or gateway servers.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IBM SNA Network
Management
APPROVAL: $_&'''^j^j
Performance and Capacity
NO.:
DATE: /
300.03
1.0 PURPOSE
This document defines the network performance and capacity management policies and standard
procedures for collecting, reporting, and correcting utilization, response time, and availability
data for the EPA IBM SNA network.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of Agency telecommunications
systems.
The EPA SNA network consists of the IBM 3090 mainframe at RTF with remote "major node
sites" in Regions 1 through 10, Headquarters, NEIC-Denver, Cincinnati, and Las Vegas,
including all connections made either directly to the IBM 3090 or with direct connection to the
3090 via a major node remote front-end processor (FEP).
"Dedicated connections" consist solely of physical unit type 2.X termination or non-EPA Type
4/5 FEP hardware physically connected either directly to the IBM 3090 mainframe at RTP or
via a remote EPA major node site front-end processor.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement, and will review policies annually
for needed modification and/or enhancement. NDPD will provide technical support for all
Agency networks.
The Telecommunications Services Department is responsible for planning, installation, and
management of day-to-day operations for the network, including performance and capacity
monitoring and tuning, as well as coordination of related activities between the Technical
Services Department and other support groups and vendors.
4.0 POLICY
a. NDPD will gather and analyze network performance and capacity data on a daily,
weekly, and monthly basis.
b. In the event that a performance, capacity, or utilization goal is missed, NDPD
will investigate the source of the problem, isolate the problem, and report its
findings to the Network Control Facility for resolution.
c. Any network performance, capacity, or utilization goal that is missed will be
documented in the Central Problem Management system and tracked until a
resolution is realized.
d. Network performance data will be presented to NDPD management in daily and
monthly reports.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.03 Page 2 of 2
e. NDPD will keep abreast of changing technologies to ensure that state-of-the-art
capabilities are being utilized to analyze network performance, capacity, and
utilization.
f. The EPA SNA network will be maintained to perform with an average daily
prime time total network turnaround time of <. 2 seconds to any dedicated user
connection.
g. Each physical Intermediate Network Node (INN) link in the EPA dedicated SNA
network will be maintained at 70% or less average daily prime time utilization.
Each physical Boundary Network Node (BNN) link will be maintained at 50%
utilization or less for the same period.
h. All SNA front-end processors will be maintained at 75% or less average daily
prime time CPU and 80% or less memory utilization with no "slow down" events
during normal daily operations.
i. The EPA dedicated network will be implemented in such a manner that there will
be, at most, one intermediate EPA SNA node between the demarcation point and
the NCC IBM 3090 during normal operations.
j. NDPD will consult with external user organizations who are connected to the
EPA SNA network to improve total network turnaround time. However, EPA
is responsible only for controlling and measuring performance, capacity, and
utilization up to the demarcation point between EPA and non-EPA equipment.
5.0 DEFINITIONS
NCC Interactive Network Turnaround Time Goals. (As measured by TSO, "Definite Response"
from users's PU2.X controller to the NCC IBM 3090.)
Dedicated 3270: 2 seconds
Dial-Up 3270: 3 seconds
Protocol Conversion
(async terminals): 5 seconds
Non-EPA SNA Gateways &
SNI Sites: 2 + X seconds*
*Note: The EPA component of the average daily prime time network
turnaround will be maintained at _<. 2 seconds as measured to a
similarly connected physical unit at the same demarcation point.
The X represents the additional time of the non-EPA component
of the transmission.
Prime Time: 10:00 a.m. until 12:00 noon and 2:00 p.m. until 4:00 p.m., Monday through
Friday. It is assumed that these hours represent peak traffic time periods.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Telecommunications Change Management NO.: 300.05
APPROVAL: ^/*/k*. »w*^ ^ DATE: 7/2/90
~^_ ' **£* __^
1.0 PURPOSE
This policy defines guidelines and procedures to be followed whenever changes are being
planned for the EPA National Data Communications Network (NDCN).
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA, contractor, and vendor personnel who request changes to
the configuration of the national network or to any node on that network. This includes
hardware installation, removal, relocation, and upgrades; software upgrades; and any changes
to a facility's layout or design which affects the network or node.
3.0 RESPONSIBILITIES
NDPD is responsible for the maintenance and enforcement of this policy. NDPD personnel will
conduct an annual review for needed modifications and/or deletions, and will provide technical
support for all procedures and activities. NDPD is also responsible for ensuring that this policy
is updated as needed to concur with changes in NCC procedures affecting this policy or the
ability to enforce this policy.
4.0 POLICY
Requested changes to the EPA NDCN will be made formally and in writing via an existing
Telecommunications Service Request (TSR) process. This process ensures input, concurrence,
and notification to all participants of the requested change. It also provides an automated
method of tracking a request, making changes to it, and reporting its schedule, status, and final
outcome to NDPD.
5.0 DEFINITIONS
The TSR is an on-line document that users or any originator of a requested change can use to
identify the nature and desired schedule of a change. It is described in the on-line IBM User's
Guide [JUSD.USERS.REFER(TELECOM)]:
"The TSR is the single document for requesting most types of service changes. Services
and information which must be requested and provided via this form include the
following:
Full-screen terminal support.
Graphics terminal support.
ASCII (TTY terminal support).
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.05 Page 2 of 2
Remote job entry registration.
Terminal relocations.
The TSR will be the only method for requesting these services. Note that the request
must be approved by the ADP Coordinator. Copies of the form are available through
the ADP Coordinator or by telephone request to the Network Support Group. Copies
are available as on-line print on the IBM 3090 in the data set JCMT.TSR.FORMS
(TSR)."
Once a TSR is completed and entered into the system, its originator is notified in writing and
is given the TSR number for future reference. The letter also contains the FTS and commercial
phone number of the person to whom the TSR has been assigned.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Telecommunications Disaster Recovery NO.: 300.06
APPROVAL; $*&£ foJlfeJtf DATE: 9//2/90
1.0 PURPOSE
This document defines the Telecommunications Disaster Recovery policies and procedures to
reinstate access to the EPA NDPD National Computer Center (NCC) at an alternative site in the
event the existing facility at Research Triangle Park (RTF), North Carolina, is rendered
unusable.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA, contractor, and vendor personnel who use the EPA National
Data Communications Network (NDCN). The control facility for this network is located at the
EPA NCC at Research Triangle Park, North Carolina.
Currently, the EPA/NCC network has over 13,000 users located in all 50 states, the District of
Columbia, and Puerto Rico. There is one major node each at the EPA Regional Offices; at
Headquarters in Waterside Mall, Washington, D.C.; and at the Environmental Research Center
in Cincinnati, Ohio. The network also serves all EPA labs and vendor/contractor offices
nationwide.
3.0 RESPONSIBILITIES
The Network Control Facility (NCF) at RTP is responsible for user assistance, problem
recording/tracking, hardware installation/removal, telecommunications hardware operation,
offsite assistance, and telecommunications work orders resulting from Telecommunications
Service Requests (TSR's) from users or NDPD.
NDPD is responsible for policy maintenance and enforcement. NDPD personnel at NCC RTP
will conduct annual policy reviews for needed changes, and will provide technical support for
all steps required to implement this policy. NDPD is responsible for ensuring that this policy
is updated as needed to concur with the current NCC disaster recovery plan.
4.0 POLICY
In the event of a disaster at the EPA NDPD National Computer Center, Telecommunications
Services Department personnel will follow the procedures outlined in the current Critical
Applications Disaster Recovery Plan maintained by the Security Officer. This plan includes
steps which address:
Emergency Response
Backup of Critical Applications
Recovery of Processing Capabilities
As this plan dictates, Telecommunications Services will:
a. Participate in reactivation of the RTP Control Center by ensuring that voice
communications are established and by installing required terminals.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.06 Page 2 of 2
b. Participate in activation of the Cincinnati Control Center by bringing up links to
the WIC and RTF.
c. Participate in telecommunications operation by monitoring the network to ensure
continual availability.
d. Participate in reestablishment of NCC configuration.
e. Participate in returning Cincinnati to normal operations.
f. Participate in final restoration of the NCC network.
5.0 DEFINITIONS
Currently, there is one primary source document for disaster recovery procedures at NCC:
Critical Applications Disaster Recovery Plan,
Document Number 379/00IB
Published February 21, 1990
This document is maintained by NDPD and its distribution is limited to NDPD, contractor
management personnel, and other persons having principal responsibilities in the event of a
disaster to NCC facilities. The Plan is maintained by the NCC Disaster Recovery Document
Officer, who has the responsibility to "review all documentation from the standpoint of
completeness, accuracy, and integration with related procedures."
In the event of an actual disaster at NCC, the plan calls for formal notification to all disaster
team members, including the Manager of Telecommunications Services or his appointed
representative on the team.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA^ International Telecommunications Support NO.: 300.07
APPROVAL: fefl"&£. &-jJtf>^ DATE:
1.0 PURPOSE
This document outlines the policies for requesting telecommunications service between an EPA
location in the United States or one of its territories and a foreign country. This document also
describes policies for providing access to telecommunications services to international travelers
and on-site telecommunications support for international conferences, meetings, symposiums,
or similar functions held outside of the continental United States.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agencies (including State agencies, contractors, and grantees) of EPA who are involved in
international data sharing and/or traveling. International telecommunications services provided
include voice access, data transfer, electronic message and conference capability, and other
value-added services.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will review policies
annually, will effect necessary modifications and enhancements, and will provide technical
support as required.
The NDPD Telecommunications Branch is responsible for project management of the
international telecommunications contract and for tasking contractors to provide required
services.
EPA offices must order all services through the Telecommunications Service Request (TSR)
process. Functional requirements must be specified in the TSR, and a contact person identified
to discuss alternative solutions.
For all services except asynchronous dial up to the EPA network, customers are responsible for
funding. Customers are also responsible for notifying NDPD of requirements for international
services upon knowledge of same.
4.0 POLICY
This policy summarizes contract administration, service responsibilities, service levels, eligibility
criteria for ordering service, trouble reporting, method of payment, security, and the interface
with the U. S. Department of State.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.07 Page 2 of 3
a. Only the contracting officer and designated ordering officers may order supplies
or services from the international telecommunications contract.
b. NDPD will provide support services that include technical design,
troubleshooting, and diagnostics for the EPA portions of the network, installation,
coordination, assistance with problem resolution and performance analysis.
c. NDPD will ensure service availability, reliability, and service levels consistent
with established standards and procedures provided by contract administration.
d. Foreign agencies that wish to have access to EPA network services must be
sponsored by an EPA ADP Coordinator. All services must be requested through
the TSR process.
e. NDPD will provide a list of equipment and services available to international
travelers and assist in determining the appropriate equipment available at a
foreign location in order to limit the amount of equipment that must be carried
by the traveler and to ensure that state-of-the-art technology is being employed.
f. The international telecommunications contractor will provide problem resolution
coordination via a toll-free number 24 hours a day, 7 days a week.
g. NDPD will provide international telecommunications services on a chargeback
basis. NDPD will provide an estimate of one-time and recurring charges, as
applicable, for other required services.
h. NDPD will provide the means by which travelers can be issued telephone credit
cards which enable the traveler to place Direct Distance Dial (DDD) telephone
calls from foreign locations to the U. S. or to other foreign locations as required.
These cards will also be valid for calls made to foreign destinations originating
in the contiguous 48 states, Alaska, Hawaii, Puerto Rico, and Guam.
i. The implementation of the services offered in the International
Telecommunications Support Contract must neither interfere with nor replace any
telecommunications activities which are under the exclusive authority and
responsibility of the U. S. Department of State (and/or any of its designated
agencies).
5.0 DEFINITIONS
Telecommunications Service Request (TSR): A standard form which, when completed, provides
NDPD personnel with the information needed to approve, schedule, and monitor connectivity
or changes to the EPA national network.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.07 Page 3 of 3
6.0 STANDARDS
a. International services must be effectively compatible with the telecommunications
systems in foreign locations, including existing networks and computer systems,
service offerings of value-added network suppliers, service offerings of the
communications agencies of foreign governments, and supplied customer premise
equipment and software.
b. Telecommunications connectivity service will be available 24 hours a day, 7 days
a week, throughout the year or 100 percent of the time allowed in foreign
locations (whichever is greater). Routine support and administrative services will
be available during normal business hours in the Eastern time zone.
7.0 PROCEDURE REFERENCES
a. Contract 68-W2-0022 with MCI Telecommunications Corporation. Procurement
and Contracts Management Division. U. S. Environmental Protection Agency
Headquarters, Washington, DC.
b. (Draft) U. S. Environmental Protection Agency. (1992) International
Communications Guide. Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resources Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: State Data Communications NO. 300.08
APPROVAL: !&**&'& C^/i-Jc DATE:
1.0 PURPOSE
To assure effective, efficient data communications, there must be compatibility among hardware,
software, and methods used. This is especially true in connecting separate and distinct networks
such as the U. S. Environmental Protection Agency's network and those of the individual states.
(Note: The term "state" includes a state or any entity given equal status as a state by the
Federal government.) This policy is intended to provide a common understanding of the roles
and responsibilities for establishing the environment necessary for data communications
connectivity between the states and the National Data Processing Division (NDPD).
2.0 SCOPE & APPLICABILITY
This policy is applicable to the data communications wide area network maintained and
supported by the NDPD. Specifically, it is intended to cover issues relating to connectivity to
the EPA network by any state.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will review policies
annually for needed modification and will provide technical support for all components of the
NDPD data communications network.
NDPD will monitor the performance of the EPA's national data communications network for
potential problems as well as traffic volume and response time to individual nodes.
The primary contact for state agencies will be the State/EPA Data Management (SEDM)
Regional Coordinator for the responsible region. The SEDM Coordinator, in consultation with
the IRM Branch Chief, will conduct any discussions necessary with state agencies to assure the
state's designation of a single point of contact for telecommunications technical transactions.
State agencies are responsible for defining and timely reporting of new requirements to EPA
through their respective State/EPA Data Management Regional Coordinator. Program Office
SIRMOs and Regional Office IRM Chiefs are responsible for defining and reporting any
requirements for state data communications connectivity directly to NDPD's Telecommunications
Branch. Timely notification of requirements will allow NDPD the opportunity for network
design modifications to accommodate increased loads while maintaining appropriate operational
service standards.
4.0 POLICY
a. A single point of presence in each state will be maintained by NDPD in a location
determined by the state for the purposes of access to the EPA's national data
communications network.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.08 Page 2 of 4
b. Methods for data communications connectivity, and modifications thereto, shall
be defined through the Telecommunications Services Request (TSR) system.
States should communicate connectivity requirements to their Regional Office
SEDM who will submit a TSR through the IRM Branch Chief to the Telecommu-
nications Branch of NDPD.
c. State agencies desiring TCP/IP (Internet) connectivity should look to NDPD for
consulting and design assistance. This assistance will be provided through the
Regional Office SEDM Coordinator via the TSR process. This is the preferred
means to access NCC services (including Email) for state agencies not connected
to the state point of presence. Technical assistance will be provided through the
Regional SEDM Coordinator via the TSR process.
d. NDPD shall participate in SEDM meetings to maintain contact with the state
agency customer community and to understand the states' data communications
requirements. Through this and other means as appropriate, NDPD will work
with each Regional Office SEDM Coordinator to assure that the data communica-
tions needs of the states are met. This specifically includes NDPD participation
in the SEDM grant review process.
5.0 DEFINITIONS
State/EPA Data Management (SEDM): System managed by a national coordinator in the Office
of Information Resources Management, OARM and designed to build cooperative state/EPA
relationships to support sound environmental decisionmaking through data sharing, data
integration, and information exchange. There is a State/EPA Data Management Regional
Coordinator in each of EPA's ten Regional Offices.
6.0 STANDARDS
a. NDPD will purchase and maintain, at its discretion, a data circuit, modems, and
any other equipment necessary for data communications between the state and
NDPD (see Figure 1). This equipment will remain the property of NDPD and
will be installed at the state point of presence only after completion of a
Revocable License Agreement (RLA) between the state and NDPD. The RLA
is a renewable legal document granting use of EPA-owned equipment; it must be
reviewed for renewal or replacement every 3 years.
The state shall purchase and maintain the computer equipment necessary to access
the EPA network at the agreed upon point of presence. This shall include, but
is not limited to, terminals, synchronous and asynchronous gateways, front-end
processors, and central processing units (CPUs) as well as the necessary
communications software.
c. NDPD will review and approve any ADP and telecommunications resources to
be funded under the EPA State/EPA Data Management Financial Assistance
Program. An expedited NDPD review and approval process will be provided for
final decision packages.
b.
-------
NATIONAL
DATA COMMUNICATIONS SYSTEM
S
o
*a
*
H
*
I
«r
D
.*"
rttp'n,
\
9
rf
w
z
o
CM
ACM
emiocftnoNB
* oovrnucTcn IOCATXJNB
XJ9 BAOOONC NCTWCMC
punHC RAvcrnr MFBWO
Figure 1. Schematic of EPA's National Data Communications Network
n
«
u>
e
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.08 Page 4 of 4
d. Any operational problems experienced by the state in accessing the EPA network
should be reported to the NDPD's Network Control Facility (NCF) at (919) 541-
4506 or (800) 334-0741, or to Customer Support at (919) 541-7862. The
respondent will open a Centralized Problem Management (CPM) record to track
the problem until its resolution. If repair of EPA-owned equipment is necessary,
the proper vendor personnel will be dispatched. Unless otherwise specifically
agreed to, NDPD will ensure proper data communications to the output interface
on the modem or similar device provided. The state shall be responsible for
repair and maintenance of equipment beginning with the interface cable to the
state computer/data communications equipment.
7.0 PROCEDURE REFERENCES
a. "Development of the SEDM Strategic Plan," Michele Zenqn, National State
Environmental Data Management Coordinator, presented at National Environmen-
tal Information Conference, Philadelphia, PA, November 1991. (Location:
EPA/OIRM, PM-211)
b. EPA Series 2100, Information Resources Management Policy Manual, Chapter
3, "State/EPA Data Management," 7/21/87, POLICY, Section 5.g, "EPA will
design and manage its computing and data communications network to support
timely and reliable State access to EPA systems and data bases." (Location:
EPA/OIRM, PM-211)
c. U. S. Environmental Protection Agency (1990), Federal Register. Volume 55,
No. 243, pages 52012-52013, December 18,1990, "Financial Assistance Program
Eligible for Review," (OIRM-FR-3870-6). Office of Information Resources
Management, U. S. EPA, Washington, DC 20460.
d. U. S. Environmental Protection Agency (1990), State/EPA Data Management
Financial Assistance Program: Guidance for Applicants. November 19, 1990,
Information Management and Services Division, Office of Information Resources
Management, U. S. EPA, Washington, DC 20460.
e. U. S. Environmental Protection Agency (1990), State/EPA Data Management
Financial Assistance Program: Regional Guidance. December 18, 1990,
Information Management and Services Division, Office of Information Resources
Management, U. S. EPA, Washington, DC 20460.
f. Fulford, D. W. (1991), "ADP Review of State Data Management Program
(SEDM) Grants," Memo to Assistant Regional Administrators, April 1, 1991.
National Data Processing Division, MD-34, U. S. EPA, RTP, NC 27711.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Telecommunications Considerations for NO. 300.09
Facilities Modifications
APPROVAL: tv^-^'^ DATE:
1.0 PURPOSE
Adherence to this policy will ensure consistency in the design and implementation of voice and
data communications throughout the EPA and allow for anticipated growth and modifications
brought about by the rapid changes in communications technology at the site level.
2.0 SCOPE & APPLICABILITY
This policy is applicable to the EPA voice and data communications Wide Area Network (WAN)
and Local Area Networks (LANs) maintained and or supported by NDPD. Specifically, it
addresses wiring specifications for telecommunications connectivity to this network at any EPA,
contractor, or other site during the planning of a new facility, renovation of an existing facility,
or relocation to a new facility.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement and will annually review policies
for needed modification and/or enhancement.
The Chief of the Telecommunications Branch (TCB) is responsible for ensuring compliance with
this policy.
4.0 POLICY
The Telecommunications Branch of NDPD works in conjunction with the Facilities Management
and Services Division (FMSD) to provide extensive assistance in the design, planning, and
coordination of telecommunications services for all EPA facilities. Special assistance is provided
for the buildout of new space. NDPD will prepare a project plan and develop a Memorandum
of Understanding to define the level and amount of support provided and the funding
requirements. NDPD will provide technical support for all components of the NCC telecommu-
nications network.
NDPD will provide detailed planning assistance with all telecommunications requirements
including but not limited to wiring/cabling, equipment, cabinets/racks, etc., that may be specific
to this site for both voice and data. Directive 310.12, Wiring and Optical Fiber Cabling for
Voice and Data Telecommunications, provides NDPD telecommunications wiring standards.
The NDPD Project Management team will conduct onsite inspections during appropriate stages
of a project and provide a progress briefing to site personnel.
While NDPD provides planning and inspection assistance, it does not supervise or manage any
construction personnel or other contractor personnel hired by GSA or site management.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.09 Page 2 of 3
The Telecommunications Branch will assist the site staff in determining which telecommunica-
tions services will be provided to all occupants of new or renovated space. Program office
occupants may be offered the opportunity to upgrade the type and/or level of these identified
services, on condition that the program office bear the burden of the additional expense.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. Assistance from NDPD for any form of facility move/renovation should be
obtained through submission of a Telecommunications Service Request (TSR).
It is important that NDPD be notified through the TSR system as soon as a
requirement for a facility modification is known.
b. A TSR should be submitted early enough for NDPD to provide any necessary
preconstruction consultation and assistance. NDPD has experience in physical
plant design that allows for future expansion of telecommunications wiring media
as well as general building and workstation layout.
c. As NDPD does not provide funding to support Building and Facilities (B & F)
projects, it is especially important that each office include telecommunications
requirements in their respective responses to Facilities' annual B & F call letter.
Identification of voice and data communications needs through this means will
allow for timely and adequate budget coverage in either the Regional or National
Support Account. The Telecommunications Branch will coordinate the ordering
and provisioning of telecommunications services within NDPD.
d. In accordance with Agency procurement policy, all purchases of voice communi-
cations equipment and associated services (including FAX equipment) in excess
of $5000 must be approved by NDPD. Purchase of data communications
equipment is subject to the same Agency review and approval process applicable
for all ADP equipment. This provision is intended to assure technical compatibil-
ity, and correct application or Agency telecommunications standards for optimal
performance of the purchased equipment.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1984) EPA Transmittals 4800 Series
Facility and Support Services Manual, Volume 4840, Facilities Management,
OARM-FMSD, Washington, DC. (Available from Director, FMSD, PM-215)
b. U. S. Environmental Protection Agency. (1992) NDPD Operational Directives
Manual (Report 285/001), Directive 310.12, Wiring and Optical Fiber Cabling
for Voice and Data Telecommunications. National Data Processing Division,
Office of Administration and Resources Management, Research Triangle Park,
NC (Location: Publications Technical Library and on-line on IBM ES/9000 in
data set JUSD.DIRECTIV.MANUAL)
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.09 Page 3 of 3
c. U. S. Environmental Protection Agency. "Approval of Procurements for Voice
Communications," Memorandum, dated July 17, 1989. Office of Administration
and Resources Management. Procurement and Contracts Management Division,
Washington, DC (Available from Director, PCMD)
d. U. S. Environmental Protection Agency. "Clarification of Approval Authority for
FAX Equipment," Memorandum, dated August 16, 1989. Office of Administra-
tion and Resources Management. Procurement and Contracts Management
Division, Washington, DC (Available from Director, PCMD)
e. U. S. Environmental Protection Agency. Chapter 6, "ADP Resources Manage-
ment," Information Resources Management Policy Manual (2100 Series). July 21,
1987. Office of Information and Resources Management, Washington, DC.
(Available from OIRM)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD Telecommunications Support for NO. 300.10
National Conferences and Demonstrations
APPROVAL: vv' DATE:
1.0 PURPOSE
In the past, NDPD has provided support to EPA national program system managers for various
national conferences, meetings, and demonstrations requiring data communications connectivity.
This support will be continued as outlined in this policy.
2.0 SCOPE & APPLICABILITY
This policy is applicable to the data communications Wide Area Network (WAN) maintained and
supported by NDPD. Specifically, it will be used to evaluate all requests for connection to the
network and for NDPD support for conferences, meetings, and demonstrations.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement, and will annually review these
policies for needed modifications and/or enhancements. NDPD will provide approval and
technical support for all components of the NCC telecommunications network.
4.0 POLICY
a. Assistance is obtained from NDPD through submission of a Telecommunications
Service Request (TSR). A TSR should be submitted at least 6 months in advance
of a planned event to allow proper lead time for NDPD to obtain dedicated data
circuits for a site. If necessary, dial-up data service can be provided to a site
with the submission of a TSR in no less than 60 days from the expected start of
an event.
b. NDPD must be given the name of a designated "technical contact" at the site of
the proposed event to assist with the physical constraints that are unique to each
specific location.
c. For an event for which an approved TSR exists, NDPD will furnish all necessary
equipment to provide data communications connectivity to the EPA National Data
Communications Network. This includes, but is not limited to, data circuits,
modems, multiplexors, and 3270 cluster controllers. It is the responsibility of the
requesting organization to provide and/or fund any terminals, PCs, monitors,
projectors, software, communications boards, ana all other end-user devices
needed for the event. It is also the requesting organization's responsibility to
provide adequate security for these devices for the duration of the event.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.10 Page 2 of 2
d. Normally, NDPD will provide the following at no cost to the requesting
organization for an event lasting up to 3 days:
One analog data circuit with an aggregate speed of 9600 BPS.
One 3270 cluster controller or asynch terminal concentrator device.
One onsite data communications technician.
e. Certain factors may necessitate funding from the requesting organization. These
include, but are not limited to, the following:
Digital high-speed circuits with aggregate speeds in excess of 9600 BPS
or multiple analog circuits.
Lengthy events (in excess of 3 days).
Complicated internal wiring and setup at the site.
Conferences located outside the continental United States. In this
instance, a significant amount of advance planning is necessary. Six
months notification, as well as funding source identification, will be
required.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Network File System (NFS) NO. 300.11
APPROVAL: £$&Jkizh's* : DATE:
L^_^ . V.\ -J'
1.0 PURPOSE
This document provides background information on the application of the Network File System
(NFS) at the NDPD and defines responsibilities and policy to ensure that an appropriate level
of technical support is maintained for this product.
2.0 SCOPE & APPLICABILITY
This policy applies to the "lead" EPA Branch Chief and Technical Manager for each of the
following NDPD architectures:
IBM Mainframe: ADP Operations Management Branch
Novell NetWare: Telecommunications Branch
Prime: Information Centers Branch
VAX, DG, HPC: Scientific Computing Branch
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement, and will annually review policies
for needed modification and/or enhancement. NDPD will provide approval and technical
support for all components of the NCC telecommunications network.
The designated lead EPA Branch Chief and Technical Manager are specifically responsible for
NFS and for all other systems support facilities on the designated architectures.
4.0 POLICY
The EPA Geographical Information Systems (GIS) and Supercomputing programs require
multiplatform file services across machine architectures. At present, NFS is the only solution
available to meet these requirements. Although rapid changes in this situation are expected over
the next 3 years (e.g., GOSIP, AFS under OSF/x), NDPD must deploy NFS selectively on some
of the EPA architectures to meet these multiplatform needs.
5.0 DEFINITIONS
None.
6.0 STANDARDS
NFS is a file system consisting of systems level software resident on the machine which uses it.
Different NFS implementations can allow an individual machine to be a client, server, or both
in a given set of environments.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.11 Page 2 of 2
The NFS capability is "owned" by the operating system and its appropriate systems level support
structure/organization within NDPD.
EPA supported/approved architectures currently eligible for NFS include those for which NDPD
has announced support. Unsupported NFS platforms may be connected to EPA supported
TCP/IP networks only with the approval of the senior site technical manager and must be
temporarily disconnected from the network if they are suspected of causing service disruption.
Each NDPD supported architecture has a lead EPA NDPD Branch Chief and an EPA NDPD
Technical Manager in a position of authority and responsibility for total support of the
architecture.
Telecommunications Branch supports transport of TCP/IP and other related NFS protocols only
on full speed, locally attached, 16 megabit Ethernet local area networks designed, approved, and
supported under NDPD operational LAN policies. NFS protocols on media operating at speeds
of less than 10 megabits/second will not be supported in EPA. It is NDPD's intention to install
technology to manage and control this access.
The appropriate Lead EPA NDPD Branch Chief and NDPD Technical Manager will be
responsible for:
Determining whether or not NFS will be supported and in what form (e.g., how
many variations, client/server, etc.).
Determining and obtaining resources for software, distribution, maintenance,
support staff, etc., to support NFS.
Determining the level of support NFS is to receive under the support strategy and
obtain NDPD-wide concurrence for this level of support.
Assuring that field System Administrator training, documentation, guidelines, and
other notifications are in place for quality NFS support.
Assuring that total NFS support for the architecture is either in place or not
needed in other NDPD and field support organizations (i.e., Customer Support,
Information Centers, Telecommunications Hotline (NCF), and Network
Management.
7.0 PROCEDURE REFERENCE
Materials under development.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Radio Frequency Management NO. 300.12
1.0 PURPOSE
This document describes NDPD's policy for managing the acquisition, installation, use,
administration, and support of radio communications systems serving EPA offices nationwide.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors nationwide who plan, design, engineer,
implement, administer, maintain, and support radio communications equipment
and services.
b. All EPA program office personnel nationwide who request, acquire, and use radio
communications equipment, services, and support.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
a. NDPD is responsible for acquiring and managing radio frequency services for the
Agency. NDPD provides assistance in planning, designing, engineering, and
acquiring radio communications equipment and services. NDPD's Telecom-
munications Branch serves as a liaison between EPA and the National Telecom-
munications and Information Administration's (NTIA's) Frequency Assignment
Subcommittee (FAS) within the Department of Commerce. NTIA is responsible
for the assignment of radio frequencies to all federal agencies.
b. Procurement of radio communications equipment is the responsibility of the
requesting program office.
c. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. EPA program offices must request the assignment of a radio frequency before
purchasing any type of radio transmission equipment (see EPA Radio Frequency
and Equipment Acquisition Guide). Prior to submitting a Procurement Request
for radio transmission equipment to a purchasing office, the program office must
obtain NDPD approval for use of the proposed or requested frequencies,
transmitter power, antenna height, range of operation, and call signs. Headquar-
ters program offices request radio communications frequency assignments, call
signs, services, and support from NDPD through the Radio Frequency Assign-
ment Request (RFAR) process.
-------
ofucaia tui louiu ii«jucin.y oaaigi
appropriate EPA Project Officer.
NDPD OPERATIONAL DIRECTIVE NO. 300.12 Page 2 of 2
b. All requests for radio frequency assignments, radio call signs, and radio
communications acquisition assistance must be in writing on EPA letterhead from
an EPA Program Director or Project Officer and sent to:
EPA Washington Telecommunications Center
Deputy Chief, Telecommunications Branch (PM-211T)
401 M Street, SW
Washington DC 20460
c. Contractor requests for radio frequency assignments and call signs must be made
d.
5.0 DEFINITIONS
None.
6.0 STANDARDS
NDPD will conduct Radio Frequency Management operations in accordance with Manual of
Regulations and Procedures For Federal Radio Frequency Management (5-89, revised 9-90
and 1-91), National Telecommunications and Information Administration (NTIA), U.S.
Department of Commerce.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency, (draft, 1993) EPA Radio Frequency
Management. Washington, DC: National Data Processing Division.
Telecommunications Branch.
b. Department of Commerce. (1989, revised 1990 and 1991) National Telecommu-
nications and Information Administration. Frequency Assignment Subcommittee.
(Location: Available from NDPD Telecommunications Branch, Washington, DC
or Government Printing Office)
c. U. S. Environmental Protection Agency, (draft, 1993) EPA Radio Frequency and
Equipment Acquisition Guide. Washington, DC.
d. U. S. Environmental Protection Agency, (draft, 1993) EPA Radio Communica-
tions Operations Guide. Washington, DC.
e. U. S. Environmental Protection Agency. (1991, updated 1993) EPA Headquar-
ters Telecommunications Resource Handbook. Washington, DC.
f. U. S. Environmental Protection Agency. (1987) OIRM Policy Manual. Office
of Information Resources Management. Washington, DC: chapter 7, Section
5.e.(2) and 5.e.(3), pp. 7-3 and 7-4, Directives 2100 dated 7/21/87.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Support for Toil-Free (800) NO. 300.13
Telecommunications Support
APPROVAL: -V-v--.;. .7^..,^ DATE:
1.0 PURPOSE
This policy provides guidance for establishment and utilization of toll-free (800) telephone
number telecommunication services for access to the EPA network. The FTS2000 contract
which provides governmentwide telecommunications services is managed by GSA and is
designated as a mandatory use contract. Therefore, EPA's toll-free (800) services must be
ordered under the FTS2000 contract.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA organizations and their employees, and to personnel of agencies
(including state agencies, contractors, and grantees) of EPA. Toll-free telecommunications
services intended include voice access, data transport, and voice mail.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will review policies
annually, will effect necessary modifications and enhancements, and will provide technical
support as required.
The NDPD Telecommunications Branch is responsible for project management of telecommuni-
cations contracts and for tasking contractors to provide required services. NDPD shall monitor
usage of EPA 800 services in order to discourage and detect instances of fraud, waste, and abuse
of these services.
4.0 POLICY
a. Toll-free (800) service to the EPA network is provided in circumstances only
where a local access number is not available.
b. NDPD-supplied 800 numbers include those providing access to asynchronous,
bisynchronous, and synchronous dial access to the EPA network and for access
to NDPD Help Desks, (e.g., Customer Support, Network Control Facility, the
FTS2000 Business Office, and the International Telecommunications Help Desk).
c. Any organization can request and/or establish 800 services for access to the EPA
network or NCC services whenever provision of that 800 number is intended to
meet a bona fide U. S. Government requirement, the requestor will provide
funding for the service, and the service is in the best interests of 'the U. S.
Government. The Telecommunications Service Request (TSR) process will be
used as the vehicle for requesting such services.
-------
NDPD OPERATIONAL DIRECTIVE NO. 300.13 Page 2 of 2
d. EPA organizations that wish to have NDPD assistance to establish 800 services
must request these services through the submission of a completed TSR, including
justification, to:
EPA FTS2000 Business Office
MD-90B
Research Triangle Park, NC 27711
1-800-242-4387
e. NDPD will ensure 800 service availability, reliability, and service levels
consistent with established standards and procedures.
f. Funding for all 800 telecommunications services must be provided by the
requestor. NDPD will provide an estimate of charges if requested. Requestors
should note that 800 services may be more costly than other alternatives and are
provided primarily for the convenience of customers outside of the local calling
area. The implementation of 800 services should neither interfere with nor
replace any existing telecommunications services.
g. Customers interested in establishing toll-free international telecommunications
should refer to and comply with provisions in the NDPD International Telecom-
munications Support, NDPD Operational Directive No. 300.07.
5.0 DEFINITIONS
Telecommunications Service Request (TSR): A standard form which, when completed, provides
NDPD personnel with the information needed to approve, schedule, and monitor connectivity
changes or changes to the EPA national network.
FTS2000: A telephone network established to provide communication support to and among
agencies of the federal government.
6.0 STANDARDS
a. Toll-free telecommunications connectivity service will be available 24 hours a
day, 7 days a week, throughout the year. Routine support and administrative
services will be available during normal business hours.
b. Any 800 lines used for data transfer will be subject to voice-grade line limita-
tions.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. NDPD Operational Directive 300.07. NDPD
Operational Directives Manual (Report No. 285/001). Research Triangle Park, NC: National
Data Processing Division. (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Local Area Network (LAN) Planning NO. 310.01
APPROVAL: f) jQlt\ DATE: ^
A~/Gn+L6(. KAar.
1.0 PURPOSE
This policy defines the methods approved by NDPD for establishing a new LAN or performing
a major modification to an existing LAN.
The objective of this policy is to identify all of the hardware, software, and configuration
information necessary to assure compatibility of Agency network components and to clarify and
identify the level of support expected from the NDPD central support group.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, operation, and maintenance of Agency LANs.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will coordinate technical support for
all Agency standard LANs.
NDPD will provide consultation in preparing the LAN plan, preliminary review, and appropriate
planning materials upon request.
4.0 POLICY
The success of any LAN depends largely on the quality of the implementation plan. Ail Agency
LANs will be installed and operated according to an approved LAN plan and implemented and
tracked through the NDPD Telecommunications Service Request (TSR) system as specified in
Section 6.0 Standards.
5.0 DEFINITIONS
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
Extended LAN Facility (ELF):. An NDPD-approved LAN bridge or repeater subsystem which
joins two or more facility backbones to form a Metropolitan Area Network (MAN) between
facilities in a "campus" environment. All ELFs require NDPD approval under the TSR process.
ELFs are jointly funded by NDPD and the relevant user organization. ELFs are supported by
NDPD.
Metropolitan Area Network (MAN): A metropolitan area network comprises two or more
facility backbones joined by an ELF in a "campus" environment.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.01
Page 2 of 4
EPA LAN Manager: SIRMO designated Federal employee who has overall responsibility for
the administration and security of the file server.
LAN System Administrator: The person who has hands on responsibility for carrying out daily
operations and maintenance of the LAN as detailed in NDPD Operational Directive 310.03.
Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. To be supported on Unix servers and on Netware servers.
6.0 STANDARDS
a. The following LAN plan components must accompany each TSR:
(1) A configuration plan, including the following items.
Server model.
Number of disk drives.
Amount of memory.
Network operating system version.
A count of workstations.
Token-ring address and symbolic name for each backbone device.
Location of the wiring closet, the number of MAUs in each closet,
the type of wiring used, and the location of each network node
and its lobe length.
The distance between wiring closets and the type of wiring used to
connect the closets.
(2) A diagram (for example, an FMSD blueprint) which is to scale, with
markings designating the location of each LAN server and workstation
attaching to the LAN. In some Agency facilities, the instability of
electrical power is a significant concern. In such facilities, the installation
of critical components (e.g., file servers, bridges, and gateways) in central
"technology areas" with appropriate power conditioners, should be consid-
ered.
Type 1 cable is recommended for token-ring LANs. NDPD approval is
required for any exceptions. Type 1 cable is mandatory for all token-ring
backbones and all connections to the backbone. Ethernet wiring will be
"thickwire coax" for backbones and thick- or thinwire coax for PC
connections.
Thickwire, thin-wire, and twisted pair Ethernet wiring conforming to the
10 BASE-T IEEE standard is acceptable. Any multifioor LANs must be
connected via an approved facility backbone. (For details, see Directive
No. 310.12, Wiring and Optical Fiber Cabling for Voice and Data
Telecommunications.')
Note: It is recommended that a hardware and software plan be prepared
as part of the LAN planning process. Contact LANSYS for assistance.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.01 Page 3 of 4
(3) A LAN System Administrator must be named to serve as the technical
contact along with a backup Administrator. The names, phone numbers,
and Email ID of the LAN System Administrator and backup Administrator
must be provided. Date of completion (or scheduled completion) of the
EPA LAN System Administrator course must be provided.
(4) The name, phone number, and Email ID of the EPA LAN Manager must
be provided. This is the Federal employee who has overall responsibility
for administration and security for the LAN.
(5) Each LAN plan for token-ring LANs should be attached to a TSR and
submitted for review, approval, and implementation to:
TCB/LANSYS
NDPD MD-90
U.S. EPA
RTP.NC 27711
Each LAN plan for Ethernet LANs should be attached to a TSR and
submitted for review, approval, and implementation to:
TCB/Ethernet
NDPD MD-90
U.S. EPA
RTP, NC 27711
All TSRs must be signed by the appropriate, official EPA ADP Coordina-
tor.
b. All modifications to the facility backbone must be approved by NDPD via the
TSR process. This includes both major modifications such as addition of file
servers, gateways, RDBMS Servers, and routers, and minor modifications such
as changing a file server's token ring card. That is, every change involving a
backbone hardware address or symbolic name must be reported via a TSR. (See
Directive No. 310.10, LAN Change Management.
c. The LAN System Administrator must ensure that adaptor cards used for the
backbone or in conjunction with a print ring are defined for LAN Manager in the
symbolic name file. If a resource is defined as critical, it must be designated as
such within LAN Manager.
d. The appropriate LAN System Administrator support group shall designate the
LAN as operational when all workstations and gateways have been configured and
tested. The LAN support group shall ensure that LANSYS or DECSYS is infor-
med of the LAN's designation as operational.
e. A TSR must be submitted for an RDBMS server. In addition to the TSR
information for a file server, it must include the following:
(1) A LAN Data Base Administrator (LAN DBA) and Backup LAN DBA
must be named to serve as the technical contacts. The names, phone
numbers, and Agency Email IDs of the LAN DBA and Backup LAN DBA
must be provided. The date of completion of the EPA LAN Data Base
Administration course for the DBA and backup must be provided.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.01 Page 4 of 4
(2) A configuration plan for the RDBMS server, as shown in Appendix A of
the EPA LAN Operating Procedures and Standards manual Volume II:
Oracle for Netware must be submitted as part of the TSR.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1993) LAN Operational Procedures, Volume II Oracle
for NetWare (Report No. 397/002) Research Triangle Park, NC: National Data Processing
Division, Telecommunications Branch (Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Supported LAN Hardware and Software NO. 310.02
APPROVALi DATEi 51
1.0 PURPOSE
This policy defines methods approved by NDPD for acquiring Agency-supported hardware and
software for Local Area Networks (LANs).
The objectives of this policy are to:
a. Preserve individual LAN stability.
b. Provide a compatible, predictable environment for applications.
c. Provide a consistent environment for customers.
d. Provide a consistent environment for testing and support.
e. Provide an environment where interconnected LANs deliver services and
applications to all Agency LAN workstations.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and employees and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, operations, and maintenance of Agency LANs.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will coordinate technical support for
all Agency standard LANs.
The Architectural Management and Planning Branch (AMPB) at NDPD will evaluate Agency
requirements for LAN hardware and software (and services, as appropriate). Through
established procurement processes in conformance with GSA and Agency policy, AMPB will
establish contracts for the use of Agency offices operating LANs.
The Program Management Support Branch (PMSB) at NDPD will, upon award of Agency
contracts for LAN equipment and services, assume contract administration responsibilities.
The purchasing office's PC Site Coordinator (PCSC) and Senior Information Resource Officer
(SIRMO) will review and approve all Purchase Requests for acquisition of items through Agency
contracts.
| Indicates Change
-------
Page 2 of 10 NDPD OPERATIONAL DIRECTIVE NO. 310.02
4.0 POLICY
a. LANs should be composed of Agency-supported hardware, software, and
telecommunications components. Generally these components will be acquired
through Agency contracts. Hardware and software approved for interconnection
to the Agency LAN/WAN backbone are listed in Section 6.0 Standards. This
policy will be updated on a quarterly basis. Questions regarding recently
approved products should be directed to LANSYS at (FTS) 629-2804 or (919)
541-2804.
Through the TSR process, a request may be made to the Director, NDPD for
approval of the connection of unsupported equipment to the Agency backbone.
This request must be accompanied by adequate justification. In the case of such
approvals, the following two caveats will apply:
(1) If a customer experiences problems with unsupported products, NDPD
support staff will be unable to work with the customer to resolve those
problems. Customer departments must plan to allocate their own
resources to provide support for such products. Agency vendor support
contracts will not be utilized to resolve problems with unsupported
equipment.
(2) In the event of backbone problems, NDPD reserves the right to temporari-
ly disconnect such equipment as part of the troubleshooting process. If
the unsupported equipment is demonstrated to be the cause of problems
on the backbone, it will be disconnected.
b. NDPD will fund and support Value-Added Backbone Service (VABS) components
for each approved site. Additional components will be announced annually.
c. NDPD will provide and support upgrades to Agency standard LAN systems
software, including (1) operating system software within the current platform
(e.g. upgrade NetWare 286 Rev 2.15 to NetWare 286 Rev 2.2); (2) workstation
shell software; and (3) communications gateway, routers, and bridges.
d. NDPD will manage and support Source Routing Bridges (SRBs) for sites which
will require accessibility to an AS-400. Approval must be obtained from NDPD
for this process.
e. OS/2 Communications Manager Connectivity. A TSR should be submitted
requesting a coax connection to that workstation. Source routing bridges will not
be approved to support communications manager connectivity.
f. Operating system and connectivity software may not be modified without written
approval from the Director of NDPD via the TSR process.
g. Extended LAN Facilities (ELFs) between campus facilities will be approved when
all backbones and configurations involved completely meet NDPD operational
LAN policies.
h. Interconnectivity of Macintosh AppleTalk networks, or the use of a Macintosh as
a token-ring workstation, is not supported.
| Indicates Change
-------
NDFD OPERATIONAL DIRECTIVE NO. 310.02 Page 3 of 10
i. NDPD will fund the following facility backbone token ring LAN components:
a minimum of one Multistation Access Unit (MAU) per floor in EPA facilities
designated as token ring LAN sites in an approved LAN plan, wiring and
connectors required for the backbone to provide connectivity between LANs on
different floors, and other internetwork resources that enable sharing of bridges,
routers, and gateway resources.
j. NDPD will support DEC connectivity to an Ethernet LAN through approved
Ethernet interfaces. NDPD will continue to test products for compatibility.
Further enhancements are not guaranteed. For Ethernet LANs, NDPD will fund
thick wire facility backbones and connections in EPA facilities designated as
"Ethernet LAN" sites.
5.0 DEFINITIONS
Agency Contracts: EPA has a contract from which organizations will be able to acquire
necessary workstations, software, peripherals, and LAN products. Digital Equipment
Corporation (DEC) DECNET and Ethernet components are available via the OIRM Scientific
Computing Equipment Contract, as well as via approved GSA schedule items.
Agency supported hardware and software: Products which have been tested by NDPD/LANSYS
and determined operative in the current and planned EPA LAN environment. Agency supported
products will be part of the NCPD LAN Test Facility and will be utilized in determining
acceptability of LAN products.
Bridge: Software and hardware physically joining separate networks into a single logical
network. Bridges allow customers on one network to access the resources of another network
and operate at Level 2 of the protocol stack.
Gateways: Special purpose protocol translators that allow LANs to connect to other types of
services and computers.
LAN Relational Data Base Management System: A relational data base management system
server deployed on a LAN and accessed by LAN clients.
Novell SNA Gateway: Allows LAN workstations to connect to the IBM mainframe via the
Agency's SNA network.
NACS Gateway: Novell Asynchronous Communications Server (NACS) allows LAN
workstations to dial out over modems to make asynchronous connections to other systems.
Multistation Access Unit (MAU): A passive wiring concentrator for the star-wired, token ring
network. Each MAU has connectors for eight devices (workstations, servers, and gateways) to
gain access to the network ring. The MAU is generally located in a wiring closet or at a central
location within an office. Multiple MAU's are linked together to allow more than eight devices
to be attached to a ring.
Netware Access Server: Provides remote workstations access to a Netware LAN with
functionality as if they were workstations on the local network.
Repeaters: Devices that provide a bit-by-bit signal regeneration capability, thereby allowing the
physical extension of the length of a LAN's cabling.
| Indicates Change
-------
Page 4 of 10 NDPD OPERATIONAL DIRECTIVE NO. 310.02
Router: A high level protocol-specific device allowing LAN interconnectivity, for example,
Novell file server connected between a customer ring and a facility backbone.
Value-Added Backbone Service (VABS): A centrally managed platform which allows services
that are common to all LANs connected to a backbone to be consolidated onto one system.
VABS servers are jointly managed by NDPD and the Regional Office. Future services may be
added and maintained in a cost-effective manner to provide increased productivity and capability
for program offices. This is the platform for delivery of National LAN applications.
6.0 STANDARDS
AGENCY SUPPORTED HARDWARE AND SOFTWARE
Agency supported hardware and software as of the effective date of this policy is listed below.
An updated list of the most current Agency supported hardware and software is located on each
of the VABS file servers. This file, SUPPORT.STD, may be obtained via POSTMAN by
receiving a file from the COMMON user.
AGENCY TESTED WORKSTATIONS:
| See VABS Common directory, SUPPORT.STD file, for current information.
WORKSTATION ADAPTER CARDS:
Token ring: IBM 4 MBPS token ring Adapter/A, Adapter n
IBM 16/4 MBPS token ring Adapter/A, Adapter n
| 3COM token ring adapters - ISA (3C619), MCA (3C629), and EISA (3C679)
Ethernet: DEC DE1000
DEC DE101
DECDE200
DEC DE201
DEC DE210
Western Digital (File server only)
3COM 3C523 (File server only)
3COM 3C503 (Workstation only)
WORKSTATION OPERATING SYSTEMS
DOS V3.3
DOS V4.01
DOS V5.0
| DOS V6.2 on NEC Image 466, NEC Powermate 466es, and Dell 433L
Indicates Change
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.02 Page 5 of 10
AGENCY SUPPORTED PRINTERS:
HP DeskJet Plus, PaintJet XL, LaserJet series
Qume
IBM Proprinter
IBM Graphics Printer
QMS Postscript
Panasonic KX-P1180 Narrow Carriage Printer
Okidata Microline 391 Plus Wide Carriage Printer
Texas Instruments Laser 2115 Printer
Texas Instruments Micro-LASER PS
NEC P6300 24 Pin Matrix Printer
IBM 4019-001 Laser Printer
NEC Silent Writer 95
Tektronix Phaser JJ SX Color Printer
PRINTER TO TOKEN RING ADAPTER
HP JetDirect Card for the HP LaserJet II/nD/m/mD/mSi
AGENCY SUPPORTED FILE SERVERS:
IBM PS/2 MOD 80-071: IBM ESDI disk controller
IBM 70 MB and 115 MB disk drives
CORE 380 MB disk drive
IBM PS/2 MOD 80-A31: IBM Standard SCSI Controller
IBM Enhanced SCSI Controller
IBM 320 MB SCSI disk drive
IBM PS/2 MOD 95-OKF: IBM Standard SCSI Controller
IBM Enhanced SCSI Controller
IBM 400 MB SCSI disk drive
IBM PS/2 MOD 95-OLF: IBM Standard SCSI Controller
IBM Enhanced SCSI Controller
IBM 400 MB SCSI disk drive
IBM PS/2 MOD 95-OMF: IBM Standard SCSI Controller
IBM Enhanced SCSI Controller
IBM 400 MB SCSI disk drive
Compaq Prosignia Model 550
CMS 1.034 GB disk (For SCSI controllers only.)
DEC 1.2GB SCSI disk
| Indicates Change
-------
Page 6 of 10 NDFD OPERATIONAL DIRECTIVE NO. 310.02
ADD-ON MEMORY CARDS FOR FILE SERVERS:
INTEL MC-32
INTEL Above Board-MC
AGENCY FILE SERVER ADAPTER CARDS:
IBM 4 MBPS token ring Adapter/A
IBM 16/4 MBPS token ring Adapter/A
(Note: 1990 Firmware not supported for use in file servers.)
| IBM LANSTREAMER
3COM Etherlink/MC Ethernet adapter card for file servers only.
| 3COM token ring adapters - MCA (3C629) and EISA (3C679)
AGENCY SUPPORTED NOVELL OPERATING SYSTEMS:
Netware 386 V3.ll
TAPE BACKUP HARDWARE/SOFTWARE:
Maynard 2200hs Tape Backup System
Maynard Backup Software v3.10
RE-WRITABLE OPTICAL DISK:
SCSI Express Software for Novell Netware 386
Micro Design Laserbank 600R
Adaptec 1640 Micro Channel SCSI Adapter
| IBM Enhanced SCSI Controller
| Indicates Change
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.02 Page 7 of 10
CD ROM:
SCSI Express Software for Novell Netware 386
Adaptec 1640 Micro Channel SCSI Adapter
IBM Enhanced SCSI Controller
Meridian Data Inc. Model 314 (Supported for existing installations, but not recommended for
new purchase)
NEC CDR-74
NAGS GATEWAY;
ASCOMIV V1.41
NASI V2.09
NACS GW V2.09
XTALK V3.71
Crosstalk For Windows VI.2.2
SNA GATEWAY/SAA:
Netware 3270 LAN Workstation V2.0
Netware 3270 LAN Gateway VI.3
Netware APA Workstation Graphics V2.0
DynaComm Elite V3.3.1
NetWare for SAA 1.3
MODEMS:
Hayes/100% Hayes Compatible 1200/2400 baud
Hayes V.32 bis Ultra 144 external modem
CODEX 3260 (Desk top or rack mount) 1200/2400/9600/19200 baud
ZOOM V.32 - 9600 External Modem.
LAN DIAL IN VIA NETWARE ACCESS SERVER:
COMPAQ 386/25E
Netware Access Server VI.22
ONLAN for Access Server VI.22
ONLAN for Access Server VI.3B
LANSPOOL:
LANSPOOL V3.0
Indicates Change
-------
Page 8 of 10 NDPD OPERATIONAL DIRECTIVE NO. 310.02
PROBLEM DETERMINATION/PERFORMANCE MONITORING:
| IBM Trace and Performance System
Novell LanalyzerV3.11
| NCC LANAIyzer V4
Bytex Type-1 Cable Tester
| Microtest Cable Scanner - 3570-00
VIRUS DETECTION SOFTWARE:
| Intel LANDesk Virus Protect V2.0
TCP/IP WORKSTATION INTERFACE:
LAN Workplace for DOS V4.01 Rev. A
| LAN Workgroup V4.1
SUPPORTED TOKEN RING INTERFACE COUPLERS (TIP:
TIC for IBM 3720 and 3745 Front End Processors (FEP)
TIC for IBM 3174 and Memorex/Telex 1174 Terminal Controllers
| LAN2LAN V3.02E
VITALINK:
VITALINK TransRing 550 MAC Layer Bridge
VITALINK 350 Ethernet MAC Layer Bridge
FILE SERVER MENU SYSTEMS:
AUTOMAXX V3.2
WordPerfect Office V3.01
| Microsoft Windows 3.1
CABLING:
Type-1 Shielded Twisted Pair
Type-3 Unshielded Twisted Pair
Type-3 Data Connectors
Type-3 Media Filters
(Note: None of the above Type-3 equipment may be used without pnor written NDPD
approval.)
Fiber Optic Cable: 62/125/250 Multimode Fiber Cable
Fiber Optic Repeaters: IBM 8220 Fiber Optic Repeater
Seicor Token Ring Transceiver
| Indicates Change
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.02 Page 9 of 10
Multistation Access Unit (MAU): IBM 8228 MAU
I South Hills Electronics LAT2927 MAU
LAN UNSTRUCTURED DATA MANAGEMENT SYSTEM:
Lotus Notes Release 3
LAN RELATIONAL DATA BASE MANAGEMENT SYSTEM:
Oracle V6 for Netware (VI. 1)
Oracle 7 for NetWare
NetWare SQL*Net SPX and SQL'Net TCP/IP
DOS SQL«Net SPX and SQL'Net TCP/IP
Windows SQL*Net SPX and SQL'Net TCP/IP
PROTOCOLS ON AGENCY LAN MEDIA:
Token-Ring: Novell and other NDPD formally designated protocols are allowed. TCP/IP is
allowed only for LAN Workplace for DOS and LAN Workgroup connectivity.
Ethernet: Only DECNET, MSCP, LAT, and PCSA/Pathworks-based protocols are allowed.
TCP/IP protocols are allowed for CIS Prime and workstation use, as well as
supercomputer access, but only on LAN cabling separate from DECNET
protocols at certain sites, with gateways provided as needed via the TSR process.
Combining protocols on Ethernets may be approved under the TSR process for
sites with appropriately low levels of total anticipated network utilizations and
demonstrated LAN Network Management capabilities.
MULTIPROTOCOL ROUTER
Novell Multiprotocol Router v2.0
OTHER ITEMS:
| Link Support Layer for ODI, LSL.COM VI.21
IPX Version 3.04
| IPXODI V1.20
Token Ring LAN Driver V2.62
| ODI Token Ring Driver VI. 12
| Netware Shell V3.26 ,
NETBIOS V3.01C
LAN Support Program VI.02 and VI.20
| ODI version of LAN Support Program - LANSUP.COM VI.20
| Indicates Change
-------
Page 10 of 10 NDPD OPERATIONAL DIRECTIVE NO. 310.02
IBM LAN Network Manager VI. 1 for OS/2
IBM Bridge Program V2.1
IBM OS/2 and OS/2 Requestor VI.3 and V2.0
Arbiter Device Driver (SRRDE) V2.ll
Printer Port Extender: Long-Link Parallel Printer Port Extender
Uninterruptible Power Systems: Best MDSOOva Power Supply
American Power Conversion Corp. UPS Model 520
American Power Conversion Corp. Smart UPS 900
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001B). Research Triangle Park, NC: National
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual Volume II: Oracle for Netware (Report No. 397/002).
Research Triangle Park, NC: Natipnal Data Processing Division, Telecommunica-
tions Branch. (Location: Publications Technical Library).
c. U. S. Environmental Protection Agency. (1991) VABS Administrator's Guide
(Report No. 451/001). Research Triangle Park, NC: National Data Processing
Division, Telecommunications Branch. (Location: Publications Technu
Library).
Indicates Change
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN System Management NO. 310.03
APPROVAL; DATE; '
1.0 PURPOSE
Local Area Networks (LANs) require a structured management system, including Agency
representatives to provide administrative guidance and several tiers of LAN support to the LAN
community for various functions and services. This policy establishes and defines the various
levels of support and responsibilities necessary to manage effectively in an Agency LAN
environment.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contracts, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LANs and/or LAN
Relational Data Base Management Systems (LAN RDBMSs).
3.0 RESPONSIBILITIES
NDPD is responsible for LAN policy maintenance and enforcement. NDPD will review policies
for needed modification and/or enhancement, and coordinate technical support for all Agency
standard LANs.
4.0 POLICY
NDPD shall provide policies, standards, and guidance for the Agency's LANs to promote
reliable LAN service, LAN interconnectivity, portability of LAN application software and data,
and efficient use of expertise.
Each LAN must have personnel designated to perform the following functions:
EPA LAN Manager.
LAN System Administrator.
Each LAN RDBMS server must have a trained LAN Data Base Administrator.
Each LAN application must have a designated Application Owner.
Each Site must have a designated EPA Agency LAN Services Coordinator and a designated
VABS Administrator.
The specific responsibilities for these functions are listed in Section 6.0 Standards.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 2 of 9
5.0 DEFINITIONS
(icy LAN Services: LAN services available Agencywide eg. National LAN Applications
plus VABS services.
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
National LAN Application: LAN applications are considered to be national if they meet the
following conditions:
They are centrally developed and distributed for local execution at multiple
Agency sites or multiple offices at Agency Headquarters.
They support integration of Agency data.
They provide information sharing among multiple offices and sites within EPA,
with states and local governments, or with the public.
Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC. VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.
Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on Netware
servers and Oracle on Unix servers.
6.0 STANDARDS
EPA's LAN environment is physically distributed with a combination of distributed and
centralized management. NDPD provides EPA policies, standards, procedures, and technical
support. Program and regional offices manage local LAN environments in accordance with
these policies and procedures. In general, each site has evolved to a model in which certain
tasks related to LAN system management are handled in a central LAN support group at each
site, with direct user support handled by Information Center staff or support staff personnel
associated with individual LANs.
a. NDPD Responsibilities. NDPD shall provide the following:
(1) Telephone access to central LAN expertise, problem resolution, and
consultation including vendor corporate support.
(2) LAN design assistance and LAN plan approvals.
(3) Proactive LAN management support.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 3 of 9
(4) LAN Laboratory Services including testing of new software upgrades, bug
fixes, and new contract products in LAN Laboratory and working with
national LAN application developers.
(5) Agency LAN tactical planning and testing to ensure that EPA's LAN
platform can provide a strong foundation for EPA information processing.
(6) LAN System Administrator certification and continuing education
seminars.
(7) EPA national LAN services (VABS) maintenance and enhancements.
(8) Onsite, central LAN support at EPA Headquarters and at the EPA
Research Triangle Park facility. All services listed above are provided for
LANs at these two sites. In addition, NDPD will administer all backbone
and VABS services at these sites, install and upgrade file servers, install
all connections to the backbone, and provide onsite troubleshooting and
network monitoring services.
b. EPA LAN Manager Responsibilities. The Senior Information Resource
Management Official must designate Federal employees who have overall
responsibility for administration and security for each file server. The EPA LAN
Manager is the name given to this role, which is a non-technical position.
The EPA LAN Manager is the Federal person with the overall responsibility for
the operation, integrity, and usefulness of the LAN. The EPA LAN Manager
shall do the following:
(1) Ensure that the LAN is installed and managed in accordance with all
Agency policies and standards, including NDPD Operational Policies and
the Standards discussed in the LAN Operational Procedures and Standards
Manual.
(2) Ensure that the LAN System Administrator and other support personnel
carry out the duties defined in this policy.
(3) Ensure that a LAN change management process is utilized.
(4) Sign LAN related Telecommunications Service Requests (TSRs).
(5) Serve as the liaison to NDPD and the Agency LAN Coordinator to ensure
that the office's requirements for LAN technology are being communicat-
ed and met.
(6) Perform the risk and security assessments outlined in OIRM policy in
order to determine the appropriate levels of controls for the LAN
environment.
(7) Report breaches in security to NDPD Security Management.
(8) Ensure that procedures for LAN Backup and Recovery are implemented
and performed regularly.
(9) Ensure that Agency records are created, used, and stored on the LAN in
keeping with Federal regulations and Agency policies.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 4 of 9
(10) Review and approve records management determination and plans (see
f.(13) and (14).
c. LAN System Administrator Responsibilities. While the scope of duties of LAN
System Administrators may vary, each LAN must have a LAN System
Administrator who has completed the required Agency LAN Administration
courses. This is a technical position. Offices must ensure that for each LAN,
the System Administrator functions listed below are clearly provided. These
functions can be provided by having a single LAN System Administrator whose
responsibilities include all the duties below or utilizing a central LAN group to
provide a portion of the support. (For sites where the central LAN support team
concept has been implemented, divisions of responsibilities between the central
team and local LAN support are indicated.)
The central support team shall do the following:
(1) Plan for, design, and test LANs.
(2) Ensure LAN hardware and wiring conform to building codes.
(3) Ensure that standard hardware and software configurations are maintained
on file servers and workstations.
(4) Ensure that only authorized protocols run on each type of LAN media and
unauthorized protocol mixing does not occur.
(5) Manage LAN change control or ensure that LAN change control
procedures are in use.
(6) Manage centralized data management to provide regular tape backups in
accordance with Agency policy or ensure that equivalent backup proce-
dures are in place.
(7) Provide administrative backbone services to ensure that only items
authorized by the Telecommunications Service Request Policy are placed
on Agency LAN backbones, and that network addresses for these items
are registered with the Network Control Facility of NDPD in Research
Triangle Park.
(8) Manage Value-Added Backbone Services in cooperation with NDPD to
provide National LAN services and telecommunications network access to
LAN users.
(9) Manage configuration control for a site/LAN. Configuration control
includes the following information.
Specific location of all equipment connected to the LAN and
wiring identification.
Hardware address and workstation location chart of all adaptor
cards. Easily understandable symbolic names, like user names,
will be assigned.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 5 of 9
Wiring chart and labels attached to all LAN cabling, identifying all
workstations and locations associated with every LAN cable run
from the wiring closet MAU to the workstation location.
This information will be provided to NDPD annually.
The central support team or the local LAN System Administrator shall do the fol-
lowing:
(1) Provide LAN system troubleshooting and problem solving.
(2) Ensure that LAN security policies are implemented in server setup and
observed by LAN users.
(3) Install LAN software in accordance with Agency LAN policies and vendor
license agreements.
(4) Ensure that all new software installed on the LAN is virus-free.
The local LAN System Administrator shall do the following:
(1) Manage daily operation and maintenance of the LAN.
(2) Manage and control user access to the network. User access and privilege
levels on a LAN will be limited to those resources required for job
performance.
(3) Ensure that LAN user workstations are equipped with correct and current
versions of network workstation software.
(4) Ensure that LAN users are trained in the use of the LAN and that they
know whom to contact for assistance with the LAN.
d. Information Center Responsibilities. Information Center support personnel shall
do the following:
(1) Serve as the first line of contract for end-user application support.
(2) Provide end-user training to teach users how to best utilize the LAN.
(3) Contact the LAN Administrator with network related problems.
(4) Support standard LAN Applications (e.g., WordPerfect, WordPerfect
Office, and Windows).
e. LAN Data Base Administrator Responsibilities. Each LAN relational data base
management system (RDBMS) server must have a designated LAN Data Base
Administrator (DBA). This is a technical position. The LAN DBA is responsible
for the operation, performance, maintenance, and security of the LAN RDBMS
server in accordance with NDPD Operational Directive. The LAN DBA must
complete required Agency LAN Data Base Administration courses. EPA
organizations must ensure that the DBA functions listed below are provided for
each LAN RDBMS server, regardless of platform.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 6 of 9
The LAN DBA duties are distinctly different from LAN System Administrator
duties and require different expertise and training. However, in some cases, the
LAN DBA role may be filled by the same person as the LAN System Administra-
tor. The size, activity, and number of users for the LAN RDBMS server, plus
the personnel, expertise, and structure of the site's LAN support group will
determine whether one person should fill both roles. The LAN Data Base
Administrator shall do the following:
(1) Operate the LAN RDBMS server during LAN production hours in
accordance with NDPD Operational Policies. The LAN DBA shall
coordinate hardware and software maintenance activities to minimize
impact on LAN RDBMS applications and users.
(2) Coordinate resolution of LAN RDBMS problems.
(3) Control access to the LAN RDBMS by users and developers in accordance
with NDPD Operational Directive 310.09, LAN Security.
(4) Oversee and coordinate backup and restore of the LAN RDBMS. The
actual backup and restore duties may be delegated, but the LAN DBA is
responsible for ensuring that it is properly done.
(S) Maintain the system data dictionary tables.
(6) Establish and maintain the local LAN side of links between multiple site
RDBMS environments and/or central data base environments.
(7) Install, control, and maintain common tables used by RDBMS develop-
ment tools.
(8) Coordinate between Application Owners to facilitate the sharing of
common data.
(9) Act as a general RDBMS consultant to Application Owners, LAN System
Administrators, Information Center personnel and developers.
(10) Support the Application Owners, LAN System Administrators, and
Information Center personnel in the setup and configuration of client
workstations.
(11) Provide assistance to the Application Owners and developers tuning the
RDBMS software and environment.
(12) Monitor server resource utilization.
(13) Advise local Application Owners, application developers, and/or users of
applications that degrade LAN RDBMS performance.
(14) Establish and maintain documentation of the LAN RDBMS including
hardware, software, and existing applications.
(15) Assist in RDBMS training for Application Owners, developers, and users.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 7 of 9
(16) For locally developed applications, review the logical design, physical
design, and test and acceptance plan for adherence to good design
principles and compliance with applicable policies and standards.
(17) For National LAN Applications, coordinate with the Application Owner
to install, operate, and update the application's database.
(18) Manage change control for the LAN RDBMS.
(19) Record problems in the Central Problem Management facility.
(20) Establish procedures, as necessary, to ensure that relational data base
users can comply with Federal regulations and Agency policies concerning
the management of Agency data bases.
f. Application Owner Responsibilities. The Application Owner is responsible for
the logical and physical design of the application and application data base, for
efficient use of LAN RDBMS resources, for monitoring application performance,
resource usage, and tuning, for developer support, and for the application's
adherence to policies, standards, and guidelines. For National LAN applications,
the Application Owner responsibilities may be carried out by a central develop-
ment and support staff, an onsite support person, or a combination of the two.
The Application Owner shall do the .following:
(1) Evaluate, recommend, and justify the appropriate use of LAN technology.
(2) Develop the application logical and physical designs in conjunction with
the application developers and supported by the LAN DBA.
(3) Coordinate the actual development of the application and ensure compli-
ance with applicable policies and standards.
(4) Oversee application test and acceptance.
(5) Oversee distribution of application software to users.
(6) Oversee training users in using the application.
(7) Determine support and infrastructure requirements for the application and
arrange funding for the same.
(8) Determine application data storage requirements, monitor actual data
storage growth, plan for data growth and archiving, and coordinate
implementation or these plans with the LAN DBA.
(9) Monitor application performance and coordinate application tuning efforts
with application developers and LAN DBA.
(10) Maintain change control for the application.
(11) Record problems in the Central Problem Management facility.
(12) Determine sensitivity of application data.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 8 of 9
(13) Determine whether the proposed application will create and/or store
information that meets the definition of a Federal record found in 44
U.S.C. 3301. Determination should be submitted to the EPA LAN
Manager for approval, through the Records Liaison Officer.
(14) If the application is found to create or store Agency records, submit a plan
for managing these records according to Federal regulations and Agency
policy.
(IS) Create and maintain system documentation as specified in the Agency's
records disposition schedules.
g. EPA Agency LAN Services Coordinator Responsibilities. The Senior Information
Resource Management Official must designate a Federal employee who has
overall responsibility for Agency LAN Services for the site. This role, the EPA
Agency LAN Services Coordinator, is a non-technical position. This role will be
assumed by an NDPD staff member at Headquarters and RTP. The EPA Agency
LAN Services Coordinator shall do the following:
(1) Ensure that Agency LAN Services are available to all LAN connected
workstations at the site.
(2) Ensure that problems with Agency LAN Services are reported to LANS YS.
(3) Ensure that VABS services, including servers, gateways, and routers, are
configured according to the standards documented the LAN Operational
Procedures and Standards Manual and in the VABS Administrators
Manual.
(4) Serve as the Federal interface and coordination point to ensure that
coordinated LAN Email services for the site interface with the Agency
LAN Email system.
(5) Designate the VABS Administrator.
(6) Ensure that end-user support is available to facilitate use of Agency LAN
Services and associated Agency resources.
(7) Coordinate tactical LAN issues with the NDPD LAN Coordinator.
h. VABS System Administrator Responsibilities. The VABS Administrator shall do
the following:
(1) Manage the Centralized Data Management VABS (CDM) to provide
regular tape backups in accordance with Agency policy, or ensure that the
equivalent backup procedures are in place by the LAN administrator.
(2) Provide administrative backbone duties to ensure that only items
authorized by the Telecommunications Service Request policy are placed
on Agency LAN backbones, and that network addresses for these items
are registered with the Network Control Facility of NDPD.
(3) Manage Value-Added Backbone Services in cooperation with NDPD to
provide Agency LAN services and telecommunications network access to
LAN customers.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03 Page 9 of 9
(4) Manage configuration control for a site backbone. Configuration control
includes the following items.
Documentation showing the specific location of all equipment
connected to the LAN with wiring identification.
Hardware address and location chart of all NICs. Standard
symbolic names for these addresses registered within LAN
Manager.
(5) Provide support to LAN SA's at their respective sites.
i. Records Liaison Officer Responsibilities. The Records Liaison Officer shall do
the following:
(1) Advise EPA LAN Manager and application owners on the records
management issues pertaining to LAN operations and applications.
(2) Review records management determinations and plans submitted by
application owners, and advise the EPA LAN Manager concerning
approval of the determinations.
(3) Review proposed dispositions for records created and stored on the LAN
and forward them to the Agency Records Officer as necessary.
(4) Provide records management training to LAN managers, users, application
owners, and others as appropriate.
7.0 PROCEDURE REFERENCE
a. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual Volume II: Oracle for Netware (Report No. 397/002).
Research Triangle Park, NC: National Data Processing Division, Telecommunica-
tions Branch. (Location: Publications Technical Library).
c. IRM Manual, Chapter 10.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Problem Determination and Resolution NO. 310.04
APPROVAL: A /j/) / ,A /ift n DATE: <-_ io_
1.0 PURPOSE
This policy establishes a framework for identifying and resolving hardware and software
problems in a Local Area Network (LAN) environment as they occur.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LANs.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will coordinate technical support for
.all Agency standard LANs.
4.0 POLICY
a. The initial point of contact for LAN users experiencing PC hardware or software
problems should be clearly identified to users. The recommended model is as
follows: The Information Center (1C) staff at a site will serve as the initial
contact for users on a token-ring LAN who experience problems with PC
hardware and software. The Information Center staff will identify and classify
the problem as hardware, system software, or application-related, and route the
problem to the appropriate support group. Generally, all hardware and software
problems will be directed to the 1C staff. LAN problems will be directed to the
LAN System Administrator who, in turn, will depend on the central LAN support
group for further support. LANSYS and DECSYS will be the ultimate source of
support.
b. LANSYS supports the central LAN support group, LAN System Administrators,
Information Center LAN Application Support staff, and EPA LAN Coordinators.
Other users will be referred to appropriate sources.
c. The VAX Administrator is the user point of contact for problem resolution in
DEC LANs. The System Administrator relies on DECSYS support, if necessary,
to provide the user with a solution.
d. All significant token-ring problems and their respective solutions will be
documented by LANSYS and placed on the EPA LAN Bulletin Board System
(BBS). The LAN System Administrator of each work group will be provided
with BBS login instructions and may perform a keyword search on the BBS
problem data base to obtain fixes.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.04 Page 2 of 2
e. The LAN System Administrator and central LAN support group are responsible
for reporting significant problems to LANSYS.
f. For LAN RDBMS problems, the initial point of contact is the Information Center
staff. If the Information Center staff identifies the problem as an RDBMS
problem, the next point of support is the LAN Data Base Administrator (DBA).
The LAN DBA win either resolve the problem, or turn for assistance to LANSYS
for second level DBA support.
5.0 DEFINITIONS
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on NetWare
servers and Oracle on Unix servers.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U. S. Environmental Protection Agencv. EPA LAN Operational Procedures and
Standards Manual Volume II: Oracle for NetWare (Report No. 397/002).
Research Triangle Park, NC: National Data Processing Division, Telecommunica-
tions Branch. (Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Data Management NO. 310.05
APPROVAL:
1.0 PURPOSE
Data must be managed so that it is available when needed. Good management practices are
demanded by the economics of available disk storage and its maintenance and operation. In the
Local Area Network (LAN) multi-user environment, the ability to back up and restore data is
critical. Adherence to this policy will ensure that data are available when needed.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, operation, and maintenance of Agency LANs.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and provide technical support for all
Agency standard LANs.
LAN System Administrators are responsible for planning, installing, and managing day-to-day
operations for the LAN in accordance with established Agency policies and procedures.
4.0 POLICY
Agency LANs shall be operated in accordance with established local data management policies
and procedures. These policies and procedures shall be in accordance with, or functionally
equivalent to, those specified in the EPA LAN Operational Procedures and Standards Manual.
5.0 DEFINITIONS
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC and the NCC. VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on NetWare
servers and Oracle on Unix servers.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.05 Page 2 of 2
i
Installation Security Officer: Individual designated by an Assistant Administrator or Regional
Administrator who has responsibility for overseeing that a comprehensive security program is
in place for each organization's information technology installations, as defined by the
organization.
6.0 STANDARDS
a. The LAN System Administrator shall establish local data management policies
and procedures in accordance with, or functionally equivalent to, those specified
in the EPA LAN Operational Procedures and Standards Manual.
b. The LAN System Administrator will ensure that:
(1) Daily incremental backups are performed.
(2) Total (generation) backups are performed at least biweekly.
(3) Several generations of backups are maintained as a protection against
viruses.
(4) Backups are stored securely offsite.
(5) A scan for virus is performed before backups.
(6) Recovered data is tested twice a year.
(7) Logical and physical security policies are followed.
c. The LAN System Administrator may use the provided VABS Centralized Data
Management services to perform the tasks in (b) above.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. EPA LAN Operational Procedures and Standards
Manual (Report No. 397/001). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch. (Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Performance Capacity and Monitoring NO. 310.06
APPROVAL: '/ DATE: JSW?-
1.0 PURPOSE
Agency Local Area Networks (LANs) must be managed to provide maximum performance and
minimize the need for system upgrades. This policy is intended to ensure that these goals are
met.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including state agencies, contractors and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LANs.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.
LAN System Administrators are responsible for monitoring the performance and capacity of the
network.
4.0 POLICY
LAN performance and capacity shall be monitored in accordance with the standards of Section
6.0.
5.0 DEFINITIONS
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on NetWare
servers and Oracle on Unix servers.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.06 Page 2 of 3
6.0 STANDARDS
a. The System LAN Administrator:
(1) Utilizes NDPD-supported tools to monitor traffic and access activity on
the network including, but not limited to:
Space utilization on the file server.
Space utilization on the print server.
Caching size and use.
(2) Monitors, on a continuous basis, the following devices:
NetWare File Servers
NetWare Oracle Servers
NetWare External Routers
IBM Source Routing Bridges
Novell Asynchronous Communications Servers (NACS)
Novell Access Servers
Novell SNA Gateways
IBM Control Units
IBM 8220 Fiber Repeaters
Token Ring Interface Couplers (TICs)
Standards for Bridge Definitions in LAN Manager
VAX Ethernet Counters
(3) Provides an updated, annual configuration and enables/maintains the data
collection and submission mechanism on their LANs, as required.
b. The LANS YS and DECSYS groups shall be available for consultation on effective
methods of performance and capacity management. LANSYS and DECSYS are
the principal Email IDs for these support groups.
c. NDPD will:
(1) Collect and analyze performance and capacity data from various Agency
LAN systems, as appropriate. LAN SAs will provide updated, annual
configuration data, and enable/maintain the data on their LANs.
(2) Continuously mon^r all token-ring and Ethernet backbones (image rings,
print rings, and facility backbones, including all interconnecting bridges
and routers) with the latest available version of its LAN/WAN Agency
Standard Network Management tools.
(3) Furnish and maintain a dedicated 486-class Network Management Work-
station, software, and bridges between the three backbone nngs located at
every EPA Major Node and Super Node site's central facility; and EMA
compatible device at Ethernet sites. (Refer to NDPD Operational
Directive 310.08, LAN Communication Gateways and Intercomectivity,
for definitions of Major Node and Super Node.)
(4) Maintain a pool of special LAN performance and management test equip-
ment and services to be loaned to Regional System Administrators to re-
solve reported or suspected problems as follows:
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.06 Page 3 of 3
Time Domain Reflectometer to measure copper cable lengths and
locate faults.
Optical TDK and power meters to measure fiber cable loss
budgets, lengths, and locate faults.
Special trace and performance monitor boards to measure token
ring utilization and verify the need for a 16 megabit speed
upgrade.
Malfunctioning LAN analyzers.
Onsite assistance, as required, in emergency situations.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. EPA LAN Operational Procedures and Standards
Manual (Report No. 397/001). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch. (Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Naming Conventions NO. 310.07
APPROVAL;
1.0 PURPOSE
Consistency in Local Area Network (LAN) user/server naming conventions is necessary for
operation of LANs in conformance with EPA's computer architectural strategy for connectivity.
Network routing protocols and service advertising protocols include elements from a variety of
devices (e.g., file servers, print servers, and gateways). Default settings allow all routers on
" " " ' ' '" M J ' * ' means of the aforementioned protocols. It is essential
entities which, in turn, requires unique nomenclature.
a WAN to identify connected devices by means of the aforementioned protocols. It is essential
that these devices remain unique, logical <
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, installation, operation, and maintenance of Agency Token-Ring LANs.
(Ethernet node names must be obtained via the Telecommunications Service Request process.)
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.
The Telecommunications Branch, through LANSYS, is the central authority for maintenance of
unique names and addresses on Agency Token-Ring facility backbones. The standards below
should be used as guidelines by the regions.
LANSYS must be contacted in order to register new equipment before implementation on the
facility backbone. LANSYS will confirm that all devices at a given regional site conform to the
standards set forth in this policy prior to allowing the site to join the Agency WAN.
LAN System Administrators of work groups are responsible for planning, installing, and
managing day-to-day operations of the LAN, as well as for coordinating activities with the NCC,
LAN Central Support Group (ICB, TCB, and LANSYS), and vendors as appropriate.
4.0 POLICY
All Agency LANs must follow the Agency naming conventions which are specified in the
Standards section of this policy. Internal LAN RDBMS names must follow the conventions
specified in the EPA LAN Operational Procedures and Standards Manual Volume II: Oracle for
NetWare.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 2 of 9
5.0 DEFINITIONS
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC. VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.
Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on NetWare
servers and Oracle on Unix servers.
6.0 STANDARDS
6.1 FILE SERVER NAMING CONVENTIONS FOR TOKEN-RING NETWORKS
a. All file server names must be unique and mutually determined by the LAN
System Administrator in consultation with NDPD/LANSYS. Names shall be
determined as follows:
File server names shall consist of up to 8 characters in the following format:
XXYYYYYY
where XX is the Regional or Headquarters location of the server. Locations shall
be identified as follows:
Rl - RIO = Regions 1 through 10
(RIO will have the form XXXYYYYY.)
DC = Headquarters Area
CI = Cincinnati Area
RT ' = Research Triangle Park Area
BC = Bay City
NE = National Enforcement Investigations Center
XX = Two-character State code for State-based LANs.
The remaining 6 characters (YYYYYY) must be unique and assigned by the LAN
System Administrator in coordination with NDPD/LANSYS.
A file server name may not be changed without approval from LANSYS.
b. NetWare Serial Numbers must be unique. Logically and legally, no two servers
may be running the same copy of NetWare.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 3 of 9
6.2 USER NAMING CONVENTIONS
Names shall consist of 8 characters in the following format:
XYYYYYYY
where X is the user's first initial and YYYYYYY are the first (up to) 7 letters of the user's last
name. In the case of duplicate character combinations between two users, the LAN System
Administrator will assign a unique last character.
6.3 NETWORK ADDRESSES
All internal and external router network adapters on the same physical ring must have the same
logical network address. All internal and external router network adapters on different physical
rings must have unique network addresses. Both of these standards hold true for NetWare 286
and 386.
NetWare, in either version, logically refers to the first token-ring card in a server or external
router as LAN A and the second card as LAN B. The LAN A card will remain unique for each
physical ring. LANSYS will ensure that unique addresses are assigned Agency-wide. The LAN
B card is the card connected to the Agency backbone and will be addressed as FFFFFFF8.
Since geographically separate LANs are now being linked with Vitalinks, essentially forming
one backbone, it is important that the standard backbone address for the LAN B card always be
FFFFFFF8. Each Region must implement this address prior to joining the Agency WAN.
6.4 IPX INTERNAL NUMBERS (NETWARE 386 SERVER NUMBERS)
NetWare 386 adds another address for file servers which must be unique on a WAN: the IPX
internal number. In order to discern which physical network a particular 386 server resides on
(for network management and troubleshooting purposes), IPX Internal Numbers will be formed
by concatenating the LAN A Network address with 2 hexadecimal bytes ranging from 01 to FF.
For example:
The first 386 server on ring 106 will have an IPX Internal Number of 10601. The 10th server
on ring 106 would have an IPX Internal Number of 1060A.
To incorporate sections 6.2, 6.3, and 6.4 into an example:
The first 386 server for organization WXYZ in Region 9 would have the following
unique attributes:
Server Name: R9WXYZ1
LAN A address: 350
LAN B address: FFFFFFF8
IPX internal number: 35001
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 4 of 9
Note: If a server has only one token-ring card (i.e., it is not bridged to the backbone) or it
resides on the backbone with no local ring attachment (no LAN B), then the IPX internal
number will be in the form:
F8NN
where NN is a hexadecimal value in the range 01 to FF
6.5 NOVELL ASYNCHRONOUS COMMUNICATIONS SERVERS (NACS)
a. ASCII Gateway Name
The names assigned to NACS ASCII gateways will consist of 8 characters in the
following format:
XXYYYYYY
where XX is the location of the gateway, identified as follows:
Rl - RIO = Regions 1 through 10
(RIO will have the form XXXYYYYY.)
DC = Headquarters Area
CI = Cincinnati Area
RT = Research Triangle Park Area
BC = Bay City
XX = Two character code for State-based LANs
The remaining 6 characters will be:
NACSNN
where NN are 2 hexadecimal bytes in the range 00 through FF.
Examples: The 2nd NACS at Region 3 would be named R3NACS02.
The 12th NACS at Region 3 would be named R3NACSOC.
b. ASCII Gateway General Port Names
The general port names for each of the ports on the ASCII gateway will be
determined as follows:
General port names may be 7 characters long in the following format:
XXYYYYY
where XX are the same 2-character identifiers used for the ASCII Gateway name.
The remaining 5 characters should be used by the LAN System Administrator to
designate the type of service connected to the port. For VABS-prpvided
gateways, the name will be selected by the VABS Administrator in coordination
with LANSYS. The first 2 characters will guarantee uniqueness among the
regional sites; the last 5 characters must be unique within a regional site.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 5 of 9
c. ASCII Gateway-Specific Port Names
Specific names for each port may be up to 14 characters long and determined as
follows:
The first 8 characters will be the actual NACS ASCII Gateway name.
The 9th character will be a dash (-).
The last 5 characters will be:
PORTn
where n is a hexadecimal number ranging from 0 to F.
6.6 PRINT SERVERS
a. LANSpool print server names must be in the form:
LS_ < file server name >
where < file server name> is replaced with the name of the file server on which
the LANSpool VAP resides.
b. NetWare 386 Print Server (PSERVER) names will be in the form:
PS_ < file server name > NN
where < file server name> is replaced with the name of the primary file server
that the PSERVER services.
\ where NN is replaced with 2 hexadecimal numbers in the range 00 to FF.
It is possible to have one PSERVER service more than one file server. It is also
possible to have several PSERVERS service multiple queues on one file server.
By combining and NN, unique names are attainable.
6.7 SNA GATEWAYS
Version 1.1 of Novell's SNA gateway is the present EPA standard. With this version, SNA
gateways are made unique by using different 12-byte, locally administered, token-ring addresses
for each and every gateway. [The data base of token-nng addresses is maintained by the
Telecommunications Implementation Group (TIG)]. The Telecommunications Service Request
(TSR) process includes the establishment of a unique address for any new gateway.
Version 1.3 of Novell's SNA gateway will use the Service Advertising Protocol (SAP). When
this version of the gateway becomes standard, unique names (as opposed to "locally adminis-
tered" token-ring addresses) will ensure that each gateway remains unique on the WAN.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 6 of 9
The following conventions should be used when naming an SNA gateway under Version 1.3 of
the Gateway Control Program:
XXSNAGATEWAYYY
where XX is the region number:
Rl - RIO = Regions 1 through 10
(RIO will have the form XXXYYYYY.)
DC = Headquarters Area
CI = Cincinnati Area
RT = Research Triangle Park Area
BC = Bay City
NE = National Enforcement Investigations Center
XX = Two-character code for State-based LANs
and where YY are 2 hexadecimal characters in the range 01 through FF.
6.8 IBM SOURCE ROUTING BRIDGES
The following segment numbers will be used by token-ring source routing bridges in conjunction
with LAN Manager in the EPA network. These numbers have no meaning outside of the LAN
Manager/Netview context.
a. FACILITY BACKBONES:
RTP-FF4 NE -FED
WIC-FF3 KC -FE7
ATL-FEO NY -FES
BOS - FE1 PHI - FE9
CHI - FE2 SEA - FEA
CIN-FE3 SF -FEB
DAL-FE4 LV - FEC
DEN - FES
b. PRINT RINGS:
WIC-FF2 KC -FD7
ATL-FDO NE -FDD
BOS-FD1 NY -FD8
CHI - FD2 PHI - FD9
CIN - FD3 SEA - FDA
DAL-FD4 SF -FOB
DEN - FD5
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 7 of 9
c. AS/400 RINGS:
RTF - FCD DAL - FC4
RTF - FCF DEN - FC5
RTF - FCE KC - FC7
RTF - FCD NE - FBO
WIC - FCC NY - FC8
ATL - FCO PHI - FC9
BOS - FC1 SEA - FCA
CIN - FC2 SF - FCB
CIN - FC3
d. USER RINGS
User rings will have the same IBM segment addresses that are used for Novell
LAN local segment numbers (e.g., if a NetWare IPX network number for LAN
A is 350, 350 will be the Source Routing ring segment number).
For user rings which are not NetWare networks, the ring segment number will
be XYY, where X is the region number 0 through 9 [zero (0) will designate
Region 10] and YY are two hexadecimal numbers in the range 00 through FF.
6.9 LAN MANAGER DEFINITIONS
The following are standards for adapter definitions within the system definition function of LAN
Manager:
a. Standards for symbolic names associated with token-ring adapters:
XXYYY#NAME
where XX is the region number:
Rl - RIO = Regions 1 through 10
(RIO will have the form XXXYYYYY.)
DC = Headquarters Area
CI = Cincinnati Area
RT = Research Triangle Park Area
BC = Bay City
NE = National Enforcement Investigations Center
XX - Two-character code for State-based LANs
where YYY is the ring segment number as explained in Section 6.8.
where NAME =10 characters defined by the LAN administrator to identify the
device being monitored.
It is suggested that the naming conventions set forth in previous sections of this
policy be used when assigning these names (i.e., file server for organization
WXYZ in Region 9 could be identified as:
R9FEB#R9WXYZ1
where R9 is the region, FEB is the ring segment, and R9WXYZ1 is the name).
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 8 of 9
b. Token-Ring address - Universally administered address (i.e., manufacturer-
installed address) or locally administered address.
(Note: Any "local" address (i.e., an address beginning with 4000) should have
been obtained from the TIG group as part of the TSR process.
c. Standards for symbolic names associated with bridges:
XXYYYYYY
where XX is the region number:
Rl - RIO = Regions 1 through 10
(RIO will have the form XXXYYYYY.)
DC = Headquarters Area
CI = Cincinnati Area
RT = Research Triangle Park Area
BC = Bay City
NE = National Enforcement Investigations Center
XX = Two-character code for State-based LANs
and YYYYYY is descriptive information which will help the LAN System
Administrator identify the monitored bridge.
6.10 RDBMS SERVER NAMING CONVENTIONS
Because the RDBMS Server is advertised across the network by SQL*Net, the SQL*Net
Listener name must be approved via the TSR process. Names shall be assigned as follows:
RDBMS Server SQL*Net Listener names shall consist of up to 12 characters in the following
format:
XXYYYYYY_ORA
where:
XX = Rl - RIO
(RIO will have the form XXXYYYYY.)
DC = Headquarters Area
CI = Cincinnati Area
RT = Research Triangle Park Area
BC = Bay City
NE = National Enforcement Investigations Center
XX = Two character State Code for State-based LANS
The next 6 characters (YYYYYY) must be unique and assigned by the LAN System
Administrator in coordination with NDPD/LANSYS. If the RDBMS software runs on a
NetWare file server, the first 8 characters will be the same as those in the file server name. The
suffix ORA indicates that it is an RDBMS server.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07 Page 9 of 9
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: Na^nal
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U.S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual Volume II: Oracle for NetWare (Report No. 397/002).
Research Triangle Park, NC: National Data Processing Division, Telecommunica-
tions Branch. (Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Communication Gateways and Interconnectivity NO. 310.08
APPROVAL: DATE:
1.0 PURPOSE
This policy defines network capabilities and requirements for EPA's Local Area Networks
(LANs).
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, installation, operation, and maintenance of Agency LANs.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.
LAN System Administrators are responsible for planning, installing, and managing day-to-day
operations for the LAN, as well as for coordinating activities with the Central Support Group
(TCB and ICB at NDPD), LANSYS, DECSYS, and vendors as appropriate.
4.0 POLICY
All Agency LANs are part of EPA's telecommunications network unless exempted by the
Director, NDPD, through the Telecommunications Service Request (TSR) process. Installation
of all communication gateways, routers, bridges, and other backbone components requires
approval by NDPD through the TSR process. NDPD will only approve and support Agency
standard communications gateways, bridges, and routers. Non-standard devices of these types
are allowed only with the approval of the Director, NDPD, through the TSR process.
S.O DEFINITIONS
Major Node: A region is a major node.
Super Node: RTF, Cincinnati, and Headquarters are Super Nodes.
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.08 Page 2 of 4
Extended LAN Facility (ELF): An NDPD-approved LAN bridge or repeater subsystem which
joins two or more facility backbones to form a Metropolitan Area Network (MAN) between
facilities in a "campus" environment. All ELFs require NDPD approval under the TSR process.
ELFs are jointly funded by NDPD and the relevant user organization. ELFs are supported by
NDPD.
Metropolitan Area Network (MAN): A metropolitan area network comprises two or more
facility backbones joined by an ELF in a "campus" environment.
Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC. VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.
Wide Area Network (WAN): The extension of several geographically isolated'networks into one
cohesive network.
6.0 STANDARDS
Agency Wide Token Ring Standards:
a. Each physical ring is limited to single-floor operation.
b. LANs within a single building will be networked via a centrally located "Facility
Backbone" which will span all floors of the building requiring LAN connectivity.
For token-ring LANs, user LAN-based Novell routers will provide connectivity
from the user LAN to the facility backbone. Users who have rings requiring
source routing bridging to facility backbones will submit a TSR for assistance and
approval of an appropriate approach to accomplish this function. (See NDPD
Operational Directive 310.01, Local Area Network (LAN) Planning.)
c. Internetworking of LANs between buildings will be accomplished via IBM Type
1 cable, coax or fiber connections, where appropriate, utilizing their respective
repeaters. Internetworking between buildings may also be accomplished via
Agency standard Extended LAN Facilities (ELFs) supported by NDPD. The TSR
process is used to request assistance and approval for these connections.
Agency Standard Token-Ring Communications Gateways:
a. Netware SNA Gateway Version 1.3.
b. Novell 3270 LAN Workstation Version 2.0, Dynacom/Elite Version 3.3.
c. Novell's Asynchronous Communications Server (NACS).
d. X.25 (future).
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.08 Page 3 of 4
Agency Standard Ethernet Gateways:
a. DEC RTP-and-Cincinnati-based Ethernet-to-IBM channel and link-attached SNA
gateways.
b. BITNET: Joiner Associates JNET gateway.
c. TCP/IP: Refer to Report No. 631/001, Telecommunications Support for TCP/IP
Networking within EPA (EPA Publication 208/R-93-002).
Token Ring Architecture for EPA Major Node Sites:
Three "backbone rings" are currently being installed and maintained by NDPD in the "central
facility" at Regional and other "Major Node" locations, as follows:
The familiar Facility Backbone is in place for general LAN use for inter-
connecting Novell-based user rings and central facilities (e.g., VABS server, SNA
gateway, Network Management, async. gateway, and ELF links to other campus
locations). This facility backbone is designed with 16 megabit rules, funded by
NDPD, extends throughout the Major Node central facility, and runs nominally
at 4 megabit/sec speeds. It is not intended for Print or Image traffic.
The "Print PC Machine Room Backbone" is a single MAU, 4 megabit ring that
is located exclusively in the LMF machine room and supplied by NDPD as part
of the LMF removal project. It is connected to the backup TIC on the 3720 FEP,
as well as being bridged to the facility backbone (with an NDPD-supplied PC) for
backup and network management reasons. Connected to this MAU are the 3174
cluster controller(s) and two RJE print-PC's, also supplied as part of the LMF
removal process. This is the sole purpose and physical extent or this ring/MAU.
The "Image Backbone Ring" is a third token ring dedicated to the support of the
AS400 Image Processing System under the SCRIPS project. It is designed with
16 megabit rules. Initially it was intended to be operated at 4 megabit/sec solely
to connect AS400 IPS workstations to the AS400 system. It is funded jointly by
the SCRIPS project and user organizations and is to be deployed only to locations
in the central facility where Image workstations are to be located. The SCRIPS
project furnishes a bridge PC to connect this ring to the facility backbone for
network management purposes. The AS400 has two TICS~one connected to the
Image ring and one to the facility backbone for ES/9000 and "peer AS400"
access.
NDPD will continuously provide Network Management capabilities on these three rings under
the latest technology available, including Netview and LAN Manager. Changes and special
exceptions to this architecture are only allowed with the approval of the Director, NDPD, under
the TSR process.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.08 Page 4 of 4
7.0 PROCEDURE REFERENCE
a. U.S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U. S. Environmental Protection Agency. Telecommunications Support for
TCP/IP Networking within EPA (Report No. 631/001) (EPA Publication 2p8/R-
93-002). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch. (Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Security NO. 310.09
APPROVAL: * DATE: S-j-
1.0 PURPOSE
This policy documents a prudent but minimal security control environment required by the
Agency to protect LAN systems and resources from theft, damage, and unauthorized use. This
policy defines LAN security objectives and security auditing requirements as defined by the EPA
Information Security Manual {Report 431/001) and the EPA information Security Manual for
Personal Computers. This policy addresses physical security, login security, logical access
security, and protection from virus attacks.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees and all agents (including
State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, installation, operation, maintenance, and use of LANs supported by
EPA. (Refer to NDPD Operational Directive 230.08, VAX Security, for additional information
regarding Ethernet LANs.)
3.0 RESPONSIBILITIES
NDPD is responsible for:
Developing LAN security policies and procedures in cooperation with OIRM.
Monitoring security policy maintenance and compliance.
Assisting each EPA LAN Manager in determining the security requirements for
his or her LAN and recommending security implementation to ensure the integrity
of the data and applications on that LAN.
Auditing the security compliance of each Agency LAN at least every three years
in order to validate continued access to the Agency network and network services.
Assisting the EPA LAN Manager in implementing recommendations of the LAN
Security Audit.
Communicating all security violations in writing to the designated EPA LAN
Manager for that LAN, and to NCC Computer Security with recommendations
for corrective action.
EPA LAN Managers (who are Federal employees) are responsible for:
Ensuring that NDPD, OIRM, and OMB security policies are implemented.
Assessing the security requirements for each LAN system in accordance with the
EPA Information Security Manual.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 2 of 10
Reporting any security violation to NCC Security.
Ensuring that procedures for LAN Backup and Recovery are implemented and
performed regularly.
Coordinating Security issues with their Installation Security Officer.
LAN System Administrators are responsible for:
Planning, installing, and managing day-to-day LAN security implementation in
accordance with this policy.
Training users on the importance of maintaining non-trivial confidential
passwords.
Monitoring intruder lockout data to identify any attempted illegal access.
Ensuring that User-IDs remain active only for those users who currently require
access.
LAN users are responsible for:
Creating a non-trivial password for their User-IDs.
Ensuring that their passwords are held in confidence.
Reporting any observed security violations to the LAN System Administrator.
4.0 POLICY
4.1 BACKGROUND
As the number of new LAN installations increases, so does the number of programs and quantity
of data stored on these LANs. Microcomputers or Personal Computers (PCs) pose numerous
security issues by themselves. When work group PCs are connected to form LANs in order to
share resources, the task of securing these resources is even more difficult.
Any one work group LAN may be fairly self-contained and have a LAN System Administrator.
Once these separate LANs are connected via a facility-wide backbone, physical access among
work groups is granted. Processing power and data storage are distributed, but so are access
points. Security becomes a larger issue for all users and LAN System Administrators.
The degree of security needed at a LAN site will vary with the type of data processed and the
physical security afforded by the facility. A careful analysis of the value of the resources and
the level of security needed must be viewed systemwide. (An analysis technique is provided in
the EPA Information Security Manual.) The factors of risk and consequences of corrupted or
stolen data must be considered. The ramifications in terms of time, money, and resources to
restore the system must be considered. Since access to the resources is shared, some minimum
levels of security must be maintained throughout the network.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 3 of 10
4.2 POLICY
The security design for each LAN will be based on an individual risk assessment representing
a consensus of the management of that LAN and the need to meet applicable Federal laws and
regulations and OIRM policies. Each LAN must comply with the security standards listed in
Section 6 of this policy. These standards state the minimum levels of security which must be
implemented and maintained. Compliance with these securitypolicies is a prerequisite for
connection to the Agency LAN backbone and for support by NDPD. Failure to comply with
these policies will result in disconnection of a LAN from the Agency internetwork and removal
of NDPD support.
5.0 DEFINITIONS
EPA LAN Manager: The EPA LAN Manager is the Federal person with the overall
responsibility for the operation, integrity, and usefulness of the LAN.
Installation Security Officer: Individual designated by an Assistant Administrator or Regional
Administrator who has responsibility for overseeing that a comprehensive security program is
in place for each organization's information technology installations, as denned by the
organization.
LAN System Administrator: The person who has hands on responsibility for carrying out daily
operations and maintenance of the LAN as detailed in NDPD Operational Directive 310.03.
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on Netware
servers and Oracle on Unix servers.
Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC. VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.
6.0 STANDARDS
6.1 PHYSICAL AND ENVIRONMENTAL SECURITY
Physical security of the LAN and its access points is critical to the overall security of the LAN.
Physical security controls for each LAN access point (workstations, file servers, wire closets,
and dial-in) are discussed in this policy. Requirements in the physical security area were derived
from the EPA Information Security Manual and have been summarized in the appropriate policy
sections. For a more extensive explanation of the physical security controls required by the
Agency, refer to the EPA Information Security Mani
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 4 of 10
6.1.1 File Servers
The following security measures are required for an EPA token-ring LAN file server: (Refer
to NDPD Operational Directive 230.08, VAX-Security, for applicable Ethernet information.)
a. The file server must be located in either a secure area (e.g., a locked or con-
tinuously monitored area), or procedures must be implemented by the LAN
System Administrator to prevent unauthorized access to the server.
b. The keyboard must be locked when not in use by the LAN System Administrator.
All file servers should be protected by "keyboard lock" Value Added Process (for
Netware 286) or Netware Loadable Module (for Netware 386). PS/2 file servers
must also be protected with ROM boot passwords.
c.
File servers must be dedicated systems and not utilized by an individual user as
a workstation.
d. At a minimum, critical files/programs must be backed up on a file server hard
disk on a daily (incremental) and weekly (full) basis.
e. An Uninterruptible Power Supply (UPS) capable of supporting the server in the
event of electrical system failure must be installed.
f. Smoking is not permitted in the server room.
g. A fire extinguisher suitable for extinguishing an electrical fire must be present in
the area where the server is housed.
h. Antistatic mats must be in place to protect all servers and gateways from damage
resulting from static electrical discharge.
6.1.2 Cables. MAUs. and Wire Closets
a. Multistation Access Units (MAUs) and fiber repeaters must be located in a
secured wiring closet. The wiring closet must remain locked at all times unless
the LAN System Administrator or a repair technician requires access to the area.
b. Unused, installed cabling must not be connected to the network, thereby
providing an open access point to the LAN. Patch cable connections to
operational MAUs will only be made to active workstations.
c. Protocol analyzers and other devices capable of reading and decoding data
transmitted on LAN wiring must be kept locked except when in use. These
devices shall only be used with the knowledge and consent of NDPD/LANSYS.
6.1.3 LAN RDBMS Servers
All security measures of Section 6.1.1 File Servers apply to LAN RDBMS Servers.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 5 of 10
6.2 LOGICAL SECURITY
6.2.1 Login and User-ID Restrictions
a. Supervisor passwords shall be kept in strict confidence and shall be known only
to the LAN System Administrator, backup Administrator, and the central support
group site LAN System Administrator. There shall be no more than three
supervisor level User-IDs defined for a given file server. These User-IDs must
only be used when a particular task specifically requires supervisor privileges.
The passwords for these User-IDs should be non-trivial, no less than six
characters in length, and should be changed at least every 90 days. The
operating system should be used to enforce the latter two conditions.
b. User-level passwords are required. They must be no less than six characters in
length and should be non-trivial. At a minimum, NDPD encourages all users to
at least alternate between two non-trivial passwords on a semiannual basis. This
is a minimum password requirement. Should analysis of die information security
needs of your LAN (referenced elsewhere in this policy) indicate a requirement
for higher levels of security, operating system-based mandatory password changes
features should be implemented.
Note: NDPD has formally requested that Novell modify their software to allow
EPA to enforce the use of alternation between two unique passwords.
Currently software requires these passwords to be unique through eight
changes. When Novell provides the capability of enforcing alternate
unique passwords, EPA will modify its policy to require implementation
of this feature.
The practice of recording passwords on media viewable by other personnel is not
permitted. Ease in obtaining a new password from the LAN System Administra-
tor will be promoted as an alternative.
c. Repeated, unsuccessful attempts to log in should be noted by the LAN System
Administrator and the operating system should be used to lock the user account
after four unsuccessful attempts. The account should remain locked for the
maximum time period allowed by the operating system, or until the LAN System
Administrator unlocks the account.
d. User-IDs or groups of User-IDs shall be given access to a file server based on a
specific requirement. Providing all users with blanket access to all file servers
solely for ease of configuration is not allowed.
e. Training User-IDs and maintenance User-IDs must be approved by the LAN
System Administrator and rendered inactive immediately after the training or
maintenance task is completed. User-IDs developed for training need not be
rendered inactive after every class if there are multiple classes during a given
day, but these User-IDs should be rendered inactive and reinstated at the end of
the training task (i.e., training session of less than one day's duration).
f. By default, the operating system should be used to limit the number of concurrent
logins for any User-ID to one. Sharing of User-IDs on the system is strictly pro-
hibited. To control sharing of User-IDs, User-IDs to allow multiple logins should
be established based on user processing needs.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 6 of 10
g. If auto-login scripts for system access are utilized, scripts may not contain the
password associated with the User-ID. Prompting the user for the password by
the login script, however, is an acceptable practice.
h. Application-specific User-IDs and generic User-IDs not requiring passwords, such
as those implemented on Value-Added Backbone Services (VABS) servers, must
have additional security measures implemented at the directory and file level.
These User-IDs must be given rights to only those directories and files necessary
for proper execution of the application.
i. The GUEST User-ID should either be removed from all servers or password-
protected and removed from the group EVERYONE. It is generally known that
this User-ID is automatically created without a password during system installa-
tion.
j. LAN System Administrators requiring logins to user accounts for problem
recreation and resolution shall change the user password prior to performing the
work and inform the user that the password must be changed by the user after the
work is performed. This second change will be enforced by the network
operating system.
6.2.2 Directory and File Access
a. The default file and directory protection as outlined in the LAN Operational
Procedures and Standards manual provides continuity among Agency file servers
and protects applications and data for which the individual user is the custodian.
This default structure, as distributed by NDPD or its agents, must not be changed
without written approval from the Agency LAN Program Manager.
b. Application software that does not provide licensing control must be installed with
appropriate "front end" routines in order to restrict the number of concurrent
users to those who are legally entitled to use the software. The front-end routines
must be approved by the particular vendor as an acceptable licensing control.
c. Application software shall be installed to provide users with the lowest level of
access needed to access and execute the application. The operating system
"execute only" flag should be used whenever possible to protect application
software from unlawful copying and/or viral infection.
d. The EPA LAN Manager shall be responsible for all software license agreements
and shall ensure strict adherence to the provisions of the agreements.
6.2.3 Virus Protection
a. LAN System Administrators utilizing Supervisor-equivalent User-IDs shall log in
to other workstations with a known virus-free boot disk.
b. LAN System Administrator workstations should execute a virus monitoring
program upon startup. This program must remain resident while the workstation
is operating.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 7 of 10
c. A check for viruses or other unauthorized programs will be performed prior to
backing up file server data for those organizations subscribing to the NDPD data
management service. NDPD will supply LAN System Administrators with virus
detection software for those organizations not subscribing to the data management
service.
d. New software (non-vendor) must be checked for a virus by the central site
support group prior to being loaded on a LAN.
6.2.4 Auditing and Monitoring
a. The LAN System Administrator will periodically (at least weekly) review the
audit log for login and data access problems on the system. The operating system
SECURITY utility should be run at least monthly to identify any potential
security gaps. The LAN System Administrator will report any operational or
security problems to the EPA LAN Manager and NCC Security.
b. Use of software and/or hardware devices to monitor or analyze LAN operation,
remote workstations, or message traffic is prohibited for the general LAN
community and is reserved for the LAN System Administrator and his/her
agent(s). Users will be notified of monitoring activities unless a user suspected
or engaging in illegal or unauthorized activities on the LAN is being monitored.
6.2.5 LAN RDBMS Servers
a. Sections 6.2.1 through 6.2.4 apply to LAN RDBMS servers as well as file
servers.
b. If the server is for RDBMS services only, users will not be allowed to login to
the server. Only the LAN DBAs and LAN System Administrators will have
User-IDs.
c. If the LAN DBA responsible for operation of the LAN RDBMS server is a
separate person from the LAN System Administrator, the LAN DBA will not
have Netware Supervisor security equivalence. The LAN DBA may have the
minimum level of Netware rights necessary to do the job. An example would be
allowing the LAN DBA create, edit, and delete rights over the RDBMS specific
.NCF files in the SYSTEM directory, but no directory level rights in the
SYSTEM directory. The LAN DBA will have all rights over the ORACLE6
directory and its subdirectories.
d. The default file and directory structure as outlined in the EPA LAN Operational
Standards and Procedures Manual Volume II Oracle for Netware must be
followed.
f. The passwords for the LAN RDBMS users SYS and SYSTEM must be changed
from the default immediately upon database creation. The LAN DBA is
responsible for maintaining the passwords for the SYS and SYSTEM users.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 8 of 10
g. When a new Oracle LAN RDBMS server is installed, the line SET AUTHORI-
ZATION = BYPASS is included in the server's CONFIG.ORA. This allows
anyone at the console to load SQLDBA and issue STARTUP, SHUTDOWN, and
CONNECT INTERNAL commands. This is acceptable as long as the server
meets the security restrictions of being in a secure area and having keyboard
access restricted by Secure Console.
h. RDBMS users must have individual RDBMS usernames and passwords. If the
RDBMS user must access a remote RDBMS server, the username and password
shall be the same as upon the local RDBMS server. This allows use of a
DELINK to the remote database without using the "CONNECT TO username
IDENTIFIED BY password" clause in the DELINK.
i. Generic usernames for application access are acceptable if access to database
objects is strictly controlled. The generic application username must have access
permissions (ALTER, DELETE, INDEX, INSERT, REFERENCES, SELECT,
ALL, PUBLIC, WITH GRANT OPTION) only to objects in the application,
these permissions must be the minimum necessary, and grants to PUBLIC access
must be minimum.
j. Application tables are to be created and owned by usernames that reflect the
application. The LAN DBA owns and maintains these generic usernames. Only
these usernames may have RESOURCE privileges to the application's tablespace.
k. Users will be created with the minimum privilege level necessary for their job -
usually CONNECT. Users will have RESOURCE privileges only in the
tablespace USERS. Only the LAN DBA and backup LAN DBA may have DBA
privileges.
1. Table and View access privileges (ALTER, DELETE, INDEX, INSERT,
REFERENCES, SELECT, and UPDATE) will be granted to individual users on
the basis of the minimum necessary to do the job. Only the SELECT access
privilege to Tables and Views will be granted to PUBLIC.
6.3 DIAL-IN ACCESS SYSTEMS
Access to a LAN which has no connections to the outside is generally limited to those with
access to the facility itself. Once dial-in access to the LAN is provided, the network is
potentially opened to the public, and additional controls are needed for a networked environ-
ment. Dial-in, however, only provides access similar to that provided by a network attached
workstation. Server operating system security must still be surmounted. Users can dial in via
a single dedicated PC or via a multiport remote access server. An important distinction is made
for the dedicated PC environment in that the user has access to the local drives of the dedicated
PC. Otherwise, security implementations are similar for both.
a. For dial-in access directly to a LAN-based workstation, users must implement
password protection at the dial-in host. Call-back features should be used when
possible.
b. LAN dial-in capability is intended strictly for use by Agency staff and their
agents. Agency bulletin board systems which are accessed by the public shall not
be attached to the Agency intranet.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 9 of 10
c. LAN System Administrators must create and maintain an operating system
"Group for each file server which contains the User-IDs of those users
authorized for dial-in access. Logic must be coded in the individual login scripts
of these users which will combine membership in the aforementioned Group and
physical network address as criteria for login access to the server. Instructions
for implementing this logic can be found in the Security chapter of the LAN
Operational Procedures and Standards manual.
d. The audit trail function provided by the Access Server must be activated and the
audit log must be monitored at least weekly.
6.4 RISK ANALYSIS AND SECURITY ASSESSMENT
Organizations planning to implement a LAN should use the following tables and worksheets
extracted from the EPA Information Security Manual (see NDPD Operational Directive 310.01,
Local Area Network (LAN) Planning) as a guideline for determining the sensitivity of
applications and data in terms of availability, integrity, and confidentiality:
TABLE FOR SENSITIVITY EVALUATION. This table is referenced as Table
4-1 in the EPA Information Security Manual.
DETERMINING RELEVANT SECURITY OBJECTIVES AND DEGREE OF
SENSITIVITY worksheet. This worksheet is referenced as Table 4-2 in the EPA
Information Security Manual.
SENSITIVE APPLICATION CERTIFICATION WORKSHEET. This worksheet
is referenced as Exhibit B-l in Appendix B of the EPA Information Security
Manual.
RISK ANALYSIS WORKSHEET. This worksheet is referenced as Exhibit C-l
in Appendix C of the EPA Information Security Manual.
A file should be maintained with these worksheets and should be updated when new applications
are added to the existing environment. The following additional controls may be implemented
based on the assessments made:
a. Users and administrators should only be allowed to log in to the file server from
workstations which are assigned to those users. The operating system can be
used to enforce these logical network and physical workstation address limita-
tions.
b. Passwords for all User-IDs should be changed at least every ninety days. This
should be enforced by the network operating system.
c. LANs which are processing confidential information should not be connected to
the Agency internetwork.
d.
Operating system GROUPS should be established which contain only the User-IDs
of users needing access to sensitive information.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09 Page 10 of 10
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual Volume II: Oracle for Netware (Report No. 397/002).
Research Triangle Park, NC: National Data Processing Division, Telecommunica-
tions Branch. (Location: Publications Technical Library).
c. U. S. Environmental Protection Agency. (1989) EPA Information Security
Manual (Report No. 431/001). Washington, DC: Office of Information and
Resources Management, Information Management and Services Division.
(Location: Publications Technical Library).
d. U. S. Environmental Protection Agency. EPA Information Security Manual for
Personal Computers. Washington D.C.: Office of Information Resources
Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Change Management NO. 310.10
APPROVAL: C\ \ /iLfl DATE: J--/?-fy
1.0 PURPOSE
Hardware and software commonality must be maintained so that Local Area Networks (LANs)
can function effectively in the Agency's integrated network. This policy ensures that all changes
are managed in a timely manner with minimum disruption to system performance.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LAN's.
3.0 RESPONSD3ILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.
LAN System Administrators are responsible for planning, installing, and managing day-to-day
LAN operations and change management, as well as for coordinating activities with the NCC
LANSYS, DECSYS, and NDPD Telecommunications Department support groups and
appropriate vendors.
4.0 POLICY
The central LAN support group and/or the LAN System Administrator shall carry out
established local management policies and procedures, including documentation requirements as
recommended in the LAN Operational Procedures and Standards Manual. These policies and
procedures shall be established through the appropriate EPA LAN Coordinator, in consultation
with the cognizant ADP Coordinator as required.
5.0 DEFINITIONS
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
National LAN Application: LAN applications are considered to be national if they meet the
following conditions:
They are centrally developed and distributed for local execution at multiple
Agency sites or multiple offices at Agency Headquarters.
They support integration of Agency data.
-------
NDFD OPERATIONAL DIRECTIVE NO. 310.10 Page 2 of 3
They provide information sharing among multiple offices and sites within EPA,
with states and local governments, or with the public.
Extended LAN Facility (ELF): An NDPD-approved LAN bridge or repeater subsystem which
joins two or more facility backbones to form a Metropolitan Area Network (MAN) between
facilities in a "campus" environment. All ELFs require NDPD approval under the TSR process.
ELFs are jointly funded by NDPD and the relevant user organization. ELFs are supported by
NDPD.
6.0 STANDARDS
a. The LAN System Administrator shall manage performance of change management
activities and inform users of all major changes prior to their taking effect. At
a minimum, the LAN System Administrator will maintain a simple log of all
changes with the date and time of implementation.
b. ' The following changes must be approved by NDPD and tracked through the
Telecommunications Service Request (TSR) process (see NDPD Operational
Directive 310.01, Local Area Network (LAN) Planning), or via Change Manage-
ment for VAX LANs:
(1) Modifications or major upgrades to system software.
(2) Installs, upgrades, and configuration changes in the LAN operating
system, communications gateways, repeaters, LAN-to-LAN bridges,
routers, and other internetwork connections.
(3) Additions to or changes in connections to a facility backbone and/or
Extended LAN Facility. That is, every change involving a backbone
hardware address or symbolic name must be reported via a TSR.
(4) Changes in LAN wiring type.
(5) Changes in LAN System Administrator assignments.
(6) Any configuration changes exceeding the following limits:
200 total connections on a token-ring using Type-1 wiring.
50 total connections on a token-ring using Type-3 wiring.
10 connections on a single Farallon Phonenet Apple network unit.
20 connections on a single AppleTalk network.
(7) Modifications or major upgrades to a National LAN Application.
(8) Changes to LAN RDBMS system software. For example, installation of
a new RDBMS network protocol, or a new version of the RDBMS. This
does not include internal RDBMS changes such as reorganization or
expansion of data storage.
c. Proper notification will be given to affected individuals for any network outage
resulting from changes.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.10 Page 3 of 3
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. EPA LAN Operational Procedures and Standards
Manual (Report No. 397/001). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch. (Location: Publications Technical Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: LAN Timeshare Accounting NO. 310.11
APPROVAL; jQ^ j j) u ^ /) hft DATE; g-H-
1.0 PURPOSE
OMB Circular A- 130 requires all Government agencies to establish and implement policies and
procedures to:
a. Account for the full cost of operating data processing facilities.
b. Allocate all costs to users according to the service they receive.
This policy ensures that these requirements are met.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LAN's.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LAN's.
4.0 POLICY
NDPD will publish timeshare chargeback rates and collect timeshare charges as appropriate.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
Not applicable.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Wiring and Optical Fiber Cabling for NO. 310.12
Voice and Data Telecommunications
APPROVAL: I DATE: ..
1.0 PURPOSE
Adherence to this policy will ensure consistency in the selection and use of wiring and optical
fiber components at the National Computer Center and enable NDPD to provide appropriate and
necessary support to the NCC user community. The objectives of this policy are to:
a. Ensure that all wiring acquisitions are consistent to facilitate EPA's ability to provide
quality support to the NDPD user community.
b. Provide a compatible environment for applications.
c. Preserve the Agency's telecommunications network stability and performance.
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of the Agency network at EPA
locations.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement, and will annually review policies
for needed modification and/or enhancement.
4.0 POLICY
Only the Agency standard wiring listed in the Standards Section of this policy is supported by
NDPD. Each user request for a wiring medium other than that herein described will be
reviewed on a case-by-case basis by the NDPD to determine compatibility and an appropriate
level of support. Requests must be submitted in writing to the Director, NDPD, under the TSR
process. The NDPD "Decision Paper" process will be used to document and determine the level
of support to be provided a "new" design.
5.0 DEFINrnONS
Balun: A device used to convert coaxial cable to twisted pair wiring and twisted pair to coaxial.
Two types of baluns are used in EPA for passing 3270 signals over twisted pairs and Ethernet
signals over Type 1 Token-Ring station wiring.
Coaxial Cable: Two-conductor, concentric, constant impedance transmission cable.
Station: A single addressable device on a LAN.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.12 Page 2 of 4
Thickwire: A Digital trademark used to describe its IEEE 802.3 compliant Ethernet cable used
for backbone wiring in LANs.
Thinwire: A Digital trademark used to describe its IEEE 802.3 compliant Ethernet cable used
for limited distance station wiring.
10BASET: The new IEEE 802.3-related 10 megabit/sec Ethernet wiring standard which utilizes
unshielded twisted pairs of designated maximum lengths for Ethernet station wiring.
AUI Cable: A type of Ethernet cabling of a designated length used to connect an Ethernet
"station" to a backbone via a "transceiver." (Also called a "transceiver cable.")
Transceiver: A device attached to an Ethernet backbone which allows a connection to an
Ethernet "station."
Twisted Pair: Multiple-conductor cable whose component cables are paired together, twisted,
and enclosed within a single jacket.
Type 1: An IBM identifier used to describe its IEEE 802.5-compliant, IBM, Teflon-coated,
shielded, twisted pair wiring.
Type 3: An IBM identifier used to describe its IEEE 802.5-compliant, IBM, four-pair,
unshielded, twisted pair.
6.0 STANDARDS
The following standards have been established for various wiring media:
a. Vertical wiring for VOICE shall consist of unshielded twisted pairs, as required.
b. Station wiring for VOICE shall consist of unshielded twisted pairs, as required.
c. Token-Ring vertical backbone wiring for DATA shall include 802.5 cabling consisting
of IBM Type 1, Teflon-coated, shielded twisted pair, or optical cable as designated in
the National Electrical Code:
(1) Cable in plenums, ducts, and floor-to-floor risers will be Type CMP (copper cable).
(2) Optical cables in plenums, ducts, and floor-to-floor risers will be Type OFNP.
(3) "Standard" optical cable, nonplenum, will be Type OFC or OFN.
EPA token ring backbones shall be constructed under 16 megabit/sec design rules, but
operated at 4 megabit speeds unless approved for speedup by NDPD under the TSR pro-
cess. Contact LANSYS for details.
d. Ethernet vertical backbone wiring for DATA shall include 802.3 thickwire cabling where
user requirements dictate an Ethernet facility. This cabling consists of Teflon-coated,
standard Ethernet coaxial cable. Ethernet LANs shall be constructed under standard 10
megabit/sec design rules. Contact DECSYS for details.
e. Vertical wiring for special needs (LDM circuits, terminal servers, etc.) shall consist of
unshielded twisted pair, Teflon-coated, as appropriate.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.12 Page 3 of 4
f. Token-Ring station wiring for DATA shall consist of IBM Type 1, Teflon-coated,
shielded twisted pair, Type 3, or optical cable run from wiring closets on each floor to
each workstation as designated in the National Electrical Code:
(1) Cable in plenums, ducts, and floor-to-floor risers will be Type CMP (copper cable).
(2) Optical cables in plenums, ducts, and floor-to-floor risers will be Type OFNP.
(3) "Standard" optical cable, nonplenum, will be Type OFC or OFN.
Type 3 supports up to 4 MBPS; Type 2 up to 16 MBPS. EPA token ring user LANS
shall normally be constructed under 4 megabit/sec design rules. However, if the user
organization's SIRMO feels strongly that the network must operate at 16 megabits/sec,
he or she may request and fund an implementation under the TSR process for a 16
megabit/sec user nng.
g. Ethernet station wiring for DATA shall consist of Type 3, four-pair, unshielded twisted
pairs, where connection is required as a terminal through a terminal server, and 802.3
thinwire coax cabling, twisted pairs under the IEEE 10 BASET standard where user
requirements dictate a direct-connection to an Ethernet facility. For direct connection
to a thickwire Ethernet backbone, standard PVC or Teflon-coated Ethernet "transceiver-
AUI" cables shall be used as appropriate.
h. Terminal to Async ASCII and 3270 services shall consist of one run Type 3, four-pair,
unshielded twisted pairs from wiring closets on each floor to each workstation. This
wiring facilitates the use of one ASCII terminal and one 3270, balun-matched device per
user location, or two of either terminal type.
i. All wiring will conform to the applicable national and local electrical codes for "optical
fiber cabling" and "computer/communications wiring."
j. In designated facilities, based on distance constraints of the LAN technology involved,
an optical fiber system consisting of 62.S/12S micron, multimode optical fiber cabling
and associated patch equipment shall be used with appropriate cable coatings and
connectors.
7.0 PROCEDURE REFERENCE
a. In general, the above standards are based on the Electrical Industries Association (EIA)
building wiring work group, TR 41.8.1 standards proposals now before EIA and ANSI
for final approval. Users slrould consult the final standard for more details. The latest
National Electrical Code designates:
(1) Cable types in plenums, ducts, and floor-to-floor risers will be Type CMP
(copper cable).
(2) Optical cables in plenums, ducts, and floor-to-floor risers will be Type OFNP.
(3) "Standard" optical cable, nonplenum, will be Type OFC or OFN.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.12 Page 4 of 4
b. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: National Data
Processing Division, Telecommunications Branch. (Location: Publications Technical
Library).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Use of Remote Access to EPA LANs NO. 310.13
APPROVAL: DATE= f.
1.0 PURPOSE
This policy outlines the supported and unsupported use of remote access to EPA Local Area
Networks (LANs). Access is provided in three ways:
LAN dial-in capabilities.
EPA campus Wide Area Networks (WANs)
EPA Extended LAN Facility (ELF).
2.0 SCOPE & APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, installation, operation, and maintenance of Agency LANs and
LAN-based applications.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modifications and/or enhancement, and will provide technical support for all
Agency standard LANs.
LAN System Administrators are responsible for planning, installing, and managing day-to-day
operations for the LAN, as well as for coordinating activities with NDPD, LANSYS, DECSYS,
and vendors as appropriate.
4.0 POLICY
4.1 BACKGROUND
The user friendly PC software that runs on local LANs/PCs has been very successful in bringing
information processing to the desktop. As a result, many in the EPA community would like to
move as many applications as possible to the LAN/PC platform. Unfortunately, in some cases,
this impetus to move all applications to LANs does not consider the fact that LANs are most
appropriate for applications being delivered to users who are connected "locally" to a file server
housing the applications.
If many users of a proposed application are remote from the LAN file server (i.e., not connected
to a LAN to which the file server is connected), a LAN may not be the appropriate platform on
which to deliver the application. Neither EPA's wide area network nor LAN dial-in can provide
adequate performance and stability to support remote users of conventional (non-client-server)
LAN applications in the next 2 to 5 years. With a conventional LAN application, the entire
program, and often the entire data base, must travel over the slow speed wide area network.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.13 Page 2 of 4
Emerging client server technology and Structured Query Language (SQL) mainframe links offer
new opportunities for designing and implementing applications which may provide satisfactory
performance and stability for remote LAN users within the LAN/WAN environment.
Applications design must focus on the appropriateness of current EPA infrastructure as the
delivery vehicle for that application.
4.2 POLICY
LANs are intended primarily to deliver applications to clients who are locally (directly)
connected to the file server housing the applications. The Standards section of this policy
delineates supported and unsupported remote LAN access. It provides guidance as to where and
when remote access can be supported within the Agency LAN/WAN network in the next 2 to
5 years. NDPD has no commitment to provide robustness or performance for unsupported
remote use. If unsupported remote LAN access adversely affects supported LAN uses, the client
may be asked to remove that application from the network.
5.0 DEFINITIONS
Campus WAN: A network of connected local rings at each Novell site.
Client/Server Application: An application in which the work is divided between the client and
the server. That is, much of the data base application actually runs on the server, and only the
"answer" is sent over the LAN wire. The client application can be stored "remotely" on the
local server. Examples of client server development platforms are Notes and Oracle.
Conventional Application: An application developed with such conventional software as dBASE,
Clipper, Foxbase, and LOTUS. Conventional applications execute on the client's workstation,
with the LAN server functioning as a large, central, hard disk on which the data base and
application are stored. Since the "computing" is actually done by the workstation, the applica-
tion and data base (or its indexes) must be sent over the LAN wire to the workstation whenever
the client uses them.
Local Connection: Direct connection of a LAN workstation to the local backbone ring. "Local"
workstations are in the same (or adjacent) building as the LAN file server, are connected at full
LAN speed, and permit clients to work equally well on any server to which they are locally
connected.
Remote Connection: Connection of a workstation and LAN file server by means of a telephone
line. "Remote" workstations are not directly connected to the local backbone ring and utilize
either LAN dial-in capabilities'or a WAN.
Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.
Extended LAN Facility (ELF): The EPA Wide Area Network providing IPX/SPX connectivity
between the facility backbones at RTP, HQ, and the Regional Offices.
LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on Netware
servers and Oracle on Unix servers.
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.13 Page 3 of 4
Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC and the NCC. VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.
6.0 STANDARDS
6.1 LAN DIAL-IN ACCESS
LAN dial-in capability is intended strictly for limited use by Agency staff and their agents.
Supported use includes the following:
Casual home use of the LAN by clients who normally work on that LAN.
Transference of files to and from a remote site so that the files can be worked on
remotely with local copies of software and then retransmitted when complete.
Examples of unsupported use are as follows:
Critical activities.
State access to EPA LAN-based systems.
Public access.
Reliable offsite access for interactive use or data input/retrieval.
6.2 CAMPUS WANS
At each EPA campus, the local rings are interconnected with bridges into a "Campus" wide area
network. Since this campus WAN contains links that involve a slow speed telecommunications
line, the entire campus network no longer runs at LAN speed. Campus WANs contain slow-
speed telecommunications links and provide considerably less performance than is available
through a direct local LAN attachment. A client separated from the application server by a
slow-speed link is considered a remote client. Such remote access can only provide adequate
performance for certain limited uses.
Campus WANs are not supported for routine, heavy use to provide access to conventional
applications. Well designed client server applications should function adequately in the campus
WAN environment.
6.3 EXTENDED LAN FACILITY (ELF)
When operational, the Agency ELF will provide low-speed connections among Value Added
Backbone Servers (VABS) and Novell Access Servers. This ELF will not provide direct access
to any other servers except as approved under the Telecommunications Service Request (TSR)
process. All applications which depend upon use of the ELF, including client server
applications, must be approved through the National LAN Application Approval Process (See
NDPD Operational Directive 310.14). Expected support includes the following:
-------
NDPD OPERATIONAL DIRECTIVE NO. 310.13 Page 4 of 4
File transfer (via LAN Postman, for example).
Some SQL access to RDBMS servers at another site. (SQL client/server access
will not be supported until it has been thoroughly tested.)
Limited remote logon to an access server at another site (password required).
The access server will support direct remote server access for such tasks as
executing programs. However, since access server ports are a very limited
resource, access through this technique will be restricted.
Non-interactive store and forward message based traffic (for example, CC Mail
post-office to post-office communication).
Distribution of data by selective replication processes, within bandwidth
constraints (for example, replicating Notes or Oracle data bases).
Use of the Agency ELF will not be supported for the following:
Program loading or conventional data base access.
Applications which require mapping drives across the ELF.
*
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual (Report No. 397/001). Research Triangle Park, NC: Natipnal
Data Processing Division, Telecommunications Branch. (Location: Publications
Technical Library).
b. U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
Standards Manual Volume II: Oracle for Netware (Report No. 397/002).
Research Triangle Park, NC: National Data Processing Division, Telecommunica-
tions Branch. (Location: Publications Technical Library).
c. NDPD Operational Directive 130. JO, RDBMS Platform Selection Techniques, and
NDPD Operational Directive 130.11, SQL Programming Techniques.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Usage Guidelines NO. 320.01
APPROVAL; &&M*-/<~(' DATE: 7/y/fe,
' **.-
1.0 PURPOSE
The EPA Email Usage Guidelines Policy establishes the following course of action pertaining
to electronic mail:
a. Purpose of Email.
b. Justification.
2.0 SCOPE & APPLICABILITY
This policy applies to EPA Email customers and all NDPD and contractor staff personnel
responsible for the management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
The EPA Email System provides reliable, rapid, and accurate transfer of messages to members
of the EPA community. It also provides facilities for the online storage and access of
documentation that is of interest to the EPA community or specific segments of the EPA
community. The EPA Email System must also provide message exchange with other
government agencies and scientific and business communities concerning official EPA business
only.
a. The EPA Email system may only be used for the purpose of conducting legitimate
Agency business.
b. The EPA Email system will not be used to transmit or store confidential or
sensitive materials. Official signatures cannot be transmitted via Email.
c. The EPA Email system will be used to transmit memos, letters, documents, and
other correspondence materials of relatively short length where expedited delivery
is important.
d. The EPA Email system will be used to facilitate work group communication and
productivity tools whenever possible through the use of bulletin boards,
distribution lists, on-line text storage, and other EPA purchased or commercially
available services (e.g., OAG).
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.01 Page 2 of 2
e. The EPA Email system may not be used to generate and send messages by EPA
vendors or contractors for the express purpose of marketing any products or
services to the EPA customer community. In order to use the EPA Email system
for product announcements, feature releases, briefings, and/or classes, vendors
must:
Have a current contract in place with EPA to sell services or
equipment.
Relate announcements to a product or service that EPA already
uses, a replacement, or upgrade for that product or service.
Distribute the Email messages only to those (distribution list) who
have expressed a desire to receive the information.
Delete entries on their distribution lists as soon as notified.
Update the distribution list no less than once a year so that people
can sign up for the groups in which they have an interest.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Refer to the following for more information about standards:
Directive 320.02: EPA Email Customer Registration
Directive 320.03: EPA Email Security
Directive 320.07: EPA Email Additional Services
Directive 320.13: EPA Email Connectivity Standards
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1993) ALL-IN-1 Administrative
Procedures (Report 502/001) Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library)
b. U. S. Environmental Protection Agency. (1991) ALL-IN-1 Technical Reference
Guide (Report 474/001) Research Triangle Park, NC: National Data Processing
Division. (Location: Publications Technical Library)
c. U. S. Environmental Protection Agency. (1992) Guide to NCC Services: Email
Guide. Research Triangle Park, NC: National Data Processing Division.
(Available through Customer Support)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Customer Registration NO. 320.02
; ff
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.02 Page 2 of 3
c. Two types of mailboxes are available for assignment:
Individual Mailboxes. An individual mailbox will be issued by the
NDPD Email Support Group to the requestor for the new mailbox owner.
The mailbox owner is responsible for all activities attributed to the
mailbox. Each individual mailbox will be initialized with all Basic Mail
service and issued with an initial password.
Group Mailboxes. A group mailbox will be issued by the NDPD Email
Support Group in special cases to meet the specific needs of defined
groups where access to a mailbox is required by more than one customer.
Group mailboxes will be discouraged at the time accounts are requested.
The security implications will be explained to the requestor prior to
issuing a mailbox number. A registered owner is required for each group
mailbox. The registered owner is the point of contact for all communica-
tion with the NDPD Email Support Group regarding the management and
use of the group mailbox. The registered owner is responsible for all
activities attributed to the group mailbox. Each group mailbox will be
initialized with the Basic Mail service. The requestor/owner of a group
mailbox must execute a "statement of acceptance of risk" to indicate that
he/she is aware of the insecure nature of this arrangement.
d. The initial password issued for individual and group mailboxes must be changed
by the registered owner the first time the mailbox is accessed. The registered
owner of a group mailbox is responsible for maintaining the confidentiality of the
password among the defined group.
e. Mailboxes that have not been accessed for an extended period of time are
considered inactive and will be deleted.
f. The mailbox-ID's of customers terminating employment will be deleted from the
system or reassigned.
g. The Email Coordinator will send all approved changes required in the EPA Email
directory to the NDPD Email Support Group.
h. The NDPD Email Support Group will be responsible for deleting and reassigning
mailboxes.
i. System utilization will be recorded for each mailbox.
j. The EPA Email'Support Group will provide a monthly report to the EPA Email
Technical Monitor on the number and status of Email registration requests.
5.0 DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.
The Email Coordinator is the person in a Program Office or Region who is responsible for
coordinating the messaging activities within his/her assigned group.
The Email Technical Monitor is the NDPD individual who is responsible for managing the EPA
Email system.
-------
NDPD OPERATIONAL DIRECETIVE NO. 320.02 Page 3 of 3
6.0 STANDARDS
Turnaround time for an Email system mailbox registration will be 24 hours from the time the
approved request was submitted to the NDPD Email Support Group.
Individual or group mailbox passwords must be changed at least every 90 days.
Mailboxes that have not been accessed for 1 year are considered inactive and will be removed
from the system.
Refer to the following for more information about standards:
Directive 320.01: EPA Email Usage Guidelines
Directive 320.03: EPA Email Security
Directive 320.05: EPA Email Customer Notification
Directive 320.07: EPA Email Additional Services
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1993) ALL-IN-1 Administrative Procedures (Report
502/001) Research Triangle Park, NC: National Data Processing Division. (Location:
Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Security NO. 320.03
APPROVAL: $#.&£. ^Jlf^-0 DATE: 7//f/fj
1.0 PURPOSE
The EPA Email System Security Policy establishes the following course of action pertaining to
electronic mail:
a. Security objectives.
b. Security facilities and requirements.
c. Security responsibilities.
d. Security enforcement requirements.
2.0 SCOPE & APPLICABILITY
This policy applies to the EPA Email customer community and to NDPD and contractor staff
personnel responsible for the management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Email Primary Support Contractor (PSC) will develop, update, and monitor procedures
to implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
The EPA Email customer community will rely on the terms of this policy to protect their
resources.
NDPD will conform to the requirements of statutes, oversight Agency publications, and OIRM
directives in administering security on the EPA Email system.
4.0 POLICY
a. The EPA Email system will not be used to transmit or store confidential,
sensitive, or proprietary information.
b. The NDPD Email Support Group will initialize each individual mailbox and
group mailbox with an initial password. The password must be changed the first
time the system is accessed.
c. Passwords must be kept confidential and changed periodically.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.03 Page 2 of 2
d. The NDPD Email Support Group can reset a password for the owner of an
individual mailbox. In the case of a group box, the request must be from the
registered owner.
e. The EPA Email contractor shall limit physical access to the processor complex
and peripherals to authorized contractor personnel requiring such access in the
normal course of their duties.
f. Mailbox messages will be readable by the individual mailbox owner or the group
mailbox customers only. System management functions (required to operate,
support, and maintain the system) shall avoid/restrict access to mailbox messages.
g. Group mailboxes are set up to service multiple customers; this means the
password is shared. Group mailboxes do not comply with Office of Management
and Budget (OMB) computer security policy. The requestor/owner of a group
mailbox must execute a statement of acceptance of risk" to indicate that he/she
is aware of the insecure nature of this arrangement.
h. Changes and deletions to the Email Directory must be submitted by the mailbox
owner or the appropriate Email Coordinator.
i. The EPA Email system will provide the capability to automatically log a customer
off after a defined period of system inactivity. The length of this period is
defined and controlled by the EPA Email Technical Monitor.
j. Use of the Email system is restricted to official EPA business only.
5.0 DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.
6.0 STANDARDS
Passwords must be changed at least every 90 days.
Refer to the following for more information about standards:
Directive 320.01: EPA Email Usage Guidelines
o Directive 320.02: EPA Email Customer Registration
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1993) ALL-IN-1 Administrative Procedures (Report
502/001) Research Triangle Park, NC: National Data Processing Division. (Location:
Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Problem Resolution NO. 320.04
APPROVAL:
EPA Email Problem Resolution NO. 320.04
Jni' ft *? " f. f /*)
: WsUf^ftv-^'s'-'J DATE: ?//&/?3
1.0 PURPOSE
The EPA Email Problem Resolution Policy establishes the following course of action pertaining
to electronic mail:
a. Problem resolution objectives.
b. Problem resolution responsibilities.
c. Problem tracking and reporting requirements.
d. Customer notification requirements and responsibilities.
e. Management notification requirements and responsibilities.
2.0 SCOPE & APPLICABILITY
This policy applies to the EPA Email customer community and to all NDPD and contractor staff
personnel responsible for the management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and monitor procedures to
implement this policy.
The EPA PSC will adhere to NDPD policies and procedures to ensure that problems are
resolved expeditiously.
4.0 POLICY
a. The NDPD Email Support Group will strive to resolve problems with the EPA
Email system as soon as possible after identification in order to provide the best
possible level of service to the customer community.
b. The EPA Email Customer Support Group will serve as the point of contact for
reporting, tracking, and resolving customer-reported Email problems. The
Customer Support Group staff will forward all problems which they cannot
resolve to the appropriate EPA Primary Support Contractor technical staff.
Customers may not call the EPA Email contractor technical staff directly to
obtain assistance.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.04 Page 2 of 3
c. The Email Support Group will immediately notify the Email Technical Monitor
of any critical problem where service is affected or data may be lost. Status of
all reported problems is continuously available to the EPA Email Technical
Monitor through the online Problem Management Reporting System.
d. Customers reporting problems will be periodically called or sent Email keeping
them aware of the status and progress of their problem resolution.
e. The NDPD Email Support Group will post messages on the Email System to
notify customers of system problems. The messages will be posted on the EPA
Email banner page.
f. All problems reported to the NDPD Email Support Group will be entered into the
Problem Management System by close of business on the day the problem was
reported.
g. Problems encountered with the EPA Email system will be categorized and
reported according to the list of problem codes approved by the EPA Email
Technical Monitor. A weekly report of all open Email problems will be sent to
the EPA Email Technical Monitor and the Program Management Support Branch
Chief.
h. The NDPD Email Support Group will submit a monthly report to the EPA Email
Technical Monitor identifying the number, nature, and status of the problems
addressed during the reporting period.
i. The Director of NDPD will be immediately notified by the EPA Email Technical
Monitor of any data loss experienced by the EPA Email customer community.
5.0 DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.
6.0 STANDARDS
Customers reporting problems will be called within 24 hours, excluding weekends and holidays,
to advise them of the problem status.
No problems will be allowed to go without management attention for more than 48 hours.
Refer to the following for more information about standards:
Directive 320.05: EPA Email Customer Notification
Directive 320.08: EPA Email Report Generation
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.04 Page 3 of 3
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1991) Centralized Problem Management System
Workshop (Report 357/011) Research Triangle Park, NC: National Data Processing Division.
(Location: Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVE MANUAL
TITLE: EPA Email Customer Notification NO. 320.05
APPROVAL: f&tojl* '-:. DATE: 7//6/?3
1.0 PURPOSE
The EPA Email Customer Notification Policy establishes the following course of action
pertaining to electronic mail:
a. Customer notification responsibilities.
b. Customer notification objectives.
c. Customer notification methods.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email customer notification procedures.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
The Email Technical Monitor is responsible for defining the methods of assuring customer
notification for events that affect the Email System. The Email Technical Monitor will direct the
Email Primary Support Contractor to implement procedures that will assure complete, adequate,
and timely customer notification concerning any events that will impact customers of the Email
system. The Email Technical Monitor will determine the most appropriate method for
communicating with the customer (e.g., banner, bulletin boards, videotex!, Email, reports, or
letters). The events that need to be considered for notice include, but are not limited to:
System maintenance schedules.
System modifications or enhancements.
Unscheduled system stops or performance degradation.
Changes in system resource availability.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.05 Page 2 of 2
Changes in system response time in excess of the specified service level for
extended periods.
Verification of action requests, (e.g., additions, deletions, changes) received from
the Email Coordinators.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Refer to the following for more information about standards:
Directive 320.02: EPA Email Customer Registration
Directive 320.04: EPA Email Problem Resolution
Directive 320. IS: EPA Email Operations
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1993) ALL-IN-1 Administrative
Procedures (Report 502/001) Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library)
b. U. S. Environmental Protection Agency, (pending) ALL-IN-1 Management
Guide (written under contract with TPMC) Research Triangle Park, NC:
National Data Processing Division. (Location: EPA Technical Monitor)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Education and Training NO. 320.06
APPROVAL: &ftv££. if*--ie-«* DATE:
1.0 PURPOSE
The EPA Email Education and Training Policy establishes the following course of action
pertaining to electronic mail:
a. Coordination of education and training.
b. Responsibility for education and training.
c. Creation and storage of education and training documentation.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. The NDPD Email Support Group will coordinate all central Email system
training, including network access methods and wqrdprocessing interface.
Information Centers (ICs) will be responsible for providing local Email training.
b. The EPA Email Primary Support Contractor will provide Email system
documentation oh all products and services available through the Email system.
c. The NDPD Email Support Group will develop all customized documentation for
the EPA Email system. An EPA Email Technical Reference Guide, documenting
functions and features of the Email system will be maintained and available to all
users.
d. All Email documentation will be distributed through the NDPD Email Support
Group and/or Information Centers.
e. Whenever possible and appropriate, technical documentation, educational
materials, and other Email supporting documentation will be stored and accessed
electronically. The master and electronic copies of documents will be kept up to
date in a timely and synchronous manner to assure that both copies are current.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.06 Page 2 of 2
5.0 DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.
6.0 STANDARDS
An Email usage hint will be displayed in the banner, and the hint will be changed weekly.
On-line HELP and HINTS are maintained, with changes documented within 1 week of change.
Training is provided at EPA's direction. Course evaluations are 4.5 or higher on a 5.0 scale.
Email Reference Guide is updated at least quarterly and will have a 99 percent accuracy level.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. Email Training Procedures (pending) Research Triangle
Park, NC: National Data Processing Division. (Being written by Customer Support)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Additional Services NO. 320.07
APPROVAL; fiaJLg. %'<*£/*$ DATE: 7//6fy 3
1.0 PURPOSE
The EPA Email Additional Services Policy establishes the following course of action pertaining
to electronic mail:
a. Videotext.
Definition of videotex!.
Creation and maintenance of videotex!.
Deletion of old items.
b. Bulletin Boards.
Definition of bulletin boards.
Creation and maintenance of bulletin boards.
Deletion of old items.
c. Distribution Lists.
Definition of distribution lists.
Creation and maintenance of distribution lists.
Deletion of old items.
d. Banner Broadcast.
Definition of banner broadcast.
Creation of banner broadcasts.
Deletion of banner broadcasts.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.07 Page 2 of 3
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on EPA Email additional services.
4.0 POLICY
a. Videotext.
Videotext is an efficient method of storing and accessing text related
material that must be available to a large number of customers (e.g.,
NDPD operation policies will be stored in videotex!, including these
policy statements). Use of videotex! entries is restricted to official
Agency business use only. Requests for new VTX entries will be
reviewed by the EPA Email Technical Monitor.
Videotext applications will be initialized by Email Support Staff and will
be updated and maintained by the customer.
Videotext applications will be monitored periodically. At least annually,
the owner of the videotex! will be contacted to determine if there is a
current need for the topic or a policy reason to retain the videotex! entry.
If the owner has no need for continued use of the files, they will be
deleted.
b. Bulletin Boards.
Bulletin Boards are an efficient method for posting notes for all Email
users or a specific private audience. A bulletin board should be used
when messages are frequently exchanged among group members. Bulletin
board entries require no prior approval, but use of bulletin boards is
restricted to official Agency business use only.
Bulletin board applications will be initialized by the Email Support Group,
and will be updated and maintained by the customer.
Annually the manager of each inactive bulletin board will be queried to
determine if the bulletin board is still required. If the bulletin board is no
longer required, it will be deleted.
c. Distribution Lists.
Distribution lists are an effective method of providing group routing and
messaging to a specific set of individuals.
Most distribution lists are created and maintained by individual customers.
Some lists which are Agencywide or have general applicability to multiple
customers, such as lists of ADP Coordinators, Email Coordinators, Senior
Information Resource Management Officers (SIRMO), etc. may be
submitted to and will be installed and updated as system distribution lists
by the Email Support Staff.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.07 Page 3 of 3
At least annually, the owner of the system distribution lists will be
contacted to determine if there is a current need for the list(s) and to
verify that the list is correct. If the owner has no need for continued use
of the list(s), it will be deleted.
d. Banner Broadcasts.
Banner broadcasts appear each time an Email customer signs on to the
system. Banner broadcasts are an effective means of providing limited
information to a wide audience for a specific length of time (e.g.,
upcoming events or temporary conditions). There is a limit to the number
of broadcasts that may be displayed at any one time and the EPA Email
Technical Monitor will review each request for banner broadcasts.
Banner broadcasts will be initiated and updated by the Email Support
Group.
Banner broadcasts will be deleted after the need for the message has
passed.
5.0 DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.
6.0 STANDARDS
All banners are carefully reviewed to ensure correct spelling and grammar.
Refer to the following for more information about standards:
Directive 320.05: EPA Email Customer Notification
7.0 PROCEDURE REFERENCE
a. U. S. Environmental Protection Agency. (1993) ALL-IN-1 Administrative
Procedures (Report 502/001) Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library)
b.
U. S. Environmental Protection Agency, (pending) ALL-IN-1 Management
Guide (written under contract with TPMC) Research Triangle Park, NC:
National Data Processing Division. (Location: EPA Technical Monitor)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Report Generation NO. 320.08
APPROVAL: jg&f?-:\'i.^'''Jl v DATE: 7//l>/?3
1.0 PURPOSE
The EPA Email Report Generation Policy establishes the following course of action pertaining
to electronic mail:
a. Purpose of reports.
b. Generation of reports.
c. Distribution of reports.
d. Definition and modification of report contents.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email report generation.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. Email reports are used to ensure that policy and procedures are followed by
measuring the results of specific activities. Email reports are used to check the
accuracy of data supplied by the system, measure operational service levels and
resource utilization, verify administrative activities, and aid management in
making decisions about planning and operating the system.
b. Email reports will be generated as often as required to assist the Email Technical
Monitor, Primary Support Contractor, Customer Representatives, and Email
Coordinators to carry out their duties. The schedule for each report will be
determined by the Email Technical Monitor. An audit will be performed, at least
annually, to determine that the period of the reports and the information contained
on them is valid and useful in operating the Email system. Reports not meeting
this criteria will be modified, made inactive, or deleted from the reporting
system.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.08 Page 2 of 2
c. Email reports will be distributed in a manner to conserve resources. Electronic
routing of reports is preferred to printing.
d. Additions or changes to existing Email reports may be requested through the
Email Technical Monitor. Permanent additions or changes to Email reports will
be evaluated and approved/disapproved by the Email Technical Monitor and the
necessary changes carried out by the Email PSC.
5.0 DEFINITIONS
Email reporting consists of operational, administrative, management, and customer services
reporting.
6.0 STANDARDS
Monthly and quarterly reports will be available for distribution 7 working days after the end of
the report penod.
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. VAX Email Systems Reports Package (pending)
Research Triangle Park, NC: National Data Processing Division. (Internal documentation for
DEC Technical Services Group.)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email System Management NO. 320.09
APPROVAL: $£ -?:'.. i,'.,v- x DATE:
1.0 PURPOSE
The EPA Email System Management Policy establishes the following course of action pertaining
to electronic mail:
a. Objectives for managing the system.
b. Functions to be managed to meet the objectives.
c. Responsibilities for system management, administration, operation, and customer
support.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for providing
management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Email Technical Monitor will coordinate Agency wide use of the EPA Email system,
establish usage standards, provide overall operations monitoring and control, and manage all
aspects of the Email system.
The Email Coordinators will coordinate all EPA Email activities within their organizations.
The Primary Support Contractor will establish an NDPD Email Support Group. The group will:
a. Provide general technical support.
b. Coordinate all EPA Email system training.
c. Perform all EPA Email system management and administrative functions.
d. Provide administrative support to the EPA Email Technical Monitor.
4.0 POLICY
a. The EPA Email system will be managed in a manner to provide a cost-effective,
reliable, available, and accessible service to the EPA Email customer community.
b. The EPA Email system will be managed to meet the service levels defined in the
Standards section of Directive No. 320.15, EPA Email System Operations.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.09 Page 2 of 2
c. While the organizational structure of the NDPD and the supporting contractors
may change from time to time, the following major areas of responsibility will
be managed:
(1) Email System Customer Services.
(2) Email System Administration.
(3) Email System Management.
(4) Email System Operations.
5.0 DEFINITIONS
Customer Services: Includes any activity that involves direct interface with a customer, such
as training, documentation requests, problem reporting, tracking, and resolution, including
creating directory entries and distribution lists, as requested.
Administration: Includes reporting on activities necessary to operate and maintain the services.
Management: Must consider the process of planning and operating the Email system and
delivering services to the customers. Management must be concerned with providing sufficient
resources to operate the system, measuring customer satisfaction, providing needed features, and
setting standards for operating in a multi-vendor environment.
Operation: Must consider aspects such as system testing, evaluation, installation, operation,
maintenance, and archiving.
NDPD Email Support Group: Includes any and all Primary Support Contractor personnel
defined above who are involved in the support, management, or operation of the EPA Email
system.
6.0 STANDARDS
Refer to the following for more information about standards:
Directive 320.02: EPA Email Customer Registration
Directive 320.07: EPA Email Additional Services
Directive 320.08: EPA Email Report Generation
Directive 320.15: EPA Email System Operations
7.0 PROCEDURE REFERENCE
a. U. S. Environmental Protection Agency, (pending) ALL-IN-1 Management
Guide (written under contract with TPMC) Research Triangle Park, NC:
National Data Processing Division. (Location: EPA Technical Monitor)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Configuration Management NO. 320.10
APPROVAL: $^J<.; £; jU J DATE: 7//4/9J
1.0 PURPOSE
The EPA Email System Management Policy establishes the following course of action pertaining
to electronic mail:
a. Requirements for operating the Email system.
b. Measuring current workload.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email system configuration.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. Email system configuration will be fully documented and updated at least
quarterly to maintain accuracy.
b. In order to provide effective and efficient service to the EPA Email customers the
Email Technical Monitor will monitor resource utilization on a periodic basis, but
not less than quarterly, and set thresholds for critical evaluation in order to
identify trends that indicate more resources need to be acquired, or resources may
be released or their use modified.
Resource utilization should include, but is not limited to data storage,
processing capacity, communications capabilities, message traffic, and
additional services utilization.
Trend analysis reports should include a historical perspective as well as
a narrative description of the effective causes and their duration.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.10 Page 2 of 2
c. The EPA Email system will be managed to conserve disk storage. Disk storage
use will be monitored and evaluated periodically, but at least twice a year.
Messages that have been processed by the customer (read, sent, etc.) will be
marked and deleted periodically.
d. Communications are response time based. Every effort will be made to minimize
reponse time to the customer. Responsive and efficient communications methods
will be selected and used.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Every two weeks Read messages marked more than 30 days old will be deleted.
Every two weeks Outbox (sent) messages marked more than 30 days old will be deleted.
The Email system will terminate a session (auto logoff) with any customer who has not been
active for 10 minutes.
Response time will be 5 seconds or less 95 percent of the time.
Refer to the following for more information about standards:
Directive 320.03: EPA Email Security
Directive 320.08: EPA Email Report Generation
Directive 320.11: EPA Email Workload Forecasting
Directive 320.15: EPA Email Operations
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. VAX Email Systems Reports Package
(pending) Research Triangle Park, NC: National Data Processing Division.
(Internal documentation for DEC Technical Services Group.)
b. U. S. Environmental Protection Agency. Configuration Management Procedures
(pending) Research Triangle Park, NC: National Data Processing Division.
(DEC Technical Services Group.)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Workload Forecasting NO. 320.11
APPROVAL: $*)*££ ^r.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.11 Page 2 of 2
6.0 STANDARDS
Refer to the following for more information about standards:
Directive 320.08: EPA Email Report Generation
Directive 320.09: EPA Email System Management
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency.'VAX Email Systems Reports Package (pending)
Research Triangle Park, NC: National Data Processing Division. (Internal documentation for
DEC Technical Services Group.)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Enhancement/Feature Evaluation NO. 320.12
and Selection
APPROVAL: 1&/M. y^JfJ^ DATE: 7//*/?J
1.0 PURPOSE
The EPA Email Enhancement and Service Evaluation and Selection Policy establishes the
following course of action pertaining to electronic mail:
a. Review, evaluation, and selection of features.
b. Purchase, installation, and announcement of selected features.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, ana support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. Enhancement and change requests are submitted to Email Support staff.
b. The Email Technical Monitor is responsible for evaluating and recommending
new services and features that may become available for the EPA Email system.
These may include vendor supplied features or purchased services from other
vendors that may be used with the Email system (e.g., OAG, CompuServe, etc.).
The final approval of additional services will be made by the NDPD Division
Director.
c. The NDPD Email Support Group will review and analyze new services and
features as required by the EPA Email Technical Monitor.
5.0 DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.12 Page 2 of 2
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1993) ALL-IN-1 Administrative
Procedures (Report 502/001) Research Triangle Park, NC: National Data
Processing Division. (Location: Publications Technical Library)
b. U. S. Environmental Protection Agency, (pending) ALL-IN-1 Management
Guide (written under contract with TPMC) Research Triangle Park, NC:
National Data Processing Division. (Location: EPA Technical Monitor)
c. U. S. Environmental Protection Agency, (pending) ALL-IN-1 Enhancement
Requests Procedures. Research Triangle Park, NC: National Data Processing
Division.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Connectivity Standards NO. 320.13
, i /
APPROVAL: HL/ --.. ''',. ' DATE:
1.0 PURPOSE
The EPA Email Connectivity Standards Policy establishes the following course of action
pertaining to electronic mail:
a. Interconnection standards (e.g., X.400, Internet).
b. Directory standards.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email connectivity standards.
4.0 POLICY
In order to provide the widest use and productivity of Email by the EPA the system will support
connectivity to other Email systems, both internal and external to the Agency. In providing this
connectivity EPA will attempt to follow all Government Services Administration (GSA)
guidelines and requirements regarding communications methods and standards. If the desired
connectivity cannot be obtained through recommended standards (e.g., GOSIP), exceptions will
be requested from GSA and the required connectivity will be provided in the most effective and
cost efficient manner.
a. The EPA Email system will provide industry standard interconnection capabilities
to allow EPA customers to communicate with other Email systems and conduct
the business of the Agency as efficiently as possible.
b. In the future, the EPA Email system will provide central directory services to all
connected internal Email systems. It is the intent of this directory to provide
look-up capabilities to any Email customer who is registered with the system.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.13 Page 2 of 2
5.0 DEFINITIONS
None.
6.0 STANDARDS
The interconnection standards supported by the Agency will include:
X.400. The international standard, specified in GOSIP, for message interchange
among external Email systems.
Internet. Access will be provided to an Internet gateway for message transfer
to the Internet public computer network.
Refer to the following for more information about standards:
Directive 320.01: EPA Email Usage Guidelines
The Total Support Program Email Report details the telecommunications access methods
supported from each EPA site to access the central Email system.
7.0 PROCEDURE REFERENCES
Not applicable.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email System Testing and Installation NO. 320.14
APPROVAL: ^J J? J^JJ? DATE:
1.0 PURPOSE
The purpose of the EPA Email System Testing and Installation Policy is to define the actions
that need to be taken to assure that EPA provides adequate service for the Email customer
community. In particular this policy covers:
a. New software release evaluation.
b. System testing.
c. Customer notification.
2.0 SCOPE & APPLICABILITY
This policy applies to all members of the EPA Email community, all NDPD and contractor staff
responsible for the management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Email Technical Monitor will direct the efforts of the Primary Support Contractor
(PSC) in order to assure compliance with this policy concerning the implementation of new
Email software.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. The most critical issues concerning the EPA Email system are stability, reliability
and availability. All new releases, upgrades, and maintenance releases to the
EPA Email system will be thoroughly tested and the results documented.
b. The EPA Email Technical Monitor and the Change Management Council are
responsible for reviewing and approving all proposed changes to the production
Email system prior to any implementation.
c. Customer notification that describes the schedule, changes, and impact on the
Email system shall be given prior to any implementation. Customer communica-
tion, for changes that nave customer impact, will be scheduled to take place so
that reasonable time remains for comments on the proposed changes. Communi-
cation should be done through the Email system whenever possible.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.14 Page 2 of 2
5.0 DEFINITIONS
None.
6.0 STANDARDS
Refer to the following for more information about standards:
Directive 320.05: EPA Email Customer Notification
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1993) Change Management Procedures Manual
(Report 245/001F) Research Triangle Park, NC: National Data Processing Division. (Location:
Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email Operations NO. 320.15
APPROVAL; jJLj. SW DATE;
1.0 PURPOSE
The EPA Email Operations Policy establishes the following service levels and course of action
pertaining to electronic mail:
a. Operations.
Service level goals.
System stability goals.
b. Scheduled hours of system availability.
c. System Backup.
d. Maintenance.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email system operation and/or support.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. Operations. EPA Email operations will adhere to the following guidelines
regarding hours of operation, service level goals, and system availability.
Service level goals.
The EPA Email response time will be reasonable and timely, based
on the telecommunications method used.
The central EPA Email system will be accessible through the
networks supported by Agency telecommunications facilities.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.15 Page 2 of 3
System Stability. The EPA Email system stability goal is 99.5 percent
each month, after allowing for scheduled maintenance.
b. Scheduled hours of system availability. The EPA Email system will be available
to the EPA customer community 7 days a week, 24 hours each day, except when
it is unavailable due to scheduled maintenance.
c. System Backup. System backups will be scheduled and taken to ensure that the
system can be restarted without data loss. Copies of system backups will be
maintained to assure that no data will be lost if a recovery is necessary. In
addition to scheduled times, backups will be taken any time that the EPA Email
Technical Monitor or the Operations/Systems Manager determines it necessary
(e.g., system upgrades, major modifications, or prior to system maintenance)..
d. The EPA PSC will schedule and perform maintenance at times when the system
is least used. Any maintenance done outside the regularly scheduled weekly
maintenance timeframe must be announced in advance via an Email banner
message.
e. Any system event that requires unscheduled maintenance will be carried out as
quickly as possible. Email customers will be notified as soon as possible after
any failure when the system will be available and any impacts to customer
messaging or other services. Any required maintenance other than emergency
fixes will be scheduled and executed at a time that will provide the least
disruption to the customers.
5.0 DEFINITIONS
None.
6.0 STANDARDS
EPA Email CPU response time will be less than 2 seconds plus communications access time,
95 percent of the time.
Backup data will be maintained for 90 days.
Incremental backups will be done nightly and whenever deemed necessary by the EPA Email
Technical Monitor or Systems Manager.
Normal system maintenance will be scheduled between 10 p.m. Sunday and 6 a.m. Monday.
Refer to the following for more information about standards:
Directive 320.03: EPA Email Security
Directive 320.05: EPA Email Customer Notification
Directive 320.10: EPA Email Configuration Management
Directive 320.13: EPA Email Connectivity Standards
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.15 Page 3 of 3
7.0 PROCEDURE REFERENCE
U. S. Environmental Protection Agency. (1993) Operations Handbook for the MAIL VAXcluster
(Report 507/001) Research Triangle Park, NC: National Data Processing Division (Location:
Publications Technical Library)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Email System Requirements NO. 320.16
A C- £ ''- /''/ V
APPROVAL: f&JA***- iwA*.'j <-' < DATE: 7/&/J3
* >«
1.0 PURPOSE
The EPA Email System Requirements Policy establishes the following course of action
pertaining to the requirements of electronic mail:
a. Basic messaging requirements.
b. Additional services.
c. Messaging to other Email systems.
d. File transfer capabilities.
e. Premium services.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0 RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0 POLICY
a. Classes of services. The EPA Email system will provide the following classes
of products:
(1) Basic Service - no additional usage charges.
(2) Additional Services - provided through EPA owned and operated equip-
ment. These are supplied at no additional charge. Bulletin boards and
videotext are examples of additional services.
(3) Messaging to other Email systems will be provided through X.400 and
Internet interfaces - no additional usage charge.
(4) File transfer capabilities will provide the ability to send binary files as
attachments to Email messages - no additional usage charge.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.16 Page 2 of 3
(5) Premium Services - services acquired or purchased by EPA from an
outside vendor. These services will be funded by the customer.
b. The Basic Services of the central EPA Email system will meet the criteria
specified in Section 5.0, Definitions.
c. All services except Premium will be provided to all registered customers of the
central EPA Email system.
d. Requests for the development of applications using Email services or enabling
technology must be submitted to the EPA Email Technical Monitor for review
and approval. Requests must be submitted at the level of Division Director or
above.
e. Premium services will be provided to customers after submission of an approved
Premium Services Request Form from an Agency credit card holder.
f. The central EPA Email system will be able to interface with word processing
software supported by the Agency.
5.0 DEFINITIONS
i
a. Basic Messaging Requirements.
Support and preserve the complete 128-character ASCII set.
Create messages on-line.
Upload previously prepared messages.
Edit messages.
Selectively read/scan messages.
Print messages.
Create public or private distribution lists.
Support alias/nicknames.
Track messages (read receipt).
Hold and resume creating messages.
File messages in subject folders.
Auto-forward.
New message notification.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.16 Page 3 of 3
Message distribution options.
Express (urgent).
Request response.
Message forwarding.
Carbon copy.
Delivery/read acknowledgement.
Delay/defer delivery.
Message disposition options.
Reply with original text.
- Reply without original text.
Forward to ID or distribution list.
Save.
Download.
Delete.
b. Additional Services - provided through EPA owned and operated equipment.
Bulletin Boards.
Public.
Private (limit access).
Online Text Storage (videotex!).
Distribution lists.
Banner notices.
c. Message exchange via messaging gateways (e.g., X.400, Internet).
d. Premium Services - services acquired or purchased by EPA from an outside
vendor.
e. File Transfer Capabilities. Transfer ASCII text or binary files.
6.0 STANDARDS
The central EPA Email system will be able to interface with the WordPerfect word processing
software and other word processing software meeting EPA support guidelines.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. (1991) ALL-IN-1 Technical Reference
Guide (Report 474/001) Research Triangle Park, NC: National Data Processing
Division. (Location: Publications Technical Library)
b. ALL-IN-1 News Conference (Bulletin Board), Premium Services Note. On-Line
ALL-IN-1 Bulletin Board (Available by signing on to Email, choosing BB from
the Electronic Messaging Menu, adding a conference (AC), and using Gold-L to
select the News Conference)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: National Voice Telecommunications NO. 330.01
APPROVAL: $fi'j£ ^>^lfe^ DATE: /d/2
1.0 PURPOSE
This policy outlines the responsibilities of EPA's National Voice Telecommunications
organization.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA employees and contract personnel who are involved in the design,
development, implementation, acquisition, and maintenance of EPA's telecommunications
network.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The EPA support contractor will establish an EPA National Voice Support Group. The group
will:
a. Provide general technical support.
b. Coordinate all National Voice functions.
The EPA support contractor will develop, update, and maintain procedures to implement this
policy.
The EPA support contractor will advise the EPA National Voice Technical Manager of potential
problems and system changes that might have an adverse impact on the EPA National Voice
network maintenance and/or support.
The EPA support contractor will perform the tasks necessary to meet the objectives of this
policy.
4.0 POLICY
The National Voice Telecommunications group shall:
a. Assist Regional Offices and field sites with the evaluation, planning, acquisition,
implementation, and development of voice telecommunications systems subject
to the FIRMR guidelines. (Funding source will be determined on a case-by-case
basis.)
b. Provide guidance to the Regional Offices and field sites in the areas of cost
control, traffic analysis, and other administrative functions.
c. Develop and update detailed site profiles for all of EPA's Regional Offices and
field sites.
-------
NDPD OPERATIONAL DIRECTIVE NO. 330.01 Page 2 of 2
5.0 DEFINITIONS
Telecommunications systems: The switching equipment and software required to satisfy
communications needs, e.g., PBX, Centrex, key telephone systems, and other voice peripheral
equipment.
6.0 STANDARDS
All requests will be submitted to the following:
National Voice Support
US EPA (MD-90B)
Research Triangle Park, NC 27711
7.0 PROCEDURE REFERENCES
(Draft) U. S. Environmental Protection Agency. (1992) National Voice Operations Policies and
Procedures Manual. Research Triangle Park, NC: National Data Processing Division, Office of
Administration and Resources Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: FTS2000 Business Office NO. 330.02
APPROVAL: $£&£ §-^JJ?DATE:
1.0 PURPOSE
This policy outlines the responsibilities of EPA's FTS2000 Business Office.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA employees and contract personnel who are involved in the design,
development, implementation, acquisition, and maintenance of EPA's telecommunications
network.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The EPA support contractor will establish and maintain an FTS2000 Support Group. The group
will:
a. Provide general technical support.
b. Coordinate all FTS2000 Group functions.
The EPA support contractor will develop, update, and maintain procedures to implement this
policy.
The EPA support contractor will advise the EPA FTS2000 Technical Manager of potential
problems and system changes that might have an adverse impact on the EPA FTS2000 network
maintenance and/or support.
The EPA support contractor will perform the tasks necessary to meet the objectives of this
policy.
4.0 POLICY
The FTS2000 Business Office shall:
a. Place and track all of the Agency's orders for FTS2000 services; ensure that all
orders are installed by their due dates, and expedite when necessary.
-------
NDPD OPERATIONAL DIRECTIVE NO. 330.02 Page 2 of 2
b. Provide information to EPA's national user community on the following:
FTS2000 services and applications.
Trouble handling.
Cost control methods.
Service pricing.
c. Report FTS2000 network troubles. Assist the Regional Offices and field sites in
the escalation of major outages and network troubles.
d. Validate EPA's monthly AT&T FTS2000 billing tape and document billing
disputes to GSA. Detect and report network misuse and implement preventive
mechanisms.
e. Manage projects to beta-test new voice telecommunications services and products
which would benefit EPA as well as other Federal agencies.
f. Support FTS2000 network security through call data collection, verification, and
monitoring. Recommend and implement technologies to detect and prevent
network abuse.
5.0 DEFINITIONS
Beta-test: Test performed with first-time users of new services not widely offered, serving as
a secondary testing site.
6.0 STANDARDS
All requests will be submitted to the following:
FTS2000 Business Office
US EPA (MD-90B)
Research Triangle Park, NC 27711
7.0 PROCEDURE REFERENCES
(Draft) U. S. Environmental Protection Agency. (1992) Telecommunications Procedures Manual,
Procedures EPA7500 through EPA7630. Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resources Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: Provision of FTS2000 Switched Voice NO. 330.03
Service to EPA Contractors
APPROVAL: , r DATE:
1.0 PURPOSE
This policy outlines the EPA's responsibilities in providing FTS2000 switched voice service to
EPA contractors.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA employees and contract personnel who are involved in the design,
development, implementation, acquisition, and maintenance of EPA's telecommunications
network.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The EPA support contractor will establish an FTS2000 Support Group. The group will:
a. Provide general technical support.
b. Coordinate all EPA FTS2000 functions.
The EPA support contractor will develop, update, and maintain procedures to implement this
policy.
The EPA support contractor will advise the EPA FTS2000 Technical Manager of potential
problems and system changes that might have an adverse impact on the EPA FTS2000 network
maintenance and/or support.
The EPA support contractor will perform the tasks necessary to meet the objectives of this
policy.
4.0 POLICY
The FTS2000 Business Office shall provide FTS2000 service to contractors when:
a. The contractor has a clear requirement to make long distance calls on EPA's
behalf.
b. The contractor's statement of work contains tasks that require making these long
distance calls.
c. NDPD has been notified (in writing) of the requirement and has been given
sufficient time to budget for the expense.
-------
NDPD OPERATIONAL DIRECTIVE NO. 330.03 Page 2 of 2
Note: If NDPD does not receive sufficient notification of a contractor's requirement for
FTS2000 service and FTS200Q service is clearly required for contract performance, then
the respective program office(s) must provide funding to NDPD prior to service
installation.
FTS2000 service will not be provided to contractors when:
a. Long distance telephone usage is determined to be "incidental" and not essential
to the performance of contractual requirements.
b. Other arrangements have been made in the statement of work.
5.0 DEFINITIONS
Incidental phone use: Phone use likely to occur in unpredictable or infrequent circumstances.
6.0 STANDARDS
All requests will be submitted to the following:
FTS2000 Business Office
US EPA (MD-90B)
Research Triangle Park, NC 27711
7.0 PROCEDURE REFERENCES
(Draft) U.S. Environmental Protection Agency. (1992) Telecommunications Procedures Manual,
Procedures EPA7510 through EPA7570. Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resources Management.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Cellular Equipment/Services NO. 330.04
Acquisition and Use
APPROVAL: jV DATE: 7.
ff X
1.0 PURPOSE
This document establishes EPA policy for the acquisition and use of cellular equipment and
services by EPA activities nationwide.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA regional and program office personnel as well as EPA
contractors, nationwide, who acquire and use cellular equipment and services.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
a. NDPD is responsible for reviewing this policy annually for needed modifications
and/or enhancements.
b. NDPD is responsible for providing guidance and recommendations to prospective
Agency cellular users concerning the acquisition, implementation, and sustained
operation of EPA cellular equipment.
c. NDPD is responsible for monitoring cellular service quality, nationwide, and
maintaining general Agency usage trends by conducting periodic surveys.
4.0 POLICY
A. Authority and responsibility fui cellular equipment acquisition, accountability, and
usage within EPA geographical or organizational boundaries rest with respective
EPA regional and program offices. This includes all direct, indirect, recurring,
nonrecurring, and other related costs to operate, maintain, and support cellular
equipment. Regional and program offices are encouraged to augment this policy
with more detailed operating procedures tailored to individual program require-
ments.
r
b. Within the regional and program offices, cellular equipment procurement request
authorizations are the responsibility of the respective Senior Information
Resources Management Official (SIRMO). Information copies of cellular
acquisitions should be submitted to the NDPD Telecommunications Branch. This
information will assist NDPD in ensuring emergency communications
interoperability. Information copies should be sent to the following address:
Deputy Chief, Telecommunications Branch (PM-211T)
US EPA Washington Telecommunications Center
401 M Street, SW
Washington, DC 20460
-------
NDPD OPERATIONAL DIRECTIVE NO. 330.04 Page 2 of 4
c. Cellular telephones and other cellular equipment are to be used only for the
conduct of official Government business. Federal Information Resources
Management Regulation (FIRMR) and Code of Federal Regulations, Titles 5 and
41, address disciplinary actions and collection efforts that can be taken against
Federal employees who misuse Government property or services. This includes
the unauthorized use of Government owned property, such as cellular devices,
with the intent to later reimburse the Government. FIRMR Bulletin C-13
authorizes certain calls using Government facilities, primarily in the local
commuting area, that may be necessary in the interest of the Government; these
provisions normally do not apply to cellular services except under extreme
circumstances, or during legitimate personal emergencies.
d. Government-acquired, mobile cellular equipment will not be installed in privately
owned vehicles of EPA personnel. Cellular equipment is authorized to be
procured and installed in the Government owned/leased vehicles if it is in the best
interest of the Government to meet the Agency's requirements.
e. Transportable and portable cellular equipment may be procured for those EPA
officials whose duties require constant and immediate telephonic availability,
either during normal duty hours or otherwise. These portable cellular instruments
are authorized to be transported and used in privately owned vehicles. Additional-
ly, a centralized cellular telephone "pool" may be appropriate for other EPA
personnel who may need immediate telephonic access during temporary absences
or travel required by regional or program offices. Such absences will normally
be for official business; however, in certain cases during personal absences or
travel, persons may still be required to be constantly available to program offices
for official reasons.
f. Procedures will be established by appropriate regional program offices for
reviewing monthly cellular billing in order to certify/verify that usage was for
official business.
g. Program offices are responsible for requesting an FTS2000 long distance
authorization code card to use the FTS network with the local cellular service
provider.
h. Normally, cellular equipment will be purchased rather than leased. Extraordinary
circumstances that require leasing cellular equipment for temporary periods
during emergency response situations (i.e., 30 to 90 days) may be authonzed by
SIRMOs.
i. Acquisition of cellular equipment and services will be in accordance with the EPA
Acquisition Regulation (EPAAR). Existing GSA regional contracts should be
used to purchase cellular equipment insofar as possible. Within regions, payment
for equipment and service may be provided under separate contract.
j. Cellular instruments must be accounted for, and they will be managed in
accordance with appropriate EPA property accountability procedures.
5.0 DEFINITIONS
Cellular Billing: The invoice detailing the usage of the cellular service provided by the cellular
carrier to the specific users of that service.
-------
NDPD OPERATIONAL DIRECTIVE NO. 330.04 Page 3 of 4
Cellular Service: The capability provided by the cellular carrier that allows a user to operate
radio telephone equipment.
El A: Electronic Industries Association, a standards organization.
FTS2000 Authorization: A personal card allowing the holder to access and use the Federal
Telecommunication Network from any location on the Public Switched Telephone Network
(PSTN).
IS: Interim Standard, an EIA associated standard.
Mobile Cellular: Cellular equipment, including telephone and facsimile, that is mount-
ed/installed in a vehicle. The transceiver, normally installed under the seat or in the trunk,
operates from the vehicular battery and generates 3 watts of power.
Nonrecurring: An initial cost charged for implementation of a specific type of telecommunica-
tions service that is charged one time only.
Portable Cellular: A small, possibly pocket-size, hand-held cellular telephone which is carried
by the user and offers the most freedom. A rechargeable battery provides .6 watt power.
Common names include flip-phones, micros, and minis.
Recurring: A charged rate for a specific type of telecommunications service that is repeated
throughout the period of the service.
TIA: Telecommunications Industries Association, a standards organization.
Transportable Cellular: Cellular equipment, including telephone or facsimile, that can be
transferred from one vehicle to another or from one location to another. This is a self-contained
unit with 3 watts of power; the unit is capable of operating from the vehicle battery or from an
optional battery pack, which gives it the versatility of being portable outside the vehicle. The
transportable telephones are sometimes referred to as "bag phones."
6.0 STANDARDS
Cellular equipment and services must adhere to EIA/TIA/IS cellular standards.
7.0 PROCEDURE REFERENCES
a. Code of Federal'Regulations, Title 5, part 735 and Title 41, part 201.
b. Federal Information Resources Management Regulation (FIRMR) Bulletin C-13,
"Management of Long Distance Telephone Service."
c. Office of Management and Budget (OMB), "Guidance on the Privacy Act
Implications of Call Detail Programs to Manage Employees' Use of the
Government's Telecommunications System."
d. EPA Privacy Act Manual, No. 2190 Rev. March 28, 1986.
e. EPA Emergency Communications Policy (Draft).
-------
NDPD OPERATIONAL DIRECTIVE NO. 330.04 Page 4 of 4
f. U. S. Environmental Protection Agency. NDPD Operational Directive 340.10,
Domestic Telephone Credit Cards and Authorization Codes, Research Triangle
Park, NC: National Data Processing Division (Contact T. Rogers, MD-34)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Telecommunications NO. 340.01
Program Management
APPROVAL: *«. << DATE:
1.0 PURPOSE
This document describes NDPD's policy for managing the acquisition, implementation, and
maintenance of telecommunications equipment, services, and support to EPA's Headquarters
facilities.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support telecommunications equipment and
services at EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
telecommunications equipment and services.
3.0 RESPONSIBILITIES
The organizational structure of the NOPD/Telecommunications Branch (TCB) staff authorized
to provide and obtain telecommunication services in the Washington, D.C. metropolitan area is
as follows:
a. Director, NDPD: Directs the management of all voice, data, facsimile, telex,
and image processing, storage, display, and communications services to all EPA
organizations and their employees and contractors. The Director approves all
related policies.
b. Chief, Telecommunications Branch: Directs the telecommunication programs for
EPA within the policies of NDPD.
c. Deputy Chief, Telecommunications Branch: Formulates, evaluates, and
recommends revisions to EPA plans and policies on telecommunications
management and operations as they pertain to all Headquarters Operations.
Reviews the quality and cost of telecommunications services to ensure that
maximum support is received as cost-efficiently and effectively as possible.
Manages all telecommunications activity in the Washington, DC area, including
ongoing operations and major projects. Sets rates charged to the program offices
for Telecommunications Services and equipment.
d. Headquarters Administrative Officers and ADP Coordinators:
(1) Administrative Officers (AOs): Approve Telecommunication Service
Requests (TSRs) for voice services. AOs are appointed by either a
division or branch chief within a program office. All installation and
relocation services from NDPD are obtained through the TSR.
-------
NDPD OPERATIONAL DIRECTIVE 340.01 Page 2 of 2
(2) ADP Coordinators: Approve Telecommunication Service Requests for
data services. The ADP Coordinator can be designated by either the
Responsible Program Implementation Official (RPIO) or the Senior
Information Management Official (SIRMO) of a program office. All
installation and relocation services from NDPD are obtained through the
TSR.
NDPD is responsible for maintaining and enforcing this policy and will review it annually for
needed modifications and/or enhancements.
4.0 POLICY
a. NDPD's Telecommunications Branch provides voice, data, facsimile, telex,
image, and radio communications services to all EPA organizations and their
employees and contractors at EPA Headquarters.
b. Rates charged to the program offices for services and equipment will be set no
less frequently than annually by NDPD. Rates will be based on actual costs to
NDPD.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Program Management (internal, 10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Telecommunications NO. 340.02
Equipment, Services,, and Support
APPROVAL: &&*****' ^A'^'s' DATE: 7/f/fj
1.0 PURPOSE
This document describes NDPD's policy for managing the acquisition, installation, use,
administration, and support for telecommunications equipment, services, and support functions
at EPA Headquarters facilities.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support telecommunications equipment and
services at EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
telecommunications equipment and services.
3.0 RESPONSIBILITIES
a. NDPD provides telecommunications voice, data, facsimile, telex, and image
communications equipment and services to all EPA organizations and their
employees and contractors at EPA Headquarters. NDPD performs or oversees
planning, design, engineering, installation, programming, relocation, mainte-
nance, and repair of these equipment and services. Some equipment and services,
defined by NDPD no less frequently than annually, are funded by requesting
program offices.
b. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. NDPD provides the following telecommunications equipment, services, and
support to all EPA organizations and their employees and contractors at EPA
Headquarters. NDPD will advise programs by annual memorandum of
equipment, services and support for which program office funding is required.
(1) Equipment.
Voice.
Single-line telephones.
- Feature telephones.
- Integrated Services Digital Network (ISDN) voice terminals.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02 Page 2 of 6
- Electromechanical key telephone systems.
- Electronic key telephone systems.
- Electronic hybrid telephone systems.
- Portable conferencing units.
- Secure voice terminals.
Data.
Local area networks (LANs) and LAN backbone access.
Printer-sharing devices.
Telecommunications devices for the deaf (TDD).
3270 controllers and access.
Data-switch access.
X.2S switches, pads, and access.
(2) Services.
Voice.
- Local exchange telephone service.
- Domestic interexchange telephone service.
- International telephone service.
- Telephone credit cards and authorization codes.
- Voice processing.
Multipoint audio teleconferencing.
- Secure calling.
- Directory assistance.
- Headquarters telephone directory.
Data.
- Access to national networks (SNA, X.25).
- Centrally managed LAN and Dataswitch services.
- Washington campus network.
Secure Telecommunications Center.
(3) Support.
Requirements analyses and feasibility studies.
Telecommunications Service Request (TSR) processing and
fulfillment.
Acquisition support.
Installation, testing, and acceptance.
Problem reporting, diagnosis, and resolution.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02 Page 3 of 6
b. The objective of NDPD is to provide each EPA Headquarters program with the
telecommunications equipment, services, and support it requires to function
effectively. Headquarters Telecommunications Branch staff will assist in
identifying and implementing solutions to telecommunications needs. Solutions
will meet identifiable operational requirements and will observe applicable
Federal Information Resources Management Regulations (FIRMRs) and
approaches to controlling costs.
c. Telecommunications equipment, services, and support provided to EPA
employees and contractors are to be used for official business purposes only.
EPA managers and supervisors are responsible for controlling the use of these
services in accordance with the Long Distance Call Verification Program
guidelines as described in EPA Information Resources Management @RM) Policy
Manual 2100, change 1, dated June 6, 1988, and in the NDPD Operational
Directive No. 340.02.
d. Equipment and services which are not included in the NDPD budget will be
funded by the program offices receiving the benefits of this equipment and
service. Prior to each fiscal year, the Deputy Chief, Telecommunications Branch
will issue to key program office officials in Washington a memorandum
describing equipment and service for which payment will be required, and the
corresponding charges during the forthcoming year.
e. Headquarters program offices request telecommunications equipment, services,
and support from NDPD through the Telecommunications Service Request
process. Program offices requesting arrangements beyond the scope of published
standards must document their requirement for NDPD review.
f. NDPD staff issue telecommunications advisories to inform Administrative
Officers and ADP Coordinators of changes that occur in normal service.
Advisories will be issued by the Telecommunications Branch on an as-required
basis and will contain information that is unique to Headquarters operations. The
Telecommunications Resources Handbook previously provided all AOs and ADP
Coordinators is the suggested repository for all such information.
5.0 DEFINITIONS
None.
6.0 STANDARDS
NDPD provides the following telecommunications equipment and services to all EPA
Headquarters program offices. The technical staff is prepared to support items or equipment
meeting equivalent functional and performance specifications.
a. Equipment.
(1) Voice.
Single-line telephones (2500-type single-line telephones).
Feature telephones: Panasonic and Comdial (for single-line sets)
and Comdial Voice Express 41 (for multiline sets).
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02 Page 4 of 6
ISDN voice terminals (AT&T ISDN 7506 and 7507 terminals).
Electromechanical key telephone systems (1A2 key telephone
equipment). Technical support will be limited to the installed base
or 1A2 equipment at Headquarters. NDPD will NOT install 1A2
equipment in new Headquarters buildings.
Electronic key telephone systems (AT&T Merlin and Spirit
systems).
Portable conferencing units (NEC VoicePoint).
Secure voice. RCA Secure Telephone Unit III (STU III).
Amplified handsets.
Noise-cancelling headsets.
Voice communications wiring and cabling systems that conform to
the current EIA/TIA Commercial Building Telecommunications
Wiring Standard and Commercial Building Standard for Telecom-
munications Pathways and Spaces. NDPD/TCB staff is the only
authorized source for voice or data communications cabling at any
EPA facilities.
(2) Data.
Local area network cabling for LANs conforming with the Token
Ring (IEEE 802.5) and Ethernet (IEEE 802.3) standards. LAN
management will conform to NDPD LAN policies. Only autho-
rized NDPD personnel are permitted direct access to any back-
bone. All action affecting the backbone will be coordinated with
Headquarters LANSYS via the national TSR process.
Printer-sharing devices (Baytech printer-sharing devices).
Telecommunications Devices for the Deaf (TDD).
Data communications wiring and cabling systems that conform to
the current EIA/TIA Commercial Building Telecommunications
Wiring Standard and Commercial Building Standard for Telecom-
munications Pathways and Spaces. NDPD/TCB staff is the only
authorized source for data or voice communications cabling at any
EPA facilities.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02 Page 5 of 6
b. Services.
(1) Voice.
Local-exchange telephone service. Washington Interagency
Telecommunications System (WITS) and Consolidated Centrex
local-exchange telephone service are provided under GSA contract
by the Chesapeake and Potomac (C&P) Telephone Companies.
EPA is required to utilize GSA WITS and/or Consolidated Centrex
services in the Washington, DC metropolitan area.
Domestic interexchange telephone service. Federal Telecommuni-
cations System 2000 (FTS2000) Network A domestic interex-
change telephone service is provided under GSA contract by
AT&T. EPA is required to utilize FTS2000 interexchange
services in the United States.
International telephone service. Commercial international
telephone service offerings are approved by NDPD. EPA
travellers should plan to use calling card and packet circuit
services for Email and EPA Network connectivity that are
available from EPA's International Services Contract with MCI
(Contract 68-W2-0022). Information on the use of this contract is
available by calling 202-260-9600.
Telephone credit cards and authorization codes. Telecommunica-
tions staff issues telephone credit cards for international usage or
FTS2000 authorization codes, when appropriate, to senior agency
officials who have a recurring need to mace long-distance tele-
phone calls from locations where FTS2000 service is not available.
Voice processing. Voice mail, interactive voice response,
enhanced call processing, and other voice-processing services are
provided by Agency-owned Octel systems.
Multipoint audio teleconferencing. Multipoint audio teleconfer-
encing services are provided by the Agency-owned MultiLink
system, installed at the Washington Telecommunications Center.
Secure voice calling. Secure voice calling services are provided
at the the Secure Telecommunications Center, located in the lower
concourse of Waterside Mall.
Directory assistance. Directory assistance services are provided
by the Washington Telecommunications Center's Directory
Assistance operators.
(2) Facsimile and telex.
Secure. Classified facsimile and both classified and unclassified
Department of State (DOS) and Automatic Digital Network
(AUTODIN) cables and messages are processed in the Secure
Telecommunications Center. The facility is located in the lower
concourse of Waterside Mall.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02 Page 6 of 6
c. Support. NDPD provides the following support services for voice, data, and
telex communications systems at Headquarters through the Agency's Telecommu-
nications Services Contractor and Primary Support Contractor.
(1) Requirements analyses and feasibility studies.
(2) Telecommunications Service Request processing and monitoring.
(3) Acquisition support, including order entry and tracking, functional and
system specification, and radio-frequency assignment application
processing.
(4) Implementation, testing, and acceptance.
(5) Problem reporting, diagnosis, and resolution.
(6) LAN backbone connections.
(7) Centralized LAN and data communications services, including modem
pooling, 3270 controller access, and Dataswitch access.
Requests for information on types of equipment, services, and support available should be
directed to the Washington Telecommunications Center (WTC) at 202-260-6778. Procurement
of these services by Federal Agencies is regulated by the General Services Administration (GSA)
and requires a Delegation of Procurement Authority (DPA). Program offices must submit their
requirements via a TSR along with a statement of need to the Washington Telecommunications
Center. Special types of telecommunications equipment and cabling may be procured by
program offices with NDPD approval. Program offices that have telecommunications
requirements not listed above must submit their requirements in a TSR accompanied with a
statement of need to the Washington Telecommunications Center.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Equipment, Services, and Support (internal, 10-92). EPA Headquarters,
Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
c. U. S. Environmental Protection Agency. EPA LAN User's Guide. (1990)
Research Triangle Park, NC: National Data Processing Division. Telecommuni-
cations Branch.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Telecommunications NO. 340.03
Service Requests
APPROVAL: fi^XC ;&*£>-.. DATE:
1.0 PURPOSE
This document describes NDPD's policy for processing and fulfilling Telecommunications
Service Requests (TSRs) at EPA Headquarters and for managing the scheduling and notification
of TSR work that may disrupt EPA Headquarters program office telecommunication services.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support telecommunications equipment and
services at EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
telecommunications equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides telecommunications voice, data, facsimile, telex, and image
communications equipment and services to all EPA organizations and their
employees and contractors at EPA Headquarters. NDPD performs or oversees
planning, design, engineering, installation, programming, relocation, mainte-
nance, and repair of these services. NDPD may require program office funding
before providing equipment and services.
b. Program offices appoint staff persons to serve as Administrative Officers (AOs)
and Automated Data Processing (ADP) Coordinators for their respective
organizations. An AO or ADP Coordinator is a point of contact within an
organization for voice or data TSRs, respectively, and is responsible for
coordinating the requisition, installation, training, funding and repair of
telecommunications systems, services, and support.
c. NDPD is responsible for reviewing, approving, and scheduling a due date when
a TSR is received and for communicating the date to the authorized TSR
originator. The TSR Due Date indicates when NDPD will complete work on the
TSR.
d. NDPD is responsible for providing notification to program offices of TSR work
that may disrupt telecommunications services.
e. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.03 Page 2 of 3
4.0 POLICY
a. Headquarters AOs and ADP Coordinators generally request equipment, services,
and support from NDPD through the Telecommunications Service Request
process. Program offices requesting equipment, service, and support arrange-
ments beyond the scope of published standards must document their requirement
for NDPD review.
b. EPA Headquarters program offices must follow TSR procedures when requesting
voice and data telecommunications equipment, services, and support.
c. Current voice and data TSR procedures are detailed in the Telecommunications
Resources Handbook (TRH) maintained by AOs and ADP Coordinators for each
program office. Periodic procedural updates are issued by the Telecommunica-
tions Branch. The quarterly AO/ADP Coordinators meetings provide a timely
forum for the exchange of such information.
d. Program offices will identify on an annual basis those individuals authorized to
sign TSRs. The TRH contains a current register of AOs and ADP Coordinators.
e. NDPD's Telecommunications Branch notifies program offices scheduled for TSR
work whenever such work may disrupt their telephone or data communications.
f. Notification of anticipated service disruption will be given to the program office
AO or ADP Coordinator. Whenever possible, such work will be scheduled
outside of standard business hours. However, when the work is due to a major
relocation of personnel, program offices should expect to experience some down
time. Every attempt will be made to minimize any disruption.
g. If a program office strongly believes that it cannot risk communications down
time, it has the option of paying the full overtime cost of technician time so that
work can be performed outside the program office's normal business hours.
h. Telecommunications Branch and contractor staff will escalate inquiries on all
TSRs not completed by their assigned due dates to the attention of the appropriate
EPA management staff. Program offices may also elect to escalate inqumes based
on the same criteria.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. Requests for telecommunications equipment, services, and supportincluding
moves, changes, installations, telephone feature additions, and removals-must be
made on the latest available version of EPA Form 5020-1. TSR forms can be
obtained from program office Administrative Officers (AOs). As defined in an
annual memorandum from the Deputy Chief, Telecommunications Branch,
program office funding may be required for equipment and services.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.03 Page 3 of 3
b. NDPD must include the TSR Due Date on the TSR form when a TSR is received
and communicate the date to the TSR originator. The TSR Due Date indicates
when NDPD will complete work on the TSR.
c. The cognizant support contractor will report missed TSR due dates to the
appropriate TCB contact so that they may be escalated within NDPD as follows
(current telephone numbers appear in the organizational section of the Headquar-
ters Telephone Directory):
(1) One day late or 1st delay: Deputy Chief, Telecommunications Branch.
(2) Second delay: Chief, Telecommunications Branch.
(3) Third delay: Director, NDPD.
Program office AO/ADP coordinators may elect to escalate any missed TSR
due dates, based on the criteria stated above, to the appropriate TCB staff
d. The following communications will be sent by the telecommunications staff to
Program offices when TSRs are on hold:
(1) Immediate written notification will be given to the customer of hold status.
(2) Monthly written status notification will be provided to the customer.
e. AOs and ADP Coordinators will be notified at least 5 working days in advance
of a possible service outage. This notification will be followed by a telephone
inquiry to ensure that the program office understands the planned action.
7.0 PROCEDURE REFERENCES
a. U.S. Environmental Protection Agency. EPA Headquarters Telecommunications
Service Request (internal, 10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Telecommunications NO. 340.04
Trouble Reporting
APPROVAL:*iVK*JUC *M£4**'\ DATE:
1.0 PURPOSE
This document describes NDPD's policy for reporting and clearing problems with voice, data
cabling, facsimile, telex, and image communications equipment and services at EPA
Headquarters facilities, including the policy for managing the scheduling of and notification for
trouble-response work that may disrupt EPA Headquarters program office telecommunication
services.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support telecommunications equipment and
services at EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
telecommunications equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides telecommunications voice, data, facsimile, telex, and image
communications services to all EPA organizations and their employees and
contractors at EPA Headquarters. NDPD performs or oversees planning, design,
engineering, installation, programming, relocation, maintenance, and repair of
these offerings.
b. Headquarters program offices report telecommunications technical problems and
obtain resolution of such problems through the trouble reporting process described
below.
c. NDPD is responsible for communicating the trouble due date/time promptly to
the trouble call originator.
d. NDPD is responsible for responding to telecommunications trouble calls within
the intervals specified below.
e. NDPD is responsible for providing notification to program offices where
maintenance work activities may disrupt telecommunications services.
f. Headquarters program offices are encouraged to escalate missed trouble
commitments to NDPD Telecommunications management.
g. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.04 Page 2 of 3
4.0 POLICY
a. Headquarters program office personnel must report telecommunications troubles
to the published EPA Headquarters Telecommunications help desk number 202-
260-HELP. The caller should provide trouble description, trouble location, point
of contact, and any other related information.
b. NDPD telecommunication will repair routine troubles in 8 work hours or sooner.
Emergency troubles will be processed immediately, technicians will be dispatched
within 30 minutes and the trouble will be cleared as soon as possible.
5.0 DEFINITIONS
a. Routine troubles.
(1) Troubles involving fewer than 10 workstation outlets, or troubles on less
than SO percent of the program office's workstations.
(2) Customer requirements do not require expedited service.
b. Emergency troubles.
(1) Troubles involving service disruption to more than 10 workstations or
troubles on more than 50 percent of a program office's workstations.
(2) Customer requirements necessitate emergency response.
6.0 STANDARDS
a. NDPD Headquarters Help desk will provide to the person reporting the trouble
information on the expected problem resolution. In addition the Help desk staff
will inform the customer when the trouble is cleared. The following due
dates/times apply to telecommunications troubles:
(1) Routine troubles to be repaired within 8 working hours or sooner.
(2) Emergency troubles will be processed immediately and, if required,
technicians will be dispatched within 30 minutes. Emergency troubles are
to be cleared as soon as possible.
b. The cognizant support contractor will report missed Trouble Ticket due dates to
the appropriate TCB contact so that they may be escalated within NDPD as
follows (current telephone numbers appear in the organizational section of the
Headquarters Telephone Directory):
(1) First delay: Deputy Chief, Telecommunications Branch.
(2) Second delay: Chief, Telecommunications Branch.
(3) Third delay: Director, NDPD.
Program office staff may elect to escalate any missed Trouble Ticket due dates
as indicated above.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.04 Page 3 of 3
c. The cognizant support contractor will ensure that trouble status information is
available to individuals designated on the trouble ticket. In the event the trouble
is not resolved in the standard time indicated, contractor staff will contact the
individual reporting the trouble with an updated status.
7.0 PROCEDURE REFERENCES
a. U.S. Environmental Protection Agency. EPA Headquarters Telecommunications
Trouble Reporting (internal, 10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Telecommunications NO. 340.05
Service Request and Trouble Reporting
Quality Control
APPROVAL: ** . ,' DATE:
1.0 PURPOSE
This document describes NDPD's policy for ensuring continued provision of high-quality
Telecommunications Service Request (TSR) and trouble support for telecommunications
equipment and services at EPA Headquarters facilities.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support telecommunications equipment and
services at EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
telecommunications equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides telecommunications voice, data, facsimile, telex, and image
communications equipment and services to all EPA organizations and their
employees and contractors at EPA Headquarters. NDPD performs or oversees
planning, design, engineering, installation, programming, relocation, mainte-
nance, and repair of these services. NDPD maintains proactive quality assurance
standards and procedures to ensure continuing provision of high-quality work on
Headquarters TSRs and trouble tickets.
b. Headquarters program offices request telecommunications equipment, services,
and support from NDPD through the Telecommunications Service Request
process; and obtain resolution of technical problems through the Trouble
Reporting process. Program offices are responsible for providing prompt,
accurate, and complete information in response to NDPD quality-assurance
inquiries, surveys, and reviews.
c. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. EPA Headquarters telecommunications staff will ensure continued compliance
with Total Quality Management (TQM) principles and practices when performing
work associated with TSRs or trouble resolution. Quality control cards will be
distributed to sample user satisfaction with the services provided. On-site
inspections of actual completed work will also be performed.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.05 Page 2 of 2
b. QA reviews will be performed on at least 10 percent of TSR and trouble-call
work completed by the EPA Headquarters telecommunications staff.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. NDPD will contact the program office customer within 1 day of completion of
each standard TSR to determine whether all telecommunications work was
performed satisfactorily.
b. NDPD will place Telecommunications Quality Survey cards at each workstation
worked on. The program office is encouraged to complete the survey form and
return to the Headquarters Telecommunications Supervisor for review and
appropriate action.
c. NDPD staff will perform full quality assurance reviews on at least 10 percent of
all TSRs and trouble reports within 1 week of completion. The QA reviews will
include site inspection of workmanship and adherence to NDPD standards.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Service Request and Trouble Reporting Quality Control (internal, 10-92). EPA
Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Program Office NO. 340.06
Acquisition of Telecommunications
Equipment, Services, and Support
APPROVAL: W***-**^-^ DATE:
1.0 PURPOSE
This document describes NDPD's policy for acquiring and procuring telecommunications
equipment, services, and support for EPA Headquarters facilities, including the determination
or funding sources.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support telecommunications equipment and
services at EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
telecommunications equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides telecommunications voice, data, facsimile, telex, and image
communications equipment and services to all EPA organizations and their
employees and contractors at EPA Headquarters. NDPD performs or oversees
planning, design, engineering, installation, programming, relocation, mainte-
nance, and repair of these equipment and services.
b. Program offices must contact their Telecommunications Customer Service
Representatives (CSRs) for assistance in completing telecommunications
procurement packages.
c. Headquarters Telecommunications CSRs are responsible for obtaining all EPA
Telecommunications staff approvals (technical or otherwise) on Procurement
Requests (PRs) for acquisition of NDPD-approved telecommunications equipment
and services.
d. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. Telecommunications equipment and services are procured by program offices
using EPA Form 1900-8 (Procurement Request/Order).
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.06 Page 2 of 3
b. Procurement of telecommunications equipment, services, and support must be
approved in writing by NDPD to assure that appropriate technical standards are
met. Requests for information on types of equipment available should be sent to
the Washington Telecommunications Center (WTC)(PM211T). In accordance
with Agency procurement guidance, all voice and data telecommunications
systems and equipment procured for use at EPA Headquarters must meet the
established standards for technical compatibility and connectivity as well as
standards for possible system growth and redesign. PRs for the procurement of
all telecommunications equipment and services under $5,000 should be approved
by TCB staff. PRs of $5,000 or more must be approved by the Director of
NDPD.
c. Headquarters program offices generally request telecommunications equipment,
services, and support from NDPD through the Telecommunications Service
Request (TSR) process. There are two exceptions:
(1) Program offices request radio-frequency assignments and call signs
through the Radio-Frequency Assignment Request (RFAR) process.
(2) Program offices request long-distance calling cards through the Long-
Distance Calling Card Application process.
Program offices requesting equipment, service, and support arrangements beyond
the published standards are required to document, in memorandum form, their
requirement for NDPD review.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. PRs originating in program offices for the procurement of telecommunications
equipment and services for use in EPA Headquarters must be approved by the
EPA Washington Telecommunications Staff to ensure that technical standards and
equipment compatibility requirements are met.
b. The following two types of PRs are used to acquire or purchase telecommunica-
tions equipment ana support:
(1) EPA Program Office Funded PRs: These are for items that are purchased
by program offices.
Upon approval by EPA Washington Telecommunications Staff,
Program Office Funded PRs will be logged in and then forwarded
through appropriate procurement channels by the Telecommunica-
tions Cost Accounting Staff (TCAS). The Program Office
Originator will be provided with a copy of the processed PR with
the date it was forwarded to PCMD.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.06 Page 3 of 3
The "deliver to" block of the SF 1900-8 must indicate the "WTC
Warehouse (PM211T)". This is to ensure timely and accurate
installation of the equipment. As a result, Program Office
Originators are responsible for forwarding a copy of the awarded
purchase order (PO) to the Telecommunications CSR.
Program Office Originators are responsible for tracking their
procurements excepting as described in the bulleted item below.
Equipment purchases from the GSA-administered Washington
Interagency Telecommunications System (WITS) contract are
handled uniquely. For WITS equipment purchases, program
offices need only to bring their PRs to their Telecommunications
CSRs. As a rule, WITS equipment orders are placed (obligated)
directly with the vendor by EPA Washington Telecommunications
Staff. Program Office Originators are provided with copies of
their processed orders.
(2) EPA Program Office Incremental (Reimburseable) Funding PRs: These
PRs reimburse NDPD for items provided out of stock and/or for
NDPD-provided telecommunication support, such as installation,
maintenance, and repair. The PRs are incrementally funded to NDPD's
Telecommunications Services Contract, in accordance with a memorandum
of instruction issued each fiscal year by the Deputy Chief, Telecommuni-
cations Branch.
c. Funding for purchase, installation, and support of telecommunications equipment,
services, and support is provided by program offices or, in some cases, by
NDPD. NDPD requires reimbursement from program offices for some types of
equipment, services, and support. Procurement of any telecommunications
systems or equipment must be approved by NDPD to assure that technical
standards and equipment compatibility requirements are met. Funding responsi-
bilities are defined by the memorandum of instruction issued each fiscal year by
the Deputy Chief, Telecommunications Branch, and which is subject to revision
within the fiscal year.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Program Office
Acquisition of Telecommunications Equipment, Services, and Support (internal,
10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Voice Processing Systems NO. 340.07
APPROVAL:^ >jft '?. /I/ n DATE: 6//t/f;
*****"-^ '-.-rt-'jtttV
1.0 PURPOSE
This document describes NDPD's policy for managing the acquisition, installation, use,
administration, and support of Voice-Processing Systems (VPS) at EPA Headquarters.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support VPS equipment and services at EPA
Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
VPS equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides VPS equipment and services to all EPA organizations and their
employees and contractors at EPA Headquarters. NDPD performs or oversees
procurement, planning, design, engineering, installation, programming,
administration, operation, relocation, maintenance, and repair of these services,
including all related equipment.
b. Program offices appoint staff persons to serve as Voice Messaging Site
Coordinators (VMSCs) for their respective organizations. A VMSC is the single
point of contact within an organization for VPS and is responsible for coordinat-
ing the planning, installation, training, funding and repair of VPS services.
c. NDPD is responsible for maintaining, enforcing, and educating program offices
in this policy and will review it annually for needed modifications and/or
enhancements.
4.0 POLICY
a. NDPD provides EPA Headquarters program offices with high-quality, cost-
effective, reliable VPS services, which include the following:
(1) Voice mail.
(2) Automated attendant.
(3) Interactive voice response.
(4) Enhanced call processing.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.07 Page 2 of 3
(S) Information center mailboxes.
(6) Voice forms.
b. Program offices must fund PRs for one-time purchase and installation of voice
mailboxes and annual PRs to cover annual maintenance charges. Headquarters
Telecommunications staff will provide each program office with an annual
accounting of their mail boxes.
c. Program offices may not use voice-messaging service on main or service-oriented
program-office telephone lines on which incoming callers require immediate
attention.
d. Headquarters Telecommunications staff sets the one-time purchase/installation
costs, as well as the annual maintenance costs.
e. Headquarters VMSCs generally request VPS services and support from NDPD
through the Telecommunications Service Request (TSR) and Procurement Request
(PR) processes. Program offices requesting equipment, service, and support
arrangements beyond the published standards are required to document in
memorandum form their requirement for NDPD review.
f. All Headquarters VPS equipment and services must be procured from the
standard EPA contract or be determined by NDPD to be compatible with NDPD's
existing VPS equipment and services.
5.0 DEFINITIONS
Voice mail: A service for receiving, recording, sending, storing, retrieving, listening to,
replying to, and forwarding voice messages.
Automated attendant: A service that greets incoming callers with voice prompts that instruct
them on how to reach the desired party's extension, a voice mail box, a group, or an
information recording.
Interactive voice response: A service that allows callers to query, retrieve, and listen (via
synthesized voice) to computer data base information based on telephone keypad input.
Enhanced call processing: A service that answers an incoming call and routes it to the
appropriate destination based on telephone keypad input from the caller.
Information center mailboxes: A service that answers an incoming call, disseminates
information to callers, and routes callers to other mailboxes or user extensions.
Voice forms: An information-collection service that answers an incoming call, plays pre-
recorded questions to callers, and records callers' verbal and touchtone keypad responses.
6.0 STANDARDS
a. EPA Headquarters program offices obtain VPS services from Agency-owned
Octel systems installed and operated by the National Data Processing Division.
These systems were obtained through the Agencywide standard voice mail
contract.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.07 Page 3 of 3
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Voice Processing
Systems (internal, 10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Voice Processing
Services Quick Reference Guide (external, 11-92). EPA Headquarters,
Washington, DC.
c. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Locator Service NO. 340.08
APPROVAL: A f / . DATE:
' ' '
1.0 PURPOSE
This document describes NDPD's policy for providing locator services at EPA Headquarters.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA Headquarters program office personnel who request, acquire, and
use locator service.
3.0 RESPONSIBILITIES
a. NDPD operates a consolidated locator service on behalf of EPA Headquarters.
b. Headquarters Administrative Officers (AOs) serve as Telephone Directory (TD)
contacts for their respective organizations. A TD contact is the single point of
contact within an organization for updating the locator data base for that
organization.
c. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. The EPA Headquarters locator staff will provide telephone locator service to EPA
program offices and the general public. The locator service will be available
Monday through Friday from 7:30 am to 6:00 pm, with the exception of Federal
holidays, by calling 202-260-2090.
b. Program office TD contacts must submit locator information on employees joining
their organization, must change locator information as required, and must request
deletion of employees as they depart. These actions will be taken in a timely
manner, so that the information on an organization's employees is current.
c. The TD contacts will submit Locator information on all Federal employees and
on-site contractors affiliated with their organizations. Federal employees will be
distinguished from other persons in all Locator files and publications.
5.0 DEFINITIONS
None.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.08 Page 2 of 2
6.0 STANDARDS
a. TD contacts must submit information on change of name, telephone number, mail
code, and location, and forward this information to the WTC (PM-211T). AOs
may use the Express Locator Change Form displayed in the Headquarters
Telephone Directory.
b. The EPA Headquarters Locator data base, which is the locator staffs primary
reference tool, contains the following information on all EPA employees and
on-site contractors:
(1) Name.
(2) Telephone number.
(3) Mail code.
(4) Location (city, building, room number).
(5) Designation as EPA employee or as other.
c. Members of the Telecommunication Branch staff will update the Locator data-
base within one business day of receipt of an Express Locator Change Form. It
is the responsibility of all EPA employees and contractor personnel to notify the
appropriate AO of any additions, deletions, or changes that need to be made to
the Locator. AOs are responsible for the accuracy ofinformation on the Express
Locator Change Forms.
d. Locator data base information is published twice each year as the alphabetical
section of the EPA Headquarters Telephone Directory. The locator data base is
used to update NDPD's National Locator.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Locator Service
(internal, 10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Telephone Directory NO. 340.09
APPROVAL; jjj^^ jfr^WV DATE: /*/f3
1.0 PURPOSE
This document describes NDPD's policy for managing the publication of the EPA Headquarters
Telephone Directory.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA Headquarters program office personnel who request, acquire, and
use copies of the EPA Headquarters Telephone Directory, as well as those who provide infor-
mation updates to the directory data base.
3.0 RESPONSIBILITIES
a. NDPD provides the EPA Headquarters Telephone Directory to all EPA
organizations and their employees and contractors at EPA Headquarters. NDPD
performs or oversees planning, preparation, production and updating of the
Headquarters Telephone Directory.
b. Headquarters program office Administrative Officers (AOs) serve as Telephone
Directory (TD) contacts for their respective organizations. A TD contact is the
single point of contact within an organization for updating the locator data base
for that organization. The locator data base is used to produce the Alphabetical
section of the Headquarters Telephone Directory. AOs are responsible for
providing Organizational and Regional data, including alphabetical listings of
EPA personnel and on-site contractors.
c. EPA Management and Organization Division, Office of Administration and
Resources Management, is responsible for providing official EPA organizational
structure, charts, and function statements, and for review of NDPD's compilation
of the material.
d. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. The full EPA Headquarters Telephone Directory will be published and distributed
to EPA Headquarters program offices, Regions, Laboratories, designated Federal
and State agencies and authorized contractor staff on a semiannual basis.
Supplements or updates to the Telephone Directory may be published as required.
Headquarters program offices will be provided one copy of the Directory for each
employee whose name appears in the Directory.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.09 Page 2 of 3
b. EPA employees wishing to make changes or additions to the EPA telephone
directory should contact the program office's AO. Once the changes or additions
are verified, the AO will forward the request to telecommunications staff for
inclusion in the next Directory.
c. Changes to distribution levels or requests for copies of the EPA Headquarters
telephone directory should be addressed to EPA Telecommunications, Washington
Telecommunications Center (PM-211T). The public may acquire copies by
purchasing the item through the Government Printing Office (GPO); copies for
public distribution are not available from EPA.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. Each full EPA Headquarters Telephone Directory will contain, at a minimum, the
following sections:
(1) How To Use Your Telephone.
(2) Organizational Directory.
(3) Organizational Charts (with function statements).
(4) Alphabetical Directory.
(5) Subject Directory.
(6) Regional Directory.
(7) Hotline Directory.
(8) Facsimile Directory.
(9) Agency Directory.
(10) General Information.
b. Each section of the directory will adhere to EPA and the Government Printing
Office (GPO) regulations and guidelines--in particular, U.S. Code, Title 44,
Chapter 5: Production and Procurement of Printing and Binding and implement-
ing regulations.
c. Information on Federal employees will appear in bold-faced type in the Telephone
Directory. Information on on-site contractors will appear in a lighter faced type.
This data will be verified against EPA's payroll system (EPAYS) to ensure the
accuracy of existing and new data.
d. Information in the Subject, Hotline, Facsimile, Agency, and General sections will
be verified with program offices before publication.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.09 Page 3 of 3
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Telephone Directory
(internal, 10-92). EPA Headquarters, Washington, DC.
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Domestic Telephone NO. 340.10
Credit Cards and Authorization Codes
APPROVAL: $fe&* &>Jl:- ( DATE:
1.0 PURPOSE
This document describes NDPD's policy for provision of long-distance domestic telecommunica-
tions access to Headquarters personnel for official Agency business when FTS2000 access is not
available, as well as the responsibilities of Agency officials for use of this service.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA Headquarters program office personnel who request, acquire, and
use domestic telephone credit cards and authorization codes.
3.0 RESPONSIBILITIES
a. NDPD is responsible for providing long-distance telecommunications access for
conduct of official Agency business to EPA officials based in the Headquarters.
The Deputy Chief, NDPD Telecommunications Branch, formulates, evaluates and
revises EPA plans and policies for the provision of long distance service when
FTS access is not available; reviews the quality, cost, and need for these services
to ensure that the maximum level of support is provided as cost-efficiently and
effectively as possible; reviews all requests for program-funded long distance
calling card accounts; and approves use and termination of service.
b. Program offices are responsible for funding the full cost to NDPD of providing
domestic telephone credit cards.
c. NDPD provides telephone credit cards and FTS2000 authorization codes to EPA
organizations and their employees and contractors at EPA Headquarters. NDPD
performs or oversees use, administration, tracking, and control of these cards and
codes.
d. NDPD, in accordance with FIRMR Bulletin C-13, is responsible for the monthly
verification of all calls and calling charges as official government business.
e. NDPD is responsible for annual validation or review of the requirement for
providing the service.
f. Headquarters Administrative Officers (AO) are responsible for ensuring the
security of the long distance access, requesting additional cards, issuing and
retrieving cards as employees join and leave their organization and processing
funds to pay for the services received.
g. EPA staff users (card holders) are responsible for ensuring the security of their
cards, for utilizing the service only for official Agency business and for assisting
NDPD/TCB personnel as the latter perform monthly verifications and annual
audits. Users are also responsible for reimbursing the Agency for any calls
identified by the verification process as personal (not official).
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.10 Page 2 of 3
h. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. An inventory of unissued cards will be maintained by NDPD TCB staff.
b. Cards can be obtained by sending a completed Calling Card Request Form,
requesting a permanent card, to the TCB Calling Card Program Manager. This
process shall be coordinated by the requestor's AO. TCB management will
approve or deny each request based on the following criteria:
(1) Each applicant must demonstrate a need for a card due to frequent travel
to locations without FTS access.
(2) Each request must be accompanied by approved funding, or cite funding
already provided to pay for credit card services.
Programs will prefund all telephone credit cards with Incremental Funding
Procurement Requests (PR). These PRs will be processed by and available funds
monitored through TCB staff. Program offices are encouraged to consolidate
their funding actions into as few PRs as possible.
c. Upon receipt of approval by the TCB Calling Card Program Manager, TCB Cost
Accounting staff will establish an account for the program office.
d. Card privileges can be terminated at the discretion of the Deputy Branch Chief,
Telecommunications Branch, based upon the following criteria:
(1) Calling patterns that include the following.
Local telephone calls.
Multiple users, i.e. sharing of the card number with co-workers
Misleading certification of charges.
(2) Failure to certify each month's charges promptly.
(3) Determination during validation that a need for the card no longer exists.
5.0 DEFINITIONS
Abnormal Charges: Charges, either individual or aggregate, which appear to fall outside of the
normal calling pattern(s)/standards established by the card holders. Such abnormalities may
result from a card and/or its number being compromised.
Abusive Charges: Charges, either individual or aggregate, which do not meet the criteria and
regulations for use of the service, including personal communications. Abusive activity may be
the result of the cardholders' failure to follow the policy and regulation guidelines, or it may be
the result of a card and/or its number being compromised. Charges for local calls are
considered abusive charges.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.10 Page 3 of 3
Official Business Calls: Long-distance calls which may include emergency calls and other calls
the Agency determines are necessary in the interest of the Government when Government
provided service is not available (for further details and examples, see FIRMR Bulletin C-13).
6.0 STANDARDS
Program offices are required to perform monthly certification of all telephone credit card bills.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Telephone Credit
Cards and Authorization Codes (internal, 10-92). EPA Headquarters, Washing-
ton, DC.
b. U.S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Audio NO. 340.11
Teleconferencing Center
APPROVAL: fflf*- '-«*r-* DATE:
1.0 PURPOSE
This document describes NDPD's policy for operation of the Audio Teleconferencing Center
located in the EPA Headquarters Washington Telecommunications Center.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors nationwide who use the services of the
Audio Teleconferencing Center.
b. All EPA program office personnel nationwide who request, acquire, and use
audio teleconferencing equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides multipoint audio teleconferencing to all EPA organizations and
their personnel nationwide and provides portable teleconferencing units to all EPA
Headquarters organizations and employees through the Audio Teleconferencing
Center at the Washington Telecommunications Center (WTC).
b. Users are encouraged to follow reservation, operational, and trouble reporting
procedures documented in the Audio Teleconferencing Services Quick Reference
Guide.
c. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. NDPD provides EPA program offices nationwide with high-quality, cost-
effective, reliable, full-duplex multipoint teleconferencing service. Conferences
will typically operate in the meet-me mode and be monitored for quality by the
WTC staff, which will assist in solving conference problems. Detailed guidance
to conferees is available in the EPA Audio Teleconferencing Services Quick
Reference Guide, which is available through the WTC.
b. The Audio Teleconferencing Center provides portable conferencing units to
Headquarters personnel on a first-come, first-served, temporary-loan basis for use
in EPA offices and conference rooms.
c. The Audio Teleconferencing Center provides teleconference speaker training and
user manuals to users upon request.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.11 Page 2 of 2
d. NDPD provides program offices with assistance, upon request, with the
analytical, design, and engineering services:
(1) In support of the design or refurbishment of facilities which will be used
for teleconferencing.
(2) To certify facilities that meet the established standards.
Note: NDPD will issue a separate policy on teleconferencing facility design and
certification during 1993.
e. NDPD provides multipoint audio teleconferencing service to EPA personnel
nationwide through the Audio Teleconferencing Center, which operates during
normal working hours: Monday through Friday from 8:00 a.m. to 6:00 p.m.,
excepting Federal holidays. Program offices requesting equipment, service, and
support arrangements beyond the published standards are required to document
their requirement for NDPD review.
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. NDPD provides EPA program offices nationwide with high-quality, cost-
effective, reliable, full-duplex multipoint conference calls through MultiLink
digital audio teleconferencing bridges installed in the Audio Teleconferencing
Center.
b. Requests for Audio Teleconferencing Center services and equipment should be
submitted to the center at least 24 hours prior to the planned conference, because
use of these services and equipment often exceeds system capacity. USERS
MUST ADVISE IMMEDIATELY when a conference is cancelled.
7.0 PROCEDURE REFERENCES
a. U. S. Environmental Protection Agency. EPA Headquarters Audio Teleconferen-
cing Center (internal, 8-92, updated 10-92). EPA Headquarters, Washington,
DC.
b. U.S. Environmental Protection Agency. EPA Headquarters Audio Teleconferen-
cing Services Quick Reference Guide (internal, 12-91). EPA Headquarters,
Washington, DC.
c. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: EPA Headquarters Print-Sharing Services NO. 340.12
APPROVAL: &'A*&i ?>:: -S'.\- < ; DATE:
1.0 PURPOSE
This document describes NDPD's policy for managing the acquisition, installation, use,
administration, and support of print sharing devices at EPA Headquarters facilities.
2.0 SCOPE & APPLICABILITY
This policy applies to the following personnel:
a. All NDPD personnel and contractors who plan, design, engineer, implement,
administer, maintain, repair, and support print-sharing equipment and services at
EPA Headquarters facilities.
b. All EPA Headquarters program office personnel who request, acquire, and use
print-sharing equipment, services, and support.
3.0 RESPONSIBILITIES
a. NDPD provides print-sharing devices to all EPA organizations and their
employees and contractors at EPA Headquarters. NDPD performs or oversees
planning, design, engineering, installation, programming, relocation, mainte-
nance, and repair of this equipment.
b. NDPD is reimbursed for the full cost of providing print-sharing service by the
program office.
c. NDPD is responsible for maintaining and enforcing this policy and will review
it annually for needed modifications and/or enhancements.
4.0 POLICY
a. Telecommunications Branch Headquarters staff must approve all devices to be
installed in EPA Headquarters facilities for the purpose of print-sharing.
b. Headquarters program offices request print-sharing equipment from NDPD
through the Telecommunications Service Request (TSR) process. Program offices
may choose to acquire such devices directly from Telecommunications Branch
stock on a reimbursable basis. Program offices are responsible for reimbursing
the Telecommunications Branch for any new hardware acquired, any installation
work performed, and for developing the appropriate TSR and supporting
documentation.
c. Program offices requesting equipment and service arrangements beyond the
published standards are required to document their requirement for NDPD review
and approval.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.12 Page 2 of 3
5.0 DEFINITIONS
None.
6.0 STANDARDS
a. All print-sharing devices will be configured for serial connections (thin wire) for
all workstations in excess of 15 feet from the box. Any workstation within IS
feet will be allowed to use parallel (thick wire) connection. The acquisition of
any additional communications boards required in program office PC's will be the
responsibility of the program office.
b. A Telecommunications Service Request Form (TSR EPA Form 5020-1) is
required. Program offices should submit the TSR along with a floor plan
showing the EXACT location of each workstation or printer outlet to the TSR
Control Desk, in the Washington Telecommunications Center (WTC) PM211T
located on the mall level of the Waterside Mall complex.
c. Payment for print-sharing devices and/or cable installation will be accomplished
via a funded Purchase Request (PR) completed in accordance with the Deputy
Chiefs annual memorandum titled "Payment for Telecommunications Work".
d. NDPD will compute the charge to program offices for provisioning of new or
reconditioned print-sharing devices based on the cost of the equipment plus the
cost of installation. The installation charge is the actual hardware cost of the
print-sharing device and a set fee for each connection to the print-sharing device.
The charge includes NDPD costs for the following services:
(1) Acquiring and installing the print-sharing device.
(2) Running cable between the print-sharing device, workstations, and
printers.
(3) Installing cable between workstations/printers and wall outlets.
e. In the event a program office relocates or finds another technology to provide
print sharing, the used print sharing device will be returned to the telecommunica-
tions warehouse for reissue. Program offices receiving reissued/reconditioned
equipment will only be charged based on the formula used for costing recondi-
tioned units indicated above.
f. At the option of EPA Telecommunications Branch in an effort to enhance
serviceability of these units, any device installed may be located in a centralized
location. This may result in the program office having to acquire additional serial
PC ports. Program offices are expected to absorb these costs.
7.0 PROCEDURE REFERENCE
a. U. S. Environmental Protection Agency. EPA Headquarters Print-Sharing
Services (internal, 10-92). EPA Headquarters, Washington, DC.
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.12 Page 3 of 3
b. U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
Resource Handbook (external, 10-91, updated 10-92). EPA Headquarters,
Washington, DC.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: National Environmental Supercomputing Center NO. 400.01
(NESC) Mission
. ' f~\
APPROVAL:^..-..1.. .- ::'.--'' DATE:
1.0 PURPOSE
This policy establishes the mission of the Environmental Protection Agency's National
Environmental Supercomputing Center (NESC) in Bay City, Michigan.
2.0 SCOPE & APPLICABILITY
This policy applies to all involved in the programs and services of the EPA's National
Environmental Supercomputing Center including Agency personnel, contractors, grantees, and
participants in cooperative agreements.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The NESC is responsible for providing Supercomputing service to customers within the Agency
as well as to external customers.
NDPD is responsible for providing assistance in procuring hardware, software, and pther
equipment for the Bay City Facility; providing telecommunications planning for and providing
connectivity to the NESC in accordance with Agency Telecommunications Request for Services;
providing assistance in strategic planning efforts for the NESC as a part of such planning for the
EPA as a whole.
The NDPD will also be responsible for providing specific assistance in the following areas:
a. Facilities Management (FM) Support.
b. Problem Management.
c. Change Management.
d. Configuration Management.
e. Capacity Management.
f. Documentation Support.
4.0 POLICY
a. The National Environmental Supercomputing Center is to provide high perfor-
mance computing resources necessary to support environmental research or global
proportions, improved science for the development of regulations, and educational
programs for the environmental and computational sciences.
-------
NDPD OPERATIONAL DIRECTIVE NO. 400.01 Page 2 of 2
b. The National Environmental Supercomputing Center will follow NDPD
operational policies as they apply to the supercomputing environment. (Some of
the existing NDPD operational policies will require modification to be applicable
to a supercomputing environment.)
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
None.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: National Environmental Supercomputing Center NO. 400.02
(NESC) Customer Interface
APPROVAL: *$&**- - ~*'-'- 7c" < DATE:
1.0 PURPOSE
This policy specifies how potential customers of the NESC are to contact and interface with the
facility for the purpose of requesting the allocation of resources for environmental science
research projects.
2.0 SCOPE & APPLICABILITY
This policy applies to all EPA personnel, contractors, cooperative scientists, and academic
organizations and grantees that seek to use supercomputing resources at the NESC.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0 RESPONSIBILITIES
The NESC is responsible for determining what projects will be allocated resources and the
amount of resources that will be provided to each individual project.
Each petitioner for NESC allocated resources will be responsible for submitting a proposal to
the Director of the NESC in order to be considered.
4.0 POLICY
a. NESC supercomputing resources will be allocated to a project only upon approval
of a standard proposal submitted to the NESC in Bay City.
b. All proposals will be submitted using the format and procedures contained in the
NESC Supercomputing Resource Allocation Request document.
c. Requests for the NESC Supercomputing Resource Ajlpcation document should
be made to the Secretary to the Director either in writing, to the address given
in Section 6.0 below, or by calling the NESC Director's Office.
d. The NESC will establish and maintain a data base of existing and potential
customers of NESC services.
e. The NESC will develop and maintain programs to "market" and educate potential
future customers for NESC services.
-------
NDPD OPERATIONAL DIRECTIVE NO. 400.02
Page 2 of 2
5.0 DEFINITIONS
The definitions that follow describe the scope of customers of NESC services:
a. Those who have either the wish or the need to receive information about the
NESC and its services and have the means to obtain those services.
b. Those individuals who have User-IDs with valid accounts on the NESC system.
c. Application system managers for those programs, such as AREAL, that may
require NESC resources.
d. EarthVision participants.
Other customers are to be defined as the nature and scope of NESC services develops over time.
6.0 STANDARDS
All proposals are to be submitted to: Director
NESC
135 Washington Street
Bay City, Michigan 48708
Phone: (517)894-7695
7.0 PROCEDURE REFERENCE
NESC Super-computing Resource Allocation Request. This document is published by the
NESC and is distributed to all potential requestors of NESC services either through a distribution
list developed from requests for NESC training programs or other mailing lists.
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC System Management NO. 420.01
APPROVAL: &flvS'^i ^;y.; <\' DATE:
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) System Management policy
establishes:
a. Objectives for managing the system.
b. Functions which will be managed to meet the objectives.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management, operation, or maintenance of
the NESC.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will adhere to NDPD policies and perform the tasks necessary to meet policy
objectives.
Any deviation from this policy must be approved in writing by the Director of NDPD and be
incorporated in the applicable primary support contractual documents.
4.0 POLICY
a. The NESC will be managed in a manner which provides cost-effective service to
the customer community.
b. The NESC will be managed to meet the service levels defined by the Director of
NDPD and required by the primary support contract.
c. While the organizational structure of NDPD and the primary support may change
from time to time, the following major functional areas of responsibility will be
managed:
(1) System Operations.
(2) System Software Maintenance.
(3) Data Communications Support.
(4) System Performance Tuning.
(5) Capacity Planning.
(6) Customer Services.
(7) Visualization Support.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.01 Page 2 of 2
d. The Primary Support Contractor will, in concert with NDPD technical managers,
ensure that NDPD operational policies are implemented for each of the areas of
responsibility identified above.
5.0 DEFINITIONS
System Operations: Consists of console and peripheral equipment operation, physical facilities
management, data storage management, preventive and remedial hardware maintenance
scheduling, change management, and production control.
System Software Maintenance: Consists of installing and maintaining all vendor-supplied
software. This includes Cray system and program products, as well as software supplied by
third party vendors.
Data Communications Support: Consists of installing, maintaining, and monitoring the
performance of all data links and associated equipment in use at NESC.
System Performance Tuning: Consists of all activities required to ensure that the goals defined
in the service level policy are met on a daily basis.
Capacity Planning: Consists of all activities required to predict future workload and to identify
resources which must be acquired to meet the service level policy objectives in the future.
Customer Services: Consists of customer support activities for problem resolution, customer
registration and billing, and central data base administration.
Visualization Support: Consists of the activities required to design, develop, implement, and
maintain a visualization laboratory and associated support services for supercomputer customers.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Service Levels NO. 420.02
APPROVAL: *£&**-''>'.'- -'^ D\TE: 7//?J
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Service Level policy establishes:
a. NESC components.
b. Access rules for NESC.
c. Hours of availability.
d. System stability goals.
e. Reporting.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD and Primary Support Contractor (PSC) personnel (as applicable
under their contract) responsible for the management, operation, or maintenance of the NESC,
and to customers of this computing resource.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will adhere to NDPD policies and procedures to ensure that service level objectives
are met. The Primary Support Contractor will also advise NDPD of potential problems which
might have an adverse impact on the NESC.
The PSC will monitor resource utilization by NESC customers in order to guarantee that they
are provided computer time and/or other resources in accordance with allocations agreed to by
the Supercomputing Research Planning Working Group (SRPWG) and the Supercomputing
Resource Allocation Executive Council (SRAEC). NDPD will provide the NESC Primary
Support Contractor information on NDPD/Customer agreements. Status information on
budgeted vs. actual usage will be provided to the SRPWG by the Primary Support Contractor
in support of SRPWG periodic meetings.
The customer community will comply with the utilization provisions of this policy.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the NESC SRAEC and NESC SPRWG and be incorporated in the applicable
primary support contractual documents.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.02 Page 2 of 4
4.0 POLICY
a. NESC components:
(1) The NESC consists of a high-performance, scientific computing environ-
ment necessary to attack the environmental challenges of the EPA. The
NESC is composed of major components needed to provide a supercom-
puter facility and support capabilities. It is comprised of:
(a) One or more supercomputers such as a Cray Y-MP8I/2S6.
(b) High-capacity, high-speed data storage subsystems such as an STK
Silo.
(c) High-resolution visualization graphics equipment.
(d) High-speed communications lines and controllers such as Tl, T3,
and 56kb lines and NSC communications routers.
(2) The NESC is dedicated to processing scientific applications such as
environmental modeling and the analysis of experimental data. Nonscien-
tific applications are not to be processed at NESC.
(3) System software consists of:
(a) General purpose operating system environment supporting
multiprocessors and time sharing/slicing such as UNICOS on the
Cray.
(b) General purpose third-party vendor software products that support
common customer needs such as the "Gaussian 92" software
program.
b. Access Rules for NESC:
(1) The NDPD Director, after consultation with the SPRWG and SRAEC,
will approve customer access to the NESC and will establish direction on
levels of usage to be allowed for each customer.
(2) The Primary Support Contractor will guarantee levels of service for the
NESC customers in keeping with overall available resources and with the
goal of minimizing job turnaround time while maximizing resources, such
as memory and disk space, available to each customer.
c. Hours of Availability:
(1) The NESC will be available to the customer community 24 hours a day,
7 days a week, with the following restrictions:
(a) The system will be unavailable on Mondays from 5:00 a.m. to
8:00 a.m. Eastern Time for system preventative maintenance.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.02 Page 3 of 4
(b) Prescheduled maintenance, in addition to regularly scheduled
preventive maintenance, must be approved by the EPA NESC
Director and the Primary Support Contractor site Manager before
being done. Customers will be notified at least 7 days before the
maintenance is to be performed, if it will effect their access. This
maintenance will be used for such activities as installation of new
equipment and/or special maintenance such as overhauling a major
water chiller. Prescheduled maintenance time will not be consid-
ered part of scheduled production time.
(2) A console operator will be present from 7:30 a.m. until 12 midnight,
Monday through Friday, and on Saturday and Sunday from 7:30 a.m.
until 3:30 p.m.
(3) Scientific Computer Support will be available from 8:00 a.m. until 5:00
p.m., Monday through Friday.
d. The NESC stability/service level goals are:
(1) An up-time percentage of at least 99 percent of scheduled production time
for the processor complex.
(2) An up-time percentage of at least 99 percent of scheduled production time
for access via a major telecommunications route to the NESC.
(3) A Mean Time Between Failures (MTBF) to be greater than 96 hours for
the Cray and STK Silos and a Mean Time To Repair (MTTR) of 2.0
hours or less where the MTTR time begins when the maintenance team
arrives. These mean times will be calculated over each trimester period
of October-January, February-May, and June-September.
(4) To provide time on the supercomputer and/or time on other NESC
controlled equipment to each customer in accordance with NDPD/Cus-
tomer support agreements.
(5) These stability goals are dependent upon those factors within the control
of local NESC personnel. Adjustments will be made to the algorithm for
those factors outside their control, e.g., citywide power failures.
Stability goals will be computed only for the scheduled hours of service listed
above.
e. Periodic reports will be submitted to NDPD management and to the NESC
Working Group, and NESC Executive Council.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.02 Page 4 of 4
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Performance and Capacity Monitoring NO. 420.03
APPROVAL: f&+-L -: > DATE: 1/9/93
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Performance and Capacity
Monitoring policy establishes:
a. Performance and capacity monitoring objectives.
b. Methodology to support the objectives of this policy.
c. Reporting requirements designed to alert senior management to potential
problems.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management, operation, or maintenance of
the NESC. The SRPWG will assist NDPD in the collection and assessment of mission-based
requirements which will affect long-term capacity planning and system performance.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy, and will alert
NDPD to potential performance problems.
The PSC will adhere to NDPD policies and offer recommendations designed to meet the policy
objectives.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. NESC performance and capacity monitoring activities include performance
analysis, stability analysis, and capacity planning.
b. System performance will be monitored to ensure compliance with the objectives
of Directive 420.02, NESC Service Levels.
c. Workload trends will be monitored to identify potential future resource
constraints.
d. The potential resource utilization of major new applications will be assessed to
determine their impact on system performance.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.03 Page 2 of 2
e. System performance and capacity data will be captured and analyzed with
commercially available software. Local code written to support this effort will
be minimized to the greatest degree possible consistent with the objectives of this
policy.
f. System performance, stability, and resource utilization will be summarized and
reported to NDPD management daily and shared with the SRPWG, in summary
form during the SPRWG periodic meetings.
g. Deficiencies in system performance, stability, or resource availability will be
corrected as soon as possible consistent with the provisions of Directive 420.04,
Change Management.
h. The system's capacity to support projected growth in workload will be evaluated
and reported to NDPD management each trimester. The report will be shared
with the SRAEC and SRPWG.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Change Management NO. 420.04
APPROVAL:^. AV:;J :, DATE: 1/9/f3
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Change Management policy
establishes:
a. Change management objectives.
b. System components and changes subject to this policy.
c. Review process required for hardware or software changes.
d. Customer notification requirements for system changes.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
licable under their contrac
system software changes
11113 puu^y a}JjJUC3 iv oil i^LJru pciauimci auu ruiiiaiy oupyun v^uiiuai>u
applicable under their contract) responsible for the management or implementation of hardware
and system software changes to the NESC and the associated networks.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy, and will review
stability reports to assess compliance.
The PSC will adhere to NDPD policies and procedures to ensure that the terms of Directive
420.02, NESC Service Levels, are met.
Any deviation from this policy must be approved in writing by the director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. System changes are classified either as "required" or "emergency." Hardware or
system software maintenance required to correct a stability or performance
problem constitutes an emergency change. Required system changes are routine
activities needed to upgrade the hardware or software configurations. This policy
is designed to ensure that all changes are applied in a timely manner without
disrupting system stability or performance.
b. The following system components are subject to this policy:
(1) The supercomputer and its peripherals.
(2) All network devices attached locally at the NESC to the network.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.04 Page 2 of 3
(3) Electrical, air conditioning, and other components vital to the operation
of the processor or any of its peripheral devices.
(4) All Cray licensed and third-party vendor software products installed at the
NESC and supported by NESC.
c. A Change Management Council representing the Primary Support Contractor and
NDPD will review and approve changes to the components defined above.
Members of the SPRWG may sit as observers on the Change Management
Council.
d. All emergency changes must be approved by the Primary Support Contractor's
NESC manager. The EPA NESC Director must grant approval for emergency
changes if the Primary Support Contractor's department manager specified above
cannot be reached. Approval for emergency changes can be obtained in writing,
in person, or over the telephone.
e. All required changes will be submitted to the Change Management Council for
review and approval before installation. The impact of proposed changes on
system stability and performance must be considered before approval is granted.
f. Local code development will be approved in writing by NDPD before the task is
initiated.
Local code implementation into production will be with the approval of the
Change Management Council. This approval requires complete testing,
documentation, and supervisory level code review. These requirements can only
be waived in emergencies by NDPD.
g. All Cray and third-party software products will be maintained at a release level
which is no more than one level behind the current release level supported by the
vendor unless there is a known stability, performance, or functional problem with
the new release. The Director of NDPD must approve all cases of delayed
implementation of a new release.
h. Customers will be notified at least 30 days prior to any software or hardware
scheduled releases (i.e., implementations on the operational system) that might
affect existing customer programs.
5.0 DEFINITIONS
Local code is defined as code that changes vendor software that is not written and formally
released by the vendor as an update to the vendor's software.
6.0 STANDARDS
Not applicable.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.04 Page 3 of 3
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Problem Resolution NO. 420.05
APPROVAL: $&,$.& ^JiA^V DATE:
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Problem Resolution policy
establishes:
a. Problem resolution objectives.
b. Problem classifications.
c. Problem resolution responsibilities.
d. Customer notification requirements.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicabje under their contract) responsible for the management or operation of the NESC and
for providing support to the customer community.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will adhere to NDPD policies and procedures to ensure that problems are resolved
expeditiously.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. NESC will strive to resolve problems with any part of the system as soon after
identification as possible in order to provide the best possible level of service to
the customer community.
b. Problems encountered at the NESC will be categorized as Customers and System
problems with subcategories of hardware, software, performance, telecommunica-
tions, and customer problems.
c. All problems with NESC supported hardware and/or software will be entered into
the Central Problem Management (CPM) system by close of business on the day
the problem was discovered. Customer problems not resolved within one day
will also be recorded in the Central Problem Management system.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.05 Page 2 of 2
d. The central problem resolution contact will report to NDPD management the
status of unresolved problems on a daily basis.
e. The central problem resolution contact will post News Alerts for any problem
which may result in customer job failures or customer data loss.
f. The Scientific Computer Support staff will serve as the point of contact for
resolving customer problems.
g. The Scientific Computer Support staff will submit reports to NDPD identifying
the number and nature of customer problems addressed during the reporting
period. The reports will be shared with the NESC SRPWG.
h. The EPA Director of Scientific Computing of NDPD and the EPA NESC
Director will be immediately notified of data loss due to system failures
experienced by the customer community.
i. Customers reporting problems will be called within 24 hours to advise them of
progress being made in seeking a solution.
j. Closed problem reports will be archived for a period of 3 years from the date the
problem was logged.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Accounting NO. 420.06
APPROVAL: A j _ J/J / ' |. // O DATE:
PURPOSE
The National Environmental Supercomputing Center (NESC) Accounting policy establishes
accounting objectives.
2.0 SCOPE & APPLICABILITY
This policy applies to all NESC customers, and to all NDPD personnel and Primary Support
Contractor (PSC) personnel (as applicable under their contact) responsible for the management
or operation of the NESC.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will perform the tasks necessary to meet the objectives of this policy.
Customers will rely on the terms of this policy to manage their timeshare allowance.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. NDPD will conform to the requirements of OMB Circular A- 130 in accounting
fcr full cost allocation associated with providing data processing services to the
user community.
b. NESC utilization data will be collected for resource usage in the following areas:
(1) Processor utilization.
(2) Mass storage utilization.
c. The rate (which could be charged in the future) for services will be reviewed and
adjusted annually by the Director of NDPD after consultation with the SRAEC
and SRPWG to reflect changes in the potential cost of providing these services.
The rate for the new fiscal year will be published in the first quarter of the new
fiscal year. Charges will be adjusted retroactively to the beginning of the year
to reflect the new rates.
d. Every interactive or batch session will have data collected for actual resources
identified in "b" above that are consumed if data can be captured accurately and
the cost of capture does not outweigh the cost recovery of the resource.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.06 Page 2 of 2
e. NDPD may apply premiums or discounts for certain processing priorities or
techniques to encourage efficient resource utilization.
f. Charges, if assessed on customers, will be refunded if a transaction fails due to
console operator error, system hardware failure, or system software error. Jobs
using more than 2 hours of CPU time must have a user defined save and restart
capability to be eligible for a refund. The refund will not exceed charges greater
than those incurred during 2 hours of CPU utilization.
g. NDPD will make available on-line to ADP Coordinating and IAG contacts a
summary of each month's usage by the 5th business day of the following month.
h. Management reports will be made available on-line monthly through the On-Line
Timeshare Utilization System (OTUS). These reports will be available to ADP
Coordinators and Senior Budget Officers by the fifth business day of the
following month.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
a. Procedure Title: Cray Billing Procedures Manual (Location: Billing Services
staff).
b. Procedure Title: On-Line Timeshare Utilization System (OTUS) Procedures
Manual (Location: Billing Services staff).
c. Procedure Title: On-Line Timeshare Utilization System (OTUS) On-line User's
Guide (Location: Billing Services staff).
d. Procedure Title: INFOPAC Procedures Manual (Location: Billing Services
staff).
e. Procedure Title: Billing Report Distribution System, On-Line Viewing and
Printing User's Guide (Location: Billing Services staff).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Customer Registration NO. 420.07
APPROVAL: ffa&H I... .\-~.V DATE: 7/?/?j
' ~.i
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Registration policy establishes:
a. Customer registration objectives.
b. Customer registration requirements.
c. Reporting requirements for managing the customer registration process.
2.0 SCOPE & APPLICABILITY
This policy applies lo all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management of operation of the NESC and
to the NESC customers.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will perform the tasks necessary to implement this policy.
The Time Sharing Services Management Systems (TSSMS) Office will be responsible for
conducting customer registration services.
The customer community will follow the NDPD procedures derived from this policy to gain
access to the NESC.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. Customer registration procedures will conform to the objectives of this policy and
the terms of Directives 420.06, NESC Accounting, and 420.08, NESC Security.
b. System utilization will be recorded for authorized individual customers and for
accounts which may include multiple customers.
c. New accounts may be created by EPA ADP Coordinators only. Provisions will
be made for group designations and the use of Access Control List facilities.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.07 Page 2 of 2
d. Each customer will be assigned a unique customer identification code and will be
associated with one or more accounts as requested by the EPA ADP Coordinator
or EPA Account Manager.
e. Every EPA ADP Coordinator and Account Manager will be responsible for
ensuring that customers are registered on the NESC for the purpose of conducting
legitimate Agency business only.
f. Customer identification codes previously assigned to a customer no longer
registered on the NESC may be reassigned to another customer.
g. Requests for account and customer registration may be made via Email or regular
mail.
h. A customer terminating employment will be removed from the system. All
resources associated with this customer identification code will be assigned to
another customer or deleted at the discretion of the ADP Coordinator or Account
Manager.
i. Every EPA ADP Coordinator and Account Manager will be responsible for
ensuring customer identification termination for all EPA, contractor, or
subcontractor employees upon the termination of a project or resignation of
employees under his jurisdiction.
j. Accounts and customer identification codes which have not been accessed for 1
year will be deleted from the system. The customer and Account Managers will
be notified at least 30 days prior to deletion of an account or customer identifica-
tion code.
k. Every ADP Coordinator and Account Manager will receive a periodic report
identifying the accounts and customer identification codes for which he is
responsible.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
?uting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
upercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NE£C and UNICOS Security NO. 420.08
APPROVAL: »fe«4^. ; :^; ;> ,/ DATE: 7/7/^
1.0 PURPOSE
This policy establishes a set of security standards and practices for the Agency UNICOS
operating system which operates the CRAY Supercomputer at the National Environmental
Supercomputing Center (NESC) in Bay City, Michigan and is supported by EPA's National Data
Processing Division (NDPD). These standards are in compliance with generally accepted
security standards and practices and with Federal regulations and directives referenced in
Paragraph 7.0 PROCEDURE REFERENCES of this policy.
2.0 SCOPE & APPLICABILITY
This policy applies to all customers of NDPD owned or supported computer systems which use
the UNICOS Unix-based operating system and to all personnel who provide for the operation,
maintenance, support, or telecommunications services of those systems.
Any request for a deviation from this policy must be provided in writing to the Director, NDPD
ana, if approved, must be approved in writing. Email is an acceptable medium for requesting
and receiving an exemption under this policy. Policy exemptions must be requested through the
NDPD Computer Security Manager, ALL-IN-1 User-ID SECURITY. Provisions in this policy
might be superseded by future policies developed for public access and which are subsequently
reviewed and approved by the NDPD Computer Security Officer. Provisions in Public Access
policies are regarded as approved exemptions to this policy.
3.0 RESPONSIBILITIES
a. The Director, NDPD is responsible for:
(1) Providing a secure environment for all UNICOS or UNICOS-based
computer systems covered by this policy.
(2) Ensuring that this policy is consistent with all Federal regulatory statutes
and directives.
(3) Requesting exemptions to Federal regulatory statutes and directives when
required by considerations unique to the operating environment of the
computer systems covered by this policy.
(4) Appointing an NDPD Computer Security Officer responsible for
implementing, maintaining, and reviewing compliance with this policy.
(5) Participating in NDPD's Computer Emergency Response Team (CERT)
as described in NDPD policies and procedures for that team.
(6) Approving, in writing, any approved exemptions to this policy.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 2 of 9
b. The NDPD Computer Security Officer is responsible for:
(1) Establishing and implementing all procedures necessary for the implemen-
tation and maintenance of this policy.
(2) Reviewing and approving all security environment changes allowable
under this policy, and reviewing and approving all system-wide special
privileges for all UNICOS or UNICOS based systems covered by this
policy.
(3) Directing efforts of Primary Support Contract (PSC) personnel in security
matters pursuant to provisions of the PSC.
(4) Coordinating any exemptions to Freedom of Information or Public Access
Acts regarding access to data processed on data processing systems
covered by this policy.
(5) Participating in NDPD's Computer Emergency Response Team (CERT)
as described in NDPD policies and procedures for that team.
(6) Monitoring system compliance with this policy.
c. The management of each technical support function established by NDPD for the
support and maintenance of computer systems covered by this policy is
responsible for:
(1) Adhering to all policy provisions.
(2) Subscribing to and using industry security risk bulletin boards for the
purpose of identifying potential security exposures in the UNICOS or
environment.
(3) Coordinating with the NDPD Computer Security Officer or his delegate,
System Managers, and System Administrators:
(a) Policy provision implementations, monitoring, and maintenance.
(b) Configuration, according to security policy standards of all
UNICOS operating systems, utilities, and applications for which
it provides central distribution, support, or maintenance.
(c) Reporting, defensive, and corrective actions related to system
security exposures, breaches, and virus attacks.
(4) Participating in the NDPD Computer Emergency Response Team (CERT)
as described in NDPD policies or procedures for that team.
d. The System Manager and System Administrator will be responsible for:
(1) Adhering to all provisions of this policy.
(2) As directed by the Program Office, ensuring that provisions in this policy
governing the office are implemented, monitored, and maintained.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 3 of 9
(3) Subscribing to and using industry security risk bulletin boards for the
identifying potential security exposures in the UNICOS environment.
(4) Coordinating with NDPD technical support management and System
Administrators:
(a) Policy provision implementations, monitoring, and maintenance.
(b) Configuration, according to security policy standards, of all
operating systems, utilities, and applications for their system(s).
(c) Reporting, defensive, and corrective actions related to system
security exposures, breaches, and virus attacks.
(d) Implementation of system warning notices during system logon to
provide legal protection from unauthorized access attempts.
(e) Aid to the NDPD Computer Security Staff with security audits.
(5) Participating in NDPD's Computer Emergency Response Team (CERT)
as described in NDPD policies or procedures for that team.
e. Supercomputer customers or customers of a UNICOS-based computer are
responsible for:
(1) Adhering to all provisions of this policy.
(2) Practicing sound password management (i.e., no shared User-IDs and
passwords).
(3) Coordinating with the system manager on implementing required data
security BEFORE placing their data on the system and securing data based
on an evaluation of the sensitivity of that data.
(4) Operating, according to security policy standards, all their utilities and
applications.
(5) Reporting, defensive, and corrective actions related to system security
exposures, breaches, and virus attacks.
f. The EPA NDPD security function is a commercially contracted responsibility of
the Primary Support Contractor (PSC) as provided for in Attachment A of OMB
Circular A-76. All NCC Primary Support Contractor departments and personnel
engaged in the operation, support, or maintenance of systems covered by this
policy are responsible for adhering to these policy provisions and for conducting
security-related activities as directed by the NDPD Computer Security Officer
under provisions of the primary support contract.
4.0 POLICY
The computer systems covered by this policy will be used for official Government business only.
Unauthorized use of any of these systems is a criminal offense under Title 18 of the United
States Code, Section 641, and may subject violators to a fine of up to $10,000 and/or
imprisonment of up to 10 years.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 4 of 9
The security of UNICOS or UNICOS-based computer systems, and the facilities within which
they reside and which are owned, operated, or supported by EPA's NDPD will be implemented,
maintained, and monitored in compliance with generally accepted security standards, with
Federal regulations and directives, and specifically, with Federal regulations and directives and
UNICOS and applicable Unix security vulnerability documentation referenced in Paragraph 7.0,
PROCEDURE REFERENCES, of this policy.
Access to Agency UNICOS or UNICOS-based computers and data residing on those computers
will be protected from unauthorized access from computer systems not covered by this policy.
Any Agency owned or operated UNICOS or UNICOS-based computer system attaching to the
Agency network must demonstrate conformity to this policy to the NDPD Computer Security
Officer within 90 days of attachment. Demonstration of conformance will be measured by the
completion of a UNICOS security review questionnaire. Failure to demonstrate conformance
will result in removing the computer system's attachment from EPA's wide area network. EPA
Unix systems covered by this policy will, as a design goal, meet C2 security requirements.
5.0 DEFINITIONS
a. Industry Standard - for the purpose of this policy, industry standards are defined
through the documents in Paragraph 7.0 PROCEDURE REFERENCES of this
policy, industry bulletin boards referenced in those documents, and Security
Administrator guides for each computer system.
b. Federal Trusted Computing Base (C2) Discretionary Access Control- C2 level of
security is described in the Trusted Computer System Evaluation Criteria. CSC-
STD-001-83 and includes security functionality in the following areas:
Discretionary Access Control, Object Reuse, Identification and Authentication,
and Audit Accountability.
6.0 STANDARDS
6.1 SYSTEM CONFIGURATION AND OPERATION
a. The design goal for the operating system of all computers covered under this
policy will be C2. Some security options are left up to customer application such
as Object Reuse and some UNICOS security options such as Multi-Level Security
(MLS) features include functionality beyond C2.
b. Security recommendations contained in Security Administrator guides and other
documentation provided by the vendor of each Unix or Unix-based operating
system will be implemented.
c. The use of trivial file transfer protocol (TFTP) is not permitted.
d. Only secure versions/implementations of FTP (versions later than December
1988) are allowed.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 ^ Page 5 of 9
e. Sendmail will be configured with the following considerations:
(1) Remove the "decode" alias from the aliases file.
(2) If you create aliases that allow messages to be sent to programs, be
absolutely sure that there is no way to obtain a shell or send commands
to a shell from these programs.
(3) Make sure the "wizard" password is disabled in the configuration file,
sendmail.cf.
(4) Make sure sendmail does not support the "debug" command.
f. UNICOS will not use fmgerd.
g. Files residing on the computer system will be backed up as follows: incrementals
daily and full backups weekly. A monthly backup will be stored off-site.
6.2 SYSTEM DIRECTORY AND FILE PROTECTION
Files and directories which comprise the operating system must have ownership and permission
settings which ensure that they cannot easily be tampered with. In general, allowing world write
access is discouraged.
6.3 DEVICE PROTECTION
a. All devices will be protected with appropriate access and ownership permissions
in accordance with vendor specifications. Security parameters and permissions
will not compromise the system or the device. Devices "/dev/mem",
"/dev/kmem", and "/dev/swap" must never be world-readable.
b. UNICOS system device files are used to access system peripherals (e.g., printers,
terminals, networks, disks, system memory) and must be protected from
unauthorized access. Files comprising device definitions must be protected from
unauthorized access.
c. Memory and disk devices must be owned by a system account. Their access
permissions must generally be:
(1) Owner - READ and WRITE
(2) Group - READ
(3) World - no access
6.4 NETWORK
6.4.1 System Warning Notice
a. Each computer covered by this policy which is attached to the Agency telecom-
munications network will display the following message at login:
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 6 of 9
WARNING: The use of this computer is for official Government business only.
Unauthorized use of this computer is a criminal offense under Tide
18 United States Code, Section 641, and may subject violators to
a fine of up to $10,000, or imprisonment of up to 10 years, or
both.
b. The customer will be notified of session monitoring activities unless a customer
is suspected of engaging in illegal or unauthorized activities on the computer.
6.4.2 Remote Access
a. No wild-carding must be permitted in the "/etc/hosts.equiv" file.
b. Only local hosts not located in public areas should be configured in the
"/etc/hosts.equiv" file as "trusted".
c. ".rhosts" files must not be established without the coordination of the System
Administrator.
d. ".netrc" files must have permissions set to no world and group access.
6.4.3 NFS
Note: NFS is not currently in use at NESC. However, if utilized, the following restrictions
apply:
a. Each entry in "/etc/exports" will have an associated "access=hostlist" parameter.
b. No entry in "etc/exports" may specify the "root=hostlist" parameter.
If an entry in "etc/exports" contains netgroup entries the host name must be
specified and the domain field must contain a "-" if it is not used.
c.
6.4.4 UUCP
Use of UUCP is discouraged under UNICOS. In general, no programs other than mews and
rmail must be accessible through the UUCP system.
6.5 USER-ID SECURITY
6.5.1 Registration
a. Procedures will be developed by local system administrators for obtaining a User-
ID, password, group, or password reset, and updating system authentication files.
b. A User-ID is required for access to any computer system covered by this policy.
c. User-IDs may not be shared.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 7 of 9
6.5.2 Disabled User-IPs
a. Disabled User-IDs will be kept to a minimum.
b. Disabled User-IDs will be periodically reviewed by the System Administrator to
determine if any of them should be removed from system authorization files.
6.5.3 Duplicate UIDs
Each User-ID will be identified with a unique UID. Duplicate UIDs are not allowed. UIDs will
not be-reused.
6.5.4 Guest User-IDs
Guest User-IDs are not allowed. A guest User-ID established for the purpose of anonymous
FTP is NOT allowed under this policy.
6.5.5 User-ID Activity
a. User-IDs which have not been accessed for 90 days will be reviewed by the
System Administrator to determine if the User-ID should remain in system
authorization files.
b. A review will be conducted at least once a year to determine User-IDs which
have not been used to access the system since their assignment. These User-IDs
will be removed from system authorization files, unless necessary for system
administration.
6.6 CUSTOMER FILE PROTECTION
Customer files, including '.login', '.cshrc', and '.profile' must be protected by default such that
only the owner can write to them.
6.7 PASSWORD SECURITY MANAGEMENT
a. The password file must be protected such that non-administrative personnel
cannot view passwords in clear text.
b. All customer User-IDs must have passwords.
c. Passwords are assigned by a password generator program to prevent trivial
passwords.
d. A maximum of four unsuccessful login attempts will be allowed by each
workstation. Upon the fifth attempt, the User-ID will be disabled for 10 minutes.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 8 of 9
e. The system must enforce password expiration 90 days from issue.
f. The system will display, at login, the date and time of the last successful and
number of unsuccessful logins to the customer.
g. Passwords will be protected from disclosure. Any file which requires a
hardcoded password will be encrypted, if possible.
6.8 FILE SYSTEM SECURITY
a. All directories and files established or created by or for a customer will be
protected at a default level access (read, write, execute) by anyone other than the
owner. The default "umask" setting will be 027 (no world access, group read
and execute).
b. No directory will have world write access unless required for system functional-
ity.
c. No files should have world write access unless required for system functionality.
d. Setuid and setgid programs must be reviewed and approved by the System
Administrator.
e. No file will be owned by an undefined owner.
6.9 PHYSICAL SECURITY
a. At sites where computer systems and associated peripherals are contained in a
central location, procedures will be developed and implemented to grant, deny,
and monitor access to the central location, and the central location will be:
(1) Protected from unauthorized access by industry accepted access control
devices (e.g., badge readers, key locks).
(2) Protected from environmental hazards through use of industry accepted
environmental protection devices (e.g., sprinkler and uninterruptible
power supply systems).
b. Individual workstations will employ power strips or other industry accepted
devices to protect the workstation from electrical hazards. A fire extinguisher
will be within reasonable proximity to each workstation location to allow for
quick response to any fire hazard occurrence.
c. Individual workstation owners/operators will be responsible for protecting the
workstation against unauthorized access (e.g., logging off when not in use,
keyboard locks if available).
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08 Page 9 of 9
MEASUREMENT:
a. System Security Administrators will periodically, at least monthly, monitor the
following files (or system specific equivalencies) to establish a baseline of
customer usage for the purpose of detecting patterns outside of that baseline
which may indicate a system abuse or intrusion:
(1) system syslog
(2) /etc/utmp
(3) /etc/wtmp
(4) /usr/adm/acct/*
b. The NDPD Computer Security Officer is authorized to conduct periodic policy
compliance reviews as required for quality assurance. The NDPD Computer
Security Officer will perform a review at least every 3 years as required by
Federal regulations.
c. Findings from system reviews for locally owned and operated NDPD systems will
be presented via TO-DO Meeting or other mechanisms for review and action by
the Director, NDPD.
7.0 PROCEDURE REFERENCES
a. Office of Management and Budget. OMB Circulars A-76, A-123, and A-130.
(Available from the Government Printing Office.) (These publications, while not
strictly procedurally directive, are important components in the administration of
security in the Agency. They set the guidelines for policies and procedures at the
operational levels.)
b. U. S. Environmental Protection Agency. (1989) EPA Information Security
Manual (Report No. 431/001). Washington, DC: Office of Information and
Resources Management, Information Management and Services Division.
(Location: Publications Technical Library).
c. Computer Security Act of 1987. (Available from the Office of Information and
Resources Management).
d. SRI International. Information and Telecommunications Services and Technology
Division. Improving the Security of Your UNICOS System. David A. Curry.
(available from the NDPD Computer Security Officer).
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Data Management NO. 420.09
APPROVAL: *&*£'_ £:,, f . ", - ! DATE:
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Data Management policy
establishes:
a. Data management objectives.
b. Data storage requirements.
c. Data storage media performance and capacity requirements.
2.0 SCOPE & APPLICABILITY
This policy applies to all NESC customers and the NDPD personnel and Primary Support
Contractor (PSC) personnel (as applicable under their contract) responsible for the management
or operation of the NESC.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will perform the tasks necessary to meet the objectives of this policy.
The customer community will rely on the terms of this policy to manage their data storage
requirements.
Any deviation from this policy must be approved in writing by the director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Couoncil (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. Data storage devices at NESC will be managed to meet the storage requirements
of the customer community in a secure and cost-effective manner. Data storage
devices will also be managed to enhance system performance.
b. A procedure will be provided to enable customers to archive to tape their own
disk files.
c. Tape files created at the NESC will be controlled by a software tape management
system to prevent accidental erasure of data.
d. NESC will perform daily backups of permanent files which have been created or
changed since the previous backup. Daily backup tapes will be retained for 7
days.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.09 Page 2 of 2
e. Customers must call NESC operations to request file restores.
f. A complete copy of the permanent files on disk will be created weekly. The tape
copies will be retained for 5 weeks before being reused. One weekly file system
copy per month will be kept for 90 days. One file system copy per month will
be stored offsite and kept for 6 months.
g. A disk and tape utilization report will be submitted weekly to NDPD and shared
with the SRPWG to indicate available data storage capacity.
h. Data Migration Facility (DMF) will be used to automatically move resident disk
files to tape to manage free space on disk.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual. Bay City, Michigan. National Environmental
Supercomputing Center. (Location: NESC)
-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NESC Configuration Management NO. 420.10
APPROVAL: JS&JLi. £',....--. -» DATE: 1/9/9J
1.0 PURPOSE
The National Environmental Supercomputing Center (NESC) Configuration Management policy
establishes:
a. Configuration management objectives.
b. Activities required to meet the configuration management objectives.
c. Review requirements to ensure compliance.
2.0 SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management or operation of the NESC.
3.0 RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will perform the tasks necessary to meet the objectives of this policy.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.
4.0 POLICY
a. The NESC will be managed in a manner which provides:
(1) A current inventory of all system components.
(2) A current system hardware and software configuration.
(3) A current system telecommunications configuration.
(4) A mechanism for processing hardware, software, and maintenance
procurement requests in a timely manner.
b. A computerized data base containing the information required to meet policy
objectives will be maintained and updated within 5 working days of any system
configuration change.
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.10 Page 2 of 2
c. The data base will contain sufficient detail to enable technical personnel to obtain
system hardware and software configurations or parameters necessary for the
customary performance of their duties.
d. The Primary Support Contractor will review and certify the accuracy of the
configuration management data base quarterly.
e. The configuration data base, or reports from the configuration data base, will be
made available to NDPD and shared with the NESC SRPWG.
f. All system software residing on the supercomputer must be installed and
maintained in compliance with the provisions of the Change Management Policy.
In the context of this policy, system software consists of all vendor supplied
products accessible by the general user community. It also includes all system
control and monitoring software, plus NESC developed modifications that support
these products.
g. All system software residing on the supercomputer must be obtained in
accordance with NDPD purchasing practices.
h. NDPD will provide PSC with licensing information so that PSC personnel can
ensure that only properly licensed software is installed and maintained. PSC will
not install any software without first obtaining the above licensing information.
5.0 DEFINITIONS
None.
6.0 STANDARDS
Not applicable.
7.0 PROCEDURE REFERENCE
a. (Pending) U. S. Environmental Protection Agency. (1993) National Environmen-
tal Supercomputing Center Operational Procedures Manual. Bay City, Michigan.
National Environmental Supercomputing Center. (Location: NESC)
b. U. S. Environmental Protection Agency. (1993) (draft) NDPD Software
Acquisition and Control Procedures Manual (Report No. 665/001). Research
Triangle Park, NC: National Data Processing Division, Office of Administration
and Resources Management.
------- |