UNITED STATES ENVIRONMENTAL PROTECTION AGENCY
                      Research Triangle Park. NC 2771 1
                           June 20, 1994
                                                                OFFICE OF
                                                              ADMINISTRATION
                                                              AND RESOURCES
                                                               MANAGEMENT
MEMORANDUM

SUBJECT:  NDPD Operational Directives Manual

FROM:     Tommie Rogers,  Technical Manager  01. N*»ffa-"i^M-^
          National  Data Processing Division  (MD-34)

TO:       Addressees


     Please  replace your copy of the NDPD Operational Policies
Manual with  the enclosed document.

     A current copy of the NDPD Operational  Directives Manual is
also available on-line on the IBM mainframe  under data set
JUSD.DIRECTIV.MANUAL.   Directives are also available for reading
with the ALL-IN-1 (Email) Videotex (VTX) facility.

Enclosure

-------
          United Slates       Office of Administration       265/001A
          Environmental Protection   and Resources Management
          Agency         National Data Processing Division
                     Research Triangle Park, NO 27711



<>EPA  NDPD



          Operational Directives



          Manual

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE: TABLE OF CONTENTS                                DATE:      5/19/94


100.00   MANAGEMENT DIRECTIVES

         100 01  Introduction to NDPD Operational Policies Manual (3/21/94)
         100.02  Contracts for Third Party Software Packages (12/14/93)
         100.04  NDPD Directives Manual Review (5/13/92)
         100.05  Production Control Services (10/18/93)
         100.06  Submission of Requests for New or Revised NDPD Operational Directive
                 (3/31/94)
         100.07  NDPD Rate Charges  (2/22/89)
         100.09  Preparation and Issuance of Formal NDPD Correspondence (5/6/93)
         100.10  NDPD Prepared Papers (5/13/92)
         100.12  Transfer of Computer Accounts among EPA Users (4/17/89)
         100.14  Submission Timeframes:   Planning and Funded  Purchase Requisitions
                 (7/7/93)
         100.18  At-Home Use of Agency-Owned  Personal Computers (1/14/91)
         100.19  NDPD PC Bulletin Board Services (10/3/91)
         100.20  Macintosh Support (9/18/91)

110.00   Customer Services

         110.01  NDPD Customer Support Services (9/23/91)
         110.03  Customer Memo Preparation and Dissemination (9/23/91)
         110.04  Electronic Broadcasts of Customer Information (9/23/91)
         110.05  Micro/Minicomputer-to-Mainframe File Transfer (9/23/91)

120.00   Washington Information Center (WIC)

         120.01  WIC Technical Center Operation (8/1/87)
         120.02  WIC Weekend Processing (10/17/88)
         120.04  WIC Payroll Processing (8/1/87)
         120.07  WIC PC Systems Support (9/12/90)
         120.08  WIC PC Satellite Support (9/19/90)
         120.09  WIC Unix, CIS, and Minicomputer Services (4/8/94)

130.00   Central Data Base Administration

         130.01  Central Data Base Administration (3/30/92)
         130.02  Production ADABAS Performance Policy (3/30/92)
         130.03  Development ADABAS Environment Availability Policy (3/30/92)
         130.04  Data Base Environment Review Performance (4/7/93)        r
         130.05  DB2 Roles and Responsibility (3/30/92)
         130.06  DB2 Environments Availability Policy (3/30/92)
         130.07  DB2 Access (5/13/92)
         130.08  ADABAS Data Restoration (3/10/92)
         130.09  Production ADABAS Environment Availability (4/7/93)
         130.10  RDBMS Platform Selection Standards (4/8/93)
         130.11  SQL Programming Techniques (4/7/93)

-------
NDPD OPERATIONAL DIRECTIVE NO.: Table of Contents               Page 2 of 5


140.00    RTF Information Centers

          140.01   RTP PC User Support (11/1/93)
          140.02   RIC I Operations/Production Support (11/1/93)
          140.04   RTP LAN Support (11/27/93)

150.00    Reserved


200.00    OPERATIONAL DIRECTIVES

          200.01   Archiving Tapes and Data Sets (7/24/91)
          200.02   NDPD Records Management (7/1/91)
          200.03   NCC UNIX Security (12/2/93)

210.00    NCC IBM Mainframe

          210.01   System Management (5/26/93)
          210.02   Service Levels (9/19/90)
          210.03   Performance Management (5/11/89)
          210.04   Change Management (5/26/93)
          210.05   Problem Resolution (8/1/87)
          210.06   Timeshare Accounting (8/1/87)
          210.07   User Registration (8/1/87)
          210.08   Security  (2/17/93)
          210.09   Data Management (4/14/93)
          210.10   Configuration Management (5/22/90)
          210.11   Started Tasks (10/17/88)
          210.12   ADP Capacity Planning (10/22/90)
          210.13   System Integrity (5/17/93)
          210.14   Authorized Program Facility Library Usage (5/17/93)

220.00    Reserved

230.00    NCC Scientific Cluster

          230.01   System Management (12/20/93)
          230.02   Service Levels (12/20/93)
          230.03   Performance & Capacity Monitoring (12/20/93)
          230.04   Change Management (8/1/87)
          230.05   Problem Resolution (8/1/87)
          230.06   Timeshare Accounting (8/1/87)
          230.07   User Registration (8/1/87)
          230.08   Security  (12/20/93)
          230.09   Data Management (12/20/93)
          230.10   Configuration Management (8/1/87)
          230.11   Tape Management/Maintenance on the Scientific Cluster (12/20/93)

-------
NDPD OPERATIONAL DIRECTIVE NO.:  Table of Contents               Page 3 of 5


240.00    Prime

          240.08   Security (2/1/90)

250.00    Image Processing Systems (IPS)

          250.01   Maintenance (5/19/94)
          250.02   Performance and Capacity Management (5/19/94)
          250.03   Change Management (5/19/94)
          250.04   Problem Resolution (5/19/94)
          250.05   User Registration (5/19/94)
          250.06   Security (5/19/94)
          250.07   Data Management (5/19/94)

260.00    Reserved

270.00    Personal Computers (PCs)

          270.01   Personal Computer (PC) System Management and Architectural Direction
                  (3/10/92)
          270.02   Personal Computer (PC) Service Levels (3/10/92)
          270.03   Agency Workstation Contract Personal Computer (PC) Problem Manage
                  ment (3/18/92)
          270.04   Personal Computer (PC) Security (9/2/93)
          270.05   Personal  Computer  (PC)  Configuration  and  Inventory  Management
                  (3/30/92)
          270.06   Acquiring Personal Computers (PCs) (3/18/92)


300.00    TELECOMMUNICATIONS DIRECTIVES

          300.01   Voice and Data Service Level Escalation (3/25/89)
          300.02   Installation Requirements for Common Use Telecommunications Equip-
                  ment (9/11/89)
          300.03   IBM SNA Network Performance and Capacity Management (10/20/89)
          300.05   Change Management (7/2/90)
          300.06   Disaster Recovery (9/12/90)
          300.07   EPA International Telecommunications Support (3/5/93)
          300.08   State Data Cpmmunications Connectivity to the EPA (6/25/92)
          300.09   Telecommunications Considerations for Facilities Modifications
                  (10/21/92)
          300.10   NDPD Telecommunications Support for National Conferences and
                  Demonstrations (12/16/91)
          300.11   Network File System (NFS)(11/24/92)
          300.12   EPA Radio Frequency Management (3/19/93)
          300.13   EPA Support for Tolf-Free (800) Telecommunications Support (4/14/93)

-------
NDPD OPERATIONAL DIRECTIVE NO.: Table of Contents               Page 4 of 5


310.00   Local Area Network (LAN)

         310.01   Local Area Network (LAN) Planning (5/19/94)
         310.02   Supported LAN Hardware and Software (5/19/94)
         310.03   LAN System Management (5/19/94)
         310.04   LAN Problem Determination and Resolution (5/19/94)
         310.05   LAN Data Management  (5/19/94)
         310.06   LAN Performance Capacity and Monitoring (5/19/94)
         310.07   LAN Naming Conventions (5/19/94)
         310.08   LAN Communication Gateways and Interconnectivity (5/19/94)
         310.09   LAN Security (5/14/94)
         310.10   LAN Change Management (5/19/94)
         310.11   LAN Timeshare Accounting (5/19/94)
         310.12   Wiring and Optical Fiber Cabling for Voice and Data Telecommunica-
                  tions (5/19/94)
         310.13   Use of Remote Access to EPA LANs (5/19/94)

320.00 EPA Email

         320.01   Usage Guidelines (7/14/93)
         320.02   Customer Registration (7/14/93)
         320.03   Security (7/14/93)
         320.04   Problem Resolution (7/16/93)
         320.05   Customer Notification (7/16/93)
         320.06   Education and Training (7/16/93)
         320.07   Additional Services (7/16/93)
         320.08   Report Generation (7/16/93)
         320.09   System Management (7/16/93)
         320.10   Configuration Management (II16/93)
         320.11   Workload Forecasting (II16/93)
         320.12   Enhancement/Feature Evaluation and Selection (7/16/93)
         320.13   Connectivity Standards (7/16/93)
         320.14   System Testing and Installation (7/16/93)
         320.15   Operations (7/16/93)
         320.16   System Requirements (7/16/93)

330.00   Voice Communications

         330.01   National Voice Telecommunications (10/26/92)
         330.02   FTS2000 Business Office (10/29/92)
         330.03   Provision of FTS2000 Switched  Voice Service to EPA Contractors
                  (10/29/92)
         330.04   EPA Cellular Equipment/Services Acquisition and Use (9/10/93)

-------
NDPD OPERATIONAL DIRECTIVE NO.:  Table of Contents              Page 5 of 5


340.00   EPA Headquarters Telecommunications

         340.01   Program Management (6/16/93)
         340.02   Equipment, Services, and Support (7/9/93)
         340.03   Service Requests (6/16/93)
         340.04   Trouble Reporting (6/16/93)
         340.05   Service Request and Trouble Reporting Quality Control (6/16/93)
         340.06   EPA Headquarters Program Office Acquisition of Telecommunications
                  Equipment, Services, and Support (7/9/93)
         340.07   Voice Processing Systems (6/16/93)
         340.08   Locator Service (6/16/93)
         340.09   Telephone Directory (6/16/93)
         340.10   Domestic Telephone Credit Cards and Authorization Codes (6/16/93)
         340.11   Audio Teleconferencing Center (6/16/93)
         340.12   Print-Sharing Services (6/16/93)


400.00   NATIONAL ENVIRONMENTAL SUPERCOMPUTEVG CENTER (NESC)
         DIRECTIVES

         400.01   Mission (7/9/93)
         400.02   Customer Interface (7/9/93)

410.00   Reserved

420.00   National Environmental Supercomputing Center (NESC)

         420.01   System Management (7/9/93)
         420.02   Service Levels (7/9/93)
         420.03   Performance and Capacity Monitoring (7/9/93)
         420.04   Change Management (7/9/93)
         420.05   Problem Resolution (7/9/93)
         420.06   Accounting (8/17/93)
         420.07   Customer Registration (7/9/93)
         420.08   NESC and UNICOS Security (7/9/93)
         420.09   Data Management (7/9/93)
         420.10   Configuration Management (7/9/93)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Introduction to NDPD Operational Directives Manual          NO.    100.01

APPROVAL;   £j0jjJL &^JLrJ3	DATE;  3 -£ /



1.0   PURPOSE

The NDPD Operational Directives Manual establishes a framework for defining and publishing
senior management direction related to the operation of Agency timesharing resources under the
jurisdiction of the National Data Processing Division (NDPD).
2.0   SCOPE & APPLICABILITY
Directives contained in this manual are applicable to all EPA and contractor staff personnel who
manage the operation of NDPD computer systems, who operate computer systems controlled by
NDPD, or who use computing resources provided by NDPD.


3.0    RESPONSIBILITIES

The Office of Management and Budget (OMB) and the General Services Administration (GSA)
require that each Federal agency establish internal  policies and procedures for the efficient
management of ADP resources.

NDPD, under the authority of the Office of Information Resources Management  (OIRM),
through the Office of Administration and Resources Management - RTF (OARM-RTP), provides
the following:

       a.     Computing and telecommunications services to Agency allowance holders at a
            predetermined level as defined in general  or specific Service Level Agreements
            (SLAs).                                                     B

       b.     Implementation of  oversight,  management, operation, and acquisition of all
            automatic data processing resources in the Agency.

       c.     Assessment and introduction of new computing and telecommunications resources
            as required to maintain  effective and  efficient  delivery  of automatic  data
            processing services.

Under  this authority, the NDPD is  responsible for appropriate distribution and use of ADP
resources  within the Agency. It is responsible for the full costing associated  with this equipment
and for addressing issues associated with the management of these resources, both within the
Agency and with other government oversight agencies.


4.0    POLICY

The maintenance of an NDPD Operational Directives Manual is an ongoing process.  Directives
will be added or amended to meet changing requirements.  Directives contained in this manual
shall address all functional areas for which NDPD is responsible. This manual consists of the
following sections:

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.01                          Page 2 of 2

      100.00       Management Directives
      200.00       Operational Directives by System
      300.00       Telecommunications Directives
      400.00       National Environmental Supercomputing Center (NESC) Directives
5.0   DEFINITIONS
Automatic Data Processing (ADP) resources are defined as any of the following:
      a.    Mainframe, large-scale computers located anywhere in the Agency.
      b.    Minicomputers located anywhere in the Agency.
      c.    Microcomputers used as desktop computing resources located anywhere in the
            Agency.
      d.    Data  telecommunications equipment, including switching, concentration, and
            front-end processors, located anywhere in the Agency.
      e.    Data circuits used as intraoffice, interoffice, or broadband, backbone network
            circuits.
      f.    Operating system software,  telecommunications software, and multiuser third
            party applications software, including standard minicomputer and microcomputer
            software.
      g.    Voice telecommunications equipment and services.
      h.    Video conferencing equipment and services.
      i.    Agency wide electronic mail systems and services.
6.0   STANDARDS
Not applicable.
7.0   PROCEDURE REFERENCE
Not applicable.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Contracts for Third Party Software Packages                 NO.    100.02

APPROVAL;                       L                               DATE;
1.0   PURPOSE

This policy provides guidelines for the acquisition of software packages and for the prevention
of unauthorized use of licensed software packages.


2.0   SCOPE & APPLICABILITY

This policy applies to all EPA personnel and EPA contractor staff personnel responsible for
purchasing or otherwise obtaining software for use on the NCC-supported (maintained) general
purpose computer systems.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

It is the responsibility of all individuals tasked with the preparation of documents relating to
specifications or procurement of third party software to conform to this policy.

Project managers for software migration projects are subject to items detailed in this policy.


4.0   POLICY

The Director, NDPD will be notified in writing  of intent to procure and  must, subsequently,
approve procurement of system level software that is to be installed on any NCC-mamtained
computer system.

Software contracts will contain the following provisions:

      a.     EPA retains the right to permit the  use of this software to any internal or external
             organization  authorized by EPA provided that the software is resident on the
             designated CPU or designated  site (designated site for site license, designated
             CPU for licenses by CPU).

      b.     EPA retains the right to  move this  software to any other  computer system
             managed  by  EPA at no extra cost  provided a prior notice for such  migration is
             given to the vendor.

Exceptions to the above policy due to vendor negotiations will be noted in the NDPD contract
file and in Interagency Agreements.

Software migration notification will be a separate line item in any implementation  plan when a
CPU upgrade occurs. The notification to vendor will be issued prior to actual migration.

Software will be installed on designated CPUs only unless the license is by site type.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.02                         Page 2 of 2


Individually designated CPU software will not be copied except for disaster/backup CPUs. The
backup CPU's software will be destroyed as soon as operation returns to the designated CPU.
This item will become part of the procedures/checklists for disaster recovery/restore.

Copyright protection of software package documentation will be honored.

In accordance with contract requirements, old releases/versions of software and documentation
will be destroyed after new releases/versions are installed.

A contract file control system will be developed and maintained to include,  at a minimum,
copies of the contract, subsequent modifications, and a checklist of documents to be  maintained
in each contract file.


5.0   DEFINITIONS

System level software is defined as software requiring support from the NDPD staff.


6.0   STANDARDS

Not applicable.


7.0   PROCEDURE REFERENCE

Not applicable.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NDPD Directives Manual Review                         NO.    100.04

APPROVAL: |&SM &Jl
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.04                        Page 2 of 2



      d.    Updates to the on-line Directives Manual (data set JUSD.DIRECTIV.MANUAL)
           will be made within 5 working days after policies have been approved by the
           Director,  NDPD, unless an extension is authorized by the NDPD Technical
           Manager.


7.0   PROCEDURE REFERENCE

Not applicable.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Production Control Services                               NO.    100.05

APPROVAL: fL  ////> L M_  0                          DATE:
1.0   PURPOSE

Production Control Services provides  the customer community with the  tools necessary to
monitor and control the production-oriented use of the NCC computer systems.


2.0   SCOPE & APPLICABILITY

This policy applies  to all customers  who comply with  Production Control  standards  and
procedures for the scheduling and monitoring of production batch work.


3.0   RESPONSIBILITIES

It is the responsibility of Production Control  to provide its customers with the latest system
management tools to automate job submission and monitoring.  Production Control will provide
the customer with training in the use of JOBTRAC, the NCC's automated scheduling product.

It is the responsibility of the customer to abide by all standards and procedures established by
Production Control for the submission and monitoring of production-oriented use of the NCC
computer systems.


4.0    POLICY

To receive production control support services, a customer must request, in writing, the services
that are required.  Upon receipt of the request, NDPD will evaluate it in terms of compliance
with NCC production control standards.  When  approved,  Production Control will contact the
customer and assign a unique JOBTRAC location to the user group.  After  JOBTRAC training
is scheduled and conducted, the customer will be responsible for  creating his  own schedules
using JOBTRAC.  Before the new schedule is placed into production, the customer must provide
Production  Control  with an application runbook to document all  features of  the  customer's
automated schedule.

       a.     The initial runbook produced by the customer will be forwarded to  Production
             Control for review, comments, and suggestions. Production Control will review
             the runbook ensuring that all policies, procedures, and standards are followed.
             Several updates to the  runbook  may be necessary  before  it is acceptable to
             Production Control and to the customer.

       b.     Once accepted by Production  Control, any changes to  the runbook must be
             provided by the customer.

       c.     The customer must authorize access to his  JOBTRAC location  for  Production
             Control so that Production Control may provide assistance when  required.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.05                         Page 2 of 2
5.0   DEFINITIONS
Automated Batch Job Scheduler: Automated scheduling software for the management of routine
daily batch computer processing. In an automated computer center, the scheduling functions are
returned to the computer customer.  JOBTRAC is the NCC's automated batch scheduling
product.

Runbook:   An electronic document which identifies all the requirements, standards, and
procedures supporting an application's batch process.


6.0   STANDARDS

The NDPD provides its customers with solutions to today's productivity and quality bottlenecks.
By using the NCC's automation tools, the customer can eliminate costly reruns due to human
error.  Automated condition code checking, auto-restart, JCL check, and report distribution
management are all features of the NCC's automated data center. The following is a list of tools
provided by the NCC.  The use of these tools is required for customers who request Production
Control support.

      •     JOBTRAC. Automated job scheduler.

      •     INFOPAC. Electronic report distribution system.

      •     IOF.  Interactive Output Facility. Online viewing package.

      •     SDSF. System Display and Search  Facility.


7.0    PROCEDURE REFERENCES

Procedures for complying with  this policy are identified in the following documentation:

      a.     Goal Systems.  (1992) JOBTRAC Users Guide.  (Vendor documentation.)

      b.     System Display and Search Facility  Tutorial (on the NCC IBM mainframe).

      c.     Fisher International Systems.   (1991) IOF Users Guide, Release 7.   (Vendor
            documentation.)

      d.     Mobius.  (1992) INFOPAC Users Guide. (Vendor documentation.)

      e.     Online IBM customer documentation in data set JUSD.USERS.REFER on the
            NCC IBM  mainframe.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Submission of Requests for New or Revised                  NO.     100.06
             NDPD Operational Directive

APPROVAL:                                                        DATE:  3 - 3 / -
1.0   PURPOSE

This policy provides a common format for requesting issuance of a new policy or revision to an
existing policy.


2.0   SCOPE & APPLICABILITY

This policy applies to all persons/groups submitting suggestions/requests for new NDPD policies
or requesting changes to existing policies.


3.0   RESPONSIBILITIES

It is the responsibility of the preparer to conform to this policy in submitting requests for NDPD
consideration.

The NDPD Branch Chiefs are responsible for development and maintenance of appropriate
policies for their functional areas.

The NDPD Branch Chiefs, the Information Management Branch of OIRM/IMSD, the OIRM
Division Directors, and the Senior Information Resources Management Officials (SIRMOs) are
responsible for reviewing the policies before issuance.

The Chief, Program  Management Support Branch, is  responsible for the review process  and
submitting new or revised  policies to the Director, National Data Processing Division.


4.0   POLICY

      a.     All requests for a new policy will be submitted in the following format:

             Required Paragraphs:       Title
                                      1.0    Purpose
                                      2.0    Scope & Applicability
                                      3.0    Responsibilities
                                      4.0    Policy
                                      5.0    Definitions
                                      6.0    Standards
                                      7.0    Procedure References

      b.     Revisions or changes to current policy will be submitted in the format specified
             in Item 4.a. A copy of the current policy will be attached to the  recommended
             policy.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.06                          Page 2 of 3


       c.     Draft policies will be reviewed by each NDPD Branch Chief, OIRM Division
             Directors, and SIRMOs.

       d.     Final policies will be submitted to the Director, NDPD for final approval.


5.0    DEFINITIONS

Directive/Policy:  A high level statement  of direction or  position made by  top levels  of
management within a particular organization.

Standard:  A rule/objective against which conformance can be measured in support of policy
direction or position.

Procedure:  A step-by-step process followed to  meet requirements of a particular standard.


6.0    STANDARDS

       a.     All requests  will be submitted to the following address for entry into the policy
             process:

                   Policy Coordinator
                   Program  Management Support Branch
                   National Data Processing  Division (MD-34)
                   Research Triangle Park, NC 27711

       b.     Level  1 Policy Review is established to include the following:

                   •     Each NDPD  Branch  Chief  will  review  policies  and return
                         comments within 3 weeks.

                   •     Policy  personnel  of  the  Information  Management   Branch,
                         Information Management and Services Division, OIRM and OIRM
                         Division Directors will review  for OIRM  and  return comments
                         within 3 weeks.

                   •     If no comments are received  during the 3-week review period,
                         approval is assumed.

                   •     The NDPD Policy Coordinator will  provide the review comments
                         to the submitter  for possible revision/modification of the policy.

       c.     Level 2 Policy Review is established as follows for SIRMOs:

                   •     Each SIRMO will review policies and  return comments within 3
                         weeks.

                   •     If no comments are received  during the 3-week review period,
                         approval is assumed.

                   •     The NDPD Policy Coordinator will provide the review comments
                         to the submitter  for possible revision/modification of the policy.

       d.     The final draft policy will be submitted through the Chief, Program Management
             Support Branch, and the Deputy Director, NDPD to the Director, NDPD for final
             approval.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.06                        Page 3 of 3


      e.     The requirement for an additional review of any submitted policy will be at the
            discretion of the Chief, Program  Management Support Branch, and/or  the
            Director, NDPD.


7.0   PROCEDURE REFERENCE

Log sheets, routing  forms, and copies of  written comments are maintained by the Policy
Coordinator.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD Rate Charges
APPROVAL: lpi/*$'-L £:y-$'*v* »
No.: 100.07
DATE: Zfa/W
1.0   PURPOSE

In accordance  with  guidelines established  in OMB Circular  A-130,  a full costing of all
personnel, hardware, software, and physical facility costs is performed yearly for all computer
systems operated or managed by EPA.  The NDPD must account for the full cost of operating
the data processing facilities and allocate these costs to users according to the services they
receive.


2.0   SCOPE  & APPLICABILITY

This policy applies to the following cost centers at the National  Computer Center:

       o    IBM System (WIC 4381, Regional LMFs, IBM 3090s, Cincinnati 4381)
       o    NCC VAX Cluster
       o    CBI IBM 4381
       o    ASRL VAX
       o    Telecommunications
       o    Support  Services (Prime, ORD VAX,  MicroVAX II (optional), LANs,  LIMS,
           STARS)


3.0   RESPONSIBILITIES

The Chief, Program Management Support Branch, is responsible for the review and submission
of new or changed policy to the Director, National Data Processing Division.


4.0   POLICY

         a.    The major source of data for full costing is created by the automated  NDPD
              Budget Planning System. This system provides  information concerning yearly
              lease and maintenance  costs for hardware and software, estimated costs for
              purchases planned for the fiscal year, yearly contractor services costs, and data
              center personnel costs.  Categorization by service area within computer systems
              is used to determine the yearly operating costs for each computer system.

              There is a formal NDPD approval process that  identifies each budget item as
              either mandatory or discretionary. Mandatory items are included in the budget.
              Discretionary items are categorized into the following priorities: high, medium,
              or low.   Discretionary items are included in  the budget only if money is
              available.  This budget  process must be completed by March IS.
   Indicates revision.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.07                          Page 2 of 3


         b:   Based  upon data obtained  from the full costing  process, NDPD annually
              performs the cost center analysis for each computer system/ADP service.  This
              process determines the costs of individual service provided for each system and
              establishes the charge rates to recover these costs. Charge rates for the various
              services provided are established as follows:

              o    Rates are to be structured to reflect the full cost of providing a service.

              o    To ensure equity in chargeback, users only pay for services received.

              o    Flat rate charges  are used  for services  where  usage is not  directly
                   measurable.

              o    Services provided by commercial vendors are charged back to  Agency
                   users at cost plus administrative handling fee.

              o    The Agency's  capacity  to provide  requested  service consistent with
                   "service level goals" is incorporated in the Agency  pricing policies and
                   rate setting procedures.

         c.   NDPD input  to the OIRM timeshare budget  guidance  memo is prepared by
              April IS.

         d.   An RPIO timeshare impact analysis will be performed to  determine the likely
              impact of certain rate changes and/or rates for new services.  The suggested
              timeshare chargeback rate structure  for all cost centers  is presented to the
              Director, NDPD, for review, comment, and approval by June IS.

         e.   The NDPD approved timeshare chargeback rate structure for all cost centers is
              presented to the Director, OARM-RTP, for review, comment, and approval by
              July  1.

         f.    The  OARM-RTP approved timeshare chargeback rate structure for  all  cost
              centers is presented to the Director, OIRM, and his staff for review, comment,
              and approval by July 15.

         g.   The approved chargeback is published in a User Memo no later than August 31.

         h.   The  approved chargeback is published in the WIC Connection  no later than
              September 1.

         i.    Management reports are prepared and distributed to the OIRM no later than the
              5th working day of the following month.  The TSSMS and management reports
              are also sent to the Responsible Program Implementation Officers (RPIOs) and
              ADP Coordinators the next day.

         j.    Once timeshare chargeback rates are approved and  a User Memo announcing
              rates has been issued, there will be no changes to the chargeback  rate structure
              for the upcoming fiscal year.
|  Indicates revision.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.07                         Page 2 of 3


         k.    If a new timeshare chargeback service is to be implemented at any time during
              the fiscal year, the rate for this service must be approved by NDPD manage-
              ment and a 30-day user notice  issued  prior to the effective date  for the
              chargeback.
 |  Indicates revision.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Preparation and Jssuance of                               NO.    100.09
             Formal NDPD
APPROVAL:*                                         DATE:
1.0   PURPOSE

This policy reaffirms NDPD directives that all formal correspondence adhere to the policies,
procedures, standards, and formats contained in the EPA Correspondence Manual.  EPA
Transmittal 1320.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD staff personnel who write, edit, review, sign, type,  file, or
control formal NDPD correspondence. The author will determine whether correspondence will
be formal or informal (Email).


3.0   RESPONSIBILrnES

The author and reviewer are responsible for the contents of the correspondence while the NDPD
secretarial  staff is responsible for the grammar, spelling, format, and all other characteristics
associated with professionally acceptable correspondence.  The Division Director's secretary is
responsible for advising,  monitoring, coordinating, and  otherwise ensuring adherence to this
established policy.


4.0   POLICY

      a.     All formal  correspondence will adhere strictly to the guidelines contained in the
             EPA Correspondence Manual.

      b.     Formal correspondence to individuals within EPA will be issued in memorandum
             form while other correspondence, including that to other government agencies,
             will be issued in letter format.

      c.     All correspondence prepared for the Director's signature will receive a minimum
             two-level review which shall consist of the Branch Chief or  Technical Monitor
             and the  NDPD Director's Secretary.   All correspondence  submitted  for the
             Director's approval shall be  undated.

      d.     All updates to the EPA  Correspondence Manual  shall  be  distributed  by the
             Division Director's secretary to all NDPD EPA Correspondence Manual  owners
             within 1  week of NDPD's receipt of the updates.

      e.     The secretarial staff is encouraged  to meet on an  "as  needed" basis to  discuss
             issues and practices that will improve the correspondence program.

      f.     The only acceptable exception to the EPA Correspondence Manual guidelines is
             that the Director's Office will maintain a record of all outgoing formal correspon-
             dence by subject rather than  by the Division level reading file.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.09                       Page 2 of 2
5.0   DEFINITIONS
Formal correspondence is defined as written forms of communication issued to individuals
outside of NDPD.
6.0   STANDARDS
EPA Correspondence Manual. EPA Transmittal 1320.
7.0   PROCEDURE REFERENCES
Not applicable.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NDPD Prepared Papers                                   NO.    100.10

APPROVAL: M         >u^W'                                  DATE:
1.0   PURPOSE

This policy provides a common format for the preparation of information/decision support papers
to be submitted to the NDPD Director for his information/signature.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and contractor staff who author, edit, review, sign, type, or
control various documents identified in this policy.


3.0   RESPONSIBILITIES

The author will prepare a detailed outline of the proposed paper and have it approved by his/her
respective Branch Chief or Department  Manager  (if contractor employee) before the paper is
written.

The author and the  reviewers are responsible for the content of the paper.   The author's
secretarial staff is responsible for  grammar, spelling, and other characteristics required of a
professionally acceptable document. If desired, the author may obtain editorial assistance from
the Facility Management Contractor's Publications section.

The author's Branch Chief or Department  Manager will review and approve/disapprove all
submitted papers.

The author's Branch Chief or Department Manager will ensure that all approved papers are
routed through the NDPD Deputy Director before submission to the Director.

The NDPD Director's secretary will maintain a file and track the status of all papers submitted
to the Director in accordance with  this policy.


4.0   POLICY

A detailed outline will be drafted  by the author and approved by his/her  Branch Chief or
Department Manager before  the paper is written.

All papers identified in this policy and prepared  for the Director's information/signature will
conform to the format specified in  Section 6.1.

All papers will contain,  at  a minimum, the mandatory elements specified in Section 6.1.
However, additional information can be  presented if desired. The format for the presentation
of additional information is also provided in Section 6.1.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10                        Page 2 of 8


Semiannually, the NDPD Director's secretary will submit a list of open decision papers to the
NDPD Director's staff meeting for management review of status,  progress, findings and
remaining actions.  This status list will also note any pending decisions relative to a decision
paper.  The NDPD Director  will  either implement, change, or reject the findings, and the
secretary will record the results.  Once a decision paper is approved, copies will be forwarded
to all Branch Chiefs and Facility Managers.

All papers requested from the FM contractor by the NDPD Director will be reviewed by the FM
contractor Project Director before being forwarded to the NDPD Deputy Director. The Branch
Chief(s) who would benefit from this information will be provided with a copy of the paper.

Two copies of each paper will  be submitted to the Director.  One copy  will be field in a  central
file in the Director's office.

The  original, or reproduction copy, of each paper will be catalogued and  filed in the FM
contractor's Technical Library for future  reference and reproduction. This copy should be
submitted to the Supervisor or Publications and Reproduction (MD-34A).


5.0   DEFINITIONS

None.


6.0   STANDARDS

6.1   TYPES AND FORMATS OF ACCEPTABLE PAPERS
      (MANDATORY ELEMENTS)

The format of the two types of papers defined by this policy are presented below.  Note that
subelements that relate to an element  must immediately follow that element and must be
identified with the element number (i.e., 3.0 for Background with subelement numbers 3.1, 3.2,
3.3, etc., as necessary).

Additional information not related to an existing subelement will be presented as a new element.
This  new element will take the next available number after the last  mandatory number or the
previous new element number.

      •     INFORMATION PAPER

            1.0   TOPIC
            2.0   EXECUTIVE SUMMARY
            3.0   BACKGROUND
            4.0   INFORMATION
            5.0   REFERENCES

      •     DECISION PAPER

            1.0   REQUIREMENT/PURPOSE/ISSUE
            2.0   EXECUTIVE SUMMARY
            3.0   BACKGROUND
            4.0   ASSUMPTIONS
            5.0   CRITERIA FOR EVALUATION OF ALTERNATIVES
            6.0   ALTERNATIVES
            7.0   RECOMMENDATIONS

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10                          Page 3 of 8


6.2   REPORT COVERS

If the length of a report warrants, the author may include a cover, title page, and table of
contents; however, one will not be used without the other.  Covers will conform to the
requirements of the EPA Graphics Standards System manual.  Covers will be printed in black
ink on white or colored bond unless distribution is limited (10 copies or less); in which case,
one color ink (blue or green) may be used.  A sample cover from the EPA Manual is shown in
Figure 1.  Explanatory remarks  concerning the basic cover format requirements  have  been
added.  Another sample cover is illustrated in Figure 2, indicating type face and point size.

Figure 3 contains sample covers prepared at the NCC.  While the presentation of information
contained above Line A is mandatory, data below this line is at the author's discretion.

A sample title page is illustrated in Figure 4. Note that reports prepared by the FM contractor
will carry the contractor's EPA contract number in compliance with EPA regulations.


6.3   REPORT PREPARATION AND DISTRD3UTION

Personnel are encouraged to utilize the services provided by the FM contractor's Publications
and Reproduction  section. These services include editorial, illustration, typing, reproduction,
and distribution assistance.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection  Agency. (1977) US EPA Graphics Standards
             System. U. S. Government Printing Office:  19770-247-563, Stock No. 055-000-
             00169-3.  For  sale by the Superintendent of Documents, U. S. Government
             Printing Office, Washington,  DC 20402.

      b.     U. S. Environmental Protection  Agency. (1981) Document Standards Manual
             (Report  No. 1/001A), Research Triangle Park:   National Data  Processing
             Division.  (Location: Publications Technical Library)

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
Page 4 of 8
                                          Column 1.  Agency Iden-
                                          tifier.  Logotype and
                                          symbol are treated as
                                          one unit.

                                          Column 2.  Full  name
                                          of Agency, title and
                                          subtitle, if  required.

                                          Column 3.  Office/-
                                          Region, if applicable,
                                          with address.

                                          Column 4.  Index
                                          number, date  of  issue,
                                          and special identi-
                                          fication  (Draft,
                                          Final, etc.)/  if
                                          applicable.
                   U**4M NVtlU*
                            C.1
   &EPA    Monitoring Series
           Rationale and Methodology
           for Monitoring Groundwater
           Polluted by
           Mining Activities
           Figure 1. Sample Report Cover with Column Identification

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
                                        Page 5 of 8
  9 pt Univers 55
  30 pt Univers 65
  30 pt Univers 55
c/EPA
Environmental      Draft
Impact Statement

Sacramento
Regional Wastewater
Management
Program
                                                               6 pi
                                                               30 pt
                                                               30 pt

                                                               30 pt

                                                               30 pt
             Figure 2. Sample Report Cover with Type Specifications

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10                   Page 6 of 8
 Line A
                 United States      Office of Administration      J8S/001
                 Environmental Protection  end Resources Management    September 6 19(9
                 Agency         National Data Processing Division
                            Research Triangle Park, NC 37711



       v>EPA   Decision  Paper






                 Evaluation of



                 dBASE IV, Version 1.0


                 in Multi-User Mode
            Figure 3. Sample NDPD Report Cover (Page 1 of 2)

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
                                                Page 7 of 8
  Line A
                  United States        Oflle* ot Admlniatrallon      J8SW01
                  Environmental Protection   and Reseurcea Management    Septembers 1989
                  Agency          National Data Proceaalng Olvlalon
                               Research Triangle Park. NC 27711
SEPA   Decision Paper

           Evaluation of
           dBASE IV,  Version 1.0
           in Multi-User Mode
                     Question: Should EPA adopt dBASE IV LAN as the
                            Agency standard, replacing dBASE III PLUS?


                     Recommendation: Yes.
              Figure 3. Sample NDPD Report Cover (Page 2 of 2)

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.10
Page 8 of 8
                      EVALUATION OF dBASE IV, VERSION 1.0,

                               IN MULTI-USER MODE
                                 September  6, 1989
                                    Prepared for
                      Architectural Management & Planning Branch
                              Contract No. 68-01-7437
                        U.S. ENVIRONMENTAL PROTECTION AGENCY
                          NATIONAL DATA PROCESSING  DIVISION
                       RESEARCH TRIANGLE PARK, NORTH CAROLINA
                      Figure 4. Sample Report Title Page

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Transfer of Computer Accounts among EPA Users   •        NO.    100.12

APPROVAL:           &•£                                 DATE: f//7/f?
1.0   PURPOSE


This policy will ensure that the transfer of computer accounts among EPA organizations is
accomplished in a consistent and orderly manner.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all computer accounts registered with the Time Sharing Services
Management System (TSSMS) Office at the EPA National Computer Center.


3.0   RESPONSIBILITIES

FM Contractor personnel at the NCC are responsible for updating and maintaining necessary
files and for monitoring procedures to implement this policy.


4.0   POLICY

Transfer of computer accounts from one EPA organization to another will be accomplished as
follows:

      a.     YTD charges will be transferred with the account.

      b.     Budget ceiling will be transferred with the account.  The OIRM Office (FTS 382-
             2415) will be  contacted  by the ADP  Branch Chiefs with budget transfer
             information.

A few Interagency  Agreements (lAG's) specify that when an account has exceeded its stated
expenditure limit, EPA will cover any additional costs out of the EPA timeshare budget. In this
instance, the Regional ADP Branch Chiefs will ensure that the following is accomplished when
a computer account is transferred:

      a.     Establish a new account and delete the old account.  (Complete TSSMS forms
             N251 and N258.)

      b.     Change the JCL of existing jobs to reflect the new  account.

      c.     Rename data sets with the new account within 45  days or the data sets will be
             deleted.

      d.     Reassign tapes to the new account within 45 days or the tapes will be released to
             the scratch pool.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Submission Timeframe: Planning and                      NO.    100.14
            Funded Purchase Requisitions

APPROVAL: ££&! ^jjr J!                                 DATE:  7/7/93
1.0   PURPOSE

This policy establishes a common timeframe for the submission of NDPD planning and the
subsequently funded purchase requisitions (PRs) to  the Office of Acquisition  Management
(0AM).


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD staff personnel who prepare or approve NDPD planning or the
subsequent NDPD-funded purchase requisitions.


3.0   RESPONSIBILITIES

The originator of a purchase requisition must conform to  the requirements of this policy.
However, the final and ultimate responsibility rests with the appropriate NDPD Branch Chief.

The  Branch  Chief of the Program  Management and  Support Branch  is responsible for
implementing this policy, as wen as for ensuring that all approved requisitions are funded, if
required, and are submitted by NDPD to OAM within established timeframes.


4.0   POLICY

It is the policy of the Director of NDPD that all planning and funded PRs will be prepared and
submitted to NDPD in time to meet deadlines established by the OAM.


S.Q   DEFINITIONS

Planning Purchase Requisition: A preliminary, unfunded purchase requisition which identifies
purchases planned for an upcoming period, usually the next fiscal year.

Funded Purchase Requisition:   A purchase  requisition  which has  been approved by all
appropriate levels in the organization.


6.0   STANDARDS

      a.     AH planning PRs will be prepared, signed by the Branch Chief, and submitted to
            the NDPD Director's Office for final review and approval by June 1.

      b.     Planning PRs will be approved/disapproved by the Director's Office no later than
            June IS.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.14                         Page 2 of 2


      c.    All approved planning PRs will be submitted as a package from NDPD to the
            various OAM Offices at least 3 days prior to the established OAM due date,
            which differs by fiscal year.  (For FY1994 planning PRs, the due date to OAM
            is July 1, 1993.)

      d.    Final purchase requisitions for the ensuing fiscal year will be submitted by the
            appropriate Branch Chief to the NDPD Administrative Officer by October 1.

      e.    All funded PRs will be submitted to OAM within  10 calendar days  of fund
            availability, availability of GSA or EPA contracts, or by October 1, whichever
            is later.

      f.    To ensure adequate lead time within OAM, the NDPD Director will be notified
            in writing of any contract renewal or new FY start-up that has not been submitted
            to OAM by November  1, or within a month of fund availability for the start-up
            fiscal year.


7.0   PROCEDURE REFERENCES

None.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:      At-Home Use of Agency-Owned                           NO.    100.18


•APPROVAL: W**^ Cf'
-------
NDPD OPERATIONAL DIRECTIVE NO. 100.18                          Page 2 of 2


Accountability for microcomputers and peripherals removed from government facilities under
the provisions of this policy will be maintained through existing procedures.  In cases where
equipment will be used off government premises for a period of not more than 90 days, property
passes will be issued and the Property Control Office will be notified via Form N354,  Report
of Status of Government Property.  When equipment will be off government premises in the
possession of an employee for longer than 90 days, property records will be changed to show
the employee as the person responsible for the government-owned equipment.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:     NDPD PC Bulletin^ Board Services                         NO.    100.19

 APPROVAL: f^T*&£ CsW'/ <""*•'•>                                DATE:  ,
 1.0   PURPOSE

 This policy specifies the support to be provided by NDPD in the use of Agency-wide electronic
 Personal Computer Bulletin Board Services (PC BBS).


 2.0   SCOPE & APPLICABILITY

 This policy applies  to all levels of NDPD's data processing support organization and to all PC
 bulletin board services that EPA and its contractors operate.


 3.0   RESPONSIBILITIES

 NDPD is responsible for providing data processing support services to customers throughout the
 Agency. Within NDPD, the Information Centers Branch  (ICB) and  the Telecommunications
 Branch  (TCB) are  responsible for computer  support activities most  directly affected by this
 policy.   All employees of EPA, EPA  contractors, and  EPA grantees are responsible for
 compliance with the provisions of this policy.


 4.0   POLICY

 Various EPA offices support over thirty electronic bulletin board services.  These BBSs fulfill
 an essential need for communication throughout the Agency, keeping BBS  customers updated
 on strategic information.  Agency  BBSs provide services such as electronic distribution of
•documentation, notices of meetings, electronic conferencing and messaging on environmental
' areas of study, software updates, and computer programs.  As the interest in BBSs has grown
 within the  Agency, so has the  need  for better PC BBS  communications.  Advertising the
 existence of specialized BBSs is difficult for EPA offices. Various offices have requested NDPD
 to provide BBS EPA network access and advertising for PC BBSs.

 This  policy defines the NDPD  PC BBS network strategy and describes the management
 requirement associated with connecting a PC BBS to the EPA network. Software and hardware
 components necessary to provide PC BBS telecommunications services are enumerated. This
 policy outlines procedures  for applying for networked PC BBS connections and announces
 NDPD advertising support for PC BBSs. This policy defines NDPD BBS system manager and
 operator support.

 An alternative to starting a new PC BBS is using an Agency MAIL BBS.  A MAIL BBS can
 provide electronic conferencing  and binary file exchange, while retaining BBS management
 under a system manager's control.  NDPD encourages  offices investigating how to start a PC
 BBS  to discuss the capabilities of MAIL BBS with NDPD's Program Management Support
 Branch.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19                         Page 2 of 5


4.1   PC BBS MANAGEMENT

NDPD requires that an EPA employee (BBS system manager) sponsor a proposed PC BBS for
connection to the EPA network.  This employee will apply for an EPA network connection by
completing an NDPD Telecommunications Service Request (TSR).  The TSR will be submitted
to the NDPD Telecommunications Branch with a memo stating whether the proposed network
PC BBS is available for public access.  Refer to Section 4.3 for a detailed description of public
access PC BBS issues. The public access BBS system manager will ensure that there is no BBS
posting of EPA network access directions or telephone numbers. System managers converting
to public access will notify NDPD Telecommunications Branch 30 days before  conversion
occurs.  Public access through the EPA network to the BBS is prohibited and will  be blocked
electronically. Public access through the PC BBS to the EPA network is also prohibited.

Duties of the BBS system manager include:

      •    Managing the availability of the BBS.

      •    Enforcing practices to ensure that the message and file information available to
            BBS customers is appropriate and virus-free.

      •    Maintaining and upgrading the BBS hardware and software as necessary.

      •    Acting as "central point of contact" for NDPD management to resolve procedural
            problems that may arise.

The technical operations of the BBS  can be provided by the system manager or a system
operator who is sometimes a contractor.  The system operator's duties include:

            Creating bulletin board categories.
            Working with NDPD technical staff to troubleshoot telecommunications problems.
            Providing regularly scheduled tape backups for the PC BBS.
            Running virus checker programs to maintain a virus clean PC BBS.
            Purging old information.
            Performing other PC BBS software and system-related duties.


4.2   PC BBS EPA NETWORK ACCESS

Bona fide EPA employees, state agency representatives, other government agency  representa-
tives, EPA contractors, and EPA grantees will gain access to EPA PC BBSs  through the EPA
network. NDPD Telecommunications Branch will support an X.25 synchronous communications
connection to a PC BBS, giving customers 9.6 kb or 19.2  kb access through EPA's packet
switched network.  The X.25 PC BBS communications link can, theoretically, provide service
for up to 64 concurrent customers.   Network service levels will vary with  the speed of the
bulletin board service PC, the number of simultaneous customers, and the type of network traffic
generated by the customers (i.e., file transfer vs. reading BBS Email).

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19                          Page 3 of 5


4.3   PUBLIC ACCESS TO EPA PC BBSs

This policy defines public access to a BBS as totally unrestricted access to an Agency-sponsored
PC BBS.  Typical customers who are not classified as public access include EPA personnel,
EPA-related  contractors,  EPA-specified grantees, and members of EPA-associated state and
government organizations.

Public access to the PC BBS using the EPA network is prohibited.  A system manager of a
public access BBS must service these customers by request from NDPD for dial-in lines or toll-
free number lines to the BBS. Toll-free lines will be directly connected to the BBS and paid for
by the system manager's organization. Public access PC BBSs will be blocked from using toll-
free exchanges that permit direct access to the EPA network.

The technology connecting a public access BBS to the EPA network simultaneously provides
service to customers from the EPA network without interfering with dialup public access.  The
BBS can service both  types of customers at the same time since the telecommunication traffic
is not being mixed between dialup and EPA network access. It is the responsibility of the PC
BBS system  manager that public access  users do not gain  access  to  EPA network dialup
procedures or telephone numbers, but remain limited to the direct dialup services of the PC
4.4   HARDWARE AND SOFTWARE REQUIRED FOR EPA NETWORK ACCESS

NDPD is certifying standard BBS telecommunications hardware, PC hardware, and PC BBS
software for EPA BBSs. Galacticomm is the only vendor whose BBS communications hardware
and software have been certified and approved with NDPD.

Certification of other BBS hardware and software configurations is possible.  The requesting
office must set up a working PC BBS at the RTF National Computer Center and invest several
days testing a proposed configuration onsite with the Telecommunications Branch support staff.
BBS system managers can obtain more information about the certification program by contacting
the NDPD Telecommunications  Branch.   It is anticipated that from two to five certified
configurations will be supported in FY1992.

The difference between a certified and noncertified PC BBS is that NDPD will provide software,
telecommunications, and  hardware  system operator  support  only  for certified  BBSs.
Noncertified PC BBSs can be connected to the network, but the Telecommunications Branch will
support telecommunications up to the PC.  PC hardware and software troubleshooting will not
be provided for noncertified BBSs.

Noncertified PC BBS configurations will be studied when an office submits a BBS TSR. NDPD
Telecommunications Branch will develop the best technical solution for connecting the BBS to
the EPA network.

Reference Section 4.8 for further information about NDPD PC BBS support.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19                         Page 4 of 5


4.5    RESPONSIBILITIES FOR FUNDING PC BBS NETWORK ACCESS

The Telecommunications Branch will decide whether connecting a specific BBS to the EPA
network will result in a telecommunication savings to the Agency. This analysis will be based
on usage data for grandfathered BBSs, projected usage  for  proposed BBSs,  number of
simultaneous EPA customers, and projected BBS longevity. This information must be submitted
with the BBS Telecommunications Service Request.

If placing a BBS on the EPA network is not a substantial savings to the Agency, the owner of
the BBS system must fund (non-timeshared funds) all telecommunication costs for connecting
the BBS to the network. The owner will fund NDPD-supplied modems and a dedicated line for
the EPA network connection. If the BBS is available for public access,  the owner will always
fund all telephone dial-in lines and any toll-free requested lines.  The BBS system manager can
contact the  NDPD Telecommunications Branch for an estimate of the costs associated with
network access.

The BBS system manager will purchase the BBS PC hardware and software.


4.6    PROCEDURE FOR APPLYING FOR BBS NETWORK ACCESS

The BBS system manager must complete a BBS TSR and a memo stating whether or not the
proposed BBS will be made available for public access. The TSR must be signed by the system
manager's EPA ADP coordinator or IRM chief.  The TSR must include a BBS deployment
schedule, software and hardware  configuration, and  information requested in  Section 4.5.
NDPD Telecommunications Branch will process the BBS TSR and provide the installation cost
and yearly cost estimate to the submitting office.  The office will then  furnish NDPD with a
reimbursing purchase requisition.


4.7    ADVERTISING BBS ACCESS TO EPA CUSTOMERS

At the discretion of the system manager,  the appropriate user communities will be notified of
each newly established BBS service. Each Region will have BBS as a telecommunication service
selection on the EPA network.  NDPD will include a listing of the BBS in the National Locator
System and  telephone directories.


4.8    SOFTWARE/HARDWARE/TELECOMMUNICATIONS SUPPORT

NDPD Telecommunications Branch will provide network and dial-in line troubleshooting support
in cooperation with the BBS system manager. NDPD Information Centers Branch will provide
BBS system operator support for each certified software configuration.  BBS system operator
support is NDPD Information Centers Branch (ICB) provided telephonic support for BBS system
operators who need certified software  setup, troubleshooting, and/or consultation assistance.

When new bulletin board software and hardware is certified by the NDPD Telecommunications
Branch, NDPD Information Centers Branch will obtain the software, hardware, and  training
necessary to support the new certified  BBS system operators.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.19                         Page 5 of 5


4.9    SYSTEM OPERATOR/SYSTEM MANAGER SPECIAL INTEREST GROUP

NDPD will establish an Agency MAIL-based BBS (named PCBBS) for system managers and
system operators.  ICB will be responsible for the management of the PCBBS Email bulletin
board.  PCBBS will provide improved communications among BBS system managers, system
operators,  Information Centers Branch  software support,  and Telecommunications Branch
support staff. PCBBS will provide such services as announcing scheduled network maintenance,
status of network problems, availability of new software releases, and information on common
points of interest.

NDPD Telecommunications Branch will notify NDPD Information Centers Branch when a new
-PC BBS joins the EPA network. This notification will alert NDPD Information Centers Branch
that an additional system manager is to be added to the PC BBS MAIL system. The notification
will indicate the type of bulletin board software used by the new BBS.


4.10   DEFINITIONS

BBS System Manager:  EPA employee legally responsible for management of an Agency BBS
as described under Section 4.1.  A contractor may not be a  BBS system manager.

BBS System Operator: EPA or contractor technical support employee who provides day-to-day
BBS operational, troubleshooting, and user support.  The BBS system manager may be the BBS
system operator.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Macintosh Support                                       NO.    100.20

APPROVAL:  j&ftT^'&jJtf**^                                DATE: ?////?/
                             ?. .,                                            'tii



1.0   PURPOSE

This policy delineates the position of the National Data Processing Division with  respect to
     iing direct support related to the use of Macintosh microcomputers.
2.0   SCOPE & APPLICABILITY

This policy is Agency-wide in scope, and applies to all levels of NDPD's data processing
support organization.


3.0   RESPONSIBILITY

The Director, NDPD, is responsible for providing data processing support services for users
throughout EPA.  Within NDPD, the Information Centers Branch and the Telecommunications
Branch are responsible for computer support activities most directly affected by this policy.
However, all employees of NDPD and its contractors are responsible for compliance.


4.0   POLICY

Within EPA, the Apple Macintosh (Mac) has been a supported computing platform for specific
applications for several years.  Macintosh equipment has been available to EPA offices through
contracts administered by NDPD, and the Mac has become an integral part of the workplace in
some offices. NDPD will continue to provide limited support for Macintosh computers, but only
when  those computers are being used for scientific applications for which  solutions are  not
available in the MS-DOS environment,  or when those computers are being used as desktop
publishing systems.  This policy is based  on economies of scale and the dominance of available
DOS-compatible products for computing and  telecommunications, and  not  on the merits of
Macintosh versus MS-DOS computer architecture.


4.1   VIABILITY OF ONGOING SUPPORT

A trend has been identified in requests for support from the Macintosh user community that
indicates Macintosh computers are being used for purposes other than those for which they were
intended. Requests for support and services reveal a growing use of Macs for general office
computing.  These requests have been accompanied by petitions for networking and file transfer
capabilities comparable to those available to MS-DOS users. The resource expenditures required
to satisfy this growing demand for support and services are not justifiable in terms of the overall
percentage of microcomputers in the Agency represented by the Macintosh, as opposed to the
more widely-used MS-DOS PCs.

-------
NDPD OPERATIONAL DIRECTIVE NO. 100.20                         Page 2 of 2


4.2    SOURCES OF SUPPORT FOR THE MACINTOSH

Because the delivery of general Macintosh support on a national scale is not cost effective,
NDPD will provide centralized direct support for the Mac only insofar as it is being used as a
scientific workstation or as a desktop publishing system. Requests for such support should be
directed to NDPD.


4.3    FILE EXCHANGE BETWEEN THE MACINTOSH AND OTHER COMPUTING
       ENVIRONMENTS

NDPD supports hardware and software tools that enable MS-DOS users to conveniently transport
files across hardware and geographic boundaries. The duplication of file transfer mechanisms,
or the addition to in-place mechanisms of a Macintosh/MS-DOS file transfer capability, is not
cost justifiable.  Therefore, when individual users and groups who elect to use Macintosh
computers  rather  than  MS-DOS  machines  need to transfer files across  platforms,  the
responsibility for providing and maintaining that capability lies with those individuals or groups.


4.4    NETWORKING OF MACINTOSH COMPUTERS

The fundamental differences between Apple Macintosh architecture and MS-DOS architecture
impede easy networking between those environments. NDPD fully supports connectivity to the
national telecommunications network for MS-DOS  computers.  Complete duplication of
supported telecommunications  services  for the Macintosh is not cost justifiable.  However,
VAX/PCSA, a connectivity link to the DEC VAX environment for both MS-DOS and Macintosh
microcomputers, is fully supported. This  service is cost-effective, since Macintosh support is
bundled into the product along with support for MS-DOS computers.

The NDPD Telecommunications Branch will not assist with the installation or maintenance of
Apple local area networks.  Based on available expertise and resources, individual information
centers may elect to support local Macintosh networks at their respective sites.  Offices at
Headquarters and in RTF must obtain prior approval from NDPD before installing wiring for
any local area network.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NDPD Customer Support,Services                         NO.    110.01

APPROVAL:   jfl^i  ,.^<^N                                DATE: ?/23/?/
1.0   PURPOSE

This policy establishes operational conditions and objectives for the Customer Support group.


2.0   SCOPE & APPLICABILITY

This policy  applies  to all  NDPD  and FM contractor staff personnel responsible for  the
management and operation of the Customer Support group.


3.0   RESPONSIBILITIES

The FM contractor will develop, update, and monitor procedures to implement this policy.

The FM contractor will adhere to NDPD policies and perform the tasks necessary to meet policy
objectives.

The FM contractor will establish and maintain a source of assistance for customers in meeting
their computer needs. This customer support will be available for walk-in customers as well as
for customers telephoning for assistance.

FM contractor management personnel will ensure that staffing of the Customer Support group
is in compliance with the Government's direction.


4.0   POLICY

      a.   Hours of operation will be from 8:00 a.m. to 7:00 p.m. (Eastern  time), Monday
           through Fnday (except for holidays and declared emergency shutdowns).

      b.   Appropriate customer calls/requests  will be entered into a problem management
           system and assigned a tracking number.

      c.   A matrix of skill levels for  the Customer Support group will be  maintained,
           denoting the capabilities of individual staff members.

      d.   Customer Support personnel will be responsible  for updating assigned problem
           management records.

      e.   The Customer Support Supervisor will ensure that customers whose jobs were
           canceled the previous  day are contacted  and  timeshare refund procedures  are
           explained.

      f.   The  Customer  Support Supervisor  will ensure that News Alerts are  properly
           prepared, installed, and maintained.

-------
NDPD OPERATIONAL DIRECTIVE NO. 110.01                          Page 2 of 2


      g.  The Customer Support Supervisor will monitor response time by contacting selected
          customers on a regular basis.

      h.  The Customer Support group will strive to resolve customer problems as soon after
          identification as possible in order to provide the highest level of service to the
          customer community.   Problems will be escalated  in accordance with  Problem
          Management procedures.

      i.   Customers  reporting problems will be contacted within  24 hours, except on
          weekends and holidays, and advised of the progress made in seeking a solution to
          their problems.

-------
TITLE:
    U.S. ENVIRONMENTAL PROTECTION AGENCY
     NDPD OPERATIONAL DIRECTIVES MANUAL

Customer Memo Preparation and
Dissemination
APPROVAL:
NO.    110.03


DATE:  9/13/t/
1.0   PURPOSE

This policy provides guidance for the preparation and dissemination of Customer Memos and
'   '       ification of the approvals required.
2.0   SCOPE & APPLICABILITY

This policy applies to all EPA NDPD and contractor personnel who either create, process,
and/or approve Customer Memos.  This applies to IBM, Prime, VAX, PC, and LAN services
provided by NDPD.
3.0   RESPONSIBILITIES
Author
Immediate
Supervisor
       • Prepares memo.
       • Completes Form N406, Draft Checklist for Customer Memos: staples
         the form to the memo; and  delivers or forwards both the form and
         memo to his immediate supervisor.
       • Makes changes as directed throughout the process, annotating Form
         N407, Approval Checklist for Customer Memos.

       • Reviews/revises memo to ensure that information is necessary, timely,
         detailed (to the appropriate level), technically accurate, and complete.
       • Completes Forms N406 and  N407 as appropriate.
Security
Officer
         Reviews memo to determine if it contains sensitive data and denotes
         findings on Form N406.
Publications
Supervisor or
Technical
Writer/Editor
       •  Reviews/revises memo to ensure that memo is organized, coherent,
          clear, and concise, and that it is free of grammatical, punctuation, and
          spelling errors.
       •  Revises memo as necessary.
       •  Delivers final memo with attached Forms N406 and N407 to Memo
          Specialist.
       •  Proofreads final copy, checks it against approved version, and verifies
          that all changes have been made accurately.
 |  Indicates Change

-------
NDPD OPERATIONAL DIRECTIVE NO. 110.03
                                                    Page 2 of 3
Memo
Specialist
   Follows established procedures  for entering memo into Customer
   Memo  system  and for  obtaining approval copy  (logging memo,
   creating input and output files, proofing and correcting  data entry,
   etc.).
   Files draft memo and Form N406.
   Prints approval copy of memo, attaches Form N407, and forwards to
   author.
   When received from NDPD Branch Chief, revises memo and forwards
   final copy to Publications.
   When received from Publications, follows established procedures for
   processing and distributing Customer Memos in the Customer Memo
   system.
   riles approval version of memo and Form N407.
NDPD Technical
Manager
•  Reviews memo for technical/informational accuracy and conformity
   to NDPD policy; alters memo as necessary.
•  Completes Form N407 as appropriate.
NDPD Branch
Chief
•  Verifies that appropriate Unisys and NDPD staff Chief have reviewed
   the memo and approves or disapproves the memo for  final edit and
   distribution.
•  Completes Form N407 as appropriate.
4.0   POLICY

    a.  Customer Memos identify significant data processing events that will have an impact
        on the NCC customer community.

    b.  The author monitors the progress of the Customer Memo through the system.

    c.  Normal processing time (ready for mailing) for Customer Memos is 2 weeks.  The
        approving NDPD Branch  Chief will be notified immediately by the author if
        processing exceeds the 2-week limit.

    d.  Emergency Customer Memos will be prepared, approved, and ready for mailing within
        4 work days.  The author facilitates the process.

    e.  When a memo has completed the approval process, no changes will be made to it
        unless those changes are in writing and are approved by the appropriate NDPD Branch
        Chief.

    f.  Customer Memos are distributed to the following:

        (1)  Registered customers who have indicated their desire to receive Customer Memos
            through their established profiles.

        (2)  Project Managers/ADP Managers/ADP Coordinators.

        (3)  Personnel identified as  "need to know" but not registered as customers on NCC
            systems.

|  Indicates Change

-------
NDPD OPERATIONAL DIRECTIVE NO. 110.03                          Page 3 of 3
    g.   Customer Memos will be prepared and distributed as separate, hardcopy documents.
         However, after June 11, 1991, only those customers who have returned the Interest
         Key form (Customer Memo 762) will continue to receive hard copies.

    h.   Customer Memos will be available for retrieval and customer site printing from on-line
         data files.

    i.   Applicable information published in Customer Memos will be incorporated in the on-
         line Customer's Reference Guide within 30 days from mailing.

    j.   Personal computer information will be disseminated through PC Site Coordinators via
         the EPA Email system.

    k.   LAN information will be disseminated through the LAN Administrator via the EPA
         Email system.

    1.   All Emails used to communicate with PC Site Coordinators and LAN Administrators
         will be posted to the PC Bulletin Board maintained by the Washington Information
         Center tor a period of 1 year.

    m.  The LAN technical guidelines will  be updated  with  information  from the LAN
         Administrators' Emails  as appropriate.


5.0   DEFTNTnONS

Examples of items that would require a Customer Memo are as follows:

    a.   A 30-day change notice (see NDPD Policies 210.04, 220.04, 230.04, and 240.04).

    b.   A change in scheduled operations.

    c.   Advertisements/changes to training offerings.

    d.   Rate/policy changes which directly affect customers.
   Indicates Change

-------
                   U.S. ENVIRONMENTAL PROTECTION AGENCY
                    NDPD OPERATIONAL DIRECTIVES MANUAL

   TITLE:   Electronic Broadcasts of Customer Information            NO.:         110.04

   APPROVAL: i^^C S ../'  -.'•                            DATE:   ?/ZJ/?/



   1.0   PURPOSE

   This policy provides guidance for the preparation and processing of Electronic Broadcasts of
   customer information on NCC computer systems. This information is of short-term duration,
   time critical, or a reminder to the customer of important issues (i.e., Customer Memo).


   2.0   SCOPE & APPLICABILITY

   This policy applies to all EPA NDPD and contractor personnel, and to all  customers with
   interactive access to NCC computer systems.


   3.0   DEFINITION

   Electronic  Broadcasts are informational messages whose titles appear at a customer's terminal
   when he signs on to NCC computer systems.  In addition, the Broadcast titles appear on header
   pages of all printed output. (Also known as News Alerts.)


   4.0   RESPONSIBILITIES

   The author of an Electronic Broadcast is responsible for conforming to established formats and
   procedures as issued by Customer Support.

   Customer Support, as the broadcast issuing party, is responsible for monitoring and controlling
  'Electronic  Broadcasts.

   In addition, Customer Support is responsible for developing and supplying authors and other
   qualified personnel with procedures for implementing this policy.


   5.0   POLICY

        a.   Only time-critical information or notification to customers of important issues will
             be approved for Electronic Broadcast.

        b.   Authors must conform to established formats and procedures.  This information is
             available  from Customer Support.  In general, the procedures for Electronic
             Broadcasts are as follows:
|   Indicates revision.

-------
   NDPD OPERATIONAL DIRECTIVE NO. 110.04                         Page 2 of 2
             (1)   Author creates an on-line data set containing the desired information.  He is
                   responsible for the data set's contents and for identifying the length of time it
                   is to remain on the system. He must provide a contact name and telephone
                   number where customers can call for clarification or additional information.

             (2)   Customer Support reviews the information for any conflict with NDPD policy.

             (3)   Customer Support issues an Electronic Broadcast to point the customer to the
                   appropriate on-line data set.

             (4)   Customer Support will not respond to requests for clarification of information
                   in Electronic Broadcasts submitted by Application System Managers, but will
                   refer the customer to the contact provided in the on-line data set.

        c.   The time that the cust9mer may be able to access the information will depend on the
             nature of the information.  Customer Support is responsible for the maintenance and
             enforcement of information availability.
        d.
Non-Application System Managers may also use the Electronic Broadcast mechanism
for time-critical information in accordance with Customer Support procedures.
|   Indicates revision.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:   Micro/Minicomputer-to-Mainframe File Transfer           NO.:        110.05

APPROVAL;                                                 DATE;
1.0  PURPOSE

Commonality among hardware and software components is required to operate the National
Computer Center network and to adhere to EPA's existing and planned computer architectural
strategy for compatibility of applications and connectivity.  This policy ensures consistency in
the selection and use of software in the EPA environment.

This policy was designed to:

     a.   Prevent software acquisitions that threaten EPA's ability to provide quality support
          to the customer community.

     b.   Provide a compatible environment for applications.

     c.   Preserve the stability and performance of the Agency's telecommunications network.

     d.   Avoid new procurements of software packages that provide capabilities already
          supported.


2.0  SCOPE & APPLICABILITY

This policy is applicable to all  EPA organizations and their  employees, and to personnel of
agents  (including State agencies, contractors, and grantees) of EPA who are  involved in the
design, development, acquisition, operation, and maintenance  of the Agency's  network.

The following file transfer software packages have been approved by NDPD and will be fully
supported by EPA:

     a.   KERMTT: This software is used for asynchronous ASCII data connections.

     b.   SEND/RECEIVE Compatibles:  PC 3270 board software packages that operate with
          the IBM Host program INDSFILE are installed and supported on all Agency IBM
          mainframes.

     c.   ARBITER: This software is used for a micro-to-mainframe  link.

Items b. and c. above are also supported on Agency token-ring LAN's via LAN SNA gateways.
Indicates revision.

-------
    NDPD OPERATIONAL DIRECTIVE NO. 110.05                          Page 2 of 3
    Two additional file transfer packages are supported with some restrictions:

         a.    Software AG's NATURAL Connection is  supported for ADABAS/NATURAL
              applications by Data Base  Support Services.  Prior written approval  must be
              obtained from the NDPD Central Data Base  Administrator.

         b.    SAS CONNECT is supported by Customer Support Services with written approval
              from the NDPD Customer Services Technical Manager.


    3.0   RESPONSIBILrnES

    NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
    policies for needed modification and/or enhancement, and will provide technical support for all
    Agency file transfer software.

    NDPD will provide access to the Agency file transfer capabilities from anywhere within the
    Agency's telecommunications network.

    NDPD will provide customer support for problem determination and resolution relating to file
    transfer packages.

    NDPD will coordinate, maintain, and inform customers of all revisions to file transfer packages
    installed on Agency PC's, gateways, and mainframes.

    NDPD will maintain and support file transfer packages  in a manner that provides acceptable
    performance and throughput levels.


    4.0   POLICY

        a.    To receive NDPD operations support, all file transfer software other than those
              Agency-approved packages mentioned above must be approved in writing by the
              NDPD Director.

        b.    Each customer request for file transfer software package support will be reviewed
              on a case-by-case basis by the NDPD to determine compatibility and an appropriate
              level of support.  Requests must be submitted in writing to the Director, NDPD, in
              the form of a Telecommunications Service Request (TSR), or a memorandum. The
              NDPD "Decision Paper Process" will be used to document and formulate a support
              decision for all new packages.
|   Indicates revision.

-------
NDPD OPERATIONAL DIRECTIVE NO. 110.05                        Page 3 of 3
5.0  DEFINITIONS

File Transfer Through Gateways        At present,  the only technology available for file
                                   transfer  through minicomputer SNA  gateways  is
                                   Remote Job  Entry (RJE).  RJE allows  only 80-byte
                                   card image inputs and 132-byte card and print image
                                   inputs.  Examples of such gateways include Prime,
                                   VAX, Perkin Elmer,  Data General, Unisys, Harris,
                                   Hewlett Packard, Plexus, and IBM minicomputers.
Indicates revision.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDFD OPERATIONAL DIRECTIVES MANUAL

TITLE:     WIC Technical Center Operation                           NO.    120.01

APPROVAL:     *Ai &Jv^l                                DATE: 1///S7
1.0   PURPOSE

These policies identify the primary functions  of the Technical Center at the Washington
Information Center.


2.0   SCOPE & APPLICABILITY

These policies establish support requirements which  are to be made available to all EPA and
contractor personnel,  either on an informal, one-time basis or through  a formal service
agreement.  Formal service agreement customers will be granted priority service.


3.0   RESPONSIBILITIES

Technical Center personnel are responsible for providing ADP assistance in the microcomputer,
word processing and mainframe areas. Additionally, the Center will provide microcomputer and
mainframe graphics support.


4.0   POLICY

Personnel at the Washington Information Center will:

      a.     Provide consulting services in the areas of:

             (1)    Configuration planning, equipment installation,  equipment start-up and
                   recovery.

             (2)    Procurement  guidance, providing assistance in requirements analysis and
                   recommendations.

             (3)    General consulting services (i.e., general purpose development, applica-
                   tions consultation, debugging assistance, peripheral interface support, data
                   transfer and conversion assistance, personal training services, graphics and
                   data access support).

      b.     Provide seminars to  develop novice, intermediate, and advanced levels of ADP
             expertise.

      c.     Assist in the organization and  development of user groups where an interest is
             expressed and maintained for any area of ADP.

-------
NDPD OPERATIONAL DIRECTIVE NO. 120.01                          Page 2 of 2

      d.     Produce a monthly publication to keep users abreast of current events  as they
             pertain to the Agency's policies and procurement of office automation equipment.
      e.     Hours of operation will be from 8:00 a.m. to 5:00 p.m., Monday through  Friday,
             except for holidays or declared emergency shutdowns.
      f.     Provide conference space for computer-related meetings.
      g.     Host an annual open house and a hardware/software show.
      h.     Maintain a library of technical manuals covering Agency standard hardware and
             software.
      i.     Provide assistance to EPA and contractor facilities personnel in the start-up and
             operations of field information centers.
      j.     Provide access to various terminals, PC's, graphics and optical scanner equipment
             on a limited basis.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     WIC Weekend Processing                                 NO.    120.02

APPROVAL: A^kC ,V 'A < i'                                 DATE:  '
1.0   PURPOSE

This policy specifies weekend services provided by the Washington Information Center (WIC).


2.0   SCOPE & APPLICABILITY

This policy applies to all personnel at the Washington Information Center.  Services described
are for EPA and contractor personnel using the WIC computing facilities.


3.0   RESPONSIBILITIES

The FM contractor is responsible for adequately staffing the WIC in order to provide users with
weekend processing support. All personnel at the WIC will be instructed in weekend processing
procedures. An updated list of on-call personnel will be maintained and readily available.


4.0   POLICY

         a.    Production Services will be provided to all EPA and EPA contractors at the I/O
              window until 4:30 p.m. on Saturday.  The I/O window will reopen for service
              at 10:00 a.m. on Sunday and remain open until 6:00 p.m.

         b.    Telephone support from the Computer Operations group will be available from
              7:00 a.m. to 5:00 p.m. on Saturday, and from 10:00 a.m. until 6:00 p.m. on
              Sunday.

         c.    All print and special forms requests submitted to the WIC will be printed by
              end-of-day processing.

         d.    Telecommunications user support will be provided via telephone.

         e.    The Technical Center will provide telephone user  support between the hours of
              9:00 a.m. and 5:00 p.m. on Saturday, and from 10:00 a.m. until 6:00 p.m. on
              Sunday.

         f.    The Technical Center and the Terminal Room will be open on Saturday until
              4:30 p.m. and on Sunday until 6:00 p.m. for use by EPA and contractor
              personnel.

         g.    The WIC will be closed from 5:00 p.m., Saturday, until 10:00 a.m., Sunday.
              It will be closed again at 6:00  p.m. (or upon completion of end-of-day pro-
              cessing)  until 7:00 a.m., Monday.
   Indicates change.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     WIC Payroll Processing                                  NO.    120.04

APPROVAL:       M  £..?.'   ^                                 DATE:
1.0   PURPOSE

These policies specify processing  requirements  for the EPA payroll at the Washington
Information Center.


2.0   SCOPE & APPLICABILITY

These policies apply to all personnel at the Washington Information Center and all EPA payroll
officers and contractors.


3.0   RESPONSIBILITIES

The WIC processes payroll for the EPA on a biweekly schedule on Tuesday night between 1600
	• A A i\r\ t	  T?	A.	 _^^.AALL^. MM.MMII /I_?L7*V "DAM^I T*An«t«mt AM si A «trom10\ infAmnafrmn
and 2400 nours.  Four tapes containing payroll (EFT, Bond, Treasury, and Awards) information
are transmitted from the NCC-IBM to the 4381 at the WIC.  The Chief, WIC, will maintain the
IBM 4381 as a disaster backup site for the Payroll system on the mainframe computer.
4.0   POLICIES
      a.    The NCC-IBM operator will call and give the WIC operator job numbers for the
            EFT, Bond, Treasury, and Awards tapes.

      b.    The WIC second shift operator will reconfigure the 4381  for processing the
            payroll on scheduled nights.

      c.    The WIC operator will log on to the NCC-IBM 3090 to track the payroll tapes.

      d.    The WIC operator will mount, copy, and scan the tapes for errors.

      e.    The payroll tapes will be forwarded to WIC I/O Control for distribution to the
            payroll bin located at the WIC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
 TITLE:     WIC PC Systems Support                                 NO.    120.07
 APPROVAL:       J .   -  ..', , ;                                  DATE:
 1.0    PURPOSE
 This policy identifies the primary functions of the PC Systems Support Group at the Washington
 Information Center (WIC).
 2.0   SCOPE & APPLICABILITY
 This policy establishes support requirements which are to be made available to all EPA and
 contractor personnel whose offices are participating in the WIC's Operational Service Agreement
 (OS A) program. Offices not participating in the OS A do not receive  systems support from the
 WIC.  Provided support will be within the confines of sound operational and security practices
 as defined in other NDPD policies and directives.
 3.0   RESPONSIBILITIES
•The Information Center's Branch Chief is responsible for defining the services to be offered by
 WIC and for overseeing the implementation of the OSA that is signed by Headquarters offices.
 Systems Support personnel are responsible for providing support for microcomputer equipment
 and software.
 4.0   POLICY
 Personnel in the Systems Support Group will:
       a.     Respond  to incoming calls for  installation and troubleshooting assistance in
             support of Agency approved/purchased hardware and software.  The Group will:
             (1)   Monitor the dispatch desk from 8:00 a.m. to 5:00 p.m. , Monday through
                   Friday.
             (2)   Maintain a log of all incoming calls, assign "ticket numbers" to each call,
                   and route the calls to appropriate members in the Group.
             (3)   Respond to hardware and software troubleshooting calls within 2 working
                   hours after a request is received.
             (4)   Complete hardware installation calls within 3 working days after a request
                   is received.
             (5)   Complete  software installation calls for  Agency  approved/purchased
                   software within 5 working days after a request is received.
             (6)   Maintain a data base of resolutions to problems, parts replaced, etc.

-------
NDPD OPERATIONAL DIRECTIVE NO. 120.07                          Page 2 of 2
             (7)    Analyze the data base on a quarterly basis to identify recurrent problems.
                   Advertise problems through training classes or other methods of communi-
                   cation (e.g., newsletters, user memos, etc.).

       b.     Serve as the liaison between Headquarters offices and third party maintenance
             vendors who need to be contacted to repair equipment. The Group will contact
             the  vendor, report a  suspected problem, and monitor the performance of the
             vendor to ensure that service calls are responded to within 8 working hours after
             a call has been placed.  If equipment is not repaired within 16 working hours
             after a service call is received,  the WIC will coordinate the installation of leaner
             equipment (provided by  the  third  party  vendor)  to replace  the hardware
             experiencing problems.

       c.     Maintain the EPA PC Bulletin Board Service (BBS):

             (1)    The Bulletin Board will remain operational 95 percent of the time during
                   a 24-hour period.

             (2)    New files for the Bulletin Board will be tested for viruses and uploaded
                   to the system within 10 working days after their receipt.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      WIC PC Satellite Support                                 NO.    120.08

APPROVAL: &:  *  v        ..                                  DATE:
1.0   PURPOSE

This policy identifies the primary functions of the PC Satellite Support Group at the Washington
Information Center.


2.0   SCOPE & APPLICABILITY

This policy establishes support requirements which are to be made available to all EPA and
contractor personnel whose offices are participating in the WIC's Operational Service Agreement
(OSA) program.  Offices not participating in the OSA do not receive satellite support from the
WIC.  Provided support will be within the confines of sound operational and security practices
as defined in other NDPD policies and directives.


3.0   RESPONSIBILITIES

The Information Center's Branch Chief is responsible for defining the services to be offered and
for overseeing the implementation of the OSA that is signed by Headquarters offices.  PC
Satellite Support Group personnel are responsible for providing onsite assistance to Headquarters
offices in the areas of microcomputers, word processing, local area networks, PC  graphics, and
PC/mainframe data access support.


4.0   POLICY

PC Satellite Support Group personnel provide assistance in the areas requested by their Program
Office sponsors.  Therefore, the scope  of  work performed by these individuals varies from
  jgram Office sponsor.

      a.     Serve as liaison between the NDPD and the EPA Program Office.

      b.     Respond to incoming hardware and software calls within 4 working hours after
             receipt of call.

      c.     Determine whether a call should be referred to the WIC and contact the WIC for
             assistance as necessary.

      d.     Complete hardware installations within 3 working days after receipt of equipment.

      e.     Complete software installation within 5 working days after a request is received.

      f.      Resolve  software troubleshooting calls within 8 working hours after the initial
             response is made.

-------
NDPD OPERATIONAL DIRECTIVE NO. 120.08                           Page 2 of 2
      g.     Complete hardware calls within 16 working hours after the initial response is
             made.

      h.     Provide one-on-one and informal seminar training within 4 weeks after a request
             is received from an office.

      i.     Conduct an informal  meeting with a user within 2 weeks after an  individual
             within the office attends a full-day WIC training course.

      j.     Establish  and maintain a PC inventory for  the  EPA office.   This  entails
             determining serial numbers for hardware, determining the software installed on
             all PC systems within the office, and  entering inventory information into an
             automated PC inventory tracking system.

      k.     Completing procurement requests within 2 weeks after they are requested by the
             Program Office.  Based on guidance provided by the office, the specialist will
             determine a purchasing mechanism for the hardware or software desired,  gather
             necessary pncing information, and provide the Program Office with complete
             ordering  information.  The analyst will also be responsible for tracking all
             outstanding procurements, using an automated tracking system developed for the
             office.

      1.     Provide assistance or complete Telecommunications  Service Requests (TSR's)
             whenever they are required.  Specialists serving as LAN System Administrators,
             in particular,  will ensure that all the necessary paperwork is completed as the
             LAN plan and installation proceed.

      m.    Perform hardware and software evaluations as requested by the Program Office.
             These evaluations will encompass  both  new and upgraded products.  A written
             report will be provided to the Program Office and the Technology Assessment
             Program as each evaluation is completed.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      WIC Unix, GIS, and Minicomputer Services                 NO.    120.09

APPROVAL:
1.0    PURPOSE

This policy identifies the primary functions of the Unix, Geographical Information Systems
(GIS), and minicomputer support group at the Washington Information Center (WIC).


2.0    SCOPE & APPLICABILITY

This policy establishes support requirements which are to be made available to all EPA and
contractor personnel  whose  offices  are participating in the WIC's Operational  Services
Agreement (OSA) program.  Provided support will be within the confines of sound operational
and security practices as defined in other NDPD policies and directives.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0    RESPONSIBILITIES

The Information Centers Branch Chief is responsible for defining the services to be offered and
for overseeing the implementation of the OSA that is signed by Headquarters offices. The Unix,
GIS,  and minicomputer support  group  personnel are responsible  for onsite  assistance to
Headquarter offices in the areas of Unix, GIS, minicomputer, mini/mainframe data access under
technical guidance and coordination from NDPD Unix, Data General, GIS, and VAX central
support staffs.


4.0    POLICY

Unix, GIS, and minicomputer support group personnel provide assistance in the areas requested
by their program office sponsors. The  scope of work performed by these individuals varies
from person to person based on the requirements of the program  office. Tasks performed by
the analyst encompass the entire realm of data  processing  support with the exclusion of
application programming, data entry, and tasks that would be interpreted as personal  services.


5.0    DEFINITIONS

See Operational Service Agreement.


6.0    STANDARDS

The Operational  Service Agreement describes the duties to be performed and measurements
specific to the program office needs.  Other duties, however, can be added  as needed upon the
review/approval of the EPA Technical Monitor.

-------
NDPD OPERATIONAL DIRECTIVE NO. 120.09                        Page 2 of 2


7.0   PROCEDURE REFERENCES

See Satellite Workplan.  Also see weekly reports, monthly reports, ad hoc reports,  meeting
minutes, quarterly evaluations, and quality cards submitted to the EPA Technical Monitor.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:     Central Data Base Administration                         NO.    130.01

 APPROVAL: jv-^. SiJleJz                               DATE:
 1.0   PURPOSE

 This policy governs the administration of the Central Data Base Management Environment,
 which  includes  CICS and  AD ABAS,  mainframe  RDBMS,  and  any accesses to these
 environments (e.g., through  CICS, TSO, Batch, FOCUS, Extract/A, PCLANs, APPC, and
 GUI).


 2.0    SCOPE & APPLICABILITY

 This policy establishes the responsibilities of individuals and organizations using or providing
 central data base environment such as the following:

            End users, ad hoc users, and developers.
            Application Data Base Administrators (ADBAs).
            Application System Managers (ASMs).
            Data Administrators (DA).
            CICS System Administrator (SA).
            Data Base Administration.
            Central Data Base Administrator.


 3.0    RESPONSIBILITIES

,3.1    CENTRAL DATA BASE ADMINISTRATOR (CDBA)

 The CDBA is responsible for  the establishment, operation, performance, maintenance, and
 security of the ADABAS central data base environment.


 3.2    TECHNICAL CONSULTANT (TC/DBSS)

 The TC/DBSS supports the CDBA function as support staff by performing all required central
 environment reviews.   Through telephone reviews, the TCs help  the  ADBAs develop
 applications that meet the performance requirements and standards of the Central Environment
 in a cost-effective manner.


 3.3    DATA ADMINISTRATOR

:The Data Administration function is performed under the general direction of the Office of
 Information Resources Management (OIRM) and is directed toward managing data as an Agency
 information resource and ensuring the appropriate use of Data Base Management System
 (DBMS) technology.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01                          Page 2 of 5


3.4    APPLICATION DATA BASE ADMINISTRATOR

Each application using a central DBMS environment will be supported by an ADBA.  The
ADBA serves in a role similar to that of the DA and the CDBA, except that he/she focuses on
individual applications.


3.5    CICS SYSTEM ADMINISTRATOR (SA)

The SA supports the CDBA in fulfilling his/her responsibilities with regard to CICS.


3.6    APPLICATION SYSTEM MANAGER

The ASM is responsible for those functions ordinarily performed in the context of computer
application system development.   For new applications, this includes the feasibility study,
general and detailed system design, program development, system testing, acceptance testing,
and implementation.   For  production applications,  this includes testing  and implementing
changes, corrections, and enhancements. The ADBA is responsible for this role if the ASM is
not assigned.


3.7    USERS

Users are responsible  for adhering to all policies, procedures, and security requirements, and
for using the central environment in an efficient and responsible manner.


4.0    POLICY

Any Central DBMS Application using ADABAS will be supported, managed, or accessed using
the roles described in Section  3.0.  The CDBA will control access and  support ADABAS
applications in relationship to these roles and their corresponding responsibilities.


5.0    DEFINITIONS

5.1    CENTRAL DATA BASE ADMINISTRATOR

       a.     Operates the development and production environments during normal NCC-IBM
            production hours, except for periods of unscheduled maintenance due to hardware
            or  software  problems, and  periods  of scheduled  maintenance  due  to the
            unavailability of timely nonproduction test time. The goal for availability is that
            scheduled and unscheduled maintenance will not exceed 5 percent of production
            time during any quarter.

       b.    Establishes and maintains up-to-date procedures governing access and use of the
            central environment, including ad hoc use and access.

       c.     Tests, implements, and maintains all central environment software and configura-
            tions, including data bases, data base  files, disk space, and accesses.   ASMs,
            ADBAs, DAs, and users will be notified before changes which impact them are
            made.  Notification  will normally occur  30  days prior to the change being
            implemented.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01                           Page 3 of 5


       d.     Approves or disapproves the use of the central environment for each application
             system.

       e.     Serves as principal  contract and resolves  all  central environment issues and
             technical problems.

       f.     Removes, corrects, or prevents the introduction of any application system that
             unacceptably degrades the performance of the central environment or threatens
             the integrity of data.

       g.     Provides technical consultation to ASMs, ADBAs, users, and DAs on the central
             environment.

       h.     Establishes  and maintains review requirements  for the entire Software Develop-
             ment Life  Cycle  (SDLC)  for logical design,  physical  design, and test and
             acceptance for application systems.

       i.     Schedules,  reviews, and recommends acceptance,  conditional acceptance, or
             rejection of logical designs to the DA.

       j.     Schedules,  reviews,  and  accepts,  conditionally  accepts, or  rejects physical
             designs.

       k.     Schedules,  reviews, and accepts, conditionally accepts,  or rejects application
             systems for production operation through test and acceptance reviews.

       1.     Establishes  security requirements for the  central environment and  minimum
             security requirements for application systems within the central environment.

       m.    Establishes  procedures for monitoring the performance of the central environ-
             ment.

       n.     Controls the central  environment and its configuration.

       o.     Controls and operates, on behalf of the ADBAs and ASMs, utilities that are not
             released to  them because of security or data integrity considerations.

       p.     Establishes  policies  and procedures related to the use of  ancillary software and
             hardware products that interface with  the central environment.

       q.     Establishes  and maintains a test environment for testing software and environmen-
             tal configurations.

       r.     Establishes  and chairs a standards committee for the preparation and approval of
             standards for  the central environment.

 Note:  The entire SDLC  reviews  for those applications or systems developed using I-Case,
       upper-case,  and/or lower-case tools may vary from the reviews provided in Item 5.1.1.
       through S.l.k.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.01                           Page 4 of 5


 5.2    DATA ADMINISTRATOR

       a.     Collects, controls, and manages information about the Agency's data.

       b.     Serves as a focal point for identifying and coordinating development of ADP
             policies and procedures relating to Agency data and data sharing issues.

       c.     Establishes criteria relating to information required for an Agency dictionary.

       d.     Coordinates the establishment of naming conventions and of data element editing
             and validation standards.

       e.     Ensures adherence to Agency data policies and standards.

       f.     Controls the Agency's central table system.

       g.     Establishes criteria relating to the appropriate use of data base technology.

       h.     Provides consultation support in the areas of feasibility study and logical data base
             design.

       i.     Reviews all studies and approves or disapproves feasibility studies requesting the
             useofADABAS.

      j.     Reviews all logical  data base designs, taking into consideration the CDBA's
             critique of the designs.


5.3   APPLICATION DATA BASE ADMINISTRATOR

      a.     Serves as the lead technical resource to assist the ASMs, developers, and end
             users of the application.

      b.     Reviews application requirements analyses.   Evaluates the  use  of  data  base
             technology m general and ADABAS or a RDBMS in particular.

      c.     Assists and guides the Application Developers in the preparation of logical and
             physical designs.

      d.     Reviews and approves logical and physical designs before they are sent to the DA
             and CDBA  for review and acceptance, consulting with the DA on Agency  data
             standards and potential data sharing.

      e.     Ensures the  appropriate use of data base techniques in application design and
             implementation, consulting with the CDBA.

      f.     Reviews and approves user acceptance test plans and CDBA Test and Acceptance
             plans.

      g.     Reviews, approves, and enforces application quality assurance plans.

      h.     Monitors the performance efficiency of the application, investigates potential
             areas for improvement, and guides the developers in implementing improvements.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.01                         Page 5 of 5


       i.     Serves as the principal application technical liaison among the ASM, DA, and
            CDBA.

      j.     Ensures that  the application is developed in compliance with all applicable ADP
            and CDBA policies, procedures, and standards.


5.4    APPLICATION SYSTEM MANAGER

       a.     Recommends and justifies the use  of data base technology in general and
            ADABAS or RDBMS in particular in the feasibility study.

       b.     Develops the logical and physical designs under the guidance of the ADBA, DA,
            and CDBA.

       c.     Develops the user acceptance test plan and the CDBA Test and Acceptance plan.

       d.     Develops the application, making appropriate use of data base techniques.

       e.     Monitors performance and improves  efficiency.

       f.     Ensures that the application is developed in compliance with all applicable ADP
            and CDBA policies, procedures, and standards.


5.5   USERS

      a.     Use  the central environment  in accordance with policies, procedures, and
            standards.

      b.     Use the central  environment in an efficient and responsible  manner.
                                                •

6.0   STANDARDS

None.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
            ment Procedures Manual (Report No. 220/001). Research  Triangle Park, NC:
            National Data  Processing  Division. ADP Operations  Management  Branch.
            (Location: NCC-IBM Mainframe, on-line data set, printable with the following
            JCL: JUSD.ADABAS.DATA(ADBSADPM))

      b.     U. S. Environmental Protection Agency. (1990) CICS Application Development
            Procedures Manual. Research  Triangle Park, NC: National Data Processing
            Division. ADP Operations Management  Branch. (Location: NCC-IBM Main-
            frame,  on-line   data   set,   printable   with  the   following   JCL:
            JUSD.CICS.DATA(CICSADPM))

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Production AD ABAS Performance                         NO.    130.02

APPROVAL: f7
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.02                        Page 2 of 3


5.0   RATIONALE

Two major performance problems involving an on-line ADABAS environment are command
volume and command complexity.

Command volume is the number of consecutive commands issued to ADABAS without  an
interruption
(usually caused by terminal I/O).  A large uninterrupted command volume tends to monopolize
the ADABAS buffer pool and other CICS resources.

Command complexity is the amount of work ADABAS must do to service a given command.
A good measure of complexity is  the number of physical I/Os that a single command initiates.
Complex commands tend to cause  a large number or blocks to be read into the ADABAS buffer
pool.  These are usually accessed  only once. Non-complex or simple commands tend to use a
small number of blocks repetitively.  Examples of complex commands are S2 (FIND SORTED),
and S1/S4 (FIND) with multiple search criteria or highly skewed descriptor values. An example
of non-complex commands is S1/S4 (FIND) with a single descriptor. Although there are many
valid uses for  complex commands,  real time retrieval during prime time shifts is not one of
them. The biggest problem with  complex command structures is that the end user must wait
beyond the normal 2  to 5 second range. Studies have shown that excessive response time leads
to user dissatisfaction with the system and loss of productivity.


6.0   ENFORCEMENT

The CDBA has the authority to deny Production ADABAS environment access to any program
that does not comply with NDPD policy. Any program which does not conform is subject to
removal  from  the environment after a 30-day grace period allowing for correction.   Any
Production interactive session or  Production batch job which violates this policy excessively
(such  as consuming  more than 25  percent of ADABAS resources) is subject to immediate
cancellation.


7.0   DEFINITIONS

None.


8.0   STANDARDS

      a.     See Policy 210.02, "NDPD IBM Mainframe Service Levels" for the requirements
            related to on-line response time.

      b.     See Central  Data  Base  Management  Environment  Standards, NAT2001,
            "NATURAL 2 Program Coding Techniques," and NAT2005,  "NATURAL 2
            Program Process Techniques," for efficient coding techniques.


9.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
            ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
            National Data Processing Division.  ADP Operations  Management  Branch.
            (Location: NCC-IBM Mainframe, on-line data set, printable with the following
            JCL: JUSD.ADABAS.DATA(ADBSADPM))

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.02                        Page 3 of 3


      b.     U. S. Environmental Protection Agency. (1990) CICS Application Development
            Procedures Manual. Research Triangle Park, NC: National Data Processing
            Division. ADP Operations Management Branch. (Location: NCC-IBM Main-
            frame,   on-line  data   set,   printable   with   the   following  JCL:
            JUSD.CICS.DATA(CICSADPM))

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Development AD ABAS Environment Availability             NO.    130.03
              JtV^fl rt «    fit 0
APPROVAL:   WU £u    "--*<                                 DATE:
1.0   PURPOSE

This policy establishes the availability of the NCC's ADABAS Development environment.


2.0   SCOPE & APPLICABILITY

This policy applies  to all Development regions and Development activities within the NCC
ADABAS central environment.

Any deviation from  this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

It is the responsibility of the Central Data Base Administrator (CDBA) and the CDBA's Data
Base Support Services (DBSS) staff to adhere to and enforce this policy. It is the responsibility
of Application System Managers, Application System Project Officers, Application Data Base
Administrators (ADBAs), and application developers to adhere to this policy.


4.0   POLICY

      a.      The Development environment will be used for general  ADABAS development
             activities.  Other regions may be available for special activity groups/applications.

      b.     The Development environment will  normally be available  during scheduled
             production hours of the NCC-IBM.  Planned maintenance that requires bringing
             the environment down will be announced to the user community via User Memos
             and/or News Alerts.

      c.     The data bases and NATURAL libraries will be backed up nightly and recovered
             automatically when system software or hardware problems compromise the data
             or libraries.  Upon request from the ADBA, date base files and libraries will be
             restored from a prior date if feasible.  Restoration will normally be accomplished
             within two working days.

      d.     Unless written agreement is obtained from the CDBA, application  systems or
             subsystems may be removed from the Development environment and archived
             after  60 days of inactivity. The application will be reinstalled  when a written
             request justifying the need is received from the  ADBA.  The request must
             indicate the approval of the CDBA.  Artificial activities to avoid archiving will
             be monitored and rejected.
       e.     Applications may not be run for Production purposes.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.03                         Page 2 of 3


       f.     NDPD will provide sufficient ADABAS files and disk space to ensure that the
             user  community  at all  times  has space available within  the  development
             environment  to develop, modify,  and  maintain  ADABAS applications.   To
             achieve this:

             (1)    An application system or subsystem may not have data base  files until the
                   logical design has been recommended, or conditionally recommended, for
                   acceptance to the Data Administrator by the CBDA. The ADBA must also
                   indicate that development is ready to begin.

             (2)    The number of files assigned to the application will be determined by the
                   CDBA based upon the number of unused files available and the apparent
                   number of files that will result from the approved physical  design.  The
                   number of files allowed will be adjusted at the time of the physical design
                   review.

             (3)    Normally,  no more than two cylinders of data per file will be allowed.
                   Exceptions may be approved by the CDBA.  A need for table files and
                   system testing are examples of exception requirements.   Requests for
                   exceptions should be made  in writing two months prior to the time of
                   need.  The availability of disk space is not guaranteed.

             (4)    Prototyping of an  application system or subsystem may be done. Written
                   notification justifying the need for prototyping and  the duration of the
                   prototyping must  be submitted to the CDBA  for approval.  Prototyping
                   will not be allowed until a  conceptual design defining, describing, and
                   normalizing all data has been accepted by the CDBA. Only the minimum
                   number of files to fulfill the needs of the prototype will  be  provided;
                   normally this will  be one file. If multiple files are needed to demonstrate
                   efficiency or cost, the results of the efficiency or cost analysis must be
                   submitted to the CDBA.


5.0   DEFINITIONS

None.


6.0   STANDARDS

None.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
             ment Procedures Manual (Report No. 220/001).  Research Triangle Park, NC:
             National  Data Processing  Division. ADP  Operations Management Branch.
             (Location: NCC-IBM Mainframe, on-line data set, printable with the  following
             JCL: JUSD.ADABAS.DATA(ADBSADPM))

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.03                        Page 3 of 3


      b.     U. S. Environmental Protection Agency. (1990) CICS Application Development
            Procedures Manual. Research Triangle Park, NC: National Data Processing
            Division. ADP Operations Management.Branch. (Location: NCC-IBM Main-
            frame,   on-line  data   set,   printable   with   the   following  JCL:
            JUSD.CICS.DATA(CICSADPM))

-------
U.S. ENVIRONMENTAL PROTECTION AGENCY
 NDPD OPERATIONAL DIRECTIVES MANUAL
  ase  nvronmen   evew  erormance                   .       .

  &$. '&„£<<: J<                                DATE:  //?/* >j
TITLE:      Data Base Environment Review Performance                 NO.    130.04

APPROVAL: 
-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04                          Page 2 of 5


The  ADBAs  and/or  System Managers will ensure  that each  review  request  is properly
documented and has met all the requirements given in the Application Development Procedures
manual, central environment standards, and  other applicable standards or guidelines.  Each
ADBA and/or System Manager will be able to  access information in DBST  related to his
application.


4.0    POLICY

The purpose of these written reviews is to provide positive feedback  to the user application
groups that requested the reviews. Reviews can be on new applications  (initial reviews) and on
existing applications  (subsequent reviews) for the purpose of clarification,  correction  or
modification.  Systems designed using one of the recognized CASE products (ADW, IEF, or
BACHMAN)  must submit the minimum required information in machine readable format, to be
supplemented  by any other required information in a format to be agreed  upon.

       a.     Initial Reviews.   All  new applications in  AD ABAS, CICS,  and RDBMS
             applications will be reviewed.  DBSS will  enter information into DBST on the
             status of the review when a complete and acceptable request is received, when the
             review  is scheduled, and when the write-up of the review is completed.  Data
             entry will be completed within 1  workday of the event.

             Initial reviews will be processed by type as follows:

             (1)    Logical, Physical, System, and Program Design Reviews. The goal is for
                   the CDBA to begin his reviews within 8 workdays  of receiving the request
                   and all required documentation.  Each review will be completed within 5
                   workdays  (10 workdays for  applications using CASE products) from the
                   start date.   Written results of the review will be forwarded to the CDBA,
                   who will  evaluate the  review, resolye any differences with the DBSS
                   Technical  Consultant, and publish their joint findings within 4 workdays.

                   At the option of the ADBA, a developer can  submit a draft of Logical,
                   Physical, System, and Program Design Reviews.  Due to the complexity
                   of CASE technology, this option is highly recommended for applications
                   designed using  CASE products.  These reviews  will be processed in a
                   manner similar  to that  outlined  above.  The goal  is for  the Technical
                   Consultant to review these  drafts within 12 workdays  of receiving the
                   draft and required documentation. Written comments made by DBSS on
                   the review will be  entered in the  DBST system with an  Email copy
                   forwarded to CDBA and the developer.  Comments on the  review will be
                   completed within 4 workdays.

             (2)    Test and Acceptance Review. The goal is for the Technical Consultant to
                   begin  these reviews within 8 workdays of receiving the request and all
                   required documentation. The amount of time needed for these reviews is
                   governed by the size  and complexity of the application and the quality of
                   the documentation.  A  nominal goal is one month.   The review is then
                   sent to the CDBA, who will publish his findings within 5 workdays.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04                           Page 3 of 5


             (3)     Special Consideration during Test and Acceptance Reviews.  During the
                    Test and Acceptance Review, programs will be reviewed in consideration
                    of the environment in which they will be operating.  Special consideration
                    will be given  during the review  process to those program(s) that have
                    already been  reviewed as part of an existing application, system,  or
                    subsystem (e.g., a common Batch Retrieval subsystem).

             (4)     Initial Production.   After the Test and Acceptance  Review has been
                    completed and approved,  several critical events must occur before  an
                    application can be placed into production status. These events are (a)  all
                    production files must be established, (b) the initial  production data must
                    be  loaded, (c) NATURAL Security, ADABAS Security profiles, CICS
                    security and  table  changes,  and Oracle or  DB2 privileges must  be
                    established for each file, relational object, library, user, and/or group of
                    the application, and  (d) integration tests must be performed by the ADBA
                    to verify that the application will  execute as expected.  This process may
                    take  from  3  to 8  days depending on the complexity of all  security
                    requirements and the size and nature of the application data base.  This
                    time must be considered in the implementation plans/schedules prepared
                    by  the application owner or manager.

       b.     Subsequent Reviews.  A request for a review is originated by the ADBA. The
             reviews are written by the CDBA and returned to the requestor. The process can
             be repeated for further changes.   All  changes and/or additions to production
             applications must be  reviewed. Proper and complete review request documents
             shall be submitted to  the CDBA and DBSS Technical Consultant before a formal
             review can be undertaken.   Reviews will be processed by  type as follows:

             (1)     Routine Changes.   Routine changes  (having  no  significant effect  on
                    efficiency or conformance with standards) will be accepted no more than
                    once a week  per application system on a schedule  set by the  DBSS
                    Technical Consultant and  the ADBA.  The reviews will be completed
                    within  1  workweek and data entry will  be made within 1 workday
                    following completion of the review.

             (2)     Urgent Changes.  Urgent changes are those needed to make an application
                    usable.  They will be given priority  over all other reviews and, if
                    possible, reviews will be completed via Email or phone. DBST data entry
                    will be completed within 1 workday.

             (3)     Enhancements.  Small  or non-complex  enhancements may be processed
                    as  routine changes if agreed upon between the DBSS Technical Consultant
                    and the ADBA. Enhancements not processed as routine changes will be
                    processed as Test and Acceptance Reviews.

             (4)    Cumulative Changes.  A DBSS review  write-up is required when:

                    •      A Logical or Physical Data Base Design is changed by adding a
                           new file or deleting an existing file.

                    •      A series of small independent changes have cumulatively changed
                           the composition of the file design since the last formal review and
                           write-up.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04                         Page 4 of 5


                  •     (Non-RDBMS only) Moderate changes are made to program or
                        program groups. Examples are the addition of a regional reporting
                        subsystem, a new or greatly changed batch retrieval system, a
                        reporting program with a new set of complex search criteria, or
                        when an existing application is converted from one major language
                        level to another.

      c.     Discontinuance of Review. Reviews may have to be discontinued because further
            progress cannot be made until additional action is completed by the ADBA.   For
            example, if many of the programs fail,  then performance efficiency cannot be
            determined. The ADBA and CDBA must be informed of the needed action via
            Email or phone within 1 workday.  The schedule  will be Devaluated when the
            ADBA has completed the action.  The delay and its cause will be entered  into the
            comments  field of DBST.  These  discontinuances will not be reported as
            exceptions.


5.0   DEFINITIONS

None.


6.0   STANDARDS

See data set JDMS.CDBA.STDS for ADABAS/NATURAL/RDBMS review  memos:

      Member     Review

      APLOG     Logical Design for ADABAS and DB2
      APPHY     Physical Design for ADABAS
      PHYRDBMS Physical Design for DB2 and Oracle
      APTNAL    Test & Acceptance (long form)
      APTRDBMS Test & Acceptance for RDBMS (long form)
      APTNAS    Test & Acceptance (short form)
      APTRDBMS Test & Acceptance for RDBMS (short form)

Also see member names beginning with GEN, NAT, PDIC, SQL, and  STDF for other CDBA
policies, standards,  and guidelines.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
            ment Procedures  Manual (Report No. 220/001). Research Triangle Park, NC:
            National  Data Processing Division.  ADP  Operations  Management  Branch.
            (Location: NCC-IBM Mainframe, on-line data set, printable with the following
            JCL:  JUSD.ADABAS.DATA(ADBSADPM))

      b.     U. S. Environmental Protection Agency. (1990) CICS Application Development
            Procedures Manual. Research  Triangle Park,  NC:  National  Data Processing
            Division. ADP Operations Management  Branch.  (Location:  NCC-IBM Main-
            frame,   on-line   data   set,  printable   with   the  following   JCL:
            JUSD. CICS. D ATA(CICS ADPM))

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.04                         Page 5 of 5


      c.     Platinum On-Line Guide. (1992) Updates made by the National Data Processing
            Division.  ADP Operations Management Branch.  Research Triangle Park, NC:
            Office of Information Resources Management (OIRM). (Location:  NCC-IBM
            mainframe, in Platinum On-Line Guide, printable within the Guide.)

      d.     U. S. Environmental Protection Agency. (1992) Relational Database Management
            Systems (RDBMS) Policies,  Procedures, Standards, and Guidelines (Document
            No. 0055-003-PM-1022A).   Office of Information Resources  Management.
            (Location: NCC-IBM Mainframe, in Platinum On-Line Guide, printable within
            the Guide.)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     DB£ Roles and Responsibility                            NO.    130.05

APPROVAL: '$**^'&-J                               DAVE:
1.0   PURPOSE

The purpose of this document is to establish the roles and responsibilities of those who use or
provide support for the Database 2 (DB2) relational environments.


2.0   SCOPE & APPLICABILITY

This policy establishes the responsibilities of individuals and organizations using or providing
support to the central data base environment including:  Central Data Base Administrator, Data
Administrator, Application Data Base Administrator, Application System Managers, Application
Developers, Security Administrator, and the users.


3.0   RESPONSIBILITIES

3.1   CENTRAL DATA BASE ADMINISTRATOR (CDBA-DB2)

The CDBA is responsible for the establishment,  operation,  performance, maintenance, and
security of the DB2 central data base environments.


3.2   DATA ADMINISTRATOR (DA)

The Data Administration function is performed under the general direction of the Office of
Information Resources Management (OIRM). The DA is responsible for managing data as an
Agency information resource and ensuring  the appropriate use of DBMS technology.


3.3   APPLICATION DATA BASE ADMINISTRATOR-DB2 (ADBA-DB2)

Each application using a central DBMS environment will be supported by an ADBA.  The
ADBA serves in a role similar  to that of the DA and CDBA, except that he/she focuses on
individual applications.


3.4   APPLICATION SYSTEM MANAGER (ASM)

The ASM  is responsible for those functions ordinarily performed in  the context of computer
application  system development.  For new applications, this includes the feasibility study,
general and detailed system design, program development, system testing, acceptance testing,
and implementation.   For production applications, this includes testing  and implementing
changes, corrections,  and enhancements. The ADBA is responsible for this role if the ASM is
not assigned.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05                          Page 2 of 6


3.5    APPLICATION DEVELOPERS

The Application  Developers  are  responsible  for the development,  coding and design  of
applications using DB2.


3.6    SECURITY ADMINISTRATOR

The Security Administrator is responsible for providing the security needed to protect the use
of the data base resources at the application level.


3.7    USERS

Users are responsible for adhering to all policies, procedures, and security requirements, and
for using the central environment in an efficient and responsible manner.


4.0    POLICY

Any Central DBMS Application using DB2 will be supported, managed, or accessed using the
roles described in Section 3.0.  The CDBA will control access and support DB2 application in
relationship to these roles and their corresponding responsibilities.


5.0    DEFINITIONS

5.1    CENTRAL DATA BASE ADMINISTRATOR (CDBA - DB2)

       a.    Operates the development and production environments during normal NCC-IBM
            production hours, except for periods of unscheduled maintenance due to hardware
            or  software  problems,  and  periods of  scheduled maintenance  due  to  the
            unavailability of timely nonproduction test time.  The goal for availability is that
            scheduled and unscheduled maintenance will not exceed 5 percent of production
            time during any quarter.

       b.    Establishes and  maintains up to date procedures governing access and use of the
            central environment, including ad hoc use and access.

      c.    Test, implements, and maintains all central environment software and configura-
            tions.  ASMs, ADBAs,  DAs, and users will  be  notified before  changes that
            impact them are made.

            Notification will normally occur 30 days prior to the change being implemented.

      d.    Advises application  user groups of any application system that  unacceptably
            degrades the performance of the central environment or threatens the integrity of
            data.

      e.    Provides technical consultation to ASMs. ADBAs, users, and DAs on the central
            environment.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05                           Page 3 of 6


       f.     Schedules, and reviews, and accepts, conditionally accepts, or rejects national or
             important application  systems  for  production  operation  through  test  and
             acceptance reviews.

       g.     Establishes  security  requirements  for the central  environment and  minimum
             security requirements for application systems within the IBM central environment
             as well as assisting  groups on other platform environments in their security
             requirements.

       h.     Establishes procedures for monitoring the performance of the central environment.

       i.     Controls the central environment and its configuration.

       j.     Controls and operates on behalf of the ADBAs and ASMs utilities that are not
             released to them because of security or data integrity considerations.

       k.     Establishes policies and procedures related to the use of ancillary software and
             hardware products that interface with the central  environment.

       1.     Establishes and maintains a test environment for testing software and environmen-
             tal configurations.

       m.    Establishes and chairs a standards committee for the preparation and approval  of
             standards for the central environment.

       n.     Serve as  second level  support for evaluating application file growth  and space
             utilization.

       o.     Provide second level data  base backup and recovery.

       p.     Schedules,  reviews, and  recommends acceptance,  conditional acceptance,  or
             rejection  of logical designs to the DA.

       q.     Schedules,  reviews,  and   accepts, conditionally accepts, or rejects physical
             designs.

       r.     Schedules,  reviews, and  accepts,  conditionally  accepts,  or  rejects application
             systems for production operation through test and acceptance reviews.

       Note:  Reviews  for  application or  systems  developed  using I-CASE,  Upper CASE,
             and/or Lower CASE tools may vary  from the standard review process.


 5.2   DATA ADMINISTRATOR  (DA)

       a.     Collects, controls, and manages information about the Agency's data.

       b.     Serves as a focal point for identifying and coordinating development of ADP
              policies and procedures relating to Agency data and data sharing issues.

       c.     Establishes criteria relating to information required for an Agency dictionary.
                                                            s
       d.     Coordinates the establishment of naming conventions and of data element editing
              and validation standards.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05                           Page 4 of 6

       e.     Ensures adherence to Agency data policies and standards.
       f.     Controls the Agency's central  table system.
       g.     Establishes criteria relating to  the appropriate use of data base technology.
       h.     Provides consultation support in the areas of feasibility study and logical data base
             design.
       i.     Reviews all studies and approves or disapproves feasibility studies requesting the
             use of DB2.
      j.     Reviews all logical  data base designs, taking into consideration  any DA's or
             CDBA's critique of the designs.
5.3    APPLICATION DATA BASE  ADMINISTRATOR-DB2  (ADBA-DB2)
      a.     Serves as the lead technical resource to assist the ASMs, developers, and end
             users of the application.
      b.     Reviews  application requirements analyses.   Evaluates the use  of date  base
             technology in general and DB2 or a RDBMS in particular.
      c.     Assists and guides the Application Developers in the preparation of logical and
             physical design.
      d.     Reviews and approves logical and physical designs before they are sent to the DA
             and CDBA for review and acceptance, consulting with the  DA and CDBA on
             Agency data standards and potential data sharing.
      e.     Ensures the appropriate use of data base techniques in the application design and
             implementation, consulting with the CDBA.
      f.     Reviews and approves internal unit acceptance test plans and the entire application
             acceptance test plans that are submitted to the CDBA.
      g.     Reviews, approves, and enforces application quality assurance plans.
      h.     Monitors the  performance efficiency of the application, investigates  potential
             areas for improvement, and guides the developers in implementing improvements.
      i.      Serves as the principal application technical liaison among the ASM, DA, and
      j.      Ensures that the application is developed in compliance with  all applicable ADP
             and CDBA policies, procedures, and standards.
      k.     Tests, implements, and maintains all application data bases, date base files, disk
             space, and accesses.   ASMs, CDBAs, DAs, and users will  be notified before
             changes  that impact them are  made.  Notification will  normally occur 30 days
             prior to the change being implemented.
      1.      Approves or disapproves  the use of the central environment for each application
             system.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05                          Page 5 of 6

      m.    Serves as principal  contact and resolves all central environment issues and
            technical problems.
      n.    Establishes and maintains review requirements for the entire Software Develop-
            ment Life  Cycle  (SDLC)  for logical  design, physical design,  and  test and
            acceptance for application systems.

5.4   APPLICATION SYSTEM MANAGER (ASM)
      a.    Recommends and justifies the use of data base technology in general and DB2 or
            RDBMS in particular in the feasibility study.
      b.    Develops the logical and physical designs under the guidance of the ADBA, DA,
            and CDBA.
      c.    Develops the user acceptance test plan and the CDBA Test and Acceptance plan.
      d.    Develops the application, making appropriate use of data base techniques.
      e.    Monitors performance and improves efficiency.
      f.    Ensures that the application is developed in compliance with all applicable ADP
            and CDBA policies,  procedures, and standards.

5.5   APPLICATION DEVELOPERS
      a.    Determines new application system design.
      b.    Performs programming or activities or enhancements for preparing data for table
            population and writing SQL code for accessing DB2 data bases.
      c.    Conducts application design reviews before design is passed to the DAs and
            ADBAs.
      d.    Executes performance and stress testing to meet  performance objectives.
      e.    Implements data integrity rules through application code.

5.6   SECURITY ADMINISTRATOR
      a.    Maintains the groups needed in RACF  for DB2 users.
                                                 *
      b.    Serves as the primary contact for adding new users to DB2 resources and RACF
            groups.
      c.    Notifies  the ADBA of any DB2 changes to the User-IDs and RACF groups.
      d.    Controls access to application data sets and resources.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.05                        Page 6 of 6


5.7   USERS

      a.     Use the central  environment in accordance with policies, procedures, and
            standards.

      b.     Use the central environment in an efficient and responsible manner.

      c.     Use, maintenance, and  support of any ADHOC  applications  will be the
           • responsibility of the user.


6.0   STANDARDS

Central Data Base Administrator Standards/Guidelines as documented in "JDMS.CDBA.STDS".


7.0   PROCEDURE REFERENCE

7.1   CICS ENVIRONMENT

U. S. Environmental  Protection Agency. (1990) CICS Application Development Procedures
Manual. Research Triangle Park, NC:  National  Data Processing Division. ADP Operations
Management  Branch.  (Location: NCC-IBM Mainframe, on-line data set,  printable with the
following JCL: JUSD.CICS.DATA(CICSADPM))


7.2   DB2 ENVIRONMENT

U. S. Environmental Protection Agency, (publication pending) DB2 Application Development
Procedures Manual. Research Triangle  Park,  NC:  National Data Processing Division. ADP
Operations Management Branch.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:     DB2 Environments Availability                            NO.     130.06

 APPROVAL: §&*«*££ VvJUe-P                                 DATE:  3/30/9^
 1.0   PURPOSE

 This policy establishes the availability of the NCC's DB2 environments.


 2.0   SCOPE & APPLICABILITY

 This policy applies to all regions and activities within the NCC DB2 central environment.  Any
 deviation from this policy must be approved in writing by the NDPD Director.


 3.0   RESPONSIBILITIES

 It is the responsibility of the Central Data Base Administrator (CDBA) and the CDBA's  Data
 Base Support Services (DBSS) staff to adhere to and enforce this policy.  It is the responsibility
 of Application System Managers, Application System Project Officers, Application Data  Base
 Administrators (ADBA), and application developers to adhere to this policy.


 4.0   POLICY

 All DB2 environments will normally be available during  scheduled production  hours of the
 NCC-IBM.   Planned maintenance that requires bringing any environment down will  be
 announced to the user community via User Memos and/or  News Alerts.

 First level backup and recovery is the responsibility of the Application Data Base Administrator
• responsible for that application.

 The DBSS group will perform the function of backing  up the data bases on a weekly basis.
 Upon request from the ADBA, data base files and libraries will be restored from a pnor date
 if feasible. Restoration will normally be accomplished within 2 working days.


 5.0   DEFINITIONS

 5.1   DEVELOPMENT ENVIRONMENT

 5.1.1  Development for Production Applications

 The development environment will be  used for general DB2 development activities. These
 activities will be migrated to the production environment through the QA environment.  This
 migration will ensure that adherence to all policies and  standards has been met before an
 application will be accepted as production. A Backup/Recovery Plan must be developed and
 approved for applications before the application leaves the development environment.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.06                         Page 2 of 2


 5.1.2  Ad Hoc (Non-Production/Non-Supported) Applications

 The development  environment will be used  for ad hoc  (NPNS) applications.  It is the
 responsibility of the developer to backup their own application as deemed necessary. These ad
 hoc applications are not moved into production without the reviews that ensure the application's
 compliance with all applicable ADP and CDBA policies, procedures, and standards.


 5.2    BETA & QA ENVIRONMENTS

 The Beta/QA environment will be used for general DB2 beta or quality assurance activities. The
 Beta area will be used as a pre-production QA environment. The QA area will be used for post-
 production major enhancement QA testing.  Applications will be moved to these environments
 when the development cycle is complete and  the application is ready for production. The
 application will remain in these environments for 30-90 days.  No changes are to be made to the
 application in the QA environment.


 5.3   PRODUCTION ENVIRONMENT

 The production environment will be used for DB2 Production.  Applications will be migrated
 to production after first spending 30-90 days in the Beta or QA environments.


 6.0   STANDARDS

 None.


 7.0   PROCEDURE REFERENCE

 7.1   CICS ENVIRONMENT

 U. S. Environmental Protection Agency. (1990)  CICS Application Development Procedures
 Manual. Research  Triangle Park, NC:  National  Data Processing Division.  ADP Operations
Management Branch. (Location:  NCC-IBM Mainframe, on-line data set, printable with the
 following JCL: JUSD.CICS.DATA(CICSADPM))


7.2   DB2 ENVIRONMENT

U. S. Environmental Protection Agency, (publication pending) DB2 Application Development
Procedures Manual. Research Triangle  Park,  NC: National  Data Processing Division. ADP
Operations Management Branch.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:      DB2 Access                                            NO.    130.07

 APPROVAL: 8fei*ML o^v,''..,..-                                 DATE:
 1.0   PURPOSE

 The purpose of this policy is to document and establish the access and authorization levels
 needed to administer DB2 at the Environmental Protection Agency.


 2.0   SCOPE & APPLICABILITY

 This policy establishes the access levels needed for each of the DB2 environments and the level
 of authorization needed to administer and develop DB2 applications.


 3.0   RESPONSIBILITIES

 It is the responsibility of the Central Data Base Administrator (CDBA) to establish the access
 and authorizations needed by the Application Data Base Administrators (ADBAs) to administer
 DB2 for their areas of responsibility.  It is the responsibility of the ADBA in conjunction with
 the Application RACF Security Administrator to ensure that all pertinent applications adhere to
 NDPD policies.


S4.0   POLICY

 The Environmental Protection Agency will use RACF Groups (Level 2-Secondary Authorization
 IDs) to control access to DB2.  The RACF Security Administrator (RSA) will work with  the
 Application Data Base Administrator (ADBA-DB2) to establish RACF groups associated with
 different authorization levels necessary to implement a project.


 5.0   DEFINITIONS

 5.1   DB2 AUTHORIZATION LEVELS

 DB2 Version 2 Release  1 has three levels of Authorization available:

       •      Primary ID - This represents the user of the session. Individual authorization is
              established and accounted for under this ID. This ID is known as the user's valid
              IBM mainframe User-ID authenticated through RACF.

       •      Secondary Authorization  IDs -  These are used to  supplement the Primary ID
              during RACF and DB2 authorization checking. The Secondary ID can represent
              additional privileges for a user using the RACF Group authorization to which the
              user belongs. This can be used effectively to reduce the  load on the  security
              checking  within  DB2, and a user can be easily added/removed from a group
              without impact upon DB2 by just connecting/disconnecting the User-ID from the
*             RACF Group for which the authorization is defined.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
                                                    Page 2 of 7
      •     SQL Authorization ID - This is used for authorization checking when issuing
            DYNAMIC SQL statements.  It can also be changed without terminating the
            THREAD connection.
5.2   DB2 FUNCTIONAL AUTHORITIES
The following is a list of DB2 function levels broken down into two different groups: System-
Wide Authorities and Data Base-Wide Authorities.
Svstem-Wide Authorizations:
SYSADM

SYSOPR

BINDADD

BSDS
CREATEDBA

CREATEDBC

CREATEDSC
DISPLAY

RECOVER
STOPALL
STOSPACE
TRACE

RLIMIT
- Allows the user total control over any DB2 resource and may grant and/or
  revoke from any other user the authority to access any resources.
- Allows the user the ability to issue certain DB2 commands but allows no
  access to the data.
- Allows the  user  to create  new application plans using the BIND
  subcommand with the ADD option.
- Allows the user to issue the —RECOVER BSDS  command.
- Allows the user to create new data bases and automatically gives DBADM
  authority over those data bases.
- Allows the user to create new data bases and automatically gives DBCTRL
  authority over those data bases.
- Allows the user to create new storage groups.
- Allows the user to display system information by issuing the —DISPLAY
  command.
- Allows the user to issue the —RECOVER INDOUBT command.
- Allows the user to issue the —STOP DB2 command.
- Allows the user to use the STOSPACE utility.
- Allows the user to start  and stop DB2 traces using the -START TRACE
  and —STOP TRACE commands.
- Allows the start and stop of the  Resource Limit Facility (RLF) using the
  -START RLIMIT and -STOP RLIMIT commands.
Data Base-Wide Authorizations:
DBADM         -  Allows the user total control over those data bases granted at this level.
DBCTRL
- Allows the user access to the utilities, to create tables and tablespaces but
  not to access the data in the tables that have been created by another user
  without being given access.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.07
                                                    Page 3 of 7
 DBMAINT


 CREATETAB

 CREATETS

 DISPLAYDB


 DROP

 IMAGCOPY


 LOAD

 RECOVERDB


 REORG


 REPAIR


iSTARTDB


 STATS


 STOPDB
- Allows the user access to the utilities that do not update. It does not allow
  access to the tables created by another user.

- Allows the user to create tables in any existing tablespace in this data base.

- Allows the user to create tablespaces in this data base.

- Allows the user to check the data base and tablespaces in this data base
  through the execution of the —DISPLAY command.

- Allows the user to DROP the data base.

- Allows the user  to run the COPY and MERGECOPY utilities against
  tablespaces in this data base.

- Allows the user to run  the LOAD utility to load tables in this data base.

- Allows the user to run the RECOVER and MODIFY utilities against table
  spaces in this data base.

- Allows the user to run the REORG utility against tablespaces in this data
  base.

- Allows the user to run the REPAIR utility against tablespaces in this data
  base.

- Allows the  user to start  this data  base  by issuing  the —START
  DATABASE command.

- Allows the user to  run the RUNSTATS  and CHECK  utility against
  tablespaces and indexes in this data base.

- Allows the user to stop this data base by issuing the —STOP DATABASE
  command.
 6.0    STANDARDS

 6.1    ACCESS TO DB2 ENVIRONMENTS

 Access to DB2 RACF-defmed resources (DSNR) and DB2 TSO PROCs will be open to all users
 with a valid IBM User-ID.

 For applications which use ISPF to access Agency DB2 applications, a CLIST must be created
 which allocates the application libraries to the Agency libraries. This CLIST will automatically
 be executed at  logon time.   At  a minimum, the  application  CLIST should reallocate the
 SYSPROC DD  so that application CLIST libraries are  allocated before the Agency CLIST
 libraries.

 Access to development applications will be controlled by the ADBA through the DB2 PLAN
 authorizations using either RACF groups to control access or  by GRANTing the PLAN to
 PUBLIC to allow global access.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
                                                  Page 4 of 7
Access to the data in any DB2 data base will be granted to RACF groups. The user will be
added to the RACF group by the Application Data Base Administrator (ADBA) assigned to
his/her project.

Access to DB2I (SPUFI) will be treated as an application and controlled by one or more RACF
groups.  The use of SPUFI will be limited to the development environment.

Access to the Production environment will be controlled via RACF  access groups.  It is the
responsibility of the ADBA to maintain the access list  for these RACF access groups.
6.2   DB2 AUTHORIZATIONS

6.2.1  DB2 Roles/Responsibilities and Authorizations Needed

The following is a list of the roles/responsibilities and the DB2 authorization level needed to
accomplish those responsibilities.
      Function
               Responsibility
Authorization
    Level
  Systems
  Programmer
  (Central Data Base
  Administrator)
•   Installs DB2 and related software
•   Resolves internal software problems
•   Applies necessary software maintenance
SYSADM
  Systems
  Administrator
  (Central Data Base
  Administrator)
    Assists in product installation
    Creates backup/recovery procedures for
    system tables
    Resolves system-wide performance problems
    Monitors DB2 performance
    Supports attachment facility access and other
    subsystem interfaces
    Develops migration policies and procedures
    Develops and maintains naming conventions
    Evaluates and tests DB2-related software
SYSADM
  Applications Data
  Base Administrator
  (ADBA-DB2)
    Assumes all production data responsibility
    Creates data oases for project DBAs
    Grants DBADM authority to project DBAs
    Develops and maintains naming conventions
    Grants BIND plan for each project plan to
    project DBAs
    Reviews and approves requested table
    changes for production
    Monitors performance
    Creates backup/recovery procedures for
    production
    Performs production system migration
    procedures	
CREATEDBA
BINDADD

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
                                                  Page 5 of 7
      Function
               Responsibility
Authorization
    Level	
  Data Administrator
•   Assumes all logical data model responsibility
•   Develops logical design model and approved
    physical table structures
•   Maintains data dictionary/directory
•   Supports system integration and design
    projects	
SELECT on
system catalog
tables
  Project Data Base
  Administrator
  (ADBA-DB2)
    Grants BIND to programmers for plans they
    are working on
    Creates tables/views as needed as they are
    approved
    Defines synonym values for tables and views
    Makes sure table/view definitions stay in
    sync
    Ensures naming convention compliance
    Develops test backup/recovery procedure
    Presents table/view change request to
    Applications ADBA
    Creates synonym value and DCLGEN from
    synonym data bases for Applications ADBA
    to grant.	
DBADM on
assigned data
bases
  Application System
  Manager (ASM)
    Define plan/program names based on
    naming conventions
    Develop security/authorizations requirements
    for production implementation
    Develop application migration plans for
    assigned programs/plans	
BINDADD
SELECT on
system catalog
BIND, EXE-
CUTE as req-
quired	

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07
                                                Page 6 of 7
      Function
              Responsibility
                                        Authorization
                                            I.PVP!
  Application
  Developers (Pro-
  grammers)
    Create own needed synonyms
    Ensure naming conventions compliance
    Bind for assigned program/plans
                                        BINDADD
                                        SELECT on
                                        system catalog
                                        BIND, EXE-
                                        CUTE as re-
                                        quired
  Security
  Administrator Per-
  sonnel
    Controls external access to DB2 thru RACF
    Ensures DB2 internal authorization is
    correct catalog
                                        SELECT on
                                        system
  System Operators
Monitors DB2
Informs systems programmer and/or
Systems Administrator of problems
                                            SYSOPR
  End User
  Personnel
Process and access data needed for performance
of position
                                        EXECUTE for
                                        necessary
                                        plans
                                        SELECT, IN-
                                        SERT, DE-
                                        LETE, UP-
                                        DATE as re-
                                        quired
6.2.2  Sample RACF Structure
                         SYSl
              Systems
                  JD2B
                           I
                         DB2D
                           I
                          DB2
                  DEVL
                  PROCS
                 SDB2TST
                 SDB21EF
                             ID2C
                                           DTAXNDBA
                                            DTAXON
                                                          DIEFDBA

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.07	Page 7 of 7

Group Definitions:
      Name               Description

      PROCS           ISO LOGON PROCSs
      JD2B             DB2 System Administrators (CDBA)
      DEVLP           Development ISO PROCs
      DB2D            Development data set resources
      JD2C             DB2 Technical Consultants (CDBA)
      DTAXNDBA      CREATEDBA for Taxonomic data base (ADBA)
      DTAXON         Taxonomic data base (end user's)
      DIEFDBA         CREATEDBA for IEF Encyclopedia (ADBA)
7.0   PROCEDURE REFERENCE
7.1   CICS ENVIRONMENT
U. S. Environmental Protection Agency.  (1990) CICS Application Development Procedures
Manual. Research  Triangle Park, NC:  National Data Processing Division. ADP Operations
Management Branch. (Location: NCC-IBM Mainframe,  on-line data set, printable with the
following JCL: JUSD.CICS.DATA(CICSADPM))

7.2   DB2 ENVIRONMENT
U. S. Environmental Protection Agency, (publication pending) DB2 Application Development
Procedures Manual. Research Triangle  Park, NC: National  Data Processing  Division. ADP
Operations Management Branch.

7.3   RACF SECURITY
U. S. Environmental Protection Agency. (1992) RACF Security Administrator's Guide (Report
No. 462/001 A) Research Triangle Park, N.C.: National  Data Processing Division.  Security.
(Location: Publications Technical Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     ADABAS Data Restoration                                NO.    130.08
              ji.
APPROVAL: Kfe&L    ,'                                     DATE:
1.0   PURPOSE

This policy establishes data restoration requirements for all ADABAS data bases.


2.0   SCOPE & APPLICABILITY

This policy establishes ADABAS data base and ADABAS file restoration requirements.


3.0   RESPONSIBILITIES

It is the responsibility of the Central Data Base Administrator (CDBA) and the FM contractor
to ensure  that the necessary processes are  in place to adhere to NDPD policy.  It is the
responsibility  of the Application Data  Base  Administrator (ADBA)  to ensure that the
specifications described herein are adequate for each application.


4.0   POLICY

NDPD shall provide restore capabilities for ADABAS data bases/files after failures of hardware,
system software, and application software, and also after application management failures.

Based on NDPD's ADABAS experience since 1983, the recovery time periods described herein
are appropriate for data restoration requirements for ADABAS data bases and files. Exceptions
to these time periods and special circumstances, e.g., major application enhancements, that
would warrant additional backups can be negotiated with and detailed in writing to the CDBA.


5.0   DEFINITIONS

Critical data bases are those defined in the Critical Applications Disaster Recovery Plan manual
(Report No. 379/001F).


6.0    STANDARDS

Restoration Specifications:

       a.     All Data Bases - Daily Backup (onsite). All ADABAS data bases/files will be
             recpverable to a point not older than 24 hours (not counting Sundays) from the
             desired point of restoration for a period of 21  days.

       b.     All Data Bases - Biweekly Backup (every two weeks) (onsite). All ADABAS
             data bases/files will be  recoverable to a  point not older than 2 weeks (not
             counting Sundays) from the desired point of restoration for a period of 3 months.
             For data bases specifically designated by the CDBA, this period is extended to
             6 months.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.08                         Page 2 of 2


       c.    Critical Data  Bases  - Daily Backup (offsite).   All  critical  AD ABAS data
            bases/files will be recoverable, from disaster recovery tapes, to a point not older
            than 24 hours (not counting Sundays) from the time of a disaster for a period of
            5 days.

       d.    All Data Bases (except Cincinnati Disaster Site Data) -  Biweekly Backup
            (offsite). All important (noncritical) ADABAS data bases/files will be recover-
            able, from disaster recovery tapes, to a point not older than 2 weeks (not counting
            Sundays) from the time of a disaster for a period of 28 days.

       e.    All Data  Bases -  Backup Every  6 Months (offsite).  All  ADABAS data
            bases/files will be recoverable, from remote storage facility tapes, to a point not
            older than 6 months (not counting Sundays)  from the time of a disaster for a
            period of 6 months.


7.0    PROCEDURE REFERENCE


U. S. Environmental Protection Agency. (1991) ADABAS Application Development Procedures
Manual (Report No. 220/001). Research Triangle Park, NC: National Data Processing Division.
ADP Operations  Management Branch.  (Location: NCC-IBM Mainframe, on-line data  set,
printable with the following JCL: JUSD.ADABAS.DATA(ADBSADPM))

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Production ADABAS Environment Availability               NO.    130.09

APPROVAL: mb£&*"   /•"*                                  DATE:
1.0   PURPOSE

This policy establishes the availability of the NCC's ADABAS production environment.


2.0   SCOPE & AVAILABILITY

This policy applies to all production regions and production activities within the NCC ADABAS
central environment.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

It is the responsibility of the Central Data Base Administrator (CDBA) and the CDBA's Data
Base Support Services (DBSS) staff to adhere to and enforce this policy. It is the responsibility
of Applications System Managers, Application System Project Officers, Applications Data Base
Administrators (ADBAs), and application developers to adhere to this policy.


4.0   POLICY

      a.     The production environment will be used to support the production operation of
             applications.

      b.     The production  environment will normally be  available during scheduled
             production  hours of the NCC-IBM.  Periodic ADABAS system and data base
             maintenance is needed and sometimes will require  bringing down all or part of
             the production environment during normal NCC operating hours.  Normally,
             NCC will conduct this maintenance Sunday afternoons beginning at noon.  These
             periods of unavailability will be announced via  a News Alert.   It may be
             infrequently necessary to bring down all or part of the production environment
             for longer periods of time. These periods of unavailability will be announced via
             User Memos or News Alerts.

       c.     NCC will provide recovery capability for data bases and NATURAL libraries as
             stated  in Directive 130.08 and automatically recover them when system software
             or hardware problems compromise the  data or libraries.

             Upon  request from the ADBA, data base files and libraries  will be restored from
             a prior date  if feasible.  Restoration will normally be  accomplished within 2
             working days.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.09                          Page 2 of 3


       d.     Unless written agreement is obtained from the CDBA, applications systems or
             subsystems may be removed from the production environment and archived after
             60 days of inactivity.  The application will be reinstalled when a written request
             justifying the need is received from the ADBA.  The request  must indicate the
             approval of the CDBA.  Artificial activities to avoid archiving will be monitored
             and rejected.

       e.     NDPD will usually provide sufficient ADABAS file and disk space to ensure that
             the user  community at all times has  space available  within  the production
             environment to operate all production applications.

             To achieve this:

             (1)     An application system  or subsystem may not have permanent data base
                    files until test and acceptance  of the application has been completed, and
                    the application has been accepted or conditionally accepted.

             (2)     The number of files assigned to the application will be determined by the
                    CDBA based upon the number of files specified in the approved physical
                    design.

             (3)     The amount  of space allocated  to  each file will be determined by the
                    CDBA and will  be  based upon  application  provided initial sizing and
                    growth estimates provided with the physical design, as amended.

             (4)     ADBAs must provide growth estimates every 6 months, or as needed, to
                    the CDBA who will  consider the estimates in  reallocating space.

             (5)     The DASD space allocated will be charged to the application using normal
                    TSSMS billing procedures.

             NCC does not guarantee that sufficient DASD  space will  be available for new
             applications or for applications that grow significantly beyond their original size.
             The application owners  may be required to  provide funding for the additional
             hardware  needed.


5.0   DEFINITIONS

None.
6.0   STANDARDS

None.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1991) ADABAS Application Develop-
             ment Procedures Manual (Report No. 220/001). Research Triangle Park, NC:
             National Data Processing  Division.  ADP  Operations Management  Branch.
             (Location:  NCC-IBM Mainframe,  on-line data set, printable with the following
             JCL: JUSD.ADABAS.DATA(ADBSADPM))

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.09                        Page 3 of 3


      b.     U. S. Environmental Protection Agency. (1990) CICS Application Development
            Procedures Manual.  Research Triangle Park, NC:  National Data Processing
            Division.   ADP Operations Management  Branch.  (Location:   NCC-IBM
            Mainframe,   on-line   data  set,   printable  with   the   following   JCL:
            JUSD.CICS.DATA(CICSADPM))

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:      RDBMS Platform Selection Standards                      NO.    130.10

 AmtOVAL!                                                     DATE:
 1.0   PURPOSE

 The purpose of this policy is to define the Relational Data Base Management System (RDBMS)
 platform selection standards and applicability.


 2.0    SCOPE &  APPLICABILITY

 This policy establishes the platform selection standards for all RDBMS application development.
 It is applicable to  Application System Managers, Application Data Base Administrators, and
 Application Developers for all applications developed for and/or deployed by EPA.

 Any deviation from this policy must be approved in writing by the Director, NDPD.

 Additional information for Local Area Network (LAN) application development may be found
 in NDPD Operational Policies Series 310.xx and in the EPA LAN Operating Guidelines and
-Procedures.  UNIX  users  should refer to NDPD policies on administration  and application
 development under UNIX (to be developed).


-3.0    RESPONSIBILITIES

 3.1    CENTRAL DATA BASE ADMINISTRATOR (CDBA)

 The CDBA  is responsible for establishment and support of the RDBMS platform selection
 policy.  The CDBA is also responsible for ensuring compliance through logical design reviews.
«

 3.2    APPLICATION SYSTEM MANAGER (ASM)

 The Application System Manager is responsible  for ensuring  that the application platform
 selection is based on this policy  and that the feasibility study and logical design document the
 criteria and reasoning used in platform determination.
 3.3   APPLICATION DATA BASE ADMINISTRATOR (ADBA)

 The Application Data Base Administrator is responsible for reviewing the logical design to
• ensure that platform selection criteria has been  met and adequately documented.


 3.4   APPLICATION DEVELOPERS

 The Application Developers are responsible, as directed by the Application System Manager,
 for producing the application logical design.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.10                           Page 2 of 4


 4.0    POLICY

 Any RDBMS application will be implemented on a platform determined as acceptable under the
 standards of this policy. The Central Data Base Administrator will review and monitor RDBMS
 environments to ensure compliance.


 5.0    DEFINITIONS

 Data Base Server:  A data base server is a computer platform operating a Relational Data Base
 Management System and providing a standard Structured Query Language (SQL) interface that
 is used to manipulate the data on that data base server over a network interface.

 Client:  A client is a computer platform operating tools or applications that  utilize a network
 interface to manipulate data on an SQL data base server.

 Single Data Base Server with Local Clients or Users: This platform consists of a single RDBMS
 with all users located within a single metro Local Area Network (LAN).  This includes both
 RDBMS servers with local metro LAN clients and RDBMS hosts with locally connected terminal
 users.

 Central  RDBMS and Users:  This platform  is DB2 operating on the mainframe located  at the
 National Data Processing  Division (NDPD) with nationally connected terminal users.

 Single Data Base  Server with National Clients:  This platform  consists of a single RDBMS
 server with clients distributed  nationally.

 Multiple Data Base Servers with National Clients:  This platform consists of multiple RDBMS
 servers interconnected via a Wide Area Network (WAN) and  located at multiple metro areas
with clients located at each metro area.

Multiple Data Base Servers, Central Data Base, and National Clients: This  platform consists
of multiple RDBMS servers located at multiple metro areas interconnected via a Wide Area
Network to the  Central RDBMS with clients located at each metro area.


6.0   STANDARDS

6.1   SINGLE DATA BASE SERVER WITH LOCAL CLIENTS OR USERS

Applications using this platform should have anticipated total data size with indexes in the 1 to
 1000 megabyte  range that is self-sufficient  to the  local site.  Application size should be of a
small to moderate  nature.  Total users may be up to approximately 30 concurrently active when
using a microcomputer as a server platform.  This number may be reduced for  high data volume
and/or more complex applications.

This platform is well suited to local  administrative  applications and  may be used for a national
application by establishing a complete data base/software configuration for each metro site. This
platform is not suitable for applications that  need to share data between sites,  applications with
higher data volumes, or applications that are highly complex.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.10                           Page 3 of 4


 It is important that the ASM, ADBA, and Application Developers recognize that the potential
 bottleneck between the application and the data base is the LAN performance. This vanes from
 1 to 4 megabit/sec depending on physical location of the components. Application modules must
 take  care  to only request  the data required from the data base by using SQL properly to
 eliminate rows that are not needed.  Application modules that frequently sequentially process
 entire large tables may saturate the LAN and may not be suitable for client server technology.


 6.2    CENTRAL RDBMS AND USERS

 Applications using this platform  should  have  total data size  with  indexes greater than 500
 megabytes. The nature of this data is such that all users need frequent access to all portions of
 the data.  Application size  should be of the moderate to complex nature.  Users  may be in the
 100's with many of them concurrently active. Application modules that must frequently process
 large quantities of data are also good candidates for this platform.

 The presence of any one of these conditions may be adequate to make this platform the desired
 choice. It is important for the ASM, ADBA, and Application Developers to recognize that this
 platform is the  most costly to implement, maintain, support, and enhance.   Implementing
 applications that do not have these requirements on this platform can be successful but is not
 likely to be cost effective.


 6.3    SINGLE DATA  BASE SERVER WITH NATIONAL CLIENTS

 Applications using this platform should have total anticipated data with indexes in the 1 to 1000
-megabyte range.  The nature of this data is such that all users need occasional access to all
 portions of the data. Total  concurrent users should be up to 30 concurrently active when using
 a micro computer as a data base server. Application size should be of small to moderate nature.
 Application modules may not process large volumes of data within the application code.  Larger
•data base sizes may be supported by using the central data base as the  single data base server.

..This platform  is  suitable for national applications with  infrequent use and a moderate amount of
 data.  An administrative system used on a  weekly basis by a few users per site would be a good
 example.

 It  is  important  to  recognize that  the  data communications between  the data  base and the
 application modules is limited  to the speed of the Wide Area Network  which may be only 56
 kilobits/sec. Because of this application, modules must only process a few rows per transaction.
 Additionally,  to avoid using an inordinate amount of time on the WAN, sites should only
 generate a few transactions per day.

 High usage applications are not suitable for this platform.  If the high usage/high data portions
 of the application can be restricted to the site where the data base server is located, appropriate
 conditions could exist.  An example of this would be a  summary report that processes large
 amounts of data may be executed at the data base server site and  then  'Emailed' or file
 transferred to the remote sites.


 6.4    MULTIPLE DATA BASE SERVERS WITH NATIONAL CLIENTS

 Applications using this  platform should have data with indexes that are limited to 1 to 1000
 megabytes per  data base  server.    The  data  should also  be predominately self-sufficient.
 Complete application may be anywhere from small to complex. Data base servers and data

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.10                           Page 4 of 4


should be located -in the same metro area as the group of users responsible for the majority of
the data on that server.  Total users per site may be up to approximately 30 concurrently active.

This platform is well suited for applications with data that can be broken up by site with each
site responsible for maintaining their portion of the data. This platform will support referencing
of data at other sites but this should be infrequent and limited to reading.  This platform also
facilitates maintaining redundant data across all sites that is fairly static in nature such as code
tables. Statistical summaries of the data located across all the servers can be located at a single
server at a lead location. This should be maintained by periodic batch updates, not interactively.

It is important to recognize that the Wide Area Network is the limiting factor for inter-data base
server communications and that this resource must be shared with many users. Applications that
would require frequent (more than once a day) maintenance of redundant data at all sites are not
good candidates for this platform. Applications that require frequent access to data located on
remote data base servers are also not suited to this platform.


6.5    MULTIPLE DATA BASE SERVERS, CENTRAL DATA BASE, AND NATIONAL
       CLIENTS

This platform may be used to maintain a single complete copy of national data  and local copies
of portions of that data on each data  base  server.  As with  other platforms  using data base
servers, the data with indexes should be limited to 1 to 1000 megabytes per data base server and
the total concurrently active users per data base server should be limited to approximately 30.

The data must be read only either at the central data base or at the local data base  servers.  In
one scenario the application can allow all the users to enter and update data on the  central data
base and then read  a site copy of their portion of the data locally.  The second scenario allows
each local group of users full access to enter, update, and read their data on the central data
base.  The potential for disaster when attempting to allow updates on multiple copies of data and
simultaneously keep them synchronized is very high.

This platform is a good choice for applications that need frequent access to data  on the local data
base server and occasional access to data from the central  data base.  It avoids the problem of
needing to know which remote data  base server contains the additional data as the  central data
base has a complete copy of all  the data.

This platform is not a good choice if the data is frequently updated and inconsistencies between
the central copy and the  local copies is  a concern.   The  ASM, ADBA,  and  Application
Developers must evaluate either data maintenance scenario for the volume of  data  that will be
moved to maintain  the redundant copy and the frequency that the update will occur.

Full replacements of any sizable amount of data will likely take hours to perform.  Combining
this with numerous sites can place a significant load on the central data base.  Updating changed
data only can alleviate this but requires careful design and monitoring to ensure that the central
and local copies of the data  do not get  out of sync.   These factors may outweigh  any
performance gains.


7.0    PROCEDURE REFERENCES

U.  S. Environmental  Protection Agency.    NDPD Directive  130.05, RDBMS Roles  and
Responsibilities. NDPD Operational Directives Manual (Report No. 285/001). Research Triangle
Park, NC: National Data Processing Division. (Location:  Publications Technical Library)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:      SQL Programming Techniques                            NO.    130.11

 APPROVAL:                                                       DATE:
 1.0   PURPOSE

 This policy addresses the technical limitations of current RDBMS environments and establishes
 NDPD policy to reasonably monitor Structured Query Language (SQL) programming techniques
 in order to optimize the utilization of existing resources.


"l.Q    SCOPE & APPLICABILITY

 This policy addresses the use of Data Definition Language (DDL) statements to ensure security
 across distributed data paths and Data Manipulation Language (DML) statements to ensure
 optimum utilization of RDBMS multi-user resources.

 This policy applies to software designed to access relational  data bases  that reside on the
 following platforms:

       Platform                       RDBMS

       IBM-MVS                     DB2
       Novell NetWare                 Oracle Server for NetWare
       IBM OS/2                     Oracle Server for OS/2
       DG UNIX                     Oracle for DG UNIX

This policy is applicable to  all EPA organizations and employees, and  to personnel of agents
 (including State agencies, contractors, and grantees) of EPA who are involved in the design,
 development, administration, and/or maintenance of national or network  data base applications.

 Any deviation from this policy must be approved in writing by  the Director, NDPD.
Additional information for Local Area Network (LAN) application development may be
in NDPD Operational Directives Series 310.xx and in the EPA LAN Operating Guidelin
                                                                           found
                                                                        elines and
 Procedures.  UNIX  users should refer to NDPD policies on administration and application
 development under UNIX (to be developed).
 3.0    RESPONSIBILITIES

 3.1    CENTRAL DATA BASE ADMINISTRATOR (CDBA)

 It is the responsibility of the Central Data Base Administrator and the CDBA's Data Base
 Support Services (DBSS) staff to review  software designed  and produced for national and
 network applications and enforce adherence to this policy.


 3.2    APPLICATION SYSTEM MANAGER

 The Application System Manager is responsible to ensure that software developed for national
 and network applications adheres to this policy.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11                         Page 2 of 5

3.3   APPLICATION DEVELOPER
Application Developers, as directed by the Application System Administrators, are responsible
to ensure that software practices used in developing national and network applications adhere to
this policy.

4.0   POLICY
NDPD will support national and network applications accessing RDBMSs that reside on the
hardware platform defined in the scope of this policy and that adhere to the rules for SQL
programming as stated in Section 6.0 STANDARDS.
5.0   DEFINITIONS
5.1    STRUCTURED QUERY LANGUAGE
SQL is divided into three components:
      •     Data Definition Language (DDL) is used to create, alter,  and drop relational
             objects.
      •     Data Control Language (DCL) is used to grant and revoke privileges on relational
             objects and system resources to users.
      •     Data Manipulation Language (DML) is used to select data, update columns, insert
             rows of data, or delete rows of data.
This policy identifies supported techniques for using SQL Data Manipulation and Definition
Language constructs.  Relational objects referred to in these techniques include the following:
      DATABASE        A name  given to a collection of tables, their associated indexes,
                         and the space that contains them.
      DATABASE LINK   A named connection to a remote data base.
      TABLESPACE      A physical space to hold or store tables.
      TABLE            A collection of rows.
      COLUMN          Data elements that are grouped into logical tables.
      INDEX            An ordered set of pointers to rows in a table.
      VIEW              A subset of one or more tables.
      SYNONYM        An alias name for a table, DB link or view.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11                          Page 3 of 5


5.2   NATIONAL AND NETWORK DATA BASE APPLICATION

A National/Network Data Base Application is characterized by data accessed over a Wide Area
Network and/or the application distributed to multiple EPA locations. Platforms as defined in
Directive 130.10 RDBMS Platform Selection Standards are Central RDBMS and Users, Single
Data Base Servers and National Clients, Multiple Data Base Servers with National Clients, and
Multiple Data Base Servers, Central Data Base, and National Clients.  Platforms are defined in
Table 1 below:
CHARACTERISTICS
Application distributed internally
Application distributed externally
LOCAL DATA
Local Application
National Application
REMOTE DATA
Network Application
National and Network
Application
                            Table 1. Platform Definitions

6.0    STANDARDS

The following is a list of standards for SQL Relational Objects and programming techniques.
These standards apply to any RDBMS unless specifically identified for a particular platform in
a corresponding subsection.


6.1    DATA BASE LINKS

PUBLIC data base links may not be created with default users and/or passwords.  PUBLIC links
are created by users with DBA privileges and connect to accounts on the remote data base.
Users then have access to the data objects available to their remote account.

SYNONYMs should be  used to access tables located at remote data bases.  SYNONYMs
facilitate reference to the remote data object and provide first level location transparency.


6.2    DEVELOPMENT ON WAN

All SQL developed for national or network applications must have reasonable response times for
query and transaction processing assuming a 56kbs network between client and server.   The
weakest link in the current client server network architecture is the 56kbs Wide Area Network
(WAN).  Thus, minimized traffic over  WAN  connections will optimize available network
resources.


6.3   OTHER SQL RULES

Transactions must commit as soon as possible after completion to avoid holding locks on data
 for extended periods.

 Do not use special characters in column names.  They are not supported in SQL.

 Do not use the phrase SELECT *. Name only the columns needed for the programs.  Every
 column retrieved means additional CPU.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 130.11
Page 4 of 5
 Whenever possible, JOINs should be used instead of sub-queries.  Sub-queries, if required,
 should be correlated to the main query if possible. Sub-queries that return a large number of
 rows are inefficient.

 The SELECT statement is the only SQL statement permitted over network data base links.
 INSERTS, UPDATES, and DELETES require 'two-phase' commits to operate properly and 'two-
 phase' commits are not yet available.  Great care should be taken when accessing data remote
 to the 'connected' data base as communication lines are limited.  No JOINs or UNIONS will be
 allowed in cross platform applications  using DB2 or  Oracle Version 6.   Other querying
 capabilities will be restricted as described in the table below:
SELECT STATEMENT CLAUSES
FROM single table
FROM multiple tables
Sub-query - FROM single table
Sub-query - FROM multiple tables
GROUP BY (FROM single table)
GROUP BY (FROM multiple tables)
CONNECT BY/START WITH
ORACLE - ORACLE
Local/Remote Tables
Local Tables only
Local Table only
Local Tables only
Local/Remote Tables
Local Tables only
Local/Remote Table
CROSS PLATFORM
Local/Remote Tables
Local Tables only
Local Table only
Local Tables only
Local/Remote Tables
Local Tables only
Local/Remote Table
                    Table 2.  Query Limitations for Data Base Links

Cross platform JOINs may be done if all platforms are using Oracle Version 7 and it has been
determined that the JOIN is the most efficient path.  Alternatively, multiple platforms may be
referred to with individual SQL statements for each platform.
6.3.1 DB2

Plan names must be unique within a single DB2 subsystem.

Plans will be bound with the Cursor Stability (CS) option (unless deferred update processing is
used).  Cursor Stability allows for concurrent reads of the data and reduces the chances of
deadlocks.

Lock duration will be USE and COMMIT.  The USE parameter will only acquire locks and
open tablespaces when the program first uses them.  The COMMIT parameter will release the
resources at each commit point.

Always use the VALIDATION (BIND) parameter. The VALIDATION (BIND) parameter will
perform full validity checking during the BIND process.

All applications will create their own PLAN_TABLE and use the EXPLAIN(YES) parameter
to determine access path and indexes used.

-------
NDPD OPERATIONAL DIRECTIVE NO. 130.11                          Page 5 of 5


6.3.2  Oracle Tablespaces

Applications will be allocated a tablespace to contain data tables applicable to that application.
.All tables created for an application must reside in its tablespace with the exception of tables
shared with other applications. Shared tables reside in the tablespace of the first application for
which they are created.


7.0    PROCEDURE REFERENCES

7.1    DB2 ENVIRONMENT

       a.     DB2: The Complete Guide to Implementation and Use. Second Edition. Jeff D.
             Vowell, QED Information Sciences, Inc.

       b.     Platinum Guide for DB2. Platinum Technology, Inc.

       c.     U. S. Environmental Protection Agency. NDPD Operational Directives  130.05
             through 130.08.  NDPD Operational Directives Manual (Report No. 285/001).
             Research Triangle Park, NC:  National Data Processing Division.  (Location:
             Publications Technical  Library)


7.2    ORACLE ENVIRONMENT

       a.     U. S. Environmental Protection Agency. Oracle Server for NetWare,  Guidelines
             &  Procedures. (Report 551/001)  Research Triangle Park, NC:  National Data
             Processing Division. (Location: Publications Technical Library)

       b.     ORACLE, Building High Performance Online Systems,  W.  H. Inmon, QED
             Information Sciences, Inc., (1989)

       c.     ORACLE  RDBMS  Database  Administrator's Guide,  Version  6.0,  Oracle
             Corporation, October 1990.

       d.     SQL Reference Manual,  Version 6.0, Oracle Corporation, February  1990.

       e.     ORACLE RDBMS Performance Tuning Guide, Version 6.0, Oracle Corporation,
             February 1990.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     RTF PC User Support                                   NO.    140.01

APPROVAL:
1.0   PURPOSE

This policy identifies the primary personal computer support responsibilities of the Information
Centers Branch (ICB) in Research Triangle Park, NC.


2.0   SCOPE & APPLICABILITY

This policy establishes the support services that are available to all government and contractor
personnel in EPA's Research Triangle Park (RTF) facilities.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

The Chief, RTF Library and Information Centers is responsible for defining the services to be
offered by the RTF Information Centers (RICs). The ICB-RTP staff is responsible for providing
direct support to users of personal computers and peripherals, including microcomputer hardware
and software support. Assistance will also be provided in connecting personal computers with
other  operating platforms, such as EPA's IBM mainframe and exchanging data between those
platforms and users' PCs.


4.0   POLICY

During normal business hours, the ICB-RTP staff will provide basic customer assistance services
by telephone and on a walk-in basis at the RIC facilities in the EPA-RTP campus.


5.0    DEFINITIONS

Basic Customer Assistance Services:  Assistance in the use of the hardware and software in the
RICs including access to technical documentation and publications.

ICB-RTP: The Information Centers Branch in Research Triangle Park, NC.  ICB-RTP staffs
the RTF Information Centers, the LANs-R-US group, and Agencywide systems-level support
for Microsoft Windows.

Normal Business Hours:  From 8:00 am until  4:30 pm Monday through Friday.

RICs:  The  Research Triangle Park  Information Centers~RIC I in the EPA Administration
Building,  RIC II in the Environmental Research  Center, the MIC in the Mutual Building in
Durham, NC.

-------
NDPD OPERATIONAL DIRECTIVE NO. 140.01                        Page 2 of 2
6.0   STANDARDS
PC User Support will be provided in accordance with industry standards for sound operational
and security practices and as specified in pertinent NDPD policies and directives.
7.0   PROCEDURE REFERENCE
None.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     RIC I Operations/Production Support                       NO.    140.02
APPROVAL:
1.0   PURPOSE
This policy identifies the primary Research Triangle Park Information Center (RIC I) computer
operations responsibilities of the Information Centers Branch (ICB) in Research Triangle Park,
NC.
2.0   SCOPE & APPLICABILITY
This policy outlines the operational hardware support provided for the Contracts Management
Division of the Office of Administration and Resources Management (OARM).
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0   RESPONSIBILITIES
The Chief, RTF Library and Information  Centers is responsible for defining the computer
operations support services to be offered by RIC I. The ICB-RTP RIC I staff is responsible for
providing computer operations support.

4.0   POLICY
During normal business hours, the ICB-RTP RIC I staff will provide computer operations
support in the EPA-RTP Administration Building. In addition to normal operations support, the
following specific services will be provided:
      a.    Perform daily incremental backups and weekend  full  backups on the Prime
            computer system.
      b.    Monitor all printers and controllers in the RIC I production facility.
      c.    Upon request, deliver IBM mainframe printer output.
      d.    Provide connectivity support  for all Prime terminal connections in the EPA-RTP
            Administration Building.
5.0   DEFINITIONS
ICB-RTP:  The Information Centers Branch in Research Triangle Park, NC.  ICB-RTP staffs
the RTF Information Centers, the LANs-R-US group, and Agencywide systems-level support
for Microsoft Windows.
Normal Business Hours:  From 8:00 am until 4:30 pm Monday through Friday.
RIC I:  The Research Triangle Park Information Center I in the EPA Administration Building.

-------
NDPD OPERATIONAL DIRECTIVE NO. 140.02                        Page 2 of 2

6.0   STANDARDS
Computer operations support will be provided in accordance with industry standards for sound
operational and security practices and as specified in pertinent NDPD policies and directives.
7.0   PROCEDURE REFERENCES
RICI Prime Procedures Guide (unnumbered, unedited draft).
RIC I Information Center Procedures Guide (unnumbered, unedited draft).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     RTR-LAN Support                                      NO.    140.04

•APPROVAL:  /^^ 1^-JjJL	DA™ »'"



1.0    PURPOSE

This policy  identifies NDPD's primary  responsibilities for  Local  Area Network (LAN)
•Administration.


2.0    SCOPE & APPLICABILITY

This policy establishes LAN support responsibilities for all EPA-RTP LANs designated by
NDPD.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0    RESPONSIBILITIES

-The Chief, RTF Library and Information Centers is responsible for defining services to be
offered and for monitoring service delivery.  The ICB-RTP staff is responsible for performing
the LAN administrator function.


4.0    POLICY

ICB-RTP will provide LAN Administrative support for RTF-area LANs designated by NDPD
to receive such support, and for LANs covered by Operational Service Agreements with client
organizations.  For those LANs, in accordance with NDPD LAN Operational Procedures and
 Standards, the ICB-RTP LAN support staff will:

       a.    Act as LAN Administrator for all EPA-RTP LANs designated by NDPD.

       b.    On LANs for which LANSYS's centralized backup service in not a viable option,
             perform appropriate backups.

       c.    Assist LAN  users in  the  use of LAN-based  applications software; provide
             operating system support upon request.    ~          —

       d.    Provide installation support for LAN users.  This includes the installation of
             token-ring boards in PCs, diagnosis of LAN workstation hardware problems, and
             assistance to the Telecommunications Service Request (TSR) group in running and
             building token-ring cables.

       e.    Provide LAN users with LAN-oriented materials such as keyboard overlays,
             manuals, and supplies for LAN printers and plotters.

       f.    Evaluate and test LAN hardware and software.  When appropriate, this activity
             is performed in cooperation with other NDPD operational groups.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 140.04                        Page 2 of 2


 S.O    DEFIMTIQNS

 ICB-RTP: The Information Centers Branch in Research Triangle Park, NC.  ICB-RTP staffs
 the RTP Information Centers, the LANs-R-US group, and Agencywide systems-level  support
 for Microsoft Windows.

 LAN:  Local Area Network.  In EPA, the standard is an Intel processor-based, token-rine
 topology.                                                                      6

 LANSYS: NDPD's LAN System Support Group.

 RIC I:  The Research Triangle Park Information Center I in the EPA Administration Building.

 TSR:  Telecommunications Service Request.  A  standard NDPD form that, when completed,
 provides the  information needed to approve,  schedule, and monitor connectivity changes or
 changes to the EPA national network.


 6.0   STANDARDS

 As specified Report 397/001B, LAN Operational Procedures and Standards, Revised March 15,



7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. (1993)  LAN Operational Procedures and Standards.
(Report No.  397/001B), Research Triangle  Park, NC:  National Data Processing Division,
Telecommunications. (Location: Publications Technical Library)

-------
                   U.S. ENVIRONMENTAL PROTECTION AGENCY
                    NDPD OPERATIONAL DIRECTIVES MANUAL

  TITLE:      Archiving Tapes and Data Sets                             NO.    200.01

  APPROVAL:     W 5-                                             DATE;
   1.0    PURPOSE
  This policy establishes procedures and goals for archiving tapes at the National Computer Center
  (NCC).  Adherence to these procedures will ensure that archived tapes are utilized to the
  maximum degree possible at the NCC.


  2.0   SCOPE & APPLICABILITY

  This policy assigns responsibilities to those individuals who archive tapes.

  Any deviation from this policy must be approved in writing by the Director of the NDPD.


  3.0   RESPONSIBILITIES

  The FM Contractor will develop, update, and monitor procedures to implement this policy.

  The customer community will comply with  the provisions of this policy and EPA Directive
  200.02, NDPD Records Management, when  archiving tapes.


  4.0   POLICY

         a.     The NCC will provide a secure and environmentally correct archival facility for
               the storage of tapes containing  data that must be maintained but has no immediate
               processing need.  This policy  is applicable to both cartridge and reel tapes.

         b.     NDPD  has developed  procedures and  maintains  the necessary software for
               automatic archiving of customer disk data sets.  (Customers should archive data
               sets from disk whenever possible.) Data set archives are processed by the storage
               management subsystem and utilize  overhead tape volumes to their maximum
               potential.  Customers should copy tapes to disk data sets and mark the data sets
               for archive;  the system will process the  archival of  data  from  this point.
               Archived data sets are normally retained for 1 year, but the customer may request
               retention for up to 3 1/2 years.

               Customers who archive tapes are required to utilize at least 70 percent of a tape.
               Customers may telephone, Umail, Email (K.  Strickland), or  submit a written
               request  to Data Management for physical tape archival.

         c.     If the request is for a cartridge tape,  Data Management will approve and forward
               the request to Data Processing Support Services (DPSS).  DPSS will issue a
               preassigned tape number (D number) to the tape and notify the customer.  The
               customer will then copy the data to  the preassigned labeled tape.


|   Indicates  change.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 200.01                          Page 2 of 2
       d.     The customer will be given 5 workdays to copy data to tape. Upon successful
              completion, DPSS will store the tape offsite in the archive vault.

       e.     Customers requesting  that round  tapes be  archived  must follow the same
              guidelines outlined in Step b.  Once the tape is approved for archiving, Data
              Management will forward the request to DPSS.  When a round tape is archived,
              it loses its former tape number; DPSS will assign a "C"  (DEC) or "D" (IBM)
              number to the tape. Archived tapes are in "inactive" status and are file-protected
              and labeled NO WRITE RING on the face and back of the tape to ensure the data
              is not overwritten.

       f.      A tape may be archived for up to 3 1/2 years.  When this timeframe has been
              met, the tape is automatically released to the customer.

       g.     Customers will receive a monthly tape list of all archived  tapes.

       h.     Customers may request that tapes be returned or dearchived.  Upon receipt of the
              request, DPSS will return the tape within 24 hours. A $10.00 retrieval fee will
              be charged to the customer account. (Customers are charged $10.00 per trip, not
              per tape.)

       i.      Only the owner of a tape or the appropriate Account Manager or ADP Coordina-
              tor will receive the services outlined above.

       j.      All archived  tapes will be rewound before being returned  to the customer at
              expiration time.

       k.      Annually, a statistical sample (384 tapes) will be read by the data center to ensure
              that the tapes are in good condition and are readable.

       1.      The FM contractor will ensure that all tapes containing sensitive information and
              released for destruction are degaussed on an approved degausser.
Indicates Change.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:      NQPD^Records Management                             NO.:    200.02
APPROVAL: Bffc^'-C'^-^:.-^'                                DATE: 7/J/?/
1.0   PURPOSE
This policy provides customers of NDPD resources and contractor staff with guidance on the
•management of files and records, both temporary and permanent, to ensure that the EPA meets
all requirements outlined in the National Archives and Records Administration Articles.
This NDPD policy provides procedures for the following:
       a.     Scheduling records for disposition.
       b.     Inventorying electronic records.
       c.     Applying General Records Schedules (GRS) containing disposition instructions for
             temporary electronic records common to many agencies..
       d.     Scheduling records not covered by the GRS.
       e.     Identifying potentially permanent electronic  records.
       f.     Transferring permanent and/or temporary records to the local EPA archive vault.
       g.     Transferring permanent records to the National Archives.
       h.     Maintaining and using  electronic records.
                                                      t
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel and to all customer personnel
who are responsible for the management,  maintenance, and disposition of magnetic media.
Any deviation from this policy must be approved in writing by the Director of the NDPD and
the Records Officer of the EPA.

3.0   RESPONSIBILITIES
"The FM contractor will develop, update, and monitor procedures  and provide utilities and
facilities for the archival of Agency records.
The customer will comply with the provisions of this policy in the management, maintenance,
and disposition of Agency records.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.02                          Page 2 of 2
4.0   POLICY

      a.     NDPD customers are responsible for inventorying and scheduling all records,
             ensuring that the Agency saves important data and deletes disposable data when
             no longer needed.

      b.     Following an inventory, the Agency Records Manager will determine whether the
             information in any system is covered by disposition instructions in the GRS issued
             by the National Archives and Records Administrator (NARA).

      c.     An SF115 must be submitted by the Records Manager to the NARA for all
             records not covered by the GRS.
      d.
NDPD will provide a secure, environmentally appropriate facility for the archival
of machine readable records identified in the GRS.
      e.     The Agency Records Manager will provide technical and administrative assistance
            for the permanent archival of machine readable records to the National Archives.

      f.     The FM contractor will provide labeling guidelines for all records scheduled for
            archival.

      g.     The FM contractor will maintain the archival facility in compliance with the
            NARA's regulations on Electronic Records Management.

      h.     The FM contractor will provide a policy for archiving tapes and data sets.  (See
            NDPD Operational Directive 200.01, Archiving Tapes and Data Sets.t

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:      NCC UNK Security          .„   „                    NO.   200.03

 APPROVAL:
 1.0    PURPOSE

 This policy establishes a set of security standards  and practices for Agency standalone or
 network connected computer systems which use UNIX or UNIX-based operating systems and
 are supported or owned by EPA's National Data Processing Division (NDPD). These standards
 are in compliance with generally accepted security standards and practices and with Federal
 regulations and directives referenced in Section  7.0, PROCEDURE REFERENCES, of this
 policy.


 2.0    SCOPE & APPLICABILITY

 This policy applies to all customers of NDPD supported or owned computer systems which use
 a UNIX or UNIX-based operating system and to  all personnel who provide for the use,
 operation, maintenance, support, or telecommunications services of those systems.

.Any request for an exemption to this policy must be provided in writing to the Director, NDPD
 and, if approved, must be approved in writing.  Email is an acceptable medium for requesting
 and receiving an exemption under this policy. Provisions in this policy might be superseded by
 future policies developed  for public access and which are subsequently reviewed and approved
 by the NDPD Computer Security Officer. Provisions in public access are regarded as approved
 exemptions to this policy.


 3.0    RESPONSIBILITIES

       a.     NDPD is responsible for:

              1.    Providing a secure environment for all UNIX or UNIX-based computer
                   systems covered by this policy.

             2.    Ensuring that this policy is consistent with all Federal regulatory statutes
                   and directives.

             3.    Requesting exemptions to Federal regulatory statutes and directives when
                   required by considerations unique to the operating environment of the
                   computer systems covered by this policy.

             4.    Appointing  an  NDPD  Computer  Security Officer  responsible for
                   implementing, maintaining, and reviewing compliance with this policy.

             5.    Participating in NDPD's Computer Emergency Response Team (CERT)
                   as described in NDPD policies and procedures for that team.

             6.    Approving, in writing, any exemptions to this policy.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 2 of 16

       b.     The NDPD Computer Security Officer is responsible for:

             1.     Establishing  all procedures  necessary  for the  implementation and
                   maintenance of this policy.

             2.     Reviewing  and approving all security environment  changes allowable
                   under this policy, and reviewing and approving all system-wide special
                   privileges for all UNIX or UNIX-based systems covered by this policy.

             3.     Directing efforts of NCC contract personnel in security matters pursuant
                   to provisions of the NCC primary support contract.

             4.     Coordinating any exemptions to Freedom of Information or Public Access
                   Acts regarding access  to data  processed  on  data processing systems
                   covered by this policy.

             5.     Participating  in NDPD's Computer Emergency  Response  Team as
                   described in NDPD policies and procedures for that team.

             6.     Monitoring system compliance with this policy.

      c.     The management of each technical support function (e.g.,  UNIX, Scientific
             Visualization,  Supercomputer,  CIS) established by NDPD for the support and
             maintenance of computer systems covered by this policy is responsible for:

             1.     Adhering to all policy provisions.

             2.     Subscribing  to and using industry security risk bulletin boards for the
                   purpose of identifying potential security exposures in the UNIX or UNIX-
                   based environment.

             3.     Coordinating with the NDPD Computer Security Officer or his delegate,
                   System Managers, and System Administrators:

                   (a)     Policy provision implementations,  monitoring, and maintenance.

                   (b)     Configuration, according  to security policy standards of all UNIX
                          or UNIX-based operating systems, utilities, and applications for
                          which it provides central  distribution, support, or maintenance.

                   (c)     Reporting, defensive, and  corrective actions  related  to system
                          security exposures, breaches,  and virus attacks.

             4.     Participating in the  NDPD Computer Emergency Response Team as
                   described in NDPD polices or procedures for that team.

      d.     Each Agency Program Office is responsible  for:

             1.     Adhering to all provisions of this policy.

             2.     Ensuring the physical  security  of its sites used  to house  or  access
                   computer systems  covered  by  this policy and   the  data  processing
                   peripherals and other  devices used for that access.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 3 of 16


             3.     Appointing a System Manager and a System Administrator for computer
                   systems covered by this policy and which reside at its site(s).

             4.     Maintaining the security of each of its UNIX or UNIX-based computer
                   systems and the applications residing on them in a manner consistent with
                   this policy and all Federal regulations and directives.

             5.     Developing  and performing local  procedures,  risk analyses,  and other
                   mechanisms for determining,  enacting,  monitoring,  and maintaining
                   computer system and application security requirements under  provisions
                   of this policy.

       e.     Each System Manager and System Administrator will be responsible  for:

             1.     Adhering to all provisions of this policy.

             2.     As directed by the Program Office, ensuring that provisions in  this policy
                   governing the office are implemented, monitored, and maintained.

             3.     Subscribing  to and using industry security risk bulletin  boards for the
                   purpose of identifying potential security exposures in the UNIX or UNIX-
                   based environment.

             4.     Coordinating  with  NDPD  technical  support management,  System
                   Managers or System Administrators:

                   (a)    Policy provision implementations, monitoring, and maintenance.

                   (b)    Configuration, according to security policy standards, of all UNIX
                          or UNIX-based operating systems,  utilities, and applications for
                          their system(s).

                   (c)    Reporting, defensive, and  corrective actions  related  to system
                          security exposures, breaches, and virus attacks.

                   (d)    Implementation of system warning notices during system logon to
                          provide legal protection  from unauthorized access  attempts.

                   (e)    Aiding NCC  computer security staff with security  audits.

             5.     Participating in the NDPD Computer Emergency Response Team as
                   described in NDPD policies or procedures  for that team.  "

             6.     Conducting risk analyses and security assessments under the provisions of
                   the EPA Information Security  Manual and maintaining  documentation
                   (copies) on the findings.

             7.     Not allowing"trusted" or "open" access to the system without  consulting
                   with the System Manager or System Administrator.

             8.     Ensuring users of their systems comply with provisions of this policy.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 _ Page 4 of 16

       f.     The EPA NDPD security function is a commercially contracted responsibility of
             the contractor as provided for in Attachment A of OMB Circular A-76. All NCC
             departments and personnel engaged in the operation, support, or maintenance of
      g.     Each user of a UNIX or UNIX-based computer  covered by this policy  is
             responsible for:

             1.     Adhering to all provisions of this policy.

             2.     Practicing sound password management (i.e., will not use trivial, easily
                   guessed passwords, and will not share User-IDs and passwords).

             3.     Securing data based on an evaluation of the sensitivity of the data.

             4.     Not allowing "trusted" or "open" access to the system without consulting
                   with the System Administrator.


4.0   POLICY

The computer systems covered by this policy will be used for official Government business only.
Unauthorized use of any of these systems is a criminal offense under  Title 18 of the United
States Code,  Section 641,  and may subject violators  to a fine of  up to  $10,000 and/or
imprisonment of up to 10 years.

The security of UNIX or UNIX-based computer systems, and the  facilities within which they
reside and which are owned, operated, or supported by EPA will be implemented, maintained,
and monitored in compliance with generally accepted security standards, with Federal regulations
and directives, and specifically, with Federal  regulations and directives and UNIX  security
vulnerability documentation referenced in Section 7.0, PROCEDURE  REFERENCES of this
policy.

Agency UNIX or UNIX-based computers and data residing on those computers will be protected
from unauthorized access.

Any Agency-owned or operated UNIX or UNIX-based computer system attached to the Agency
network must demonstrate conformity to this policy to the NDPD Security Officer within 90
days of attachment.  Demonstration of confprmance will be measured by the  completion of a
UNIX security review  questionnaire.   Failure to demonstrate conformance may result  in
removing the computer system's attachment from EPA's wide area network.

UNIX and UNIX-based  systems are inherently implemented in a non-secure manner as UNIX
was initially designed to promote ease of use and data  sharing.   Advancements in UNIX
operating system security now permit utilization of software and components meeting Federal
policy guidelines for C2 (discretionary access control).  EPA UNIX systems  covered by this
policy will, as a design goal, meet C2 security requirements.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 5 of 16

5.0    DEFINITIONS

Industry Standard: For the purpose of this policy, industry standards are defined through the
documents in Section 7.0, PROCEDURE REFERENCES, of this policy, industry bulletin boards
referenced in those documents, and Security Administrator guides for each computer system.

Federal Trusted Computing Base (C2) Discretionary Access Control:  C2 level of security is
described in the Trusted Computer System Evaluation Criteria. CSC-STD-001-83 and is partially
reproduced here:

       1.     Discretionary Access Control

       The TCB (trusted computing base) shall define and control access between named users
       and named objects (e.g., files  and programs) in the ADP system.  The enforcement
       mechanism (e.g., self/group/public controls,  access control lists)  shall allow users to
       specify and control sharing of those objects by named individuals, or defined groups of
       individuals, or by both.  The discretionary access control mechanism shall, either  by
       explicit user action or by default, provide that objects are protected from unauthorized
       access. These access controls shall be capable of including or excluding access to the
       granularity of  a single user.   Access permission to an  object by users not already
       possessing access permission  shall only be assigned by authorized users.

       2.     Object Reuse

       When a storage object is initially assigned, allocated, or reallocated to a subject from the
       TCB's pool of unused storage objects, the TCB  shall assure that the object contains  no
       data for which  the subject is not authorized.

       3.     Accountability - Identification and Authentication

       The TCB shall  require users to identify themselves to it before beginning to perform any
       other actions that the TCB is expected to mediate.  Furthermore, the TCB shall use a
       protected mechanism (e.g., passwords) to authenticate a user's identity. The TCB shall
       protect authentication data so that it cannot be accessed by any unauthorized users.  The
       TCB shall be able  to enforce individual  accountability by providing  the capability to
       uniquely identify each individual ADP system user.  The TCB  shall  also provide the
       capability of associating this identity with all auditable actions taken by that individual.

       4.     Accountability - Audit

       The TCB shall be able to create,  maintain, and protect from modification or unauthorized
       access or destruction an audit trail of accesses to the objects it protects.  The audit data
       shall be protected by the TCB so that read access  to  it is limited to those who are
       authorized for audit data.  The TCB shall be able to record the following types of events:
       use of identification and authentication mechanisms, introduction of objects into a user's
       address space (e.g., file open, program initiation), deletion of objects, and actions taken
       by  computer operators and system administrators and/or system  security officers.  For
       each recorded event, the audit record shall identify: date and time of the event, user type
       of event, and success or failure of the event. For identification/authentication events die
       origin of request (e.g., terminal ID) shall be included in the audit record.  For events
       that introduce an object into a user's address space and for object deletion  events the
       audit record shall include the name of the object. The ADP system administrator  shall
       be  able to  selectively audit the  actions of any one or more users  based on  individual
       identity.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 6 of 16

6.0   STANDARDS

6.1   SYSTEM CONFIGURATION AND OPERATION

      a.    The  design goal for the operating system of all computers covered under this
            policy will be C2.

      b.    Security recommendations contained in Security Administrator guides and other
            documentation provided by the vendor of each UNIX or UNIX-based operating
            system will be implemented.

      c.    All industry documented fixes for known UNIX security vulnerabilities will be
            applied as described in Improving the Security of Your UNIX System referenced
            in Section 7.0. PROCEDURE REFERENCES.  This includes, but is not limited
            to:

            1.     The use of  non-secure  trivial  file  transfer protocol (TFTP) is not
                   permitted.  To determine whether your  version of trivial file transfer is
                   secure, enter the following sequence of commands following the prompts:

                         %tftp
                         tftp> connect yourhost (substitute your host name)
                         tftp>get/etc/motd tmp

                   If your version does  not respond with "File not  Found" and instead
                   transfers the file, your version of trivial file transfer should be  replaced
                   with a newer one.  In  particular, versions of SunOS prior to release 4.0
                   are known to have  this problem.

            2.     Only secure versions/implementations of File Transfer Protocol (FTP)
                   (versions later than December 1988) are allowed.

            3.     Recommendations in Section 2.2.5 of Improving the Security  of Your
                   UNIXSystem referenced in Section 7.0, PROCEDURE REFERENCES.
                   will apply for sendmail. Specifically, newer versions of sendmail will be
                   obtained as described in that document and the following actions will be
                   taken:

                   (a)    Remove the "decode" alias from the aliases file (/etc/aliases or
                         /usr/lib/aliases).

                   (b)    If you create aliases that allow messages to be sent to programs,
                         ensure that there is no way to obtain a shell or send commands to
                         a shell from these programs.

                   (c)    Make  sure the "wizard" password is disabled in the configuration
                         file, sendmail.cf.

                   (d)    Make  sure your sendmail does not support the "debug" command.
                         This can be done with the following commands:

                                % telnet localhost 25
                               debug
                               quit

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03 _ Page 7 of 16

                          If your sendmail responds to the "debug" command with "200
                          Debug set", then you are vulnerable to an attack using sendmail
                          and should replace your sendmail with a newer version.

             4.    Only the latest version of fmgerd will be allowed.

             5.    Modems will be configured to prevent  inadvertent access of one  cus-
                   tomer's interrupted  session by another  customer.   Most  modem and
                   terminal server manuals cover in detail  how to properly connect these
                   devices to your system.  In particular, you should pay close attention to
                   the "Carrier Detect," "Clear to  Send," and "Request to Send" connections.
                   At a minimum the following checks should be made.

                   (a)     If a user dialed up  to a modem hangs up the phone, the system
                          should log him out.  If it does not, check the hardware connections
                          and the kernel configuration of the serial ports.

                   (b)     If a user logs off, the system should force the modem to hang up.
                          Again, check the hardware connections if this does not work.

                   (c)     If the connection from  a terminal server to the system is broken,
                          the system should log the user off.

                   (d)     If the terminal server is connected to modems and the user hangs
                          up, the terminal server  should inform the system that the user has
                          hung up.

      d.     All files residing on the computer  system will be backed up at least weekly and
             monthly.  Backups will be protected  from unauthorized access and alteration.
             Storage of the backups will be at a location removed from that of the computer
             system itself.


6.2   SYSTEM DIRECTORY AND FILE PROTECTION

Files and directories that comprise the operating system must  have ownership and permission
— : ---- u ---------------------- ._   .       ^ writg access to thcse files must be reserve£i for

                                         administrator or  root. System files include, but
                                        es "/", "/etc", n/usr/binlf, "/usr/etc","/usr/lib",
"/usr/ucb".


6.3   DEVICE PROTECTION

6.3.1  Non-Terminal
      a.     UNIX system device files are used to access system peripherals (e.g., printers,
             terminals,  networks,  disks, system  memory)  and must  be protected  from
             unauthorized access.  Files comprising device definitions must be protected from
             unauthorized access.

      b.     All device files must be located in the "/dev" directory.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 8 of 16
       c.     Disk devices, "/dev/mem", "/dev/kmem", "/dev/drum", "/dev/swap" and others
             typically contained in group "kmem" must never be world-readable.
       d.     Memory and disk devices must be owned by "root" and their access permissions
             must generally be:
             1.     Owner - READ and WRITE.
             2.     Group - READ.
             3.     World - No access.
       e.     Memory devices must belong to group "kmem".
       f.     Disk devices must belong to group "operator".
       g.     All other non-terminal devices must be owned by the operating system equivalent
             of system administrator or "root".

6.3.2  Terminals
       a.     Terminal devices must be owned by the operating system equivalent of system
             administrator or "root".
       b.     Access permissions must be READ and WRITE for owner, group, and world
             when non-allocated devices (except for printers controlled by die queue manager).
       c.     Only the system console device for file servers and dataless systems should be
             configured as "secure" in "/etc/ttytab" or equivalent file(s). Diskless workstations
             must be set up as "nonsecure" in "/etc/ttytab" or equivalent file(s).
6.4    NETWORK
6.4.1  System Warning Notice
Each computer covered by this  policy which is attached to the Agency  telecommunications
network will display the following  message  at login:
       WARNING:   The  use  of this computer is for official Government  business  only.
                    Unauthorized use of this computer is a criminal offense under Title 18
                    United States Code, Section 641, and may subject violators to a fine of up
                    to $10,000, or imprisonment of up to 10 years, or both.

6.4.2  Remote Access
       a.     No wild-carding may be permitted in the "/etc/hosts.equiv"  file.
       b.     No local   hosts  located  in public  areas  should be  configured  in  the
             "/etc/hosts.equiv"  file as "trusted".

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 9 of 16
       c.     ".rhosts" files are not allowed.
       d.     TCP wrappers distributed by NDPD will be installed.

6.4.3  NFS
       a.     Each entry in "/etc/exports" will have an associated "access=hostlist" parameter.
       b.     No entry in "/etc/exports" may specify the "root=hostlist" parameter.
       c.     If an entry in "/etc/exports" contains netgroup entries, the host name  must be
             specified and the domain field must contain a "-" if it is not used.

6.4.4  UUCP
Only news and rmail may be accessible through the UUCP system.
6.5    ACCOUNT SECURITY
6.5.1  Registration
       a.     Procedures  will be developed by  local system administrators for obtaining an
             account, password, group, or password reset and updating system authentication
             files.
       b.     Except for the purpose of anonymous FTP, an account is required for access to
             any computer system covered by this policy.
       c.     Only one account per customer is  allowed.
       d.     Accounts may not be shared.
6.5.2  Disabled Accounts
Disabled accounts will be periodically reviewed by the System Administrator to determine if any
of them should be removed  from  system authorization files.

6.5.3  Duplicate User-IDs
Each account will be identified with a unique User-ID.  Duplicate User-IDs are not allowed.

6.5.4  Guest Accounts
Guest  and Shared  accounts are  not allowed.   Anonymous  File Transfer Protocol access is
permitted  for READ only. FTP for writable files requires an exemption to this policy. In all
cases the FTP server must be configured as described in the CERT advisory,  SECTION 6.12.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 10 of 16

6.5.5  Account Activity

       a.     Accounts that have not been accessed for 60 days will be reviewed by the System
             Administrator to determine if the account should remain in system authorization
             files.

       b.     A review will be conducted at least once a year to determine accounts that have
             not been used to access  the system since their assignment.  These accounts will
             be removed from system authorization files.


6.6    CUSTOMER FILE PROTECTION

Customer files, such as ".login", ".cshrc", ".profile", and any shell scripts must be protected
by default such that only the owner can, by default, read, write, and execute them.


6.7    PASSWORD SECURITY MANAGEMENT

       a.     The password file must be protected  such  that  non-administrative personnel
             cannot view passwords in clear text.

       b.     All accounts must have passwords.

       c.     Do not use trivial passwords.

       d.     Passwords will consist of at least six characters,  and will contain at least one
             alpha and one numeric character unless a dictionary containing easily guessable
             passwords is used by the system for password validity checking.

       e.     A  maximum  of four unsuccessful  login  attempts will  be allowed by  each
             workstation. Upon the fifth  attempt, the User-ID will be disabled and worksta-
             tion access denied.

       f.     A password will expire and have to be changed to a unique value by the user to
             whom it is assigned a maximum of 90 days after initial  assignment, reset,  or
             change.

       g.     The system will warn the customer at login of a system required password change
             10 days in advance of the required change.

       h.     The system will display, at login, the date and time of the last successful and
             unsuccessful login to the customer.

       i.     Passwords  will  be protected  from disclosure.  Any file which requires  a
             hardcoded password will be encrypted.

      j.     The Screen Lock feature will be set for a maximum of 20 minutes inactivity.


6.8    FILE SYSTEM SECURITY

      a.     All directories and files  established or created by or for a  workstation customer
             will be protected at a default level from unauthorized access (read, write, execute)
             by  anyone other than the owner.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 200.03	   Page 11 of 16
» ^^^^^^^^^^^^^^^™^^^^^^^^^^^^^^^™    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^— -• • •••—^^^^^—•^^^^^^^——•i^—™^^—^^—•

       b.     No  directory should have  World Write  access  unless  required for system
              functionality.

       c.     No files should have World Write access unless required for system functionality.

       d.     In order to prevent the inadvertent propagation of privileges, no SUID or SGID
              programs will be allowed in any directories other than "/bin", "/etc", "/usr/bin",
               /usr/ucb", or "/usr/etc".  Setuid and setgid shell scripts  which have not been
              reviewed and approved by the System Administrator are not allowed. If used, the
              associated process will not allow an uncontrolled exit from the process.

       e.     No file will be owned by an undefined owner.

       f.     To ensure system file integrity and to promote ease of auditing, only system level
              files and utilities will be allowed  in /usr directories.  These directories will be
              owned by root and will  only be writable by root  or the operating system
              equivalent.


 6.9   PHYSICAL SECURITY

       a.     At sites where computer systems and associated peripherals are contained in a
              central location, procedures  will be developed and implemented to grant, deny,
              and monitor access to the central location,  and the central  location will be:

              1.    Protected from unauthorized access by industry accepted access control
                    devices (e.g., badge readers, key locks).

              2.    Protected from environmental hazards through use of industry accepted
                    environmental protection  devices  (e.g.,  sprinkler and uninterruptible
                    power supply systems).

       b.     Individual workstations will employ power strips or other industry accepted
              devices to protect the workstation from electrical hazards. A fire extinguisher
              will be within reasonable proximity to each work station  location to allow for
              quick  response to any fire hazard  occurrence.

       c.     Individual workstation users will  be responsible for protecting the workstation
              against unauthorized access (e.g., logging off when not in use or keyboard locks,
              if available).


 6.10  RISK ANALYSIS AND SECURITY ASSESSMENT

 Organizations planning to implement a UNIX  system should  use  the  following tables and
 worksheets extracted from the EPA Information Security Manual as a guideline for determining
 the sensitivity of applications and data in terms of availability, integrity,  and confidentiality:

       •     TABLE FOR SENSITIVITY EVALUATION. This table is referenced as Table
              4-1 in the EPA Information  Security Manual.

       •     DETERMINING RELEVANT SECURITY OBJECTIVES AND DEGREE OF
              SENSITIVITY worksheet. This worksheet is referenced as Table 4-2 in the EPA
              Information Security Manual.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 12 of 16

       •     SENSITIVE APPLICATION CERTIFICATION WORKSHEET. This worksheet
             is referenced as Exhibit B-l in Appendix B of the EPA Information Security
             Manual.

       •     RISK ANALYSIS WORKSHEET.  This worksheet is referenced as Exhibit C-l
             in Appendix C of the EPA Information Security Manual.

A file should be maintained with these worksheets and should be updated when new applications
are added to the existing environment.


6.11   MEASUREMENT

       a.     System Managers or System Administrators will periodically, at least monthly,
             monitor the following files (or system-specific equivalents) to establish a baseline
             of customer usage for the purpose of detecting patterns outside of that baseline
             which may indicate  a system abuse or intrusion:

             1.     /usr/adm/lastlog

             2.     /etc/utmp

             3.     /usr/adm/wtmp

             4.     /usr/adm/acct

             5.     system syslog

             Events to monitor include, but are not limited to, invalid UIDs, invalid password
             attempts,  invalid  data  accesses,  use of system administrator  privileges, and
             granting of those privileges.

       b.     Security review software will be obtained  by  the NDPD  Computer Security
             Officer for reviews of computer systems covered by this policy.  Additional
             supplemental  software and/or  procedures  required  to fully  review  policy
             compliance will be developed under the auspices of the NDPD Computer Security
             Officer. An initial review will be performed within 90 days of computer system
             installation or attachment to the Agency telecommunications network -- whichever
             occurs first. Subsequent reviews will be performed by System Managers and/or
             System Administrators at least every 3 years as required by Federal regulations.
             Each System Manager and/or Administrator will provide the results of reviews
             to the NDPD Computer Security Officer for review.
      c.
             compliance reviews as required for quality assurance.  The NDPD Computer
             Security Officer will provide for the reviewer all resources (software, equipment,
             etc.) required for the review.

      d.     Vulnerabilities identified by software provided for system reviews, and which are
             not specifically noted in this policy, are subject to the provision in Section 6.I.e.
             of this policy.

      e.     Findings from system reviews for locally owned and operated NDPD systems will
             be presented for review and action by the Director, NDPD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 13 of 16

6.12   ANONYMOUS FTP CONFIGURATION GUIDELINES

Anonymous FTP can be a valuable service if correctly configured and administered.  Section
6.12.1 provides general guidance in initial configuration of an anonymous FTP area.  Section
6.12.2 addresses the issues and challenges involved  when a site wants to provide writable
directories  within their anonymous FTP areas.  Section  6.12.3 provides information about
previous CERT advisories related to FTP services.

The following guidelines are a set  of suggested recommendations that have been beneficial to
•many sites. CERT recognizes that  there will be sites that have unique requirements and needs,
and that these sites may choose to implement different configurations.


6.12.1 Configuring Anonymous FTP

       a.     FTP daemon.

             Sites should ensure  that they are using the most recent version of their FTP
             daemon.

       b.     Setting up the anonymous  FTP directories.

             The anonymous FTP root directory (-ftp) and its subdirectories should not be
             owned by the ftp account or be in the same  group as the ftp account.  This is a
             common configuration problem.  If any of these directories are owned by ftp or
             are in the same group as the ftp account and are not write protected, an intruder
             will be able to add files  (such as a .rhosts file) or modify other files. Many sites
             find it acceptable to  use the root account. Making the ftp root directory and its
             subdirectories owned by root, part of the system group, and protected so that only
             root has write permission will help to keep anonymous FTP service secure.

             Here is an example of an anonymous FTP directory setup:

                    drwxr-xr-x   7      root    system  512   Mar 1      15:17./
                    drwxr-xr-x   25    root    system  512  Jan 4       11:30../
                    drwxr-xr-x   2      root    system  512  Dec 20     15:43 bin/
                    drwxr-xr-x   2      root    system  512  Mar 12     16:23 etc/
                    drwxr-xr-x    10    root    system  512  Jun 5       10:54 pub/

             Files  and libraries,  especially those used by the FTP daemon and those in
              ~ ftp/bin and - ftp/etc, should have the same protections as these directories.
             They should not be owned by ftp or be in the same group as the ftp account, and
             they should be write protected.

       c.     Using proper password and group files.

             It is strongly advised that sites  not use the system's /etc/passwd file as the
             password  file or the system's /etc/group as the group file in the -ftp/etc
             directory.  Placing  these  system  files in the  -ftp/etc  directory  will permit
             intruders to get a copy of these files.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 14 of 16


             These files are optional and are not used for access control.

             It is recommended to use a dummy version of both the  -ftp/etc/passwd and
             ~ ftp/etc/group files.  These files should be owned by root.  The dir command
             uses these dummy versions to show owner and  group names of the files and
             directories instead of displaying arbitrary numbers.

             Sites should make sure that the -/ftp/etc/passwd  file contains no account names
             that are the same as those in the system's /etc/passwd file.  These files should
             include only those entries that are relevant to  the FTP hierarchy or needed to
             show  owner and group names.   In addition,  the user should  ensure that the
             password field has been cleared. The examples below show the use of asterisks
             (*) to  clear the password field.

             Below is an example of a passed file from the anonymous FTP area on cert.org:

                   •ssphwg:*:3144:20:site Specific Policy Handbook Working Group::
                   cops:*:3271:20:COPS Distribution::
                   eert:*:9920:20:CERT::
                   tools:*:9921:20:CERT Tools-
                   ftp: *:9922:90:Anonymous FTP::
                   mst:*:9923:90:NIST Files-

             Here is an example group file from the anonymous FTP area on cert.org:

                   cert:*:20:
                   ftp:*:90:


6.12.2 Providing Writable Directories in an Anonymous FTP Configuration

There is a risk to operating an anonymous FTP service that permits users to store files.  CERT
strongly recommends that sites do not automatically create a "drop off directory unless thought
has been given to the possible risks of having such a service.  CERT has received many reports
where these directories have been used as "drop off directories to distribute bootlegged versions
of copyrighted software or to trade information on compromised accounts and password files.
CERT has also received numerous reports of file systems being maliciously filled causing denial
of service problems.

This section discusses three ways to address these problems. The first is to use a modified FTP
daemon.  The second method is to provide restricted write capability through the use of special
directories.  The third method involves the use of a separate directory.

      a.     Modified FTP daemon.

             If your site is planning to offer a "drop off service, CERT suggests using a
             modified FTP daemon that will control access to the "drop off directory. This
             is the  best way  to prevent unwanted use  of writable areas.  Some suggested
             modifications are:

             1.     Implement a policy where any file  dropped off cannot be accessed until
                   the system manager examines the file and  moves it to a public directory.

             2.     Limit the amount of data transferred in one session.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 15 of 16

             3.     Limit the overall amount of data transferred based on available disk space.

             4.     Increase logging to enable earlier detection of abuses.

             For those interested  in modifying the  FTP daemon, source code is  usually
             available from the vendor.  Public domain sources are available from:

                   wuarchive.wustl.edu - ftp/packages/wuarchive-ftpd
                   ftp. uu. net           - ftp/systems/unix/bsd-sources/libexec/ftpd
                   gatekeeper.dec.com  - ftp/pub/DEC/gwtools/ftpd.tar.Z

             The  CERT  Coordination  Center has  not  formally  reviewed,  evaluated, or
             endorsed the FTP daemons described.   The decision to use the FTP daemons
             described is the responsibility of each user  or organization, and we encourage
             each organization to  thoroughly evaluate these programs in consultation with
             NDPD before installation or use.

       b.     Using protected directories.

             If the site is planning to offer a "drop off service and is unable to modify the
             FTP daemon,  it  is possible  to control  access by using a' maze of protected
             directories.  This method requires prior coordination and  cannot  guarantee
             protection from unwanted  use of the writable FTP area,  but has been used
             effectively by many sites.

             Protect the top level directory (-ftp/incoming) giving only execute permission
             to  the anonymous user (chmod 751  -ftp/incoming).   This will permit the
             anonymous user to change directory (cd), but will not allow the user to view the
             contents of the directory.

                   drwxr-x-x 4 root   system       512 Jun  11  13:29 incoming/

             Create subdirectories in the -ftp/incoming using names known only between
             your local users  and the anonymous users  that you want  to have drop  off
             permission.  The same care  used  in  selecting passwords  should  be taken in
             selecting these subdirectory names because  the object is to choose names that
             cannot be easily guessed.   Please do not use  our example directory names of
             jAjwUth2 and MhaLL-iF.

                   drwxr-x-wx 10 root system       512 Jun  11 13:54 jAjwUth2/
                   drwxr-x-wx 10 root system       512 Jun  11 13:54 MhaLL-iF/

             This will prevent the casual anonymous FTP user from  writing Mies in an
             anonymous FTP file system.  It is important to realize that this method does not
             protect a site against the  result  of intentional or accidental disclosure of die
             directory names.  Once a directory name becomes public knowledge, this method
             provides no protection at all  from unwanted use of the area.  Should a name
             become  public, a site may choose  to either  remove or rename the writable
             directory.

       c.     Using a  single disk drive.

             If your site is planning to offer a "drop off  service and is unable to modify the
             FTP daemon, it may be desirable to limit the amount of data transferred  to a
             single file system mounted as  - ftp/incoming.

-------
NDPD OPERATIONAL DIRECTIVE NO. 200.03	Page 16 of 16

             If possible, the user should dedicate a disk drive and mount it as ~ ftp/incoming.
             If this dedicated disk becomes full, it will not cause a denial of service problem.

             The system administrator should monitor this directory  (- ftp/incoming) on a
             continuing basis to ensure that it is not being misused.


6.12.3 Related CERT Advisories

      The following CERT Advisories directly relate to FTP daemons or impact on providing
      FTP service:

             CA-93:06.wuarchive.ftpd.vulnerability
             CA-92:09.AIX.anonymous.ftp. vulnerability
             CA-88:01.ftpd.hole

      Past advisories are available for anonymous FTP from cert.org.


7.0   PROCEDURE REFERENCES

      a.     Office of Management and Budget.   Circulars A-76, A-123, and A-130,
             (Available from the Government Printing Office).  These publications, while not
             strictly procedurally directive, are important components in the administration of
             security in the Agency. They set the guidelines for policies and procedures at the
             operational levels.)

      b.     U.  S. Environmental  Protection  Agency.  (1989) EPA Information Security
             Manual (Report No. 431/001). Washington, DC:  Office of Information and
             Resources  Management,  Information  Management and  Services  Division.
             (Location:  Publications Technical Library).

      c.     Computer Security Act of 1987. (Available  from the Office of Information and
             Resources Management).

      d.     Curry, David A., Improving the Security of Your UNIX System.  Information
             and Telecommunications Services and Technology Division,  SRI International.
             (Available from the NDPD ADP Security Officer).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NCC IBM Mainframe System Management                  NO.    210.01
                            ' •"  (
APPROVAL: .J&1. fJLff-M                                 DATE:
1.0   PURPOSE

The NCC IBM Mainframe System Management policy establishes:

      a.    Objectives for managing the system.

      b.    Functions which will be managed to meet the objectives.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and Primary Support Contractor staff personnel responsible for
the management, operation, or maintenance of the NCC IBM mainframe.

Any deviations from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The Primary Support Contractor will develop, update, and monitor procedures to implement this
policy.

The Primary Support Contractor will adhere to NDPD policies and perform the tasks necessary
to meet policy objectives.


4.0   POLICY

      a.    The NCC IBM mainframe system will be managed in a manner which provides
            cost-effective service to the user community.

      b.    The NCC IBM mainframe will be managed to meet the service levels defined by
            the Director of NDPD.

      c.    While the organizational structure of NDPD and the Primary Support Contractor
            may change from time to time, the following major areas of responsibility will
            be managed:

            (1)   System Operations.
            (2)   System Software Maintenance.
            (3)   Data Communications Facilities Support.
            (4)   System Performance Tuning.
            (5)   Capacity Planning.
            (6)   User Service Activities.
            (7)   Contract Administration Services.
            (8)   Data Management.
            (9)   System Integrity.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.01                           Page 2 of 3


       d.     The Primary Support Contractor will, in concert with NDPD technical managers,
             ensure that NDPD operational procedures are implemented for each of the areas
             identified above.


5.0    DEFINITIONS

       a.     System Operations  consists of console  and peripheral  equipment operation,
             physical  facilities  management,  data  storage management,  preventative  and
             remedial hardware maintenance scheduling, change management, and production
             control.

       b.     System Software Maintenance consists of installing and maintaining all vendor-
             supplied software.  This includes IBM  system and program products, as well as
             software supplied by third party vendors.

       c.     Data Communications Support consists  of installing, maintaining, and monitoring
             the performance of all data  links and associated equipment in use at NCC.

       d.     System Performance Tuning consists of all activities required  to ensure  that the
             goals defined in the service level policy are met on a daily basis.

       e.     Capacity Planning consists of all activities required to predict future workload and
             to identify resources which must be acquired to meet the service level policy
             objectives in the future.

       f.     Customer Services Activities consists of customer support activities for problem
             resolution, customer registration and  billing, training, and central  data base
             administration.

       g.     Contract Administration Services consists of all activities required to  order and
             maintain the hardware and  software components of the NCC IBM mainframe
             system.

       h.     Data Management consists of ensuring  data integrity of customer data  on DASD
             disk packs, maintaining maximum space availability, and promoting optimal  use
             of disks within the data center.

       i.     System Integrity consists of all activities required in  order to maintain a rigid
             adherence to a  standard of values.  These values include guidelines for using
             system resources in the areas of availability, useability, reliability, protection, and
             documentation.


6.0    STANDARDS

The NCC IBM mainframe processing services will be available to the customer community from
0700 each Monday until 2000 each Sunday (Eastern Time) throughout the year.  Exceptions to
these times may occur because of emergency maintenance or system testing for emergency
changes. If a non-emergency change requires extended testing (e.g., Benchmark running), a 7-
day notice will be given to customers.  Any time changes will be posted in  the online dataset
'JUSD.HOURS.'

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.01                       Page 3 of 3


7.0   PROCEDURE REFERENCE

U.S. Environmental Protection Agency. (1993) MVS Systems Standards and Procedures Manual
(draft) (Report No. 569/001) Research Triangle Park, NC: National Data Processing Division,
Office of Administration and Resource  Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NDPD IBM Mainframe Service Levels                          NO.:  210.02
APPROVAL: v.    ,7   r                                           DATE:
1.0   PURPOSE
The NDPD Service Level policy establishes:
      a.    Scheduled hours of operation.
      b.    Service level goals for each class of work.
      c.    System stability goals.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel  responsible for the
management, operation, or maintenance of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of the NDPD.
3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to  NDPD policies and procedures to ensure that service level
objectives are met.  The FM contractor will also advise NDPD of potential problems which
might have an adverse impact on the NCC IBM mainframe system.

4.0   POLICY
All times listed in this policy are Eastern Standard Time (RTP local).
      a.    The full system is available to the user community 24 hours each day of the week
            from 7:00 a.m., Monday, through 8:00 p.m.,  Sunday,  with  the following
            exceptions.
                  (1)   The system will be unavailable when maintenance or  equipment
                        installation must be performed on Sunday. Users will be given as
                        much  advance notice as possible before the system is taken down.
                  (2)   ADABAS  will  be unavailable on Sunday from noon  until  8:00
                        p.m.  for data base reorganizations, software  maintenance, and
                        DASD defragmentations, when required.
                  (3)   Telecommunication interruptions will occur on Thursdays from
                        4:00 a.m.  until  6:00 a.m. for software maintenance.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.02                          Page 2 of 4


       b.     IBM user support services will be available from 8:00 a.m. until 7:00 p.m.,
             Monday through Friday only.

       c.     The response time goals for interactive processing are:

                   (1)    Complete 90%  of short TSO transactions within 1 second.

                   (2)    Complete 90%  of medium TSO transactions within 5 seconds.

                   (3)    Complete 90%  of long TSO transactions within 1 minute.

                   (4)    Complete 90%  of all TSO transactions within 5 seconds.

                   (5)    Complete 90% of all CICS transactions within 2 seconds.  (Service
                          level objectives apply to Production CICS regions only.)

                   (6)    Response times for TSO and CICS will be measured between the
                          hours of 10:00 a.m. until noon, and from 2:00 p.m. until 4:00
                          p.m.

           d.    The job completion goals for batch processing are:

                   (1)    Batch performance  will be measured  during two time periods:
                          8:00 a.m. to 5:00 p.m. and 5:00 p.m. to 9:00 p.m.

                   (2)    Batch performance measurements will include all jobs not delayed
                          by user actions within each class, regardless of the job priority.

                   (3)    The following user induced delays will cause a batch job to be
                          excluded from the batch service level measurement computations:

                          (a)   The presence of a /*AFTER statement in the job stream.
                          (b)   The presence of a /*BEFORE statement in the job stream.
                          (c)   Duplicate  job  names submitted before the  previous job
                               completes execution.
                          (d)   The presence  of  a /*CNTL statement requesting  exclusive
                               resource control.
                          (e)   A  job  requesting exclusive access  to a data set held by
                               another job.
                          (0   A job placed in HOLD status.

                          If any of the above criteria are met, the job in question will be
                          reported in the total job count, but will not  be reported  as either
                          having met or missed the service level objective.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.02
                                                            Page 3 of 4
                    (4)    The batch service level objectives are:
CLASS
Q
A
V*
X**
B
E
W*
Y**
H
U*
z**
D
F
F
G
G
MAX CPU TIME
3 seconds
IS seconds
IS seconds
IS seconds
30 seconds
2 minutes
2 minutes
2 minutes
5 minutes
5 minutes
5 minutes
5 minutes
20 minutes
20 minutes
None
None
         f.
                                   PRIORITY    OBJECTIVE
                                    2         10 minutes
                                    2         30 minutes
                                    2         1 hour
                                    2         1 hour
                                    2         1 hour
                                    2         4 hours
                                    2         4 hours
                                    2         4 hours
                                    2         6 hours
                                    2         6 hours
                                    2         6 hours
                                    1         6:00 a.m., next day
                                    2         6:00 a.m., next day
                                    1         6:00 a.m., Monday
                                    2         6:00 a.m., next day
                                    1         6:00 a.m., Monday

        *       PADABAS
       **DADABAS

NCC IBM mainframe stability goals are:

       (1)      A  quarterly  up-time percentage  of  at least  99 percent of
               scheduled production time for the processor complex.

       (2)      A  quarterly  up-time percentage  of  at least  99 percent of
               scheduled production time for each major telecommunications
               circuit.

       (3)      Stability goals will be computed for only the scheduled hours
               of service listed previously.

The following service levels will apply to data set retrieval from HSM migration
volumes. In every instance,  the goals apply to 90 percent of data sets being
recalled. The goals are in effect during extended prime shift (8:00 a.m. to 8:00
p.m.) only.  No goals have been established during other time periods due to
low data set recall activity and delays induced by mandatory data management
functions.

       (1)      TSO originated Migration  Level 1 (ML1) recalls on the TSO
               system.  ML1 is data set migration to disk.

               Data sets < 0.5 MB in size will be recalled in 30 seconds.
               Data sets < 20 MB in size will be recalled in 60 seconds.
               Data sets > 20 MB in size will be recalled in  120 seconds.

       (2)      TSO originated Migration  Level 2 (ML2) recalls on the TSO
               system.  ML2 is data set migration to tape.

               Data sets < O.S MB in size will be recalled in 3 minutes.
               Data sets < 20 MB in size will be recalled in 4 minutes.
               Data sets > 20 MB in size will be recalled in 10 minutes.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.02                          Page 4 of 4


                      (3)    No goals have been established for TSO originated recalls on
                            the ADABAS system since TSO is not available to the general
                            user community on this system.

                      (4)    Batch originated  ML1 recalls on  the TSO  and  ADABAS
                            systems:

                            Data sets < 0.5 MB in size will be recalled in 30 seconds.
                            Data sets < 20 MB in size will be recalled in 60 seconds.
                            Data sets > 20 MB in size will be recalled in 240 seconds.

                      (5)    Batch originated  ML2 recalls on  the TSO  and  ADABAS
                            systems:

                            Data sets < 0.5 MB in size will be recalled in 3 minutes.
                            Data sets < 20 MB in size will be recalled in 4 minutes.
                            Data sets > 20 MB in size will be recalled in 10 minutes.

         g.    Periodic reports will be submitted to NDPD management to verify compliance
              with this policy.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NCC IBM Mainframe Performance Management              NO.:  210.03

APPROVAL:  JM^MffM                                  DATE:
1.0   PURPOSE

The NCC IBM Mainframe Performance Management policy is intended to establish procedures
for the  measurement,  evaluation,  and  reporting of  mainframe  systems  performance.
Performance management objectives include the following:
      a.     Regular performance management data collection and reporting to document the
             utilization of  key  system resources  and  service levels provided to major
             workloads and/or users.

      b.     Systems tuning to improve and/or maintain overall performance.

      c.     Configuration analyses and planning to support the most efficient and effective
             use of systems resources.

      d.     Performance prediction studies to assess the impact of workload balancing and
             data placement on overall  performance.

      e.     Regular systems monitoring and analyses to prevent and/or correct performance
             problems.


2.0   SCOPE AND APPLICABILITY

This policy applies to all NDPD staff,  facilities management (FM) contractor,  and periodic
expert consultant personnel responsible for the NCC IBM mainframe performance management
activities.  Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

The Automatic Data Processing Operations Management Branch (ADPOMB) is responsible for
the development, implementation, and management of performance management activities for
the NCC  mainframe  systems.   The FM contractor and consultant contractors will assist
ADPOMB in developing, updating, and monitoring procedures to implement this policy and alert
NDPD management to potential performance problems.


4.0   POLICY

Performance management activities include,  but are not limited to, the following:

      a.     Systems performance and  resource utilization monitoring to ensure compliance
             with the objectives of Directive 210.02, NDPD IBM Mainframe Service Levels.
             within systems capability. Data will be routinely collected  to highlight  the
             utilization and performance of  key  systems resources, analyze the effects of
             system workload levels, report the average service levels, and analyze/correct
             performance problems. Consideration and allowances are given for performance
             issues resulting from system capacity shortages.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.03                          Page 2 of 3
      b.     Systems performance data will be  captured and analyzed with  commercially
             available software. Local code, written to support this effort, will be minimized
             to the greatest degree possible consistent with the objectives of this policy.

      c.     Systems performance, stability, availability, and resource utilization statistics will
             be summarized and reported to NDPD management daily. Average service levels
             compared with service  level agreements and systems workload trends will be
             summarized and reported monthly.

      d.     Deficiencies in systems performance,  stability, or  resource availability will be
             corrected as soon as possible consistent with the provisions of Directive 210.04,
             NCC IBM Mainframe Change Management.  Systems tuning analyses will be
             performed  as  necessary  to reduce systems contention for resources due  to
             input/output (I/O) subsystem bottlenecks, paging configuration, Direct Access
             Storage Device (DASD) contention, or data set placement.

      e.     Modifications and/or adjustments to systems configurations  will be performed as
             necessary to improve overall systems performance.  These activities include
             workload balancing on  Central Processing Units (CPU's) and channels, shared
             DASD  management, and switching.   Performance prediction studies will be
             conducted to assess the impact of any configuration changes and/or  workload
             migration prior to implementation.

      f.     Applications that use any central data base facility will be reviewed before going
             into  production  to  guard against  practices  that  adversely  affect system
             performance.

      g.     ADPOMB is primarily  responsible for performance management, while AMPB
             is primarily responsible  for capacity planning (as described in NDPD Operational
             Directive 210.12, NCC IBM Mainframe ADP  Capacity Planning).   The
             relationship of these responsibilities requires a high degree of cooperation and
             communication. The interactions required by ADPOMB are summarized below:

             (1)    ADPOMB will be responsible for monitoring and analyzing trends in the
                   major NCC workloads (i.e.,  TSO, batch, CICS,  ADABAS) and for
                   assisting the Architectural Management and Planning Branch (AMPB) in
                   evaluating  the overall system impacts of these continuing trends.

             (2)    ADPOMB will  work with AMPB to define  and analyze the potential
                   resource utilization, performance,  and capacity impact of major new
                   applications.

             (3)    ADPOMB will routinely advise AMPB of any strategies and planning
                   information pertinent to performance and capacity  issues (e.g., planned
                   modifications to system parameters and/or  data collection routines that
                   might impact AMPB's  analytic modeling efforts).

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.03                          Page 3 of 3


5.0    REPORTING

ADPOMB will produce monthly performance reports that document the average levels of service
provided by the NCC mainframe systems during both prime and non-prime processing periods.
At a minimum, these performance reports should include the following:

       •     Overall processor utilization.

       •     Processor utilization by major subsystem.

       •     Batch turnaround statistics.

       •     Interactive response times.

       •     Major workload levels  and trend highlights (i.e., batch jobs, TSO transaction
             volume, CICS transaction volume).

       •     Any performance problems, causes, and resolutions.

Graphical presentation will be used to the greatest extent possible.


6.0   DEFINITIONS

Performance management is one of two components (the other being capacity  planning)
comprising  capacity  management.  The following definitions are included to distinguish  these
terms and related activities:

Capacity Management            The activity  that  controls,   measures,  and  plans the
                                configuration required to meet the organization's current
                                and future information processing requirements.  Capacity
                                management is composed of two components: performance
                                management and capacity planning.

Performance Management         The function that measures,  evaluates,  and reports data
                                processing   performance,  and  prevents   or   corrects
                                performance problems.  Performance management  deals
                                with the  tactical  issue of  providing  acceptable  data
                                processing service to the user community.

Capacity Planning                The process  of  determining  the  hardware,   software,
                                features, organization, and  facilities  required  for the
                                continuous  delivery of  acceptable  service  to users.
                                Capacity planning primarily deals with the strategic  issue
                                of forecasting the necessary resources required  to support
                                future data processing demand.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC  IBM Mainframe Change Management                 NO.   210.04
APPROVAL:  fo*,.;  .  "                                           DATE:
1.0   PURPOSE
The NCC IBM Mainframe Change Management policy establishes:
      a.     Change management objectives.
      b.     System components and types of changes subject to this policy.
      c.     Review process required for hardware or software changes.
      d.     Customer notification requirements for system changes.
This policy is designed to ensure that  all changes  are applied in a timely manner without
disrupting system stability or performance.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and Primary Support Contractor staff personnel responsible for
the management or implementation of hardware and system software changes to the NCC IBM
mainframe system.
The following system components are subject to this policy:
      a.     The processor complex.
      b.     All peripheral  devices attached to the processor either through a channel or a
             front-end processor.
      c.     Electrical, air conditioning, and chilled water systems vital to the operation of the
             processor or any of its peripheral devices.
      d.     All IBM system products or program  products installed on the NCC  IBM
             mainframe.
      e.     All third party and customer-developed software available to the general customer
             community.
      f.     The batch initiator structure.
      g.     The domain multiprogramming levels.
      h.     The system dispatching priority structure.
      i.     All changes to parameter libraries  for  system products or program products
             installed on the NCC IBM mainframe.
Any deviation from this policy must be approved in writing by the Director of the NDPD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.04                          Page 2 of 3


3.0   RESPONSIBILITIES

The Primary Support Contractor will develop, update, and monitor procedures to implement this
policy and will review stability reports to assess compliance with this policy.

The Primary Support Contractor will adhere to NDPD policies and procedures to ensure that the
terms of Directive 210.02, NDPD IBM Mainframe Service Levels, are met.


4.0   POLICY

      a.     New local code development will be approved by NDPD Technical Performance
             Monitor (TPM) before the task is initiated.  This approval will be in writing via
             the Task Definition Form. System software changes requiring local code changes
             will be specifically noted in the change control record.  Local code implementa-
             tion will be with the approval of the Change Management Council (CMC). These
             requirements can only be waived in an emergency by the Director of NDPD.

      b.     A Change Management Council representing the Primary Support Contractor and
             NDPD will review and approve  changes to the components listed above.

      c.     All emergency changes must be approved by the Primary  Support Contractor's
             managers:  Network Systems, Customer Services, Data Center Operations and
             Production Services, and Telecommunications Services.  The ADP Operations
             Management Branch Chief must grant approval for emergency changes if the
             Primary Support Contractor's department managers specified above cannot be
             reached. Approval for emergency changes can be obtained in writing, in person,
             or over the telephone.

      d.     All required changes will be submitted to the Change Management Council for
             review and approval before installation.  The impact  of proposed changes on
             system stability and performance must be considered before approval is  granted.

      e.     All IBM and third  party software products will be maintained at a release level
             which is no more than one level behind the current release level supported by the
             vendor unless there is a known stability, performance, or functional problem with
             the new release. Periodically, vendor supplied maintenance will be applied, as
             a preventative measure,  to ensure that each release level is maintained at a
             functional level.

             An audit trail for all software changes will be maintained.  The audit  trail of a
             software change will be composed of change management records as a general
             tracking mechanism.  A  control data set will be maintained for each software
             product that provides the following information:

                   •      Software checklist.
                   •      Test plan.
                   •      Backout plan.
                   •      Installation notes.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.04                          Page 3 of 3


             Products that are SMP/E installable will be installed using SMP/E.  Vendor
             installation procedures will be followed.   All deviations from the vendor's
             procedures will be documented in the installation notes contained in the control
             data set.

             Whenever possible, TCB and ADPOMB will encourage vendors to supply their
             software in SMP/E format.

      f.      A customer memorandum will be issued 30 days prior to the performance of any
             non-emergency maintenance activity which  is not transparent  to the customer
             community.


5.0   DEFINITIONS

Local Code:  System level code not written by the vendor that either utilizes the vendor supplied
exits in the software or modifies the vendor source code.

Required  System change:  Normal hardware or system software maintenance not needed to
correct a  current stability problem.

Emergency System change:  Activities required to correct a current stability or performance
problem.

Stability:  The considerations of availability, reliability, serviceability and security.

Controlling Software:  Software which manages the installation of other systems providing a
tracking mechanism for the actual installation process.


6.0   STANDARDS

Change  requests  may be  submitted by anyone having authority to  access the Change
Management System.  All changes affecting the NCC operating environment are candidates for
review by the Change Management Council. All requests must be approved for consideration
by the NpPD's ADPOMB Chief or PMSB Chief prior to implementation.  Any change not
submitted in  accordance with CMC procedures  will be denied.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1992) Change Management Procedures
             Manual (Draft) (Report No. 245/001F). Research Triangle Park, NC:  National
             Data Processing Division, Office of Administration and Resources Management.

      b.     U. S. Environmental Protection  Agency.  (1993) MVS Systems Standards and
             Procedures Manual (Report No. 569/001) Research Triangle Park, NC:  National
             Data Processing Division, Office of Administration and Resources Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC IBM Mainframe Problem Resolution                  NO.    210.05

APPROVAL:          i      -                                     DATE:
1.0   PURPOSE
The NCC IBM Mainframe Problem Resolution policy establishes:
      a.    Problem resolution objectives.
      b.    Problem classifications.
      c.    Problem resolution responsibilities.
      d.    User notification requirements.

2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and FM  contractor staff personnel responsible for the
management or operation of the NCC IBM mainframe system and for providing support to the
user community.
Any deviation from this policy must be approved in writing by the Director of NDPD.

3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and procedures to ensure that problems are
resolved expeditiously.

4.0   POLICY
      a.    NCC  will strive  to resolve problems with  the IBM  mainframe as soon after
            identification as possible in order to provide  the best possible level of service to
            the user community.
      b.    Problems encountered with the NCC IBM  mainframe  will be categorized as
            hardware, software, performance, telecommunications, or user problems.
      c.    All problems will be entered into  the Problem  Management System by close of
            business on the day the problem was encountered.
      d.    The Central Problem Administrator will report  to NDPD management the status
            of unresolved problems on a daily basis.
      e.    The Central Problem Administrator will post news alerts for any problem which
             may result in user job failures or user data loss.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.05                          Page 2 of 2


       f.     The User Support staff will  serve as the point of contact for resolving user
             reported problems.  User Support staff personnel will forward problems which
             they cannot resolve to a central problem management contact. Users may not call
             the FM contractor technical staff directly to obtain assistance.

       g.     The Central Problem  Administrator will  submit monthly reports  to NDPD
             identifying the number and nature of problems addressed during the reporting
             period.

       h.     The Director of NDPD will be immediately notified by the Technical Manager
             of User Support of any data loss  experienced by the user community.

       i.     Users reporting problems will be called within 24 hours, excluding weekends and
             holidays, to advise them of progress being made in seeking a solution.

      j.  .   Closed problem reports will be archived for a period of 3 years from the date the
             problem was logged.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC IBM Mainframe Timeshare Accounting               NO.    210.06
APPROVAL: Ai^ ii/ _.  A   ('/                               DATE: 2/1/
1.0   PURPOSE
The NCC IBM Mainframe Timeshare Accounting policy establishes:
      a.     Timeshare accounting objectives.
      b.     Methodology for determining the cost of timeshare services.
      c.     Reporting requirements for advising ADP Coordinators  and  Agency budget
            officials of timeshare charges allocated to them.
2.0   SCOPE & APPLICABILITY
This policy applies to all NCC IBM mainframe users and to NDPD and FM contractor staff
personnel responsible for the management or operation of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.

3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor  procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
The user community will rely on the terms of this policy to manage their timeshare allowance.

4.0   POLICY
      a.     NDPD will conform to the requirements of OMB Circular A-130 in accounting
            for, and full cost allocation of, providing data processing services to the user
            community.
      b.     Charges for data processing services will be applied in the following areas:
            (1)   Processor Utilization.
            (2)   Printing.
            (3)   Telecommunications.
            (4)   DASD and Tape Utilization.
            (5)   Production Control Support.

-------
NDFD OPERATIONAL DIRECTIVE NO. 210.06                           Page 2 of 2


       c.     The rate for services rendered will be reviewed and adjusted annually to reflect
             changes in the cost of providing these services. The rate for the new fiscal year
             will be published in the last quarter of the current fiscal year.

       d.     Each system transaction will be charged for the actual resources consumed if the
             data can be captured accurately and the cost of capture  does not outweigh the cost
             recovery of the resource.

       e.     NDPD may apply premiums or discounts for certain processing  priorities or
             techniques in order to encourage efficient resource utilization.

       f.     Charges will be refunded if a transaction fails due to console operator error,
             system hardware failure, or system software error.  Jobs using more than 2 hours
             of CPU time must be checkpointed to be eligible for a refund.  The refund will
             not exceed charges greater than those incurred during 2 hours of CPU utilization.

       g.     NDPD will provide a summary of each month's timeshare charges by the 5th day
             of the following month to ADP Coordinators and IAG contacts.

       h.     TSSMS management reports will be distributed monthly by the 5th day of the
             following month to ADP Coordinators and Senior Budget Officers.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:      NCC IBM Mainframe User Registration                    NO.   210.07
APPROVAL: &/*M J, J*                                     DATE: *// 1 8 7
             ^»             •
1.0   PURPOSE
The NCC IBM Mainframe User Registration policy establishes:
      a.     Policy objectives.
      b.     User registration requirements.
      c.     Reporting requirements for managing the user registration process.
2.0   SCOPE &  APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC IBM mainframe system, and to the NCC IBM mainframe
user community.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere  to NDPD policies and procedures in performing  the tasks
necessary to implement this policy.
The TSSMS Office will be responsible for conducting user registration services.
The user community will follow the NDPD procedures derived from this policy to gain access
to the NCC IBM mainframe system.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring that users
are registered  on the NCC IBM  mainframe for the purpose of conducting  legitimate Agency
business only.
Every EPA ADP Coordinator and Account Manager will be responsible  for ensuring  user
identification termination for  all EPA,  contractor, or subcontractor employees upon the
termination of a project or resignation of employees under his jurisdiction.
Every APD Coordinator and  Account Manager will receive a periodic report identifying the
accounts and user identification codes for which he is responsible.
Users are responsible for changing passwords every 90 days.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.07                           Page 2 of 2


4.0    POLICY

       a.     User registration procedures will conform to the objectives of this document and
             the terms of Policies 210.06, Timeshare Accounting, and 210.08, Security.

       b.     System utilization will be recorded for authorized individual users,  for accounts
             which may include multiple users, and for FIMAS codes which  may include
             multiple accounts.

       c.     New accounts may be created by EPA ADP Coordinators only.

       d.     Each user will be assigned a unique user identification code and will be associated
             with one or  more accounts as requested by the EPA ADP Coordinator or EPA
             Account Manager.

       e.     User identification codes previously assigned to a user no longer registered on the
             NCC IBM mainframe may be reassigned to another user.

       f.     Telephone requests for account or user registration will be honored,  but signed
             hardcopy verification of all requests are required within 2 weeks  to retain the
             registration.

       g.     The ID of a  user terminating employment will be removed from the system. All
             resources associated with this user identification code must be assigned to another
             user or deleted at the discretion of the ADP Coordinator or Account Manager.

       h.     Accounts and user identification codes which have not been accessed for 1 year
             may be deleted from  the system.  Users and Account Managers will be notified
             at least 30 days prior to deletion of an account or user identification code.

       i.     Passwords not changed every 90 days will be revoked and can only be reset  by
             request from the responsible ADP Coordinator or Account Manager.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NCC IBM-Compatible Mainframe Security                  NO.   210
                       «   /./'  ()
APPROVAL: &$ffM&lL 3<«f'/W                                 DATE:
1.0   PURPOSE

This policy establishes a set of distinct interrelated security facilities required to provide a secure
environment for EPA National Data Processing Division (NDPD) owned, operated, or supported
IBM-compatible mainframes and IBM-compatible mainframe logical partitions, and the computer
facilities within which they reside in compliance with accepted industry security standards and
practices and with Federal regulations and directives referenced in Paragraph 7.0, Procedure
References, of this policy.
2.0   SCOPE & APPLICABILITY

This policy applies to all customers of NDPD operated or supported IBM-compatible mainframes
and IBM-compatible mainframe logical partitions, and to  all  personnel responsible for the
operation,  maintenance, or provision  of computer facilities and support services for those
mainframes.

Any request for a deviation from this  policy must be provided for approval in writing  to the
Director of NDPD and, if approved, must be approved in writing.  Provisions in this policy
regarding use of User-IDs and passwords might be superseded by policies developed for Public
Access and subsequently  reviewed and approved by the NDPD  ADP Security Officer.
Provisions in such policy for the use of User-IDs and passwords  for Public Access are regarded
as approved exemptions to this policy.
3.0   RESPONSIBILITIES

   a.  The Director, NDPD, is responsible for:

      1.  Providing a secure environment for all IBM-compatible mainframes covered by this
         policy.

      2.  Ensuring that this policy is consistent with all Governmental regulatory statutes and
         directives.

      3.  Requesting exemptions to Governmental statutes and directives when required by
         considerations unique to the IBM-compatible mainframe security environment.

      4.  Appointing  an  NDPD ADP  Security Officer responsible for  implementing and
         maintaining this policy. The NDPD ADP Security Officer will be an EPA manage-
         ment official knowledgeable in information technology and security matters.

-------
Page 2 of 16                         NDPD OPERATIONAL DIRECTIVE NO. 210.08
   b. The NDPD ADP Security Officer is responsible for:

      1.  Implementing and establishing all procedures necessary for the implementation of this
         policy.

      2.  Reviewing and updating policy provisions.

      3.  Reviewing and  approving  all  security environment changes allowable under this
         policy.

      4.  Establishing  and coordinating  a security awareness program and  Resource Access
         Control Facility (RACF) administration training program for the IBM-compatible
         mainframe security environment.

      5.  Directing efforts of NCC Primary Support Contract personnel in security  matters
         pursuant to provisions of the NCC Primary Support Contract.

      6.  Coordinating any exceptions  to  Freedom of  Information or Public Access acts
         regarding access to data processed on IBM-compatible mainframes covered by this
         policy.

      7.  Monitoring compliance with this policy and establishing all procedures required for
         this function.

      8.  Implementing procedures required for system audits specified in this policy.

      9.  Directing efforts of  NCC  Primary Support Contract personnel  in  security audit
         matters pursuant to provisions  of the NCC Primary Support Contract.

     10.  Allocating RACF privileges as  described in  the Request for RACF Privileges
         checklist.

   c. Each Agency Program Office (EPA organizational entity such as Program Office, Lab,
      etc.) is responsible  for:

      1.  Adhering to  all  provisions of this policy.

      2.  Ensuring physical security of their sites used to access IBM-compatible mainframes
         covered by this  policy.

      3.  Identifying  to the NDPD ADP Security Officer all  Program  Office personnel
         designated as RACF Security Administrators.

      4.  Conducting each application security program consistent with this policy and other
         Federal laws and regulations.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08                         Page 3 of 16
      5. Developing and performing local procedures, risk analyses, and other mechanisms for
         determining and enacting application security requirements under provisions of this
         policy.

      6. Implementing local security awareness training programs based on resources provided
         by NDPD and the Agency.

      7. Providing RACF assistance to Program Office customers, including investigating and
         resolving instances of revoked User-IDs.

   d. Each RACF Security Administrator (RSA) for an application will be responsible for
      the management of the application's security through RACF. Specifically each RSA will
      be responsible for the following:

      1. Determining and maintaining the application's security requirements.

      2. Determining and  maintaining the RACF  structure  required  to  implement the
         application's security requirements.

      3. Coordinating transactions required by the application's RACF security requirements
         with the application's ADP management and/or  the Time Sharing Services Manage-
         ment System (TSSMS).

      4. Altering (configuring) application User-ID RACF profiles to conform to application
         security requirements.

      5. Resetting passwords for application User-IDs.

      6. RACF protecting application data sets, tapes, and other data processing resources.

      7. Determining access requirements for those resources and granting access as required.

      8. Coordinating with application Data Base Administrators,  LAN administrators, and
         administrators of other application data processing platforms to ensure that application
         security procedures and policies are consistent and cohesive.

      9. Performing  other account/user registration functions as defined in account/user
         registration policy.

   e. The EPA  NDPD  security function is a commercially contracted  responsibility of the
      Primary Support Contractor as provided for in  Attachment A of OMB Circular A-76.
      All NCC Facilities Management departments and personnel are responsible for adhering
      to these policy provisions and for conducting security-related activities as directed by the
      NDPD ADP Security Officer under provisions of the Primary Support Contract.

-------
Page 4 of 16                          NDPD OPERATIONAL DIRECTIVE NO. 210.08
      1. The Primary Support Contract Network Systems  Department is  the primary
         department responsible for the installation verification of all operating system software
         and is responsible for evaluating the System Access Facility (SAP) interface for all
         new software products and for evaluating the SAP impacts of maintenance upgrades
         for existing software.  Personnel in the department will serve as primary RACF
         administrators.

      2. Other installers of operating system software are responsible for installation verifica-
         tion of software they install, for evaluation of the SAP interface of new software, and
         for evaluation of impacts  to the SAP interface for product maintenance upgrades.

      3. The Primary Support Contract Customer Services Department is responsible for:

         a.  Testing and maintaining a test package for testing new releases  of operating
             system software for operational continuity and new features.

         b.  Providing support services in a secure manner.

         c.  Administering the account/customer registration system in a secure manner.

         d.  Reporting to the NDPD ADP Security Officer violations of provisions of this
             policy which are detected in the course of providing assistance to  the customer
             community.

         e.  Detecting and removing from RACF User-IDs which have been inactive for 1
             year with no system access.

         f.  Conducting local and other security awareness programs under the direction of
             the NDPD ADP Security Officer.

         g.  Conducting RACF  Administrator  certification  training  for  Program Office
             personnel identified for that function.

         h.  Performing the  account/user  registration  function  for  the  NCC, including
             maintenance of RACF required for that function.

         i.  Removing from the system User-IDs which have been in revoked  status longer
             than 6 months.

   4. The Production Services  Department is  responsible for the security of the NDPD
      computer facilities and for operation of job scheduling and automation  software  in a
      manner consistent with the provisions of this policy.

   5. Personnel responsible for the evaluation or procurement of system operating software are
      responsible for coordinating operating  system integrity and other related security issues
      with the Primary Support Contractor security staff.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08                         Page 5 of 16
   6. The computer security staff is responsible for coordinating security issues and concerns
      with the NDPD ADP Security Officer and for all system security monitoring and audit
      functions.

   7. All other personnel are individually responsible for adhering to the provisions of this
      policy.
4.0   POLICY

The  security of IBM-compatible mainframes, IBM-compatible logical  partitions, and  the
computer facilities in which they reside and which are owned, operated, or supported by EPA's
NDPD will be implemented, maintained, and monitored in compliance with industry security
standards, with Federal regulations and directives, and, specifically, with Federal regulations and
directives referenced in Paragraph 7.0, Procedure References, of this policy.

USE OF NCC IBM-COMPATIBLE MAINFRAME

The  IBM-compatible  mainframe will be used  for  official  Government  business  only.
Unauthorized use of the mainframe  is a criminal  offense under  Title 18 of the United States
Code, Section 641, and may subject violators to a fine of up to $10,000 and/or imprisonment
of up to 10 years.
5.0   DEFINITIONS

System Integrity    System  integrity is  the ability of an operating system to prevent  the
                   bypassing of its security mechanisms.  An individual operating system
                   component may, however, require system-level privileges in order to
                   perform its function. It must  acquire and  exercise these privileges in a
                   manner that is controlled, consistent with system integrity, and capable of
                   being audited.

Operating System  Operating system software is defined as any software which:
Software
                   a. Is installed in an  Authorized Program Facility (APF) library or which
                      becomes system authorized in any other fashion.

                   b. Has an entry in the Program Properties Table (PPT).

                   c. Issues non-IBM-supplied SVCs.

                   d. Is loaded as part  of the system IPL.

                   e. Is initiated as a started task and is either privileged or trusted.

-------
Page 6 of 16                        NDPD OPERATIONAL DIRECTIVE NO. 210.08
Operating System   An operating system privilege is defined as:
Privilege
                   a.  The ability to issue MVS operating system commands.

                   b.  The ability to access or modify a  resource belonging to a system
                      customer without the knowledge or consent of that customer.

                   c.  The ability to control or alter the operation of a system software or
                      hardware component.

RACF             Resource Control Access Facility.  An IBM-compatible software product
                   which interfaces with the computer's operating system to provide for
                   computer security.

RACF Security     An individual appointed by application management and who has attended
Administrator      appropriate training in the use of RACF for application security manage-
                   ment.
6.0   STANDARDS

6.1   IDENTmCATION AND AUTHENTICATION OF USERS

   a.  User-IDs, accounts, and User-ID passwords will be used for IBM-compatible mainframe
      access. The owner will protect passwords from disclosure to any other individual.

   b.  User-IDs and accounts will be registered through EPA  NDPD's Time Sharing Services
      Management System  and entered  into the IBM Resource Access and Control Facility
      (RACF) data base by TSSMS.

   c.  TSSMS will provide procedures and mechanisms required for registration of and entry
      into the RACF data base of all IBM-compatible mainframe User-IDs and accounts.

   d.  TSSMS will ensure that only authorized ADP management or RSA personnel can request
      and receive account/User-ID registration transactions  and information.  TSSMS will
      maintain a list of authorized personnel.

   e.  TSSMS will maintain the TSSMS data bases synchronous with the RACF data base. A
      TSSMS data base is defined as any file containing account/User-ID information accessed
      in a manual or automated fashion.

   f.  TSSMS will ensure secure entry of User-IDs and accounts into the RACF data base and
      will conform to RACF parameters in those entries. User-ID passwords will be randomly
      derived. TSSMS will exclude from entry into RACF any User-IDs which are  not to be
      used for system access, or used for operating system software operation.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08                         Page 7 of 16
   g. TSSMS will remove from RACF those User-IDs which have been inactive (have not
      accessed the system) for 365 days.  This will be performed at a minimum of once a
      quarter. The only exception is that the ADP Coordinator and the Account Manager will
      always be connected to the RACF account that they manage. They will not be deleted
      from that group or from the NCC system.

   h. At least once each quarter, TSSMS will remove those User-IDs from RACF which have
      been in revoke status for at least 6 months.

   i.  TSSMS will coordinate with responsible personnel the disposal of resources and their
      RACF profiles belonging to deleted User-IDs and accounts.  TSSMS will provide for the
      removal of deleted User-IDs and accounts from  resource access lists.

   j.  TSSMS will provide for the unique identification of all User-ID owners.  Shared User-
      IDs and ownership of multiple User-IDs by one individual will not be allowed except
      where a demonstrated production control use of the User-ID or an application operational
      hardship is documented in writing by the application's ADP management to die NDPD
      ADP Security Officer and a written  waiver to the policy has been obtained.  Violating
      User-IDs will be disabled by TSSMS and deleted from the system 90 days after disabling
      unless  alternate administrative action is obtained.   TSSMS will coordinate appropriate
      administrative action with the User-IDs ADP  management.  Where coordination cannot
      be obtained within 10 working days, TSSMS  will  coordinate administrative action with
      the Primary  Support Contract computer security staff.

   k. TSSMS will notify the new customer or RACF Security Administrator of his/her User-ID
      and password.  TSSMS will  provide tracking and disabling  from system access for new
      customer User-IDs.

   1.  The use of automated logon scripts for system access which contain embedded passwords
      are not permitted.

   m. ADP management will use TSSMS procedures to request and receive account/User-ID
      transactions.

   n. ADP management will ensure that TSSMS information about the owner of a User-ID is
      accurate.

   o. Program Office RACF Administrators will alter RACF profiles of User-IDs after their
      initial entry into RACF to conform to application security requirements.

   p. Program Office RACF Administrators will reset passwords required for User-IDs for
      which  they are responsible.

   q. Surrogates are not allowed for a User-ID with RACF privileges.

-------
Page 8 of 16	NDPD OPERATIONAL DIRECTIVE NO. 210.08


6.2   SECURITY ADMINISTRATION

   a.  IBM's Resource Access Control Facility is subject to provisions included in Section 4.2
      of this policy.

   b.  RACF is the approved software used to enforce system security and operational  and
      application security features. All operating system software with a RACF interface  will
      use the interface for any required  security and operational control and enforcement.
      Where allowed by the RACF interface, access will be based on groups.

   c.  RACF will be used to enforce system and Program  Office application  security  and
      operational requirements as determined by OIRM risk assessment methodology. RACF
      will be used to provide for separation of duties and access of data as determined by
      personnel job functionality and application requirements.

   d.  RACF hierarchical capabilities will be used to establish  administrative domains based on
      NDPD and Program Office operational and security requirements. Each Program Office
      will designate personnel responsible for administration of its respective domains.   The
      NDPD ADP Security Officer will approve personnel responsible for administration of
      NDPD related domains.

   e.  Each Program Office RACF Administrator will be:

      1. Certified through NDPD-sponsored training in RACF administration.

      2. Granted sufficient and minimal RACF privileges for the performance of adminis-
         trative duties within the domain as specified by  the Program Office or the NDPD
         ADP  Security Officer.  The following RACF functions will be available to each
         Administrator for his domain:

         (a)        Changing a password for a User-ID.

         (b)        Denying and resuming a.User-ID's access  to the system.

         (c)        Changing the RACF parameters for a User-ID.

         (d)        Protecting data sets, tapes, and other application resources.

         (e)        RACF Group Administrative authorities.

      3. Required to adhere to provisions of this policy.

   f.  All other RACF administrative  functions concerned with account/user registration are
      reserved for the Time Sharing Services Management System (TSSMS). These personnel
      will be certified through NDPD-sponsored training in RACF administration.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08                        Page 9 of 16
   g. Global RACF privileges will be restricted as follows:

      1.  RACF SPECIAL will be reserved for the NDPD RACF Administrator personnel
         approved by the NDPD ADP Security Officer for the maintenance of RACF and its
         parameters.  RACF SPECIAL may also be assigned to NCC Customer Support and
         account/user registration personnel as required to provide administrative and customer
         support.

      2.  RACF OPERATIONS is reserved for Data Management personnel.

      3.  RACF AUDITOR is reserved for NCC and OIRM computer security staff.

   h. RACF parameters will be used to enforce password change intervals and password rules
      and syntax to limit the number of allowable unsuccessful access attempts and to control
      disposition of unused  User-IDs.  The NDPD ADP Security Officer will determine values
      for the parameters which are subject to normal NDPD review processes. Values in effect
      as  of the date of this  policy are:

      Logon Attempts           4
      Password Interval         90 days
      Password Rule            Minimum length of six characters, maximum  of eight.
                               Password must contain at least one alpha and one numeric
                               character.

      Password History         10
      Unused User-IDs          Disabled (located in the RACF data base but not usable for
                               system access until re-enabled) by RACF after 99 days.

      Data Set Protection        PROTECTALL in FAIL mode.

   i.  RACF account numbers, User-IDs, and passwords will be required  for system access.
      The owner will protect passwords from disclosure and misuse.

   j.  New features made available in RACF version upgrades which have  been reviewed and
      approved by the NDPD ADP Security Officer will be installed as required to enhance or
      improve the overall security environment provided for in this policy.  Such features will
      supersede current policy provisions designed to maintain system integrity and accountabil-
      ity in the absence of these features.
6.3   DATA SECURITY AND INTEGRITY

   a.  The RACF PROTECTALL parameter in FAIL mode will be used to ensure that all data
      residing on mainframes covered by this policy is protected through a RACF profile after
      the RACF decentralization effort is complete.

   b.  User data sets will be protected through RACF.

-------
Page 10 of 16                       NDPD OPERATIONAL DIRECTIVE NO. 210.08
   c. Generic RACF data set profiles are the preferred method of protection and are strongly
      recommended to the customer community. Use and support by NDPD of discrete RACF
      profiles will be on an exception basis only.

   d. RACF profiles for user data sets should notify the owner of those attempting to access
      the data without authorization.

   e. Users of sensitive applications will protect job output with NDPD mechanisms installed
      for that purpose.

   f. Owners of sensitive data will use the ERASE ON SCRATCH option in the data file's
      RACF profile and will establish  degaussing procedures with Data Processing Support
      Services (DPSS) for tapes containing sensitive data.

   g. TSSMS will notify NCC Data Management of User-IDs and accounts to be deleted from
      the system.  NCC Data Management will provide responsible ADP management with a
      listing of all data resources and RACF data resource profiles, and will coordinate with
      ADP management a disposition for those resources.  NCC Data Management will notify
      TSSMS when this has been completed so that the User-ID can be removed from "revoke"
      status and deleted.

   h. All system level files will be protected through RACF generic profiles. NCC Network
      Systems will designate a person or persons responsible for protecting and maintaining the
      RACF protection of system level data sets. A level  of protection will be maintained to
      ensure against compromise of system and application security, integrity, and operation.

   i.  Job Control Language (JCL), programs, and CLISTs  for production control applications,
      and job schedulers for  their execution,  will be  protected through RACF at a level
      sufficient  to prevent their unauthorized  access  or destruction, as well as prevent
      unauthorized changes to their RACF profiles.

   j.  Personnel  responsible for maintaining automated job  schedulers will develop procedures
      to prevent exploitation of identified and inherent security exposures.
6.4   OPERATING SYSTEM INTEGRITY

   a.  Security Review

      Operating system software will be evaluated as to the need and appropriateness of its
      privileges and authorizations:

      •  All operating system software installs, modifications, or maintenance for test,
         development, or production will be subject  to Change Management procedures.

      •  Operating system software requirements as defined in Paragraph 5.0, DEFINITIONS,
         will be documented in the Change Management item.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08                        Page 11 of 16
       • The NDPD ADP Security  Officer will review the requirements  for  need and
         appropriateness. The software installer will document to the NDPD ADP Security
         Officer, at his request, any known or identified integrity exposures.  If the software
         accesses  resources in an environment  in which  it is not installed,  any integrity
         exposure(s) to that environment will be identified to the NDPD ADP Security Officer.

   b.  Installation and Maintenance

       • All operating system software will be installed in accordance with the vendor license
         agreement for the software.

       • All  operating system software installs, modifications,  and maintenance will be
         conducted in a controlled, accountable, and auditable manner.

       • All operating system software  will be protected from unauthorized access through
         RACF data set profiles.  All access attempts will be audited through RACF.

       • An inventory of system operating software will be maintained by Network Systems.

       • Software subject to the definition in Paragraph 5.0 which is outside the direct control
         and supervision of NDPD will not be installed without express approval of the NDPD
         ADP Security Officer. If approved, NDPD will provide NDPD staffing and funding
         appropriate for the review and  audit of the software during its life cycle.

   c.  Privileges

       • Operating system privileges will be restricted to the minimum required by designated
         individuals or processes for the purpose of the specific system  operation to be
         performed and will be approved by the NDPD ADP Security Officer.

       • NCC Primary  Support Contract Network Systems will  develop  and  maintain
         procedures for requesting, granting,  and  rescinding privileges granted through
         operating  system software.  The procedures will provide for the maintenance of a list
         of privileges and personnel granted those privileges.
6.5   DATA BASE SECURITY

6.5.1   ADABAS

   a. Applications designated by the application owner as sensitive will not be placed in any
      central version data base which allows access based on a User-ID which (1) has not been
      authenticated through a call to RACF by the data base, or (2) has not been authenticated
      by RACF prior to acceptance by the data base for access checking. Deviations from this
      policy must be approved by the Central Data Base Administrator.

-------
Page 12 of 16                       NDPD OPERATIONAL DIRECTIVE NO. 210.08
   b. Central version data base administrators will be responsible for establishing procedures
      to ensure that User-IDs in data base user authentication files are valid and are under
      current RACF control.

   c. All files associated with central version data bases will be protected through RACF at a
      level sufficient to prevent unauthorized access or destruction of the data, or unauthorized
      alteration of the RACF control associated with the file.
6.5.2   DB2                                                         ,

   a. DB2  applications designated by the application owner as sensitive will be protected
      through RACF groups (secondary authorization groups). All access to the applications
      will be maintained and controlled by the ADBAs and the RACF Security Administrator.

   b. Any application granted as "PUBLIC" will be available for all DB2 users to access
      without restriction. (See Directive 130.07 for additional information.)
6.6   PROVISION OF NCC SERVICES

   a. NCC services, including problem resolution, dissemination of information to the public
      and to the customer community, and access to the public and the customer community
      of NCC data, will be conducted in a secure manner.

   b. Authentication of a customer based on TSSMS information for the customer is required
      prior to the provision of any services to the customer.

   c. Provision  of documentation  and  services will  be consistent with the Freedom of
      Information  and Public Access acts as interpreted by  OIRM and EPA Headquarters
      policies.  A policy exception granted by the NDPD ADP Security Officer is required for
      deviation from EPA Agency policies.
6.7   PHYSICAL ACCESS TO NCC COMPUTER FACILITIES

   a.  Access to Data Center areas or other NDPD designated secure areas will be controlled
      through a badge access reader  system.  The currently approved badge reader system is
      owned and operated by EPA's  Facilities Management and Services Division (FMSD).

   b.  All access to  the OTS computer area  must be approved by  the NCC CBI Document
      Control Officer and will not be granted prior to his/her approval.

   c.  NDPD management is responsible for identifying to FMSD  those NDPD and OARM
      personnel requiring computer area access.

-------
NDPD OPERATIONAL DIRECTIVE 210.08                             Page 13 of 16
   d. FMSD is responsible for controlling access to Data Center computer areas by Facility and
      Facility Support personnel.

   e. The Production Services Department is responsible for controlling access to computer
      areas by hardware and software maintenance vendors.

   f. Unrestricted, full-time access to Data Center areas containing computer equipment will
      be limited to personnel whose duties require daily access to those areas.  Facility and
      Facility Support personnel and hardware maintenance vendors who may not access the
      computer areas on a daily basis may be retained on the access list to achieve operational
      or emergency response objectives.  I/O Control will grant access to other personnel on
      an "as required" basis with temporary badges.  I/O Control will develop and maintain
      procedures for the use of these temporary badges.

   g. • After-hours access to controlled  non-computer room areas  will be  granted only to
      personnel with offices in those areas.  NDPD, OARM, Primary  Support Contractor
      management, or  managers  of the  affected  areas  may request exceptions from  the
      managers responsible  for the areas.

   h. Operations will maintain a list of personnel allowed to open the  Data Center during
      periods of unattended  operation.

   i. Data Center  areas containing  computer support utilities (e.g.,  water  chillers) will be
      protected from  unauthorized access.
6.8   DISASTER RECOVERY PLAN

   a. A disaster recovery manual will be maintained to provide a mechanism for processing
      critical Agency applications in the event of extended system unavailability.

   b. Functional managers are required  to develop workable procedures and  plans and  to
      update the manual at least annually and prior to each drill to ensure success of the overall
      recovery effort.

   c. NDPD will establish periodic paper  drills to ensure that disaster  recovery plans and
      procedures are adequate.

-------
Page 14 of 16	NDPD OPERATIONAL DIRECTIVE NO. 210.08


MEASUREMENT:

   a.  Vulnerability Assessments

      Security vulnerability assessments will be performed periodically as required by Agency
      oversight directives.  The vulnerability assessments will  be based on a process flow
      methodology which evaluates the internal controls of the system as the system request or
      transaction passes through the system.  This methodology is described in OMB A-123,
      Section  8.c. The results of vulnerability assessments will be provided via "to do"
      meetings or other administrative vehicles for review and appropriate administrative action
      by the Director, NDPD.  Alternately, a risk analysis may be accomplished based on
      guidance from OIRM/IMSD or the EPA  Information Security Manual.

   b.  Compliance Monitoring and Auditing

      Daily  audits of system and system file access attempts will be performed each business
      day by the  NDPD ADP Security  Officer or designee using the  RACF Report writer.
      Monthly system audits will be performed using the RACF DSMON report.

      The following audit criteria will be used  for each daily audit report:

      1.  System logon attempts performed from the same location utilizing multiple random
         User-IDs and occurring within approximately the same time period.

      2.  System logon attempts performed outside normal business hours.  Additional weight
         will be given to those  attempts occurring from the same location utilizing random
         multiple User-IDs.

      3.  Repeated password changes involving the same User-ID which indicate an attempt to
         circumvent RACF password uniqueness and change interval parameters.

      4.  Attempts to modify or alter the contents or RACF protection of operating system
         files.

      5.  Use of RACF privileges for purposes other than those defined in this policy.

      6.  Use of RACF privileges by individuals not authorized for those privileges.

      The following constitute auditable  events for each monthly audit report:

      1.  Individuals with RACF privileges who have not requested or been granted those
         privileges.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.08                        Page 15 of 16
      2. Absence of RACF protection for critical operating system files (e.g., APF authorized
         libraries).

      3. Changes/additions/deletions to system exits.

      4. Changes/additions/deletions to system started tasks.

      5. Changes/additions/deletions affecting the Program Properties Table.

      6. Failure to collect audit statistics for appropriate RACF classes as determined by a
         review of the RACF class descriptor table.

      The NDPD ADP Security Officer or designee will coordinate with appropriate technical
      and management personnel to investigate patterns indicating system penetration attempts
      or unauthorized alterations or  modifications of operating  system files.  Appropriate
      technical and management personnel are defined as those individuals responsible for the
      resources needed and required to track the access attempt through the telecommunications
      network and the system.

      If the investigation  reveals that the incident is a prosecutable offense under existing
      statutes, the NDPD ADP Security Officer will coordinate appropriate actions,  including
      notification of local legal counsel, the Office of the Inspector General, and  local and
      Federal law enforcement officials. If the investigation of the access attempt reveals an
      exploitable system or procedural  vulnerability, the  NDPD ADP Security Officer will
      coordinate  with appropriate management and  technical personnel to ensure that the
      vulnerability is addressed.  The NDPD ADP Security Officer will create and retain a
      Security  Incident Report detailing the nature of the incident, personnel involved, and
      actions taken.   Information for this report  will be obtained from  management and
      technical personnel participating in the investigation and resolution of the incident.

      Security  impacts of change to the NCC IBM-compatible security environment will be
      documented in the Change Management System record for the particular change.  Where
      possible, unique searchable and displayable fields will be established within the Change
      Management System for this purpose.


7.0   PROCEDURE REFERENCES

   a. Office of Management and Budget. OMB Circulars A-76, A-123, and A-130. (Available
      from  the Government Printing  Office.)    (These publications, while  not strictly
      procedurally directive, are important components in the administration of security in the
      Agency.  They set the guidelines for policies and procedures at the operational levels.)

   b. U. S. Environmental Protection Agency. (1989)  EPA  Information   Security Manual
      (Report  No.  431/001).   Washington, DC:    Office of  Information  and Resources
      Management, Information Management and Services Division.  (Location:  Publications
      Technical Library).

-------
Page 16 of 16                       NDPD OPERATIONAL DIRECTIVE NO. 210.08
   c.  Computer Security Act of 1987. (Available from the Office of Information and Resources
      Management).

   d.  U. S. Environmental Protection Agency. (1992).  NCC  Security Manual (Report No.
      046/001E).   Research  Triangle  Park,  NC:   National Data  Processing  Division.
      (Location: Publications Technical Library).

   e.  U. S. Environmental Protection Agency. (1992) EPA/NCC Critical Applications Disaster
      Control Manual (Report No. 379/001G).  Research Triangle Park, NC: National Data
      Processing Division. (Location:  Publications Technical Library).

   f.  U. S. Environmental Protection Agency. (1992) RACF Procedures for the TSSMS Office
      (Report 418/001).  Research Triangle  Park, NC:  National Data Processing Division.
      (Location: Publications Technical Library).

   g.  U. S. Environmental Protection Agency. (1992) RACF Decentralization Procedures for
      the TSSMS Office (Report 510/001).  Research Triangle Park, NC:  National Data
      Processing Division. (Location:  Publications Technical Library).

   h.  U. S. Environmental Protection Agency. (1991) Customer's Guide to NCC's Registration
      System (Report 471/001).  Research Triangle Park, NC:  National Data Processing
      Division. (Location: Publications Technical Library).

   i.  U. S. Environmental Protection Agency. (1992) Request for RACF Privileges. Research
      Triangle Park, NC: National Data Processing Division. (Location: NCC ADP Security
      Officer).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE: NCC IBM Mainframe Data Management                     NO.:     210.09

APPROVAL: Mfo-jlst $;--•><-c-^                               DATE:
	=2:——" "•••"'•- ..}.	


1.0  PURPOSE

The NCC IBM Mainframe Data Management policy establishes:

      a.     Data management objectives.

      b.     Data storage requirements.

      c.     Data storage media performance and capacity requirements.


2.0  SCOPE & APPLICABILITY

This policy applies to all NCC IBM mainframe customers and to NDPD and FM contractor staff
responsible for the management or operation of the NCC IBM mainframe system.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0  RESPONSIBILITIES

The Primary Support Contractor will develop a data management plan and update and monitor
procedures to implement this policy.

The Primary Support Contractor will perform the tasks necessary to meet the objectives of this
policy.

The customer community will rely on the terms  of this policy to manage their data storage
requirements.

NDPD will manage the data storage devices of the NCC IBM mainframe to meet  the storage
requirements  of the customer community in a secure and cost-effective manner.  Data storage
devices will also be managed to enhance system performance.


4.0  POLICY

      a.     All data sets not catalogued or not conforming to NCC naming conventions will
            be deleted from the NCC IBM mainframe system. All data sets that have no data
            set organization will be deleted.  All data sets that  are empty and unused for 7
            days will be deleted.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.09                          Page 2 of 4


      b.     DASD data sets which are unused for a designated number of days are routinely
             migrated off of primary DASD. The number of days of nonuse is determined by
             the DASD management staff and may be lengthened or shortened depending upon
             DASD usage and  space availability to ensure sufficient DASD space to meet
             customer  requirements.

      c.     A procedure will be provided to enable customers to archive to tape their own
             DASD data sets.  Data sets may be archived for 2 to 7 years.

      d.     A procedure will be provided to enable customers to restore DASD data sets from
             archive tapes.

      e.     NCC  will perform nightly backups of customer DASD data sets on customer
             packs  which have been created or changed during the day. Nightly backup tapes
             will be retained for 35 days.

      f.     A procedure will be provided to enable customers to restore their data sets from
             the nightly backup tapes.

      g.     All non-VSAM DASD data sets that  have a secondary allocation will routinely
             have excess space  released.

      h.     DASD volumes will  be fully copied to  tape biweekly.  These tapes will be
             retained for 4 weeks before being reused.

      i.     Private DASD  volumes are not allowed.

      j.     A DASD utilization report  will be submitted quarterly  to NDPD to indicate
             available  data storage capacity.

      k.     Channel  and  device  utilization  will  be monitored daily  to  prevent  system
             performance degradation.  Data sets or volumes will be relocated when necessary
             to  provide  optimal  system  performance.  All  proposed relocations will be
             coordinated with the IBM Performance Group before relocation takes place. In
             the event of conflict between system performance and DASD economy, every
             effort  will be made to favor system performance.

      1.     Tape  data sets created  on the NCC IBM mainframe will be controlled by a
             software tape management system to prevent accidental erasure of data.

      m.    The default retention period  for tape  data sets  created  on  the  NCC IBM
             mainframe will be 5 days.   Customers may explicitly specify  other retention
             periods.

-------
NDPD OPERATIONAL DIRECTIVE 210.09                              Page 3 of 4


       n.     Foreign tapes can be used interchangeably from system to system. When the
             customer  submits a foreign tape,  Data Processing Support  Services (DPSS)
             assigns it a 'B' number to eliminate any conflicts of volume serial numbers.
             When  DPSS personnel notify the customer of the 'B' number for the tape, they
             ask if  the customer will be writing to the tape or reading the tape only.  If the
             customer is reading the tape only, DPSS personnel will remove any write ring
             and attach a 'No Write Ring' sticker to both the front and back of the tape. If die
             tape is a cartridge, the cartridge has a wheel which can be turned to show a white
             dot indicating the tape is write-protected. A 'No Write Ring* sticker is placed on
             the tape. If the tape is file protected, and the customer wishes to write to the tape,
             he/she must call DPSS to ask that a write ring be inserted. DPSS will verify that
             the tape does belong to that customer, that a write ring is inserted, and that the
             'No Write Ring' sticker is removed. Customers are advised that NO protection
             exists for accidentally overwriting a tape that is not file guard protected.

       o.     Customers may be exempted from standard procedures with proper justification
             and NDPD approval.


5.0    DEFINITIONS

None.


6.0    STANDARDS

None.


7.0    PROCEDURE REFERENCES

       a.     U. S. Environmental Protection  Agency. (1993) EPA-NCC IBM Data Manage-
             ment Plan (Report No. 575/001). Research Triangle Park, NC:  National Data
             Processing Division.   ADP Operations Management  Branch.    (Location:
             Publications Technical Library)

       b.     U. S. Environmental Protection Agency. (1985, currently being revised) Change
             Management Procedures Manual  (Report No. 245/00IF). Research Triangle Park,
             NC: National Data Processing Division. ADP Operations Management Branch.
             (Location:  Publications Technical Library)

       c.     U. S. Environmental Protection Agency. NCC IBM Data Management Handbook.
             Research  Triangle Park,  NC:    National  Data  Processing Division.  ADP
             Operations  Management  Branch.  (Location:     On-line   in   data  set
             JMAS.HANDBOOK)

       d.     U. S.  Environmental Protection Agency.  DF/HSM Handbook for NCC Data
             Management. Research Triangle Park, NC: National Data Processing Division.
             ADP  Operations Management  Branch.  (Location:   On-line in  data  set
             JMAS.DOCUMENT)

-------
NDPD OPERATIONAL DIRECTIVE 210.09                             Page 4 of 4


      e.     U. S. Environmental Protection Agency. SMS Handbook for Data Management.
            Research  Triangle  Park,  NC:   National  Data  Processing  Division.  ADP
            Operations  Management   Branch.   (Location:     On-line  in   data   set
            JMAS .DFSMS .DOCUMENT)

      f.     IBM Corporation. MVS Storage Management Library. San Jose, California.

      g.     Platinum On-Line Guide. (1992) Updates made by the National Data Processing
            Division.  ADP Operations Management Branch. Research Triangle Park, NC:
            Office of Information Resources Management (OIRM). (Location:  NCC-IBM
            Mainframe, in Platinum On-Line Guide, printable within the Guide)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC  IBM Mainframe Configuration                  NO.:        210.10
            Management
APPROVAL:   fcOffiC1.-. +;'&&$ *-3(                         DATE:

1.0   PURPOSE
The NCC IBM Mainframe Configuration Management policy establishes:
      a.     Configuration management objectives.
      b.     Activities required to meet configuration management objectives.
      c.     Review requirements to ensure compliance.
2.0   SCOPE & APPLICABILITY
This policy applies  to all NDPD and FM contractor staff personnel responsible for  the
management or operation of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
4.0   POLICY
      a.     The IBM mainframe system will  be managed in a manner which provides:
             (1)    A current inventory of all system components.
             (2)    A current system hardware and software configuration.
             (3)    A current system telecommunications configuration.
             (4)    A mechanism for processing hardware,  software,  and maintenance
                   procurement requests in a timely manner.
      b.     An on-line data base containing the information required to meet policy objectives
             will  be  maintained and  updated  within  5  working  days of any system
             configuration change.
      c.     The on-line data base will contain sufficient detail to enable technical personnel
             to obtain system hardware and software configurations or parameters necessary
             for the customary performance of their duties.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.10                          Page 2 of 2


      d.    The FM contractor will review and certify the accuracy of the configuration
            management data base quarterly.

      e.    All  procurement requests  for changing the NCC  IBM mainframe hardware
            configuration  must bear  the  concurrence of the Chief,  ADP Operations
            Management  Branch.  In the context of this policy, the NCC IBM mainframe
            configuration consists of the IBM processor complex and all attached peripheral
            devices.  The ADPOMB Branch Chief will concur  with NCC IBM mainframe
            hardware configuration changes after consultation with the  IBM  Performance
            Group in order to ensure that system performance will not be degraded as a result
            of hardware configuration changes.

      f.    All system  software residing on the NCC IBM mainframe must be installed and
            maintained by Technical Services in compliance with the provisions of the Change
            Management Policy. In the context of this policy, system software consists of all
            vendor-supplied  products accessible by the general user community.   It also
            includes  all system control and monitoring software, plus NCC  developed exit
            code that  supports these  products.   Technical Services may  delegate table
            maintenance functions in support of system software products to other Unisys
            organizations. However, Technical Services and the EPA Technical Managers
            bear the  ultimate responsibility for system software integrity.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: NCC IBM Mainframe Started Tasks                      NO.:         210.11
APPROVAL:                    ^                           DATE:
1.0   PURPOSE
The NCC IBM Mainframe System Management policy establishes:
      a.     Guidelines for determining started tasks.
      b.     Oversight responsibility for new and routine started tasks.
      c.     Maximum, effective use of the Common Storage Area (CSA).
2.0   SCOPE & APPLICABILITY
This  policy applies to all NDPD and  FM contractor staff personnel  responsible for the
management, operation, or maintenance of the NCC IBM mainframe system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The FM contractor will develop, update,  and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and perform the tasks necessary to meet policy
objectives.
4.0   POLICY
      a.     No test mode started tasks (CICS,  AD ABAS, S2K, JES2, etc.) are to run on the
             IBM system on a production day without NDPD approval.
      b.     The normal production started tasks will be identified by Technical Services.
             NDPD will receive a new copy of a production  started task list whenever a
             change is made.  The list will explain the purpose of each started task address
             space.
      c.     No new started tasks will be put into production without approval of Technical
             Services. All requests  for new started tasks must include an estimate of CSA
             requirements.
      d.     Console operators will not use the FORCE command to terminate started  tasks
             without  the permission of Technical Services.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.11                          Page 2 of 2


      e.    S2K developers can ask the console operators to start or stop the S2K address
            space.   However, console operators must use the standard  procedures in
            performing these activities.  If normal procedures fail, the operators will contact
            Data  Base Support Services (DBSS) for additional instructions to solve the
            problem.   Under  no circumstances  will  console operators  take  additional
            instructions from the S2K development group.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      ADP Capacity Planning                                    NO.:   210.12

APPROVAL;      &£ ^v-AU?DATE: !6/22/9t>
1.0    PURPOSE

The NCC ADP Capacity Planning policy is intended to ensure that sufficient ADP resources are
continuously available to accomplish the Agency's mission. Capacity planning objectives include
the following:

       a.     Production of capacity planning reports to document anticipated workload growth,
             ADP  resource  requirements and justification,  and hardware  configuration
             forecasts and delivery schedules.

       b.     Effective management of long-term hardware contracts.

       c.     Input and support for an Agency information resources management strategic
             plan.

       d.     Improved accuracy, consistency, and timeliness of capacity analyses to support
             hardware planning and decision-making.


2.0    SCOPE AND APPLICABILITY

This policy applies to all NDPD staff, Facilities Management contractor, and periodic expert
consultant  personnel responsible for the NCC hardware capacity management and planning
activities.  Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0    RESPONSIBILITIES

The Architectural Management and Planning Branch (AMPB) is responsible for the development,
implementation, and  management of capacity  planning activities for the NCC mainframe
systems, scientific processors (when implemented), and backbone networks. The FM contractor
and consultant contractors will assist AMPB in defining appropriate capacity planning analyses;
determining necessary staffing  levels,  technical requirements, and responsibilities; conducting
capacity planning activities as described below; and evaluating alternatives to capacity planning
issues and  recommending the most efficient and  effective solutions.


4.0    POLICY

Capacity planning activities include, but are not  limited to, the following:

       a.     Developing  a strategic hardware capacity  plan to define NCC hardware
             requirements over a 2-year time span,  which will require updates every 6 months,
             at a minimum, or as required by changes to the Agency's "business plan".

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.12                         Page 2 of 4


       b.     Conducting workload analyses and trending.

       c.     Soliciting user  communication and involvement to determine more accurate
             workload growth projections and service requirements.

       d.     Evaluating capacity impacts and conducting alternatives analyses.

       e.     Analyzing new technology impacts to ADP capacity.

       f.     Assisting Regional Offices with technical capacity analyses as required.

       g.     Participating in  specialized technical studies as required  to support the research
             and analysis of capacity planning issues.

       h.     Communicating all pertinent information to Agency personnel responsible for the
             development of Agency information resources management (IRM plans).

       i.     AMPB is primarily responsible for capacity planning, while the Automatic Data
             Processing Operations Management Branch (ADPOMB) is primarily responsible
             for performance management of mainframe systems (as describee  by  NDPD
             Operational Directive 210.03, NCC IBM Mainframe Performance Management).
             and the Telecommunications  Branch  (TCB)  is  primarily  responsible  for
             performance management of the network  (as described  by NDPD Operational
             Directive 300.03, IBM SNA Network Performance and Capacity Management).
             The relationship of these responsibilities requires a high degree of cooperation
             and communication. The interactions required by AMPB are summarized below:

             (1)    AMPB will assist ADPOMB  and  TCB in  defining  and analyzing the
                   potential resource utilization, performance, and capacity impact of major
                   new applications.

             (2)    AMPB will  monitor and analyze trends in major NCC user applications
                   (both existing and emerging) and assist ADPOMB and TCB in evaluating
                   the overall system impacts of these continuing trends.

             (3)    AMPB will  consult with ADPOMB for review and concurrence with its
                   draft quarterly capacity reports on mainframe systems.

             (4)    AMPB will consult with TCB on the development and implementation of
                   a network capacity planning policy.


5.0    REPORTING

AMPB will regularly analyze capacity of the NCC systems to determine (1) the consistency of
actual workload growth with user forecasts,  and (2) the current NCC mainframe systems reserve
capacity. The following reports are planned:

       a.     AMPB  will produce a quarterly capacity  forecast for  each NCC  mainframe
             system to define the capacity requirements for three distinct time periods:  the
             balance of the current Fiscal  Year (FY), die following FY or operating budget
             year (FY+1), and the next FY or planning budget year (FY+2).

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.12                          Page 3 of 4


             This forecast will include a complete description of the analyses performed and
             all assumptions contributing to the capacity predictions.  Graphical presentation
             will be used to the greatest extent possible to show:

             (1)    Current capacity in use.

             (2)    Amount of reserve capacity.

             (3)    Anticipated timeframe of system saturation.

             (4)    Alternatives to resolving and/or delaying capacity problems.

       b.     AMPB will develop hardware equipment forecasts to assist the management and
             execution of the multi-year mainframe contract. These forecasts will be produced
             at least 4 months prior to the required delivery of the equipment.

       c.     AMPB will produce special capacity reports as required to support long-term
             budget  planning and/or to  assess the impact of new  or changing  ADP
             requirements.  These reports may include  detailed workload characterizations,
             special analytic modeling scenarios to evaluate hardware alternatives, or studies
             to answer specific "what if capacity questions from NDPD management.


6.0    DEFINITIONS

Capacity planning is  one of  two  components  (the other being performance  management)
comprising capacity management.  The following definitions are included to distinguish these
terms and related activities:

Capacity Management             The  activity that controls,  measures, and   plans  the
                                 configuration required to  meet the organization s current
                                 and future information processing requirements. Capacity
                                 management is composed of two components: performance
                                 management and capacity  planning.

Performance Management         The function that measures, evaluates, and reports data
                                 processing   performance,   and  prevents  or   corrects
                                 performance problems.  Performance management deals
                                 with  the  tactical  issue  of providing  acceptable  data
                                 processing service to  the user community.

Capacity Planning                 The  process of  determining  the hardware,  software,
                                 features, organization, and facilities  required  for  the
                                 continuous   delivery   of  acceptable   service   to users.
                                 Capacity planning primarily deals with the strategic issue
                                 of forecasting the necessary resources required to support
                                 future data processing demand.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.12                         Page 4 of 4
Master Facility Planning-         Capacity planning data is used to produce a Master Facility
                              Plan, which is intended to ensure that facility support
                              equipment is in place to accommodate the growth of the

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NCC IBM Mainframe System Integrity                     NO.    210.13

APPROVAL: &V;^V; >V--:'- ' •/»                                 DATE:S//7/?3
              '                "'
1.0   PURPOSE

The NCC IBM Mainframe System Integrity policy establishes:

      a.     Objectives for maintaining system integrity.

      b.     Functions which will be managed to meet the objectives.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and primary support contractor staff personnel responsible for
the management and maintenance of the NCC IBM mainframe system.

Any deviations from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The Primary Support Contractor will develop, update, and monitor procedures to implement this
policy.

The Primary Support Contractor will adhere to NDPD policies and perform the tasks necessary
to meet policy objectives.


4.0   POLICY

      a.     The NCC IBM mainframe system resources will be managed in a manner which
            provides maximum availability to the customer community.

      b.     The NCC IBM mainframe system resources will be managed in a manner which
            provides maximum useability to the customer community.

      c.     The NCC IBM mainframe system resources will be managed in a manner which
            provides maximum reliability to the customer community.

      d.     The NCC IBM mainframe system resources will be managed in a manner which
            provides maximum protection to the operational environment by maintaining a
            logical  separation of both the test and development  environments from the
            production environment.

      e.     The NCC IBM mainframe system resources will be thoroughly documented.
            Documentation will include developing  specific procedures to ensure system
            integrity and updates to these procedures on a regular basis.

      f.     The Primary Support Contractor will, in concert with NDPD technical managers,
            ensure that NDPD operational procedures are implemented for each of the areas
            identified above.

-------
NDFD OPERATIONAL DIRECTIVE NO. 210.13                          Page 2 of 2


5.0   DEFINITIONS

      a.     System availability is defined as ensuring NCC IBM mainframe system resources
             are accessible for  use by the general  customer  community.   Documented
             procedures will be developed and maintained by the Primary Support Contractor
             to support maximum system availability.

      b.     System useability is defined as ensuring NCC IBM mainframe system resources
             are adequately maintained and operating at manufacturer's standards. Document-
             ed  procedures will  be developed and maintained by the Primary  Support
             Contractor to support maximum system resource useability.

      c.     System reliability is defined as ensuring NCC IBM mainframe system resources
             are dependable and function in the intended manner. Documented procedures will
             be  developed and maintained by the Primary Support Contractor to support
             maximum system resource reliability.

      d.     System protection is defined as minimizing the risk of unauthorized access in such
             a manner that security controls specified for the system cannot be compromised.
             Documented procedures will be developed and maintained by the Primary Support
             Contractor to support maximum system resource protection.

      e.     System documentation will include specific procedures employed by the Primary
             Support Contractor to accomplish the above guidelines.  These procedures will
             be developed and maintained by the Primary Support Contractor,  approved by
             NDPD technical management, and centralized in one manual.


6.0   STANDARDS

The NCC IBM mainframe processing services will be available to the customer community from
0700 each Monday until 2000 each Sunday (Eastern Time) throughout the year. Exceptions to
these times may occur because of maintenance or system testing.   Any time changes will be
posted in the online dataset 'JUSD.HOURS.'


7.0   PROCEDURE REFERENCE

U.S. Environmental Protection Agency.  (1993) MVS Systems Standards and Procedures Manual
(Draft).   (Report No.  569/001)  Research Triangle Park,  NC:   National Data Processing
Division, Office of Administration and Resource Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     Authorized Program Facility Library Usage                 NO.   210.14
APPROVAL: i^g&i 'ZM. L: / V •-•'.;                                 DATE: *//7/t3

1.0   PURPOSE
This policy identifies the requirements for request and usage of Authorized Program Facility
(APF) Libraries.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and primary support contractor staff personnel responsible for
creation and support of APF Libraries.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
It is the responsibility of the preparer to conform to this policy in submitting requests for APF
Library authorization.
The Primary Support Contractor will develop, update and monitor procedures to implement this
policy.
The Primary Support Contractor will adhere to NDPD policies and perform the tasks necessary
to meet policy objectives.
NDPD  will ensure that APF Library update access is controlled through RACF profiles.

4.0   POLICY
APF Library  authorization shall be provided when:
      a.     The requestor (e.g., Vendor, Primary Support Contractor, NDPD Personnel) has
            a clearly documented requirement to create the APF Libraries.
      b.     The requirement is defined in a Change Management Record. Requirements for
            the Change Record will be detailed  in the Network Systems MVS Systems
            Standards and Procedures Manual.
      c.     Update access to APF libraries will  be limited to personnel maintaining the APF
            library.  Access control will be determined by RACF profiles.
Access  to SYS1.PARMLIB, which contains the method by which APF libraries are authorized,
will be  limited to personnel required by job function to maintain these system libraries.
APF Library authorizations and access privileges to SYS1.PARMLIB will be reviewed annually.

-------
NDPD OPERATIONAL DIRECTIVE NO. 210.14                         Page 2 of 2


5.0   DEFINITIONS

APF Library:   An authorized library that contains modules which perform IBM  MVS/ESA
operating system restricted functions.  To use restricted functions, the programs utilizing those
functions must reside in an installation authorized library. Authorized Libraries are defined in
a MVS/ESA operating system parameter library member.


6.0   STANDARDS

APF Library authorization must be requested by a Department or Group Manager/Supervisor.
All requests will be submitted through the Change Management System and must be submitted
in accordance with Change Management procedures.  A  change item must  be  opened  by
requester for the production environment.  A request to create  an APF library for  the test
environment must be stipulated in the description text area of the production change item.  ALL
requests will be reviewed at the weekly Change Management meeting.


7.0   PROCEDURE REFERENCE

U.S. Environmental Protection Agency. (1993) MVS Systems Standards and Procedures Manual
(draft) (Report No. 569/001).  Research Triangle Park, NC:  National Data Processing Division.
Office of Administration and Resource Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NCC Scientific Cluster System Management                 NO.    230.01

APPROVAL:  f)^  /)lf\    rfD    D                        DATE:/Z ~
1.0   PURPOSE

The NCC Scientific Cluster Management policy establishes:

      a.    Objectives for managing the system.

      b.    Functions which will be managed to meet the objectives.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and all Primary Support Contractor  (PSC) staff personnel
responsible for the management, operation,  or maintenance of the NCC Scientific Cluster.

Any deviation from this policy must be approved  in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy.

The  PSC  will adhere  to NDPD policies and perform the tasks necessary to meet policy
objectives.


4.0   POLICY

      a.    The NCC Scientific Cluster will be managed in a manner which provides cost-
            effective, reliable, available, and accessible service to the customer community.

      b.    The NCC Scientific Cluster will be managed to meet the service levels defined
            in the  Scientific Standards  section of Policy 230.02, NCC  Scientific Cluster
            Service Levels.

      c.    While  the organizational structure of NDPD and the PS contractor may change
            from time to time, the following major areas of responsibility will be managed:

            (1)    System Operations.
            (2)    System Software Maintenance.
            (3)    Data Communications Facilities Support.
            (4)    System Performance Tuning.
            (5)    Capacity Planning.
            (6)    Customer Service Activities.
            (7)    Contract Administration for System Components.

      d.    The PSC will, in concert with NDPD technical managers, ensure that NDPD
            operational policies are implemented for  each of the areas of responsibility
            identified above.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.01                          Page 2 of 2


5.0    DEFINITIONS

System Operations:  Console and peripheral equipment operation, physical facilities manage-
ment, data storage management, preventive and remedial hardware maintenance scheduling,
change management, and production control.

System Software Maintenance:  Installing and maintaining all vendor-supplied software.  This
includes DEC system and program products as well as software supplied by third-party vendors.

Data Communications Support:  Installing, maintaining, and monitoring the performance of all
data links and associated equipment in use at NCC.

Performance Tuning: All activities required to ensure that the goals defined in the service level
policy are met on a daily basis.

Capacity Planning: All activities required to predict future workload and to identify resources
which must be acquired to meet the service  level policy objectives in the future.

Customer Services:  Customer support activities for problem resolution, customer registration
and billing, and central data base administration.

Contract Administration Services: All activities required to order and maintain the hardware and
software components of the NCC Scientific  Cluster.


6.0   STANDARDS

Refer to  Policy 230.02, NCC Scientific Cluster Service Levels,  for more information about
standards.


7.0   PROCEDURE REFERENCES

U. S. Environmental Protection Agency. (1993) Operations Handbook for the Scientific VAX-
Cluster (Report No.  508/001).  Research  Triangle Park, NC:   National  Data Processing
Division, Office  of Administration  and Resources Management  (Location:   Publications
Technical Library)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:      NCC Scientific Cluster Service Levels                      NO.    230.02
APPROVAL,                    -                                    DATE: /*-
1.0    PURPOSE
The NCC Scientific Cluster Service Level policy establishes:
       a.     Scientific Cluster components.
       b.     Access rules for Cluster components.
       c.     Scheduled hours of system availability.
       d.     System stability goals.
2.0    SCOPE & APPLICABILITY
This policy applies to  all  NDPD and PSC staff personnel responsible for the management,
operation, or maintenance of the NCC Scientific Cluster and to users of this computing resource.
The NCC Scientific Cluster consists of multiple processors and data storage for the support of
scientific applications for  regions, programs, and the Office of Research  and Development
(ORD). Also included are  the associated RTF local area networks and the EPA telecommunica-
tions network.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0    RESPONSIBILITIES
The PSC will develop,  update, and monitor procedures to implement this policy.
The PSC will adhere to NDPD policies and procedures to ensure that service level objectives
are met.  The PSC will also advise NDPD of potential problems which might have an adverse
impact on the NCC Scientific Cluster.
The customer community will comply with the utilization provisions of this policy.
4.0    POLICY
       a.     NDPD will  maintain a list of  supported system software.   This list will be
             updated quarterly and will be available to customers.
       b.     NDPD will negotiate additional Service Level Agreements (SLAs) with customers
             for services  to include guaranteed access, private CPU and disk resource, and
             software services.  NDPD may  restrict access to these resources as required to
             meet these SLAs.
       c.     All customers will, under normal circumstances, be granted interactive access to
            the general purpose processors.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.02                          Page 2 of 2


       d.     Batch queues  will be provided  on all processors in the Cluster.  The queue
             assignments for individual batch jobs will be determined by the job's runtime
             requirements.  Access to some queues may be restricted by additional SLAs.

       e.     In  the event of an extended failure of resources, NDPD will reconfigure the
             remaining resources to best meet the needs of all users, including any covered by
             additional SLAs.

       f.     Customer support services will be available during the designated hours.

       g.     Stability goals will be computed  only for  the scheduled hours of service.

       h.     In  the  absence of monitoring software, no goals have been established for
             interactive response or batch turnaround  times.  However, resource utilization
             quotas will be established to ensure a level of service considered to be satisfactory
             by a majority of the customer community.

       i.     Periodic reports will be submitted to NDPD management  to verify compliance
             with this policy.


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     The full Cluster will be available to the customer community 24 hours a day, 7
             days a week, except when it is unavailable due to a scheduled maintenance.

             (1)    A console operator will be present from 8:00 a.m. Monday through 6:00
                   p.m. Sunday.

             (2)    Systems time is reserved from 8:00 p.m. Sunday until 4:00 a.m. Monday
                   for system maintenance and preventive maintenance. Additional systems
                   time may be required and will be published to the  customer community
                   via news alerts and customer  memos.

       b.     Customer support services will  be available from 8:00 a.m. until 5:00 p.m.,
             Monday through Friday.

       c.     The NCC Scientific Cluster stability goal is a quarterly uptime percentage of at
             least 99 percent of scheduled production time for the processor complex.


7.0    PROCEDURE REFERENCES

None.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NCC Scientific Cluster Performance and                    NO.    230.03
             Capacity Monitoring

APPROVAL:   /\~  iO U \   fiLO                           DATE: /£-
1.0   PURPOSE

The NCC Scientific Cluster performance and capacity monitoring activities include performance
analysis, stability analysis, and capacity planning.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and all Primary Support Contractor (PSC) staff and personnel
responsible for the management, operation, or maintenance of the NCC Scientific Cluster.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy and will alert
NDPD to potential performance problems.

The PSC will adhere to NDPD policies and offer recommendations designed to meet the policy
objectives.


4.0   POLICY

      a.    System performance will be monitored to ensure compliance with the objective
            or Policy 230.02, NCC Scientific Cluster Service Levels.

      b.    Workload  trends will   be  monitored to identify potential future  resource
            constraints.

      c.    The potential resource utilization of major new applications will be assessed to
            determine their impact on system performance.

      d.    System performance and capacity data will  be captured and  analyzed with
            commercially available  software.  Local code written to support this effort will
            be minimized to the  greatest degree possible consistent with the objectives of this
            policy.

      e.    System performance, stability, and resource utilization will be summarized and
                   ' to NDPD management daily.
      f.     Deficiencies in system performance, stability, or resource availability will be
             corrected as soon as possible consistent with the provisions of Policy 230.04,
             NCC Scientific Cluster Change Management.

      g.     The system's capacity to support projected growth in workload will be evaluated
             and reported to NDPD management quarterly.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.03                        Page 2 of 2
5.0   DEFINITIONS
None.
6.0   STANDARDS
None.
7.0   PROCEDURE REFERENCES
Digital Equipment Corporation, Maynard, MA.  (1993) Polycenter Performance Adviser User
Guide. PN:AA-PH6SB-TE. (Location: DEC Technical Services).
Digital Equipment Corporation, Maynard, MA. (1993) Polycenter Performance Data Collector
and Utilities User Guide. PN:AA-PH6YB-TE. (Location: DEC Technical Services).
Digital Equipment Corporation, Maynard,  MA.  (1993) Polycenter Capacity Planner User
Guide. PN:AA-PH6LB-TE. (Location: DEC Technical Services).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC VAX Cluster Change Management                    NO.    230.04
APPROVAL: $        -.    '     .                                 DATE:
1.0   PURPOSE
This policy is designed to ensure that all changes are applied in a timely manner without
disrupting system stability or performance.
The NCC VAX Cluster Change Management policy establishes:
      a.    Change management objectives.
      b.    System components and changes subject to this policy.
      c.    Review process required for hardware or software changes.
      d.    User notification requirements for system changes.
2.0   SCOPE & APPLICABILITY
This policy applies to  all NDPD and FM  contractor staff personnel responsible for the
management or implementation of hardware and system software changes to the NCC VAX
Cluster and the associated RTF local area network.
Any  deviation from this policy must be approved  in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.
The following system components are subject to this policy:
      a.    The processor complex.
      b.    All peripheral devices attached to the network through DECNET via ETHERNET
            and X.25 or SNA.  Peripheral devices  attached to processors not owned by
            NDPD are exempt.
      c.    Electrical, air conditioning, and other components vital to the operation of the
            processor or any of its peripheral devices.
      d.    All DEC licensed and third party vendor software products installed on the NCC
            VAX Cluster and supported by NCC,  or NCC-supported software products
            installed on remote VAX systems connected to the Cluster  through  DECNET via
            ETHERNET and X.25 or SNA.
3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy, and
will review stability reports to assess compliance.
The FM contractor will adhere to NDPD policies and procedures to ensure that the terms of
Policy 230.02, NCC VAX Cluster Service Levels,  are met.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.04                          Page 2 of 2


4.0    POLICY

       a.     A Change Management Council representing the FM contractor and NDPD will
             review and approve changes to the components defined above.  Members of the
             VAX  Cluster Coordinating Committee may sit as observers on  the Change
             Management Council.

       b.     All emergency changes must be approved by the  FM contractor's department
             manager  for User  Services and  Operations.   The EPA  ADP Operations
             Management Branch Chief must grant approval for emergency changes if the FM
             contractor's department managers specified above cannot be reached.  Approval
             for emergency changes can be obtained  in writing, in person, or over the
             telephone.

       c.     All required changes will be submitted to the Change Management Council for
             review and  approval before installation.  The impact of proposed changes  on
             system stability and performance must be considered before approval is granted.

       d.     Local  code is considered system level code not written by the vendor that either
             utilizes the vendor supplied exits in the software or modifies the vendor source
             code.

             Local  code development will be approved by NDPD before  the task is initiated.
             This  approval will be in writing either  through  formal memorandum  or  by
             utilizing the software checklist.  System software changes requiring local code
             changes will be specifically noted in Change Control.

             Local  code implementation into production will be with the  approval of Change
             Control. This approval requires complete testing, documentation, and supervisory
             level code review.  These requirements can only be waived in emergencies  by
             NDPD.

       e.     All DEC and third party software products will be maintained at a release level
             which is no more than one level behind the current release level supported by the
             vendor unless there is a known stability, performance, or functional problem with
             the new release.   The Director of NDPD must approve all cases of delayed
             maintenance.

       f.     A user memorandum will be issued 30  days  prior to  the application of any
             software maintenance.


5.0    DEFINITIONS

System changes are classified  either as  "required" or "emergency."   Hardware or system
software maintenance required  to  correct a stability or performance problem constitutes an
emergency  change.  Required  system changes are routine activities needed to  upgrade the
hardware or software configuration.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:      NCC VAX Cluster Problem Resolution                     NO.    230.05
APPROVAL:  $&&&£ *., .>•'•  -V                                DATE:
1.0   PURPOSE
The NCC VAX Cluster Problem Resolution policy establishes:
      a.     Problem resolution objectives.
      b.     Problem classification.
      c.     Problem resolution responsibilities.
      d.     User notification requirements.
2.0   SCOPE & APPLICABILITY
This policy applies to all  NDPD  and  FM contractor  staff personnel responsible for  the
management or operation of the NCC VAX Cluster and for providing support to the user
community.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with  the VAX Cluster Coordinating Committee.
3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will adhere to NDPD policies and procedures to ensure that problems  are
resolved expeditious! y.
4.0   POLICY
      a.     NCC will strive  to resolve problems with the VAX  Cluster as  soon after
             identification as possible in order to provide the best possible level of service to
             the user community.
      b.     Problems  encountered with  the  NCC VAX  Cluster will be categorized as
             hardware, software, performance, telecommunications, or user problems.
      c.     All problems with NCC-supported hardware or software will be entered into  the
             Problem Management System by close of business on the day the problem was
             uncovered.
      d.     The central problem resolution contact will report to NDPD management  the
             status of unresolved problems on a daily basis.
      e.     The central problem resolution contact will post news alerts for any problem
             which may result in user job failures or user data loss.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.05                          Page 2 of 2


       f.     The User Support staff will  serve as the  point of contact for resolving user
             problems.  The User Support staff will forward user problems which they cannot
             resolve to a central problem management contact.  Users may not call the FM
             contractor Technical Services staff directly  to obtain assistance.

       g.     The User Support staff will submit monthly reports to NDPD identifying the
             number and nature of user problems addressed during the reporting period. The
             reports will be shared  with the VAX Cluster Coordinating Committee.

       h.     The Director of NDPD will be immediately notified of any data loss experienced
             by the user community.

       i.     User reporting problems will be called within 24 hours to advise them of progress
             being made in seeking a solution.

      j.     Closed problem reports will be archived for a period of 3 years from the date the
             problem was logged.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC  VAX Cluster Timeshare Accounting                   NO.    230.06
APPROVAL:  jft^UL #;. •- "•/'-•!<                                DATE: W* 7

1.0   PURPOSE
The NCC VAX Cluster Timeshare Accounting policy establishes:
      a.    Timeshare accounting objectives.
      b.    Methodology for determining the cost of timeshare services.
      c.    Reporting requirements for advising ADP  coordinators and Agency budget
            officials of timeshare charges allocated to them.
2.0   SCOPE & APPLICABILITY
This policy applies to all NCC VAX Cluster users, and to all NDPD and FM contractor staff
personnel responsible for the management or operation of the NCC VAX Cluster.
Any deviation from this policy must be approved in  writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.

3.0   RESPONSIBILITIES
The FM contractor will develop, update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.
The user community will rely on the terms of this policy to manage their timeshare allowance.
4.0   POLICY
      a.    NDPD will conform to the requirements of OMB Circular A-130 in accounting
            for and in full cost allocation of providing data processing services to the user
            community.
      b.    Charges for data processing services will be applied in the following areas:
            (1)    Processor utilization.
            (2)    Printing.
            (3)    Telecommunications.
            (4)    Disk utilization.
      c.    The rate for the services will be reviewed and adjusted annually to reflect changes
            in the cost of providing these services.  The  rate for the new fiscal year will be
            published in the last quarter of the current  fiscal year.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.06                          Page 2 of 2


       d.     Every system transaction will be charged for actual resources consumed if data
             can be captured accurately and the cost of capture does not outweigh the cost
             recovery of the resource.

       e.     NDPD may  apply premiums or discounts for certain processing priorities or
             techniques to encourage efficient resource utilization.

       f.     Charges will be refunded if a transaction fails due to console operator error,
             system hardware failure, or system software error. Jobs using more than 2 hours
             of CPU time must have user defined save and restart capability to be eligible for
             a refund.  The refund will not exceed charges greater than those incurred during
             2 hours of CPU utilization.

       g.     NDPD will provide a summary of each month's timeshare charges by the 5th day
             of the following month.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC VAX Cluster User Registration                      NO.    230.07
APPROVAL:  $4*&H *...'' ". -/                                DATE: B/J/g 7
                                -
1.0   PURPOSE
The NCC VAX Cluster User Registration policy establishes:
      a.    User registration objectives.
      b.    User registration requirements.
      c.    Reporting requirements for managing the user registration process.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for  the
management or operation of the NCC VAX Cluster system, and to the NCC VAX Cluster user
community.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.

3.0   RESPONSIBILITIES
The FM contractor will develop,  update, and monitor procedures to implement this policy.
The FM contractor will perform the tasks necessary to implement this policy.
The TSSMS Office will be responsible for conducting user registration services.
The user community will follow the NDPD procedures derived from this policy to gain access
to the NCC VAX Cluster  system.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring that users
are registered on the  NCC VAX Cluster for  the purpose of conducting legitimate Agency
business only.
Every EPA ADP Coordinator and Account Manager will be responsible for ensuring user
identification termination  for all EPA,  contractor, or  subcontractor employees upon  the
termination of a project or resignation of employees under his jurisdiction.

4.0   POLICY
      a.    User registration procedures will conform to the objectives of this document and
            the terms of Policies 230.06, Timeshare Accounting, and 230.08, NCC VAX
            Cluster Security.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.07                           Page 2 of 2


       b.     ASRL Meteorology and general users will be registered on both the large models
             and general purpose processors to allow transfer of workload as specified in
             Policy 230.01, NCC VAX Cluster Service Levels.
       c.     System  utilization will  be recorded for authorized  individual  users  and for
             accounts which may include multiple users.

       d.     New accounts may be created by EPA ADP Coordinators only. Provisions will
             be made for group designations and  the use of Access Control List facilities.

       e.     Each user will be assigned a unique user identification code and will be associated
             with one or more accounts as requested by the EPA ADP Coordinator or EPA
             Account Manager.

       f.     User identification codes previously assigned to a user no longer registered on the
             NCC VAX Cluster may be reassigned to another user.

       g.     Telephone requests for account or user registration will be honored, but signed
             hardcopy verification  of all requests are required  within 2 weeks to retain the
             registration.

       h.     A user terminating employment will  be removed from the system.  All resources
             associated with this user identification code will be assigned  to another user or
             deleted at the discretion of the ADP Coordinator or Account Manager.

       i.     Accounts and user identification codes which have not been accessed for  1 year
             will be deleted from the system. The user and Account Managers will be notified
             at least 30 days prior to deletion  of an account or user identification code.

       j.     Every ADP Coordinator and Account Manager will receive a periodic  report
             identifying the accounts and user identification codes for which he is responsible.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NCC  VAX Security                           NO.                230.08

APPROVAL: Aj0tjL$(j^ujiL-£L_             DATE:
1.0   PURPOSE

This policy establishes a set of security  standards and practices for Agency standalone or
network connected computer systems which use the DEC VAX VMS Operating environment and
are owned or supported by EPA's National Data Processing Division (NDPD). These standards
are in compliance with generally  accepted security standards and practices and with Federal
regulations and directives referenced in Paragraph 7.0 of this policy.


2.0   SCOPE & APPLICABILITY

This policy applies to all customers of NDPD owned or  supported computer systems  which
provide for the operation, maintenance,  support,  or telecommunications  services of those
systems.

Any request for a deviation from this policy must be provided in writing to the Director, NDPD
and, if approved, must be approved in writing. Email is an acceptable medium for requesting
and receiving an exemption under this policy.  Provisions in this policy might be superseded by
future policies developed for public access and which are subsequently reviewed and approved
by the NDPD Computer Security Officer.  Provisions in Public Access policies are regarded as
approved  exemptions to this policy.


3.0   RESPONSIBILITIES

      a.     The Director, NDPD is responsible for:

             1.     Providing policy for a secure environment for all VMS-based computer
                   systems covered by this policy.

            2.     Ensuring that this policy is  consistent with all federal regulatory statutes
                   and directives.

            3.     Requesting exemptions to federal regulatory statues and directives when
                   required  by  considerations  unique to the operating environment of the
                   computer systems covered by this policy.

            4.     Appointing  an NDPD Computer  Security Officer  responsible  for
                   implementing, maintaining, and reviewing compliance with this policy.
                   The NDPD  Computer  Security Officer will be  an  EPA management
                   official knowledgeable in information technology and security matters.

            5.     Participating in NDPD's Computer Emergency  Response Team (CERT)
                   as described in NDPD policies and procedures for that team.

            6.     Approving,  in writing,  any approved exemptions to this  policy,  and
                   notifying the NDPD Computer Security  Officer of any such approvals.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                         Page 2 of 12


       b.     The NDPD Computer Security Officer is responsible for:

             1.     Establishing and implementing all procedures necessary for the implemen-
                   tation and maintenance of this policy.

             2.     Reviewing and approving all security  environment changes allowable
                   under this policy, and reviewing and approving all system-wide special
                   privileges for all VMS based systems covered by this policy.

             3.     Establishing and coordinating a security awareness program for  data
                   processing systems covered under this policy.

             4.     Directing efforts of NCC Primary Support Contractor (PSC) personnel in
                   security  matters pursuant  to  provisions of the  NCC  primary support
                   contract.

             5.     Coordinating any exemptions to Freedom of Information or Public Access
                   Acts regarding access to  data  processed  on  data processing  systems
                   covered by this policy.

             6.     Participating in NDPD's Computer Emergency Response Team (CERT)
                   as described in NDPD policies and procedures for that team.

             7.     Monitoring system compliance with this policy.

             8.     Implementing procedures required  for system reviews specified in this
                   policy.

             9.     Directing efforts  of NCC  PSC personnel  in security review matters
                   pursuant to provisions of the NCC primary support contract.

       c.     The management of each technical support function established by NDPD for the
             support  and maintenance  of computer systems  covered  by  this policy  is
             responsible for:

             1.     Adhering to all policy provisions.

             2.     Subscription and use of industry security risk bulletin boards and products
                   for the purpose of identifying potential security exposures in the VMS-
                   based environment.

             3.     Coordination with the NDPD Computer Security Officer or his delegate,
                   System  Managers and System Administrators:

                   (a)    Policy provision implementations, monitoring, and maintenance.

                   (b)    Configuration, according to security policy standards of all VMS-
                          based operating systems,  utilities, and applications for which  it
                          provides central distribution, support or maintenance.

                   (c)    Reporting, defensive,  and corrective actions related  to system
                          security exposures,  breaches and virus attacks.

                   (d)    Security awareness  information dissemination.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                          Page 3 of 12
             4.     Participating in the NDPD Computer Emergency Response Team (CERT)
                    as described in NDPD policies or procedures for that team.

      d.     Each Agency Program Office is responsible for:

             1.     Adhering to all provisions of this policy.

             2.     Ensuring the physical security of their sites used to house or access
                    computer systems  covered  by  this policy and  the data processing
                    peripherals and other devices used for that access.

             3.     Appointing a system Manager and a System Administrator for computer
                    systems covered  by this policy and which reside at their site(s).
             4.    Maintaining the security of each of their VMS-based computer systems
                   and the applications residing on them in a  manner consistent with  this
                   policy and all Federal regulations and directives.
             5.     Developing and performing local procedures, risk analyses, and other
                   mechanisms  for  determining, enacting,  monitoring,  and maintaining
                   computer system and application security requirements under provisions
                   of this policy.
             6.     Implementing local  security awareness  training  programs  based on
                   information provided by NDPD and the Agency.

      e.     Each System Manager and System Administrator will be responsible for:

             1.     Adhering to all provisions of this policy.

             2.     As directed by the Program Office, ensuring that provisions in this policy
                   governing the office are implemented, monitored, and maintained.

             3.     Subscriptions and use of industry security risk bulletin boards for the
                   purpose  of identifying potential security exposures  in the VMS-based
                   environment.

             4.     Coordinating with NDPD  technical support  management  and System
                   Administrators:

                   (a)    Policy provision implementations, monitoring, and maintenance.

                   (b)    Configuration, according to security policy standards, of all VMS-
                          based operating  systems,  utilities, and applications  for their
                          system(s).
                   (c)    Reporting, defensive,  and corrective actions related  to  system
                          security exposures, breaches and virus attacks.

                   (d)    Local dissemination of security awareness information.

                   (e)    Implementing system  warning notices during system logon  to
                          provide legal protection from unauthorized access attempts.

                   (f)    Aiding  NCC Computer Security Staff with security audits.

-------
NDFD OPERATIONAL DIRECTIVE NO. 230.08                         Page 4 of 12
      f.
             S.     Participating in the NDPD Computer Emergency Response Team (CERT)
                   as described in NDPD policies or procedures for that team.

             The EPA NDPD security function is a commercially contracted responsibility of
             the Primary Support Contractor as provided for in Attachment A of OMB
             Circular A-76.  All NCC  PSC  departments and  personnel engaged in the
             operation, support, or maintenance of VMS-based systems covered by this policy
             are responsible for adhering  to these policy provisions and  for conducting
             security-related activities as  directed by the NDPD  Computer Security Officer
             under provisions of the primary support contract.


4.0   POLICY

The computer systems covered by this policy will be used for official Government business only.
Unauthorized use of any of these systems  is a criminal offense under Title 18 of the United
States Code,  Section 641, and may  subject violators to a fine of up to $10,000 and/or
imprisonment of up to 10 years.

The security of VMS-based computer systems, and the facilities within which they reside and
which are owned, operated, or supported by EPA's NDPD will be implemented, maintained,
and monitored in compliance with generally accepted security standards, with Federal regulations
and directives, and specifically, with Federal regulations and directives referenced in Paragraph
7.0, Policy Reference, of this policy.

Access to Agency VMS-based computers and data residing on those computers will be protected
from unauthorized access  from computer systems not covered by this policy.

Any Agency owned or operated VMS-based computer system attaching to the Agency network
must demonstrate conformity to this policy to the NDPD Security Officer within 90 days of
attachment.  Demonstration of conformance will be measured by 1) the completion of a VMS
security review checklist and 2) coordinating  with the NCC Computer Security Officer for the
execution and review of security software provided by the NDPD Computer Security Officer.
Failure to demonstrate conformance will result in removing the computer system's attachment
from EPA's wide area network.

Advancements in VMS operating system security now  permit utilization of software  and
components meeting Federal policy guidelines for C2 (discretionary access control) as outlined
in the Department of Defense Trusted Computer System Evaluation Criteria (The Orange Book),
CSC-STD-001-83, dated 15 August 1983.  EPA VMS systems covered by  this policy will, as
a design goal, meet C2 security requirements.


5.0   DEFINITIONS

      a.     Federal Trusted Computing Base (C2) Discretionary Access  Control - C2 level
             of security  is  described  in the Trusted Computer System Evaluation  Criteria,
             CSC-STD-001-83.  Please refer to The Orange Book for C2 specifications.  The
             system design goals includes the concepts of:

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                         Page 5 of 12


             1.     Discretionary Access Control.
             2.     Object Reuse.
             3.     Accountability - Identification & Authentication.
             4.     Accountability - Audit Trail.
             5.     Operational Assurance.
             6.     Life-Cycle Assurance.
             7.     Security Documentation.


6.0   STANDARDS

6.1   SYSTEM CONFIGURATION AND OPERATION

      a.     The design goal  for the operating system of all computers covered under this
             policy will be C2.

      b.     Security recommendations contained in Security Administrator guides and other
             documentation provided by the vendor of each VMS-based operating system will
             be implement
      c.    All documented fixes for known VMS security vulnerabilities will be applied.

      d.    All files residing on the computer system will be backed up at least weekly for
            incremental and monthly for full backups.  Backups will be protected from
            unauthorized access and alteration.  Storage of the backups will be at a location
            removed from that of the computer system itself.

      e.    User-IDs used by vendors for system hardware or software maintenance by non-
            VAX site personnel (e.g., FIELD,  SYSTEST) will be controlled by the VAX
            System Manager and  disabled when  not  in use.   AUTHORIZE qualifiers
            /FLAGS =DISUSER and /FLAGS=LOCKPWD will be used.

      f.    All system privileges, with the exception of TMPMBX and NETMBX, will be
            restricted to the minimum number of personnel possible and will be granted based
            on a requirement for the privilege in order to perform assigned tasks.

      g.    Establish  procedures to grant access authorities to any VAX computer, limit
            assignment of privileges to those required to perform assigned task(s), and deny
            access or privileges to that person when  his/her  requirement for access or
            privileges has expired.

      h.    The VAX System Manager will accept responsibility for auditing critical system
            events (e.g., system access attempts, resource violations, etc.)  and  for overall
            security management of his/her system.  The VAX System Manager will permit
            a member of the NCC Computer Security staff to access his/her VAX system to
            audit security policy compliance. The NCC Computer Security staff member will
            be given a pnvileged account for this purpose, but only for the duration of the
            review.

      i.     Each VAX System Manager  is responsible for coordinating enforcement of this
            policy with the NCC Security Office and will be responsible for coordinating
            resolution of security incidents and other security issues with that office.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                        Page 6 of 12


      j.      Each VAX System Manager is responsible for disseminating information and for
             training local operations staffs and users  concerning Agency  VAX policy,
             procedures, and system changes.


6.2   SYSTEM DIRECTORY AND FILE PROTECTION

      a.     As a minimum, default security applied to system files by  DEC will be
             maintained.

      b.     Access to the SYSUAF.DAT, SYSALF.DAT, and NETUAF.DAT files will be
             restricted to the System Administrator or those personnel responsible for user
             registration.

      c.     Write access to the DECnet-VAX data base will be restricted to the VAX System
             Manager.

      d.     All operating system files and user data files must be backed up  commensurate
             with the level of user activity exhibited.  The backup interval cannot be greater
             than biweekly.


6.3   DEVICE PROTECTION

      a.     System resources will be protected from unauthorized access which could result
             in harm to the VAX operating environment.  These include disk volumes, global
             section, devices, logical name tables, and queues.

      b.     On-line storage resources will be protected to ensure the integrity of each  user's
             designated data files.

      c.     Memory and disk devices must be owned by "SYSTEM."

      d.     All other non-terminal devices must be owned  by  "SYSTEM".

      e.     RMSJFILEPROT must be set at "FAOO" or modified to provide tighter default
             protection.


6.3.1  Terminals

      a.     Access permissions must be READ and WRITE for system, owner, group, and
             world.


6.4   NETWORK

6.4.1  System Warning Notice

      a.     Each computer covered by this policy which is attached to the Agency telecom-
             munications network will display the following message at login:

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                         Page 7 of 12


             WARNING:  The use of this computer is for official Government business only.
             Unauthorized use of this computer is a criminal offense under Title 18 United
             States Code, Section 641, and may subject violators to a fine of up to $10,000 or
             imprisonment of up to 10 years, or both.


6.4.2  Remote Access

       a.     Proxy accounts will be allowed, subject to the following rules and restrictions:

             1.     Proxy accounts will not be permitted for User-IDs with system privileges
                   unless approved by NDPD.

             2.     Proxy accounts will establish a one-to-one correspondence between User-
                   IDs and their remote proxies.  Multiple remote User-IDs  may not be
                   "proxied" into a single User-ID on one system, and a single User-ID may
                   not have multiple proxies on a given remote system.

             3.     All requests for a proxy account must be signed by both the applying user
                   and his ADP Coordinator.  The organization implementing the proxy must
                   also verify that the name of the requesting user is the same in Authoriza-
                   tion files on both systems.

             4.     Procedures for proxy  registration  and annual  recertification of the
                   justification for each proxy is required.

             5.     An approved exception to the above proxy account restrictions is between
                   systems at locations where  authorization  is controlled by the same
                   organizational unit, namely the establishment of proxies among  members
                   of a VAX  Cluster.

       b.     All dial-in ports will be configured  for modem control and  terminals will be
             configured with the /MODEM/HANGUP parameters.


6.4.3  DECnet Security

       a.     Default VAX Account  (e.g., FAL  -  File Access Listener) and  other User-
             IDs/accounts  established to  aid  intermachine communications  will  not  be
             established  as privileged  accounts  unless required for system operation.
             Privileges, if granted, will be limited  to the minimum required by the system for
             the User-ID/account to perform its designated task(s).

       b.     In addition to DEC recommendations concerning security for a DECnet node as
             described  in  the Guide  to VAX/VMS  Security,  the  following  will  be
             implemented:

             1.     No device will be connected to the EPA  DECnet without prior  approval
                   from NDPD.

             2.     No VAX or MicroVAX covered under  this policy will be connected to
                   any non-EPA network without prior approval from NDPD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                        Page 8 of 12
             3.     The password for the  DECnet User-ID  will be changed after system
                        ation.
             4.     The DECnet User-ID will be allowed no interactive access.
             5.     The DECnet User-ID will be removed from the executor data base.  The
                   entry in the data base will be replaced by a non-used User-ID to assist in
                   problem tracking and auditing.
             6.     The DECnet User-ID should be added to the MAIL and PHONE network
                   data bases.
             7.     A File Access Listener (FAL) User-ID will be created with NO WRITE
                   access to its root directory.
             8.     Open access to the TASK object will be disabled.
             9.     Network passwords will be enforced for all DECnet dial-up nodes.  Site
                   VAX transmit/receive passwords will not be revealed to dial-up sites.
             10.    Define the NETSERVERSTIMEOUT parameter to "000 00:00:10".

6.5   ACCOUNT SECURITY
6.5.1  Registration
      a.     Procedures will be developed by local system administrators for obtaining an
             account, password, group, or password reset, and updating system authentication
             files.
      b.     An account is required for access to any computer system covered by this policy.
      c.     Only one account per customer is allowed.
      d.     Accounts may not  shared.
6.5.2  Disabled Accounts
      a.     Disabled accounts will be kept to a minimum.
      b.     Disabled accounts will be periodically reviewed by the System Administrator to
             determine if any of them should be removed from system  authorization files.

6.5.3  Duplicate UIDs
      a.     Each account will be identified with a unique UIC.  Duplicate UICs are not
             allowed except for SYSTEST and SYSTEST_CLIG as [1,7] and DEC.
      b.     Each user must have his/her own User-ID.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                       Page 9 of 12


6.5.4 Group Accounts

      a.     Guest accounts are not allowed.  A visitor must utilize the normal account user
            registration procedure for accountability.

      b.     An  auto-login account  will not be used unless the account  is a captive,
            nonprivileged account of a process which ensures that the user is not allowed
            general  system access  to  the  site VAX  or access  to  any  node  in the
            DECnet/ETHERNET environment.   Auto-login accounts must be configured
            through AUTHORIZE as /NODIALUP, /NONETWORK, and /NOREMOTE.

      c.     Group accounts require a documented exemption through NDPD.


6.5.5 Account Security Management

      a.     A review will be conducted at least once a year to determine accounts which have
            not been used to access the system since their assignment. These accounts will
            be removed from system authorization files.

      b.     A User-ID will be disabled after four consecutive unsuccessful logon attempts
            between  session  initiations.  For this purpose,  attempts  independent  of the
            terminal used will be considered.  The following SYSGEN parameter settings will
            be used:

                  LGI BRK LIM=4
                  LGI'BRK TERM=0
                  LGI BRK~TMO=300
                  LGrBRK_DISUSER=l


6.6   PASSWORD SECURITY MANAGEMENT

      a.     All User-IDs will be configured with a password. The minimum password length
            will be six character.  The AUTHORIZE qualifier /PWDMINIMUM will be set
            equal to 6 through the use of the AUTHORIZE ADD/MODIFY command.

      b.     Passwords for new users and reset passwords will be set as expired through the
            use  of the  AUTHORIZE ADD/MODIFY command to set the AUTHORIZE
            qualifier /PWDEXPIRED.

      c.     Passwords for new users and re-issued passwords will be unique for each user
            and  non-trivial in nature and will not be set to any password previously used for
            that user. The AUTHORIZE ADD/MODIFY command should be considered to
            set the /GENERATE_PASSWORD qualifier of AUTHORIZE.

      d.     All  passwords will have an expiration period not to  exceed 90 days. The
            AUTHORIZE ADD/MODIFY command will be used to set the AUTHORIZE
            qualifier /PWDLIFETIME.

      e.     All passwords will contain at least one alpha and one numeric character unless a
            dictionary is used by the system for password validity checking.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                         Page 10 of 12


       f.     A password will expire and have to be changed to a unique value by the user to
             whom it is assigned a maximum of ninety days after initial assignment, reset, or
             change.

       g.     The system will warn the customer at login of a system required password change
             10 days in advance of the required change.

       h.     The system will  display, at login, the date and  time of the last successful or
             unsuccessful login to the customer.

       i.     Passwords will be  protected from  disclosure.   Any  file which  requires a
             hardcoded password will be encrypted.

      j.     Screen locks which require a  password for computer system access will be used
             to control access  to unattended/inactive workstations.


6.7    FILE SYSTEM SECURITY

       a.     All directories and files established or created by or for a workstation customer
             will be protected at a default level from unauthorized access (read, write, execute)
             by anyone other than the owner. Use RMS_FILEPROT to "FAOO."

       b.     No file will be owned by an undefined owner except [1,1].

       c.     To ensure system file integrity and to promote ease of auditing, only system level
             files and  utilities will be allowed in  the  system disk (e.g. DUAO) directories.
             These directories will be owned by the system and will  only be writable by the
             system.

       d.     Enforce the following policies regarding software installed at the VAX site:

             (a)     No software which requires installation as a privileged process or image
                    or  which  alters or enhances the security  environment will be installed
                    without notifying NDPD.

             (b)     Software requiring privileges  to function  will be granted the minimum
                    privileges required and win be linked with the NOTRACE qualifier.

             (c)     All software distributed to  each VAX site by NDPD  will be installed
                    according to time and  installation specifications provided by NDPD.


6.8    PHYSICAL SECURITY

Each VAX site manager will physically and procedurally provide for a secure, controlled access
environment for each VAX computer system.  Specifically, each VAX Site Manager will:

       a.     Develop and implement procedures to grant, deny,  and monitor access to  the
             central processing location.  The procedures must include access control of
             maintenance personnel, visitors, and unauthorized access while unattended.

       b.     Protect the central processing location from unauthorized access by industry
             accepted access control devices (badge readers, key lock, e.g.).

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                        Page 11 of 12


       c.     Protect all  hardware and software from environmental hazards through use of
             industry accepted environmental protection devices (e.g., sprinkler system for the
             central  processing  location, uninterruptible  power  supplies,  power  surge
             protection,  and fire extinguishers).

       d.     Individual workstation owners/operators will be responsible for protecting the
             work station  against unauthorized access  (e.g.,  logging off when not in  use,
             keyboard locks if available).

       e.     Safeguard computer and other property assets through procedures providing for
             their receipt,  tracking, and disposal.

       f.     Site  safety  procedures which comply to applicable safety regulations and fire
             regulations are required.


6.9    MEASUREMENT

       a.     System Managers or System  Administrators will monitor their audit trails daily
             using the Analyze Audit DCL command.

       b.     System Managers or System  Administrators will periodically, at least monthly,
             monitor the system files (or system specific equivalencies) to establish a baseline
             of customer usage for the purpose of detecting patterns outside of that base-line
             which may indicate a system abuse or intrusion.

       c.     Security review  software will be obtained by the NDPD Computer Security
             Officer for reviews of computer systems covered by  this policy.  Additional
             supplemental  software  and/or  procedures required  to   fully  review policy
             compliance will be developed under the auspices of the NDPD Computer Security
             Officer. An initial review will be performed within 90 days of computer system
             installation  or attachment to the Agency telecommunications network - whichever
             occurs first. Subsequent reviews will be performed by System Managers and/or
             System  Administrators  at least every three years  as  required  by Federal
             regulations. Each System Manager and/or Administrator will provide the results
             of reviews  to  the NDPD Computer Security Officer for review.

       d.     The NDPD Computer Security Officer may authorize periodic independent policy
             compliance reviews as  required for  quality assurance. The NDPD  Computer
             Security Officer will provide for the reviewer all resources (software, equipment,
             etc.) required for the review.

       e.     Vulnerabilities identified by software provided for system reviews, and which are
             not specifically noted in this policy, are subject to the provision in Section 6.1.c
             of this policy.

       f.     Findings from system reviews for NDPD locally owned and operated NDPD
             systems will be presented via TO-DO Meetings or other mechanisms for review
             and action by the Director, NDPD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.08                        Page 12 of 12


7.0   PROCEDURE REFERENCE

      a.    Office of Management and Budget. OMB Circulars A-76, A-123, and A-130.
            (Available from the Government Printing Office.) (These publications, while not
            strictly procedurally directive, are important components in the administration of
            security in the Agency. They set the guidelines for policies and procedures at the
            operational levels.)

      b.    U. S. Environmental Protection Agency. (1989)   EPA  Information  Security
            Manual (Report No. 431/001).  Washington, DC:  Office of Information and
            Resources Management, Information Management  and Services  Division.
            (Location: Publications Technical Library).

      c.    Computer Security Act of 1987. (Available from the Office of Information and
            Resources Management).

The following Digital Equipment Corporation, Maynard, MA, publication was used in the
development of this policy and constitutes the accepted reference for implementation of security
in the VAX/VMS environment:  (1989) Guide to VMS System Security, PN:AA-LA40B-TE
(Location: DEC Technical Services).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NCC  Scientific Cluster Data Management                   NO.   230.09

APPROVAL:              ]>                              DATE:
1.0   PURPOSE

The NCC Scientific Cluster Data Management Policy establishes:

      a.    Data management objectives.

      b.    Data storage requirements and projections.

      c.    Data storage media performance and capacity requirements.
2.0   SCOPE & APPLICABILITY

                                 ic Cluster customers and to NDPD and Primary Sup
                                                                             ICC
This policy applies to all NCC Scientific Cluster customers and to NDPD and Primary Suppor
Contractor (PSC) staff personnel responsible for the management or operation of the NCC
Scientific Cluster.

Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Data Management personnel.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy.

The PSC will perform the tasks necessary to meet the objectives of this policy.

The customer community will rely on the terms of this policy  to manage their data storage
requirements.


4.0   POLICY

      a.    NDPD manages the data storage devices of the NCC Scientific Cluster to meet
            the storage requirements of the customer community in a secure and cost-effective
            manner.  Data storage devices are also managed to enhance system performance
            and data integrity.

      b.    Daily reports are generated to reflect disk space usage on public disks. Customer
            accounts and files will be relocated when necessary to provide optimal system
            performance and to maintain disk space requirements on public packs. Customers
            are notified in the event of the account relocation. System-wide disk logicals are
            maintained in order to provide transparency  of the physical disk location  to the
            customer.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.09                           Page 2 of 3


       c.     NCC performs daily incremental backups of disk files on both public and private
             packs which have been created or changed since the previous backup.  Daily
             incremental backup tapes are retained for one (1) month.

       d.     Full volume disk backups for both public and private packs  are  performed
             biweekly.  The biweekly disk to tape copies are retained for one (1) month.

       e.     System full volume backups are performed biannually for disaster precautions and
             tapes are stored offsite.  A standalone backup  of the system disk is performed
             biannually.

       f.     It is the customer's responsibility to project additional disk requirements at least
             90 days in  advance.  A new customer is automatically allocated 5,000 blocks of
             disk space by default and may request an additional 10,000 blocks without
             approval.   Any disk space requested in excess of  10,000 blocks will require
             wntten approval and justification by the customer's ADP Coordinator.

       g.     Daily monitoring occurs on disk errors and file access failures resulting from disk
             hardware failures. Customers are notified in the event a disk volume becomes
             unavailable for repair and/or restoration.

       h.     Disk media and software errors are analyzed to determine if files are corrupted
             and repairable.  Customers are notified in the event a file has to be restored.

       i.     A procedure is provided to enable customers to backup their own disk files to
             tape. The  tape management system prevents accidental erasure of data.

      j.     A procedure is provided to enable customers to archive their own disk files to
             tape. Archived files may be retained  for 2 years.  Files may be archived in
             accordance with NDPD archival policy. (Ref: Guide to NCC Services.)

       k.     A procedure is provided to enable customers to restore files from the daily system
             backup and archive tapes. (Ref: Guide to NCC Services.)

       1.     Temporary space  is available for customers to store large temporary files online
             for a short period of time.  Three-day and seven-day scratch volumes are used for
             this  purpose.  Expired files are automatically deleted.  NCC will not perform
             system backups on scratch volumes.

       m.    Deletion of customer directories and files are performed on accounts that have
             been marked for removal. The customer's ADP Coordinator has the option to
             retrieve subject files prior to deletion.

       n.     Deletion of customer directories and files are performed on accounts that have
             been inactive for one (1) year.  Directories and  files are archived to tape prior to
             deletion.  Notification of inactive customer ID deletions  are  provided to the
             customer's ADP Coordinator.

       o.     Customer data on  public packs which are unused for a designated number of days
             will  be archived to tape.  The number of days of nonuse is determined by the
             Data Management staff and may be lengthened or shortened upon disk usage and
             space availability  to ensure sufficient disk space to meet customer requirements.
             Customers will be sent an electronic mail message notifying them of the situation.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.09                          Page 3 of 3



5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     In order to provide a methodology for optimum disk utilization and a more
             efficient means  for customers to  report and project disk requirements, NCC
             maintains and monitors Disk Quotas on  the customer's default login disk on the
             NCC Scientific Cluster.

       b.     A utility is used  to generate Disk Space Statistics on wasted disk space, to locate
             space-management problems and to report the overall status of disks. Customers
             are contacted and encouraged to clean-up expired files and to archive unused files
             to tape.

       c.     Private disk volumes may be obtained with proper justification.  They will be
             retained only if  their utilization conforms to efficient practices and procedures.
             Private volumes  are discouraged.  Disk quotas are not allocated on private packs.
             Customers are responsible for maintaining disk space on their private packs.

       d.     A special project disk is set aside for Shared Project Directories where multiple
             customers share  the same files. Disk quotas are maintained for customers on this
             volume.

       e.     A tape management utility is used by NCC to perform System Backups and disk
             file restorations  on the Scientific Cluster.

       f.     A utility  is used to defragment non-contiguous and  fragmented  files  on the
             Scientific Cluster.   The defragmenter  enhances file  access and  file creation
             performance.


7.0    PROCEDURE REFERENCES

       a.     U. S.  Environmental Protection Agency (1991)  Guide to NCC Services, VAX
             Cluster Ready  Reference.   Research  Triangle Park,  NC:   National  Data
             Processing Division.

       b.     U.  S. Environmental  Protection Agency.  NCC  VAX Data  Management
             Handbook.  Research Triangle Park,  NC:  National Data Processing Division,
             ADP  Operations  Management Branch.    (Location:    On-line  in  data set
             JMAS.HANDBOOK)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NCC VAX Cluster Configuration Management              NO.    230.10
APPROVAL: A   « fi H.  BJ,jO                                DATE:
1.0   PURPOSE
The NCC VAX Cluster Configuration Management policy establishes:
      a.    Configuration management objectives.
      b.    Activities required to meet the configuration management objectives.
      c.    Review requirements to ensure compliance.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and FM contractor staff personnel responsible for the
management or operation of the NCC VAX Cluster system and associated RTF  local area
network.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the VAX Cluster Coordinating Committee.

3.0   RESPONSIBILITIES
The FM contractor will develop, update,  and monitor procedures to implement this  policy.
The FM contractor will perform the tasks necessary to meet the objectives of this policy.

4.0   POLICY
      a.    The VAX Cluster system will be managed in a manner which provides:
            (1)   A current inventory of all system components.
            (2)   A current system hardware and software configuration.
            (3)   A current system telecommunications configuration.
            (4)   A  mechanism for processing hardware,  software, and  maintenance
                  procurement requests in a timely manner.
      b.    An on-line data base containing the information required to meet policy objectives
            will be maintained and updated within 5 working days of any system  configura-
            tion change.
      c.    The on-line data base will contain sufficient detail to enable technical personnel
            to obtain system hardware and software configurations or parameters necessary
            for the customary performance of their duties.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.10                         Page 2 of 2


      d.     The FM contractor will review and certify the accuracy of the configuration
            management data base quarterly.

      e.     The configuration data base, or reports from the configuration data base, will be
            made  available to NDPD and shared  with  the VAX Cluster Coordinating
            Committee on request.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Tape Management/Maintenance on the                      NO.    230.11
             Scientific Cluster
APPROVAL:                                                        DATE: /*-** "93
1.0    PURPOSE

This policy establishes guidelines and requirements for the management and maintenance of
Scientific Cluster reel and cartridge tapes at the National Computer Center.


2.0    SCOPE & APPLICABILITY

This policy applies to all NDPD staff and Primary Support Contractor (PSC) personnel who
require access to the Scientific cluster at the National Computer Center.


3.0    RESPONSIBILITIES

Data Processing Support Services at the NCC is responsible for performing the following
activities:

       a.     Maintaining a scratch pool of cartridge tapes for the customer community.

       b.     Updating the status of cartridge tapes in the Scientific Cluster data base on a daily
             basis.

       c.     Performing necessary maintenance of cartridge tapes, daily and on demand.

       d.     Monitoring Problem  Management records and daily  reports  for current and
             potential tape problems.

       e.     Informing customers and Customer Support personnel whenever problems have
             been encountered with a requested tape (e.g., tape, is unavailable).


4.0    POLICY

       a.     Customers of the Scientific cluster may allocate system tapes  which will
             automatically receive  a default expiration date of 14 days,  extendable to  a
             maximum of 13 months.  Customers must contact Data Processing Support
             Services to extend expiration dates beyond 13 months. Extensions will be granted
             based on tape usage and space availability.

       b.     Before cartridge resident system tape has reached its expiration or scratch date,
             the customer  may request one of the following actions:

             (1)    That the tape be archived for a maximum of 3 1/2 years.

             (2)    That the tape be purchased by the customer.

-------
NDPD OPERATIONAL DIRECTIVE NO. 230.11                          Page 2 of 2


             If the customer does not notify DPSS to the contrary prior to the expiration date,
             the tape will be scratched on its expiration date.

       c.     Seven days prior to the expiration date, customers will be notified via Electronic
             Mail that their tape is scheduled to be scratched.

       d.     If Operations receives a request for a tape which is not labeled,  the job will be
             aborted.  Operations personnel will open a Problem Management record  and
             transfer it to appropriate  personnel (DPSS), if necessary.  A message will be
             logged to the customer, requesting that DPSS be contacted.

       e.     If a  tape requires relabeling, the customer must submit a request to DPSS.
             (Customers are not allowed to relabel system tapes.) Tapes containing data to be
             retrieved at a later date should not be relabeled.  The data will be lost.  Instead,
             the customer should contact Customer Support for assistance.

       f.     Tape data sets created  on the NCC Scientific  Cluster will be controlled by a
             software tape management system to prevent accidental erasure of data.


5.0    DEFINITIONS

None.


6.0    STANDARDS

None.


7.0    PROCEDURE REFERENCES

U. S.  Environmental Protection Agency.   (1991)  Guide to  NCC Services:   VAX Ready
Reference.   Research  Triangle Park, NC:  National  Data  Processing Division, Office of
Administration and  Resources Management. (Contact Customer Support)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     Prime Security                                         NO:   240.08
APPROVAL:  &**?   ;t  £>!)                               DATE:
1.0   PURPOSE
The objective of this policy is to provide a secure Prime operating environment.
This policy:
      a.    Defines Prime management and Prime user responsibilities for physical , software,
            and data security of the Prime.
      b.    Defines NDPD responsibilities for Prime security.
2.0   SCOPE & APPLICABILITY
This policy is applicable to all EPA personnel and their agents who are providing services for
and/or using EPA Prime computers.
3.0   RESPONSIBILITIES
NDPD is responsible for:
      a.    Defining policy.
      b.    Reviewing policies annually for needed modification and/or enhancement.
      c.    Monitoring adherence to security policies by Prime sites.
      d.    Distributing to Prime sites, in a timely manner, Agency standard Prime operating
            system and  NDPD provided software and documentation for  its  operation.
            NDPD will  develop and provide to each site a mechanism suitable for security
            auditing and  for detecting unauthorized access attempts.
      e.    Evaluating requested exceptions to this policy.
Prime site management is responsible  for:
      a.    Implementing and  adhering to  Prime security  policies.   Prime sites  may
            implement more restrictive security policies as required by the site.
      b.    Reporting detected breaches of the security policies to NDPD.
      c.    Coordinating resolution of security breaches and security issues with NDPD.
      d.    Installing operating system  software  and other standard  Agency software
            distributed by NDPD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08                           Page 2 of 5
      e.     Providing default protection for data consistent with the sensitivity and value of
             the data and assisting Prime users in determining and implementing additional
             levels of protection beyond default protection.
       f.     Obtaining NDPD approval for exceptions to this policy.
4.0   POLICY
       a.     NDPD will distribute Agency standard Prime operating systems and any other
             software deemed appropriate by NDPD for the implementation and enforcement
             of this policy.

       b.     Prime security procedures developed by NDPD will be consistent with other
             NDPD policies.

       c.     Each  Prime Site Manager will physically and procedurally provide for a secure,
             controlled access  environment for each Prime system to protect it from loss
             caused by fire, natural or unnatural acts of man or nature, or machine failure.
             Specifically, each Prime Site Manager will:

             (1)   Establish procedures for evaluating and granting physical access to the site
                   and its computers and monitoring access.

             (2)   Control access to the site and its computers through GSA and industry
                   accepted physical control mechanisms (e.g., locks, badge readers).

             (3)   Protect the physical environment by establishing and monitoring GSA and
                   industry accepted environmental controls and fire suppression systems.

             (4)   Protect the physical operating environment by establishing procedures
                   governing the physical safety of the computers, their operators, and their
                   users.

             (5)   Safeguard  computer and  other  property  assets  through procedures
                   providing for their receipt, tracking, and disposal.

       d.     Each  Prime System Manager will provide for secure logon access to the site's
             computers.  Specifically, each Prime System  Manager will:

             (1)   Enforce the following policies for computer passwords:

                   (a)    The minimum password length will be six characters.  Password
                          conditioning  rules  requiring at least one alpha and one numeric
                          character  will  be  used to prevent  trivial and  easily guessed
                          passwords.

                    (b)    Passwords from new users and reissued passwords will be unique
                          for each user and non-trivial in nature and will not be set to any
                          previously used password for that user.

                          Password changes  by the owner  of a User-ID will not allow any
                          of the 10 previously used passwords to be used.

-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08                            Page 3 of 5
                    (c)     The option to allow a user to enter his/her password on the logon
                           line will be disabled.  A user must be prompted to enter his/her
                           password.

                    (d)     The system will force each user to change his/her password at 90
                           day intervals.

             (2)    Enforce the following policies for computer User-ID's and accounts.

                    (a)     User-ID's  will not be shared.   Each registered user must have
                           his/her own User-ID.   User-ID's which have not been used to
                           access the system within a 99 day period will be disabled.  A
                           User-ID will be purged from the system after  1 year if it has not
                           been used in that time.

                    (b)     An association of a Project-ID with a User-ID may be made to
                           provide an  additional  level  of login security as described in the
                           System Administrator's Guide.

                    (c)     No  more than 30 minutes of terminal idle time will  be allowed
                           before a user is logged off the system due to inactivity.  Only four
                           unsuccessful  logon  attempts will be allowed between session
                           initiations.  After four consecutive unsuccessful  logon attempts
                           between sessions, the  User-ID  will be automatically disabled by
                           the  system and will only be  re-established by the  Prime  Site
                           Manager after appropriate security follow-up.

                    (d)     An  account which allows a user to access the system without
                           manually adhering to  the logon process and its controls will be
                           restricted such that the account allows access only to a specific
                           application  environment and must be safeguarded  against use by
                           nonapplication users.

                    (e)     User-ID's  used by  vendors for system  hardware or  software
                           maintenance  by  non-Prime  site  personnel  must   be  strictly
                           monitored and controlled.  The environment for these User-ID's
                           will be closely coupled with the minimum privileges required for
                           the  performance of the user's task(s).   The User-ID will be
                           disabled immediately  upon departure of maintenance personnel
                           from the site.

             (3)    Enforce the following policies concerning system files and resources:

                    (a)     File protection will be applied  to all system and user directories
                           and tiles commensurate with the harm or loss that would ensue
                           from unauthorized access to or destruction of the directories or
                           files.  Password protection of user and system directories should
                           not  be  used.   Access  Control Lists  (ACL's)  provide  better
                           protection.
                    (b)    AH operating system files and user data files will be backed up on
                           a weekly schedule.

-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08                           Page 4 of 5
             (4)    Enforce the following policies regarding software installed at the Prime
                   site:

                   (a)    Software requiring installation as a privileged process or image
                          which enhances or alters the security environment of the  Prime
                          will not be installed without NDPD approval.

                   (b)    Software requiring privileges to function  will be  granted  the
                          minimum pnvileges required for it to function.

                   (c)    All software distributed  to each Prime site by NDPD will be
                          installed according to time and installation specifications provided
                          by NDPD.

             (S)    Establish  policies and procedures for sign-on (access) authority  to any
                   Prime, limit assignment  of privileges allowed by the system to those
                   necessary for a person to perform assigned task(s), and deny access or
                   privileges to that person when his requirement for access or pnvileges has
                   expired.

             (6)    Accept responsibility for auditing computer access and investigate access
                   incidents as indicated by the audit. The audit must include a daily review
                   of unsuccessful login attempts and use of sensitive system commands.

             (7)    Permit access to the Prime system by a member of the NCC Computer
                   Security staff who will review computer  security policy compliance.  The
                   NCC Computer Security staff member will be given a privileged account
                   for this purpose, but only for the duration of the review.

             (8)    Enable display of all unsuccessful login messages at a supervisor terminal.

             (9)    A user whose terminal or terminal line is disconnected will be logged out.

             (10)  Allow 30 minutes as the  maximum time for a terminal to  remain idle.
                   After that time, the user will be logged  out.

             (11)  Establish the length of time for a user login to be no more than 3 minutes.

             (12)  AMLTIM (login time) parameters should remain enabled at recommended
                   Prime values.

             (13)  At a  minimum, Prime  recommendations for a  "moderately secure"
                   environment, as described in the Prime System Administrator's  Guide,
                   should be followed.

       e.     Each Site Manager will be responsible for coordinating enforcement of this policy
             with the NCC Security Office and will be responsible for coordinating resolution
             of security incidents and other security issues with that office.

-------
NDPD OPERATIONAL DIRECTIVE NO. 240.08                       Page 5 of 5
5.0   REFERENCES

The following Prime documents were used to develop this policy and constitute the accepted
references for implementing security in the Prime environment:

      Administrator's Guide. Revision 22

      Prime/SNA Administrator's Guide rDOC8908-2LA)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     IPS Maintenance                                        NO.    250.01
APPROVAL:   l\
1.0   PURPOSE
Hardware and software require regular maintenance in order to operate effectively. This policy
is designed to encourage consistent maintenance of the EPA Image Processing Systems (IPS)
based on AS/400 minicomputers and workstations connected to the AS/400 via a token ring
Local Area Network
2.0   SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services to the EPA
Image Processing Systems as described above.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
NDPD is responsible for policy enforcement and will annually review policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.
NDPD is responsible for recording and tracking all system software malfunction incidents in
NDPD's Central  Problem Management data base,  and  for contact with vendors  regarding
software malfunctions.
The IPS System  Administrator is responsible for contact with vendors regarding hardware
malfunction incidents and  the scheduling of repairs.
The IPS System Administrator is responsible for scheduling all preventive maintenance.
4.0   POLICY
Image Processing System  hardware and software will be maintained to ensure the availability
of the IPS for use.
5.0   DEFINmONS
      a.     Software as used herein refers to operating system software and  any program
             product or application software that affects the performance or configuration of
             the system.
      b.     Hardware maintenance includes the following:
             (1)    Preventive maintenance performed on a routine, scheduled basis, such as
                   modifications or replacements of hardware units or hardware microcode.
             (2)    Repairs as a result of a hardware malfunction.

-------
NDFD OPERATIONAL DIRECTIVE NO. 250.01                         Page 2 of 2


6.0   STANDARDS

      a.    The IPS site will fund (or arrange to provide funding for NDPD to do so) and
            serve as Project Officers for all  hardware  and system software maintenance
            contracts.

      b.    No modifications will be allowed to any hardware,  system software, licensed
            program, or application program  components unless approved via the NDPD
            Change Management process.


7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. (1992) The System Administrator's and Operator's
Guide to the Image Processing System. (Report No. 568/001), Research Triangle Park, NC:
National  Data  Processing  Division,  ADP  Operations  Management  Branch.  (Location:
Publications Technical  Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     IPS Performance and Capacity Management                  NO.:   250.02

APPROVAL;               (JL^tLDATE; 5-
1.0   PURPOSE

The large capital investment for EPA's Image Processing Systems (IPS), based on AS/400
minicomputers and workstations connected to the AS/400 via a token nng Local Area Network
(LAN),  requires that they be managed to provide maximum performance and  to minimize
required upgrades. Adherence to this policy will encourage the attainment of these goals.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA and contractor personnel who provide services for the EPA
IPS as described above.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible for policy enforcement  and will  annually review policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.


4.0  POLICY

The System Administrator will manage the Image Processing System for maximum performance.
NDPD will assist upon request of the System Administrator.


5.0   DEFINITIONS

None.

6.0   STANDARDS

      a.    Each IPS site will control the number of batch jobs and interactive users running
            on its system at any given time.  NDPD will tailor system tuning parameters to
            meet the performance requirements of each site.

      b.    NDPD will provide a jobstream to generate performance monitoring reports on
            a periodic basis.  These reports will contain data on key system performance
            indicators.

      c.    The  IPS  System Administrator will monitor the system's  components  and
            determine  if the components are inside or outside the tolerance levels set by
            NDPD.

      d.    The monitoring frequency will be determined by the System Administrator unless
            a specific frequency is requested by NDPD to resolve problems.

-------
NDPD OPERATIONAL DIRECTIVE NO. 250.02                         Page 2 of 2


      e.     The System Administrator will notify NDPD when system components are outside
            the tolerance levels and NDPD will investigate the  situation  and provide a
            resolution.

      f.     A  workload performance data base will be defined and compiled on a monthly
            basis by NDPD.
7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. (1992) The System Administrator's and Operator's
Guide to the Image Processing System. (Report No. 568/001), Research Triangle Park, NC:
National  Data Processing Division,  ADP  Operations  Management Branch. (Location:
Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     IPS Change Management                                 NO.:   250.03

APPROVAL:    )L U^JjL                        DATE: 5-. /.
1.0   PURPOSE

This policy is designed to promote consistency and commonality of hardware and software in
the EPA Image Processing System (IPS) environment based on AS/400 minicomputers and
workstations connected via token ring Local Area Networks (LANs).

The objectives of the EPA IPS Change Management policy are to:

      a.     Ensure that necessary changes to the IPS are made with minimum disruption to
            users.

      b.     Provide a formal structure for stable IPS changes.

      c.     Define NDPD and IPS staff responsibilities for Change Management.

This policy will provide EPA with an effective method of monitoring and controlling all changes
to the IPS.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA and contractor personnel who provide services  to the EPA
Image Processing Systems as described above.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible  for policy enforcement, and will annually review policies  for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.

Each IPS System Administrator is responsible for coordinating Change Control activities between
NDPD support  personnel and the IPS site, and for notifying users of changes  to the system.

The IPS System Administrator is responsible for monitoring and reporting the stability impact
of system changes to NDPD support personnel.


4.0   POLICY

No changes to  software, hardware, or telecommunications configurations or  features will be
made unless approved  through the Change Management process.


5.0   DEFINITIONS

Software is defined as  operating system software and any program products or  applications that
require or cause changes to the IPS configuration or performance.

-------
NDFD OPERATIONAL DIRECTIVE NO. 250.03                        Page 2 of 2


6.0   STANDARDS

      a.     Software changes installed on any IPS system will be duplicated on all systems
            within 60 days.

      b.     NDPD maintains the Change Management process.
7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. (1992) Change Management Procedures Manual (Draft)
(Report No. 245/001F), Research Triangle Park, NC: National Data Processing Division, Office
of Administration and Resources Management. (Location: Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     IPS Problem Resolution                                 NO.:   250.04

APPROVAL:                                                     DATE: S--
1.0   PURPOSE

Problems will arise in a resource as.complex as the Image Processing System (IPS). This policy
establishes a framework for resolving these problems when they occur on EPA IPS based on
AS/400 minicomputers and workstations connected to the AS/400 through a token ring Local
Area Network (LAN).


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA and NDPD contractor personnel who provide services for
or use the EPA Image Processing Systems as described above.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement in consultation with IPS System
Administrators.    NDPD will review  policies  annually  for needed  modification and/or
enhancement.

The IPS  System Administrator serves as the initial contact with NDPD.


4.0   POLICY

The IPS  System Administrator and NDPD support personnel will report all problems involving
the Image Processing System.


5.0   DEFINITIONS

None.


6.0   STANDARDS

      a.    Problems will be classified as to cause: equipment, telecommunications, system
            software, or application.

      b.    NDPD's Central Problem Management data base will be used to track problem
            resolution.  NDPD systems support personnel and the application support team
            will be required to use Central Problem Management to log IPS problems and to
            record the actions taken to resolve them.

      c.    The IPS System Administrator will report hardware problems to the vendor for
            correction.

-------
NDFD OPERATIONAL DIRECTIVE NO. 250.04                          Page 2 of 2


      d.    System  software problems will be resolved  by NDPD support personnel.
            Application problems will be  reported to the support contractor for resolution.
            Only the IPS System Administrator or his designated backup may directly call
            NDPD personnel or the application support contractor for problem resolution.

      e.    NDPD support personnel will be available to the IPS System Administrator from
            8:00 a.m. to 5:00 p.m., Monday through Friday.
7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental Protection Agency. (1992) The System Administrator's and
            Operator's  Guide to the  Image Processing System. ([Report No.  568/001),
            Research Triangle Park, NC: National Data Processing Division, ADP Operations
            Management Branch. (Location: Publications Technical Library)

      b.    U. S. Environmental Protection Agency. (1991) Centralized Problem Manage-
            ment System  Workshop (Report No. 357/001) Research  Triangle Park, NC:
            National Data Processing Division. (Location: Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     IPS User Registration                                   NO.:   250.05

APPROVAL:
1.0   PURPOSE

This policy defines NDPD and IPS System Administrator responsibilities for user registration,
and provides guidelines for the development of user registration procedures for each EPA IPS
based on AS/400 minicomputers and workstations connected to the AS/400 through token ring
Local Area Networks (LANs). Adherence to this policy is required for effective management
of the IPS resource.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA and contractor personnel who provide services for or use
the EPA Image Processing Systems as described above.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible for policy enforcement, and will annually review  policies for needed
modification and/or enhancement, as well as monitor adherence to these policies by IPS sites.

The IPS System Administrator will designate one person and a backup who will be responsible
for coordinating communications to NDPD regarding registration matters.


4.0   POLICY

Each IPS user must have his own User-ID; User-IDs will not be shared.


5.0   DEFINITIONS

None.


6.0   STANDARDS

      a.     User registration  on the AS/400 IPS will  be performed by the IPS System
            Administrator.  If registration of the same user on the NCC  host is necessary, it
            will be performed by the TSSMS Office upon receipt of an  Email request from
            the IPS site or through the standard NCC registration procedure. Registration on
            NCC hosts will be completed within 24 hours of receipt of the request.

      b.    Users of applications based on the AS/400 Electronic Filing Cabinet must have
            their own User-IDs, which are identical to the AS/400 User-ID.

-------
NDFD OPERATIONAL DIRECTIVE NO. 250.05                        Page 2 of 2


      c.     User-IDs not used to access the IPS within a 90-day period will be disabled.
            User-IDs not used within 1 year will be deleted.


7.0   PROCEDURE REFERENCE

      a.     IBM Corporation.  AS/400 Programming: Security Concepts and Planning.
            Rochester, MN.

      b.     U. S. Environmental Protection Agency. (1992) The System Administrator's and
            Operator's  Guide to the Image Processing System. (Report No. 568/001),
            Research Triangle Park, NC: National Data Processing Division, ADP Operations
            Management Branch. (Location: Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     IPS Security                                            NO.:   250.06

APPROVAL:                                                       DATE; f-
1.0   PURPOSE

Protection of data and the Image Processing System (IPS) resource from theft, damage, and
unauthorized use requires specific security measures, and adherence to Federal laws regarding
sensitive  data  is mandatory.   This  policy defines  security  objectives and  enforcement
requirements on EPA IPS based  on AS/400 minicomputers and workstations connected to the
AS/400 through a token ring Local Area Network (LAN).


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA and contractor personnel who provide services for or use
the EPA Image Processing Systems as described above.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible for policy determination and will review its policies annually for needed
modification and/or enhancement. NDPD will monitor adherence to these policies by IPS sites.

NDPD is responsible for all IPS  system software security, and  will provide each  IPS System
Administrator with initial training in IPS security.

The IPS System Administrator is  responsible for:

      •     Implementing the IPS security policy, which includes training the IPS users in
            security, reporting  security incidents to NDPD, and  coordinating the resolution
            of security incidents with NDPD.

      •     Providing default data protection consistent with  the value of the data, and for
            assisting users  in  implementing additional protection beyond the established
            default upon request.

      •     Obtaining NDPD approval for policy exceptions.


4.0   POLICY

Image Processing  Systems and their data will be protected from unauthorized use, damage, and
theft.


5.0   DEFINITIONS

None.

-------
NDFD OPERATIONAL DIRECTIVE NO. 250.06                          Page 2 of 3


6.0    STANDARDS

       a.     NDPD will:

             (1)    Develop and provide each IPS site with a security auditing mechanism
                   capable of detecting unauthorized computer access attempts and the use of
                   sensitive system-level commands.

             (2)    Require a security level (QSECURTTY) of thirty for each AS/400-based
                   IPS to provide both password and resource security.   The other two
                   security levels, ten and twenty, do not provide adequate security for EPA
                   IPS.

             (3)    Assume responsibility for the protection  of the operating system and
                   licensed programs supplied by NDPD.

       b.     Each IPS System Administrator will:

             (1)    Control access to the site and the IPS through industry-accepted locks and
                   badge  readers,  and develop procedures for granting  and monitoring
                   physical access.

             (2)    Protect the physical  environment of the IPS site through installation and
                   use of industry-accepted environmental  controls and  fire suppression
                   devices, and through enforcement of procedures governing the physical
                   safety of the IPS.

             (3)    Protect all  licensed programs installed  by the site according to  the
                   vendors' specifications.

       c.     Each IPS System Administrator will enforce the following concerning User-IDs:

             (1)    Only four unsuccessful logon attempts will be allowed between successful
                   logons. After four consecutive failures, the User-ID and the terminal will
                   be automatically disabled by the system.

             (2)    No more than 30 minutes of terminal idle time will be allowed before a
                   user is logged off by the system.

             (3)    Vendor User-IDs used for system hardware or software maintenance must
                   be strictly monitored and controlled.  The minimum number of privileges
                   needed for a specific task should be granted.  These User-IDs should be
                   disabled immediately after the vendor's activity is completed.

       d.     The IPS System Administrator will enforce the following regarding passwords:

             (1)    Passwords will be a minimum of six characters.  Passwords must contain
                   at least one alpha and at least one numeric character and must not contain
                   repetitive strings of digits or characters. Passwords should not be easily
                   guessed. This is an EPA Security Manual requirement.

             (2)    Passwords must be changed at least  every 90 days.   Passwords  for
                   privileged User-IDs must be changed at least every 30 days.

-------
NDPD OPERATIONAL DIRECTIVE NO. 250.06                          Page 3 of 3


             (3)    A password for  a new User-ID will be  unique to that User-ID.  A
                   password that has been previously used cannot be reissued.

             (4)    Valid password changes by the owner of  the User-ID will exclude  the
                   previous 10 passwords used for the User-ID.

       e.     The IPS System Administrator will enforce the following:

             (1)    File protection will be applied to all user directories and files commensu-
                   rate with the harm or loss that would ensue from unauthorized access to,
                   or destruction of,  the directories or files. This is an EPA Security Manual
                   requirement.

             (2)    All operating system  files and user  data files  will  be backed up on a
                   weekly schedule.  This is an EPA Security Manual requirement.

             (3)    No software  requiring installation as a privileged process or image,
                   altering the security environment of the IPS, will be installed without
                   NDPD approval.  Software requiring privileges to function will be granted
                   the minimum privileges required for the function.

             (4)    If the IPS  is based on an AS/400 processor, users will not be allowed
                   access to programs owned by the Security Officer, SECOFR, or Security
                   Administrator, SECADM.

             (5)    The System Administrator will review at least weekly the IPS  audit log  for
                   logon and data access problems.  Problems will be reported to local EPA
                   management and NDPD security personnel.
luguii cuiu uaia ai«i*;ss jjiuiuciiia.  nuuicilla v
management and NDPD security personnel.
             (6)    NDPD security  staff will be permitted to  access the IPS in order to
                   monitor security policy compliance.  The NDPD security  staff member
                   will be given a pnvileged User-ID for this purpose during the announced
                   review period.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1989)  EPA Information  Security
             Manual (Report No. 431/001).   Washington, DC:   Office of Information and
             Resources  Management,  Information  Management and  Services Division.
             (Location:  Publications Technical Library).

      b.     IBM Corporation. AS/400 Programming: Security Concepts and Planning (SC21-
             8083). Rochester, MN.                                          5V

      c.     IBM Corporation. AS/400 Security and Auditing Considerations (GG24-3501).
             Rochester, MN.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     IPS Data Management                                   NO.    250.07
                                                                  DATE:

1.0   PURPOSE
Data must be managed so that it is available when needed.  Good management practices are
demanded by the economics of data storage devices and their maintenance and operation. To
meet these conditions, this policy:
      a. Provides guidelines for ongoing management of all data sets residing on Information
         Processing System (IPS) Direct Access Storage Devices (DASDs).
      b. Defines DASD management responsibilities of IPS site and NDPD personnel.
      c. Provides IPS site and NDPD personnel with guidelines for DASD allocation and use.
2.0   SCOPE & APPLICABILITY
This policy is applicable to all EPA and contractor personnel who provide services for or use
the EPA Image Processing Systems based on AS/400 minicomputers and workstations connected
to the AS/400 through a token ring Local  Area Network (LAN).
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
NDPD  is responsible for policy enforcement and will review  policies annually  for needed
modification and/or enhancement, as well  as monitor adherence to these policies by IPS sites.
NDPD is responsible for installing and maintaining OS400, which is the primary software tool
for IPS DASD management.
4.0   POLICY
Image Processing  System data will be managed so that it is available when needed.
5.0   DEFINITIONS
Backup: To make a copy of computer data to be used for recovery following loss of the original
data.
6.0   STANDARDS
      a. As part of DASD management, the IPS System Administrator will identify and store
         critical backup tapes for disaster recovery.

-------
NDPD OPERATIONAL DIRECTIVE NO. 250.07                         Page 2 of 2


      b.  IPS DASD management problem resolution is the responsibility of the IPS System
         Administrator.  When assistance is required from NCC support personnel, the IPS
         System Administrator will act as the single point of contact for all such requests.

      c.  NDPD will develop the jobstreams and procedures needed to run DASD backups.
         These procedures will include provisions for the following activities:

         (1)      Incremental Backup.  This should be done daily and will consist of the
                  SAVCHGOBJ and SAVSECDTA operations.  The tapes created should
                  be kept for 7 days.  Because SAVCHGOBJ saves objects which have
                  changed since the last SAVLIB, each day's backup contains cumulative
                  changes.

         (2)      Weekly Backup. This activity is performed once each week and consists
                  of the SAVLIB(*NONSYS) and SAVDLO operations. The tapes should
                  be retained for 14 days.

         (3)      Full System Backup.  This activity is performed through the SAVSYS,
                  SAVLIB(*NONSYS), and SAVDLO operations.  The full system backup
                  is only necessary after a configuration change or system installation.

      d.  NDPD will provide the procedures and jobstreams required to  perform backup of
         data stored on optical storage libraries.

      e.  The IPS System Administrator will ensure that optical disk backup is performed on
         all optical library storage that is unique to the IPS site.

      f.  NDPD will perform optical backup of image data stored in the optical disk library
         of the Supenund Cost Recovery IPS Central Processing Facility.


7.0   PROCEDURE REFERENCE

      a.  IBM Corporation. AS/400 Programming:  Backup and Recovery Guide. Rochester,
         MN.

      b.  U. S. Environmental Protection Agency. (1992) The System Administrator's and
         Operator's Guide to the Image Processing System. (Report No. 568/001), Research
         Triangle Park, NC:  National Data Processing Division, ADP Operations Manage-
         ment Branch. (Location: Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Personal Computer (PC) System Management               NO.    270.01
            and Architectural Direction
               * *4             '* /

APPROVAL:   &**&. fryJ;-- .                                 DATE:
1.0   PURPOSE

The purpose of this policy is to ensure that the National Data Processing Division's (NDPD's)
PC customers  are offered  products that are common  to and  essentially  compatible with
Environmental Protection Agency (EPA) architectural directions.


2.0   SCOPE & APPLICABILITY

This policy covers PC system management and architectural  direction for all personnel
responsibilities, hardware, and software associated with the operation and management of PC
systems by the EPA.


3.0   RESPONSIBILITIES

The Chief of the Architectural  Management and Planning Branch (AMPB) is responsible for
providing the management and architectural direction  specified in this policy.


4.0   POLICY

NDPD will ensure that PC customers are offered products that are consistent with EPA hardware
and software standards and support EPA Information Resource Management (IRM) architectural
directions.


5.0   DEFINITIONS

PC Customer: An employee, contractor, or designated group or individual that presently has or
previously had a requirement and an authorization to use one or more of the Agency contracts
for PC hardware,  software, training, maintenance, or support services in  support of EPA
missions.

PC System: The total complement of Central Processing Unit (CPU),  operating software,
application software, and peripherals required to operate as an integrated computing workstation.


6.0   STANDARDS

      a.    PC hardware and software standards will be provided in AMPB's  "EPA IRM
            Hardware and Software Standards Document." These standards cover the lease,
            purchase or rental of microcomputer and personal computer equipment, software,
            and peripheral equipment.

      b.    Individual software upgrades can be purchased through the credit card program
            or standard purchase request.

-------
NDPD OPERATIONAL DIRECTIVE NO. 270.01                         Page 2 of 2


      c.     PC technology upgrades will be accomplished through contract modifications,
            Delegation of Procurement Authority (DPA) modifications, or establishment of
            new contracts.

      d.     AMPB will conduct technology assessments prior to contract modifications or
            changes in standards to ensure compatibility with architectural directions.

      e.     AMPB will maintain an expert system for use in configuration management that
            contains all current agency contract hardware and software.


7.0   PROCEDURE REFERENCES

      a.     U.  S.  Environmental Protection  Agency. (1991)  EPA  IRM Hardware and
            Software Standards (Report No. 469/001). Research Triangle Park, NC: National
            Data Processing  Division,  Architectural Management and  Planning Branch.
            (Location: Publications Technical Library).

      b.     U.  S.  Environmental Protection  Agency. (1992) Technology Upgrades, PC
            Contract.  Research Triangle Park, NC: National  Data  Processing Division,
            Program Management Support Branch. (Location: Program Management Support
            Branch).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Personal Computer (PC) Service Levels                     NO.    270.02

APPROVAL: $*»JJ[ ?ffj£  Q                                DATE:
	"	V-.*.«£.«•« tgjf
                             +
1.0   PURPOSE
The purpose of this policy is to ensure that PC customers have access to support when hardware
and software problems occur.


2.0   SCOPE & APPLICABILITY

This policy covers service levels for all personnel responsibilities, hardware, and software,
associated with the operation and management of PC systems by the Environmental Protection
Agency (EPA).


3.0   RESPONSIBILITIES

The Chief of the Program Management Support Branch  (PMSB) is responsible for ensuring
support of the PC Contract.

The Chief of the Information Centers Branch is responsible for on-going PC customer support
for the Information Centers at  Research Triangle Park, NC and Washington, DC.

The local Information Centers  are responsible for customer support within their areas.


4.0   POLICY

PMSB will ensure contractor compliance with all hardware maintenance warranties purchased
from PC Contracts.  The local Information Centers will  make available on-going customer
support and  technical assistance  for all approved hardware and software if resources are
available.


5.0   DEFINITIONS

None.


6.0   STANDARDS

      a.     Hardware warranty maintenance  service levels are established within the PC
             Contract.

      b.     The customer is responsible for planning for hardware maintenance service after
             the one year warranty period.

      c.     Customer support will be provided by the vendor's PC Hotline, software vendors
             (where applicable), and the Information Centers. Support will not be rendered to
             customers for products that have not been approved by the National  Data
             Processing Division (NDPD).

-------
NDPD OPERATIONAL DIRECTIVE NO. 270.02                         Page 2 of 2


      d.    PMSB will ensure that  catalogs and bulletin  boards listing PC products and
            updates are available to PC Contract customers.


7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental Protection Agency. (1992) Warranty Maintenance Service,
            PC Contract. Research Triangle Park, NC: National Data Processing Division,
            Program Management Support Branch. (Location: Program Management Support
            Branch).

      b.    U. S. Environmental Protection Agency. (1992) Hotline Support, PC Contract.
            Research Triangle Park, NC: National  Data Processing Division, Program
            Management Support Branch. (Location: Program Management Support Branch).

      c.    U.  S. Environmental Protection  Agency.  (1991) Guide to WIC  Services.
            Washington,  DC:  Information Centers Branch,  WIC  (OSA).  (Location:
            Information Centers Branch, Washington, DC).

      d.    U. S. Environmental Protection Agency. (1992) Catalog, PC Contract. Research
            Triangle Park, NC: National Data Processing Division, Program Management
            Support Branch. (Location: Program Management Support Branch).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Agency Workstation Contract                             NO.    270.03
            Personal Computer (PC) Problem Management
APPROVAL:               '"'*'**                                DATE:
1.0   PURPOSE

The purpose of this policy is to ensure that a problem resolution path is in place that will provide
solutions to personal computer hardware and software problems.


2.0   SCOPE & APPLICABILITY

This policy covers problem  management  for all personnel  responsibilities, hardware,  and
software associated with the  operation  and management of PC systems purchased from the
Agency Workstation Contract by the Environmental Protection Agency (EPA).


3.0   RESPONSIBILITIES

The  National Data  Processing Division  (NDPD)  is responsible for providing  problem
management support.

The Program Management Support Branch is responsible for PC Contract support including PC
Hotline and Maintenance Services.

At Headquarters, the Washington Information Center (WIC) is responsible for reporting and
resolving local problems (including the review of products delivered and  received from the PC
Contract) and arranging for maintenance services after warranty periods are expired.  These
services are available to offices participating in the WIC's Operational Service Agreement (OSA)
program.

Outside of Headquarters, Personal Computer Site Coordinators (PCSCs) are responsible for
reporting and resolving local problems (including the review of products delivered and received
from the  PC Contract), and  arranging for maintenance services  after  warranty periods are
expired. PCSCs also escalate problems to NDPD that require broad expertise or central problem
resolution.


4.0   POLICY

NDPD will  have a problem management plan prepared for personal computer  problem
determination and resolution.


5.0   DEFINITIONS

None.

-------
NDPD OPERATIONAL DIRECTIVE NO. 270.03                         Page 2 of 2


6.0   STANDARDS

      a.     PCSCs or WIC personnel, in conjunction with PC Customers, will make the
             initial determinations of problems with PC hardware/software.

      b.     Problems will be  reported  to appropriate areas by PCSCs or WIC personnel.
             PCSCs will then seek assistance from the appropriate support group (PC Hotline,
             NDPD Customer  Support,  Maintenance Contractor, ICB Support) and will be
             responsible for monitoring the status of the problem until a resolution is reached.
             The PCSC may delegate this responsibility to a PC customer or support staff.

      c.     Problems concerning hardware/software that are under warranty will be reported
             to the vendor's PC Hotline. The Hotline will document the problems and report
             (monthly) on problem status and resolution.  The PC Contract Project Manager
             will monitor the monthly report to assure resolution of all warranty problems.

      d.     The Information Centers will be contacted where applicable. Support is offered
             in the forms of technical (hardware and software), and maintenance services.

      e.     PCSCs will monitor the delivery of orders shipped from the PC Contract (within
             20 days of receipt) to ensure that the products shipped are in good working order.

      f.     Telecommunications support and problem resolution will be provided only for
             NDPD supported telecommunications hardware and software configurations. PCs
             attached to LANs  must be configured  and managed per the current NDPD LAN
             policies in section 310.00 the NDPD Operational Directives Manual.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1985)  PCSC Job Description, PCSC
             Manual.  Research Triangle  Park, NC: National Data Processing Division,
             Program Management Support Branch. (Location: Program Management Support
             Branch).

      b.     U.  S.  Environmental  Protection  Agency.  (1992)  Warranty  Maintenance
             Procedures, PC Contract. Research Triangle Park, NC: National Data Processing
             Division, Program Management Support Branch.  (Location: Program  Manage-
             ment Support Branch).

      c.     U. S. Environmental Protection Agency. (1991) WIC/RIC Services. Washington,
             DC: National Data Processing Division, Information Centers Branch. (Location:
             Information Centers. Washington, DC).

      d.     U. S. Environmental Protection Agency.  (1992) Inspection and Acceptance, PC
             Contract.   Research Triangle Park,  NC: National Data Processing Division,
             Program Management Support Branch. (Location: Program Management Support
             Branch).

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Personal Computer (PC) Security                           NO.    270.04

APPROVAL:  \L  ilCl  jj\^  ^ ~ 0                          DATE:
1.0   PURPOSE

This policy documents a prudent but  minimal security control environment required by the
Agency to protect personal  computer  (PC) systems and resources  from theft, damage,  and
unauthorized use.  This  policy defines PC security objectives and security requirements as
defined by the EPA  Information Security Manual (Report 431/001)  and the EPA  Information
Security Manual for Personal Computers.

The security design for  each PC will be  based  on individual usage and risk requirements
representing a consensus  of the office responsible for that PC and the need to meet applicable
Federal laws and regulations and Office of Information and Resources Management (OIRM)
policies.  Each PC shall  meet a minimal level of security identified below.  Compliance with
these security policies is a prerequisite for connection to the Agency Local Area Network (LAN)
backbone and for support by the National Data Processing Division  (NDPD).   This  policy
addresses physical security, system security, media protection, and protection from virus attacks.

EPA information security objectives include:

       •     System availability - prevention from physical loss.

       •    . Data confidentiality - prevention of disclosure.

       •     Data integrity - prevention of information corruption.

Implementation of the attached policies  will significantly improve  our computer security
environment and help EPA achieve its information security objectives.  Any data considered
non-sensitive remains EPA responsibility and must be protected as government property. Non-
sensitive data in its aggregate form can be sensitive in terms of protection requirements to ensure
integrity.


2.0    SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees and all  agents (including
State agencies, contractors, and grantees) of EPA who are involved in the design, development,
acquisition, installation, operation, maintenance, and use of PCs supported by NDPD.  This
policy applies to stand-alone PC computers.  Refer to Policy No. 310.09, LAN Security, for
more information regarding  LANs.


3.0    RESPONSIBILITIES

Senior Information Resource Management Officials (SIRMOs) are responsible for:

       •     Ensuring PC user compliance within their jurisdiction concerning this policy.
  Indicates change.

-------
   NDPD OPERATIONAL DIRECTIVE NO. 270.04                           Page 2 of 4

          •     Coordinating the organization-wide security program.
|          •     Identifying PC owners, users, and custodians (property owners).
   NDPD is responsible for:
|          •     Monitoring security policy maintenance.
          •     Assisting each EPA PC Site Coordinator (PCSC) in determining the security
                requirements for his or her PC domain and recommending security implementa-
                tion to ensure the integrity of the data and applications on that PC.
          •     Making recommendations for corrective action on security incidents reported by
                the PCSC.
   The application owner (information system  owner) is responsible for:
          •     Determining information sensitivity.
I          •     Assuring application operational compatibility with Agency standard architecture
I                and security requirements.
          •     Specifying and approving security controls and requirements.
|   PC owner is responsible for:
          •     The security of his/her equipment.
          •     Implementation of minimal controls such  as virus prevention, physical security,
                and authorized network access.
          •     Determining level of security required based on usage and data sensitivity.
          •     Ensuring Agency work performed on a PC can continue if the original PC is
                unavailable.
   PC Site Coordinators are responsible for:
          •     Planning, installing, and managing day-to-day  PC  security implementation in
                accordance with this policy.
          •     Training and advising users on the importance of the certification process and the
                policies.
          •     Coordinating with  LAN System Administrators  and  customers  on  LAN
                connectivity policy requirements.
 j  Indicates Change.

-------
   NDPD OPERATIONAL DIRECTIVE NO. 270.04                           Page 3 of 4


          •     Reporting any security violation to the NCC Computer Security Staff.

          •     Assessing the security requirements for each PC system in accordance with the
                EPA Information Security Manual.

|          •     Ensuring PC user compliance within their jurisdiction concerning this policy.

|   PC users are responsible for:

          •     Adhering to the policies and procedures outlined  in EPA PC Security policy,
                Federal and Agency requirements, and the additional protection requirements of
                the information and application owners.

          •     Reporting any observed security violations to the PC Site Coordinator.

          •     Protecting the information their PCs store, process, or transmit by determining
                the proper level of sensitivity and security  for information created.

          •     Reading  the EPA Information Security Manual  and  all  security policies  on
                systems which are accessed.


   4.0    POLICY

   The National Data Processing Division will ensure that guidelines are in place that allow PC
   Customers to secure PC hardware, software, and data.

          a.     Software security will be provided by all PC users  by ensuring that all copyright
                and licensing agreements are maintained.  Only  EPA authorized software is
                permitted to be stored and/or executed on an Agency owned PC.

          b.     Data security will be provided by all PC users by ensuring that passwords are
                protected and proper back-up procedures are followed.

          c.     Virus prevention  will be provided by  all PC  users by  utilizing a PC virus
                scanning  utility before loading any software on to the PC. This includes software
                downloaded from  a bulletin board or any other PC based platform.

          d.     Communications security will  be provided by controlling  access  to NDPD
                communications.   AH  PC users will  adhere to  all policies and  procedures
                applicable to network communications and connectivity.

          e.     PC users who store and/or process Agency sensitive information must adhere to,
                in addition to NDPD policies, all processing policies and procedures established
                by  the Program Office responsible for  the management and oversight of that
                sensitive  data.


   5.0    DEFINITIONS

   Software Virus:  A software program that spreads by replicating a portion of itself onto another
   program. When the infected program is executed,  it will  process a set of instructions that will
   infect other programs and/or damage files.

  Indicates Change.

-------
   NDPD OPERATIONAL POLICY NO. 270.04                             Page 4 of 4


   PC Owner:  Owners possess (or have physical custody of) the ADP equipment.  For example,
   for PCs, the owner is the individual to whom the PC is assigned; that is, the person responsible
   for the equipment.

|   PC User:  Person who uses a PC as a productivity tool to accomplish work related tasks.


   6.0    STANDARDS

I          a.     Physical security must be provided whenever possible. The EPA  Information
                Security Manual provides detailed physical security controls guidance for PC
                users.

          b.     Environmental security should be provided by ensuring that fire extinguishers
I                suitable for extinguishing an electrical fire are near the PC area. Uninterruptible
                power supplies and  surge protectors should be used to protect against data loss
                in the areas of power loss and surges. PC users should be educated to protect
                their systems  from extreme temperatures, magnetic fields,  food and drinks,
|                smoke, weather, dust, water leaks, and other environmental concerns.


   7.0    PROCEDURE REFERENCES

          a.     U. S. Environmental Protection Agency. (1992) Software/Hardware Registration,
                PC Contract. Research Triangle Park,  NC: National Data Processing Division,
                Program Management Support Branch. (Location: Program Management Support
                Branch).

          b.     U. S. Environmental  Protection Agency. (1990) Property Management Policy
                Manual.  Washington, DC:  Facilities Management and Services  Division.
                (Location: Facilities Management and Services Division, Washington, DC).

          c.     U. S. Environmental Protection Agency. (1991) Virus Prevention, Policy 310.09,
                NDPD Operational Policies Manual. Research Triangle Park, NC: National Data
                Processing Division, Telecommunications Branch, LANSYS Group. (Location:
                Publications Technical Library).

          d.     U. S. Environmental Protection Agency.  (1991) LAN Security, Policy 310.09,
                NDPD Operational Policies Manual. Research Triangle Park, NC: National Data
                Processing Division, Telecommunications Branch, LANSYS Group. (Location:
                Publications Technical Library).

          e.     U. S. Environmental  Protection Agency.  (1989) EPA  Information Security
                Manual for PCs, OIRM Policy Manual. Washington, DC: Office of Information
                and Resources Management,  Information Management and  Services Division.
                (Location: Information Management and Services Division, Washington, DC).
   Indicates Change.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Personal Computer (PC) Configuration                     NO.    270.05
            and Inventory Management

APPROVAL:   jSftvM JL-,'1'V -£'                               DATE:
1.0   PURPOSE

The purpose of this policy is to ensure that Agency PC configurations are properly recorded,
safeguarded, tracked, and inventoried.


2.0   SCOPE & APPLICABILITY

This policy covers configuration management for all personnel responsibilities, hardware, and
software associated with the operation and management of PC systems by the Environmental
Protection Agency (EPA).


3.0   RESPONSIBILITIES

The Chief of the Program Management Support Branch (PMSB) is responsible for ensuring
policy compliance with regard  to tracking quantities and types of products purchased (only at
point of purchase) from Agency contracts.

Senior Information Resources Management Officials (SIRMOs) are responsible for the tracking
and inventorying of all PC products once that product reaches the shipping destination.


4.0   POLICY

The National Data Processing Division (NDPD) will ensure that contract records and the original
shipping locations for all system configurations purchased from Agency PC Contracts will be
recorded and stored for seven years.

Upon delivery of PC products to their areas, SIRMOs will  be responsible  for tracking and
inventorying all PC equipment and software at their locations.


5.0   DEFINITIONS

Configuration:  The structural arrangement of personal computer hardware  and software
components resulting in a PC system comprised of compatible and complementary parts.


6.0   STANDARDS

      a.    NDPD (along with the PC contractor) will maintain records of all PC systems
            ordered,  system burn-in logs, and original  system configuration  data. These
            records will include the recipient's name, location, and Assistant Administrator
            (AA) organization. These data allow NDPD to examine statistics concerning the
            inventory and  installed base of software.

-------
NDPD OPERATIONAL DIRECTIVE NO. 270.05                         Page 2 of 2


      b.    Property Management will maintain an inventory of each PC system purchased
            and will tag each hardware piece that is worth $1000.00 or more.

      c.    SIRMOs will track and inventory all PC hardware and software within their areas
            of responsibility.


7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental Protection Agency. (1992) Burn-in and Technical Support
            Services, PC Contract. Research Triangle Park, NC: National Data Processing
            Division, Program Management Support Branch. (Location: Program Manage-
            ment Support Branch).

      b.    U. S. Environmental  Protection Agency. (1990) Property  Management Policy
            Manual.  Washington, DC:  Facilities Management  and  Services  Division.
            (Location: Facilities Management and Services Division, Washington, DC).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Acquiring Personal Computers (PCs)                       NO.   270.06

APPROVAL: j^/^fSJl \. $f .0                                DATE:,
                       ^* •* "*"-"'' f t^-v^	     	                            	


1.0   PURPOSE

The purpose of this policy is to ensure that guidelines are in place that will advise PC customers
regarding the purchase of personal computer hardware, software, and peripherals.


2.0   SCOPE & APPLICABILITY

This policy covers acquiring PC  systems  for all personnel responsibilities, hardware, and
software associated with  the operation and management of PC systems by the Environmental
Protection Agency (EPA).


3.0   RESPONSIBILITIES

The Chief of the Program Management Support Branch is responsible for managing the agency
PC (workstation) contract.

Senior Information Resources Management Officials (SIRMOs) are responsible for managing the
PC acquisition process within their areas.


4.0   POLICY

The National Data Processing Division  (NDPD) will assure that guidelines  are in place that
advise PC customers regarding the purchase of personal computers. SIRMOs will ensure that
customers will abide by the Office of Information Resource  Management (OIRM) Delegation
of Authority for Microcomputer Requisitions (OIRM  1-10A) when planning the purchase of
personal computers.


5.0   DEFINITIONS

None.


6.0   STANDARDS

      a.    OIRM will ensure that each office will prepare a PC plan. SIRMOs will ensure
            that the PC plan as mentioned in "Guidance for Preparing the Personal Computer
            Acquisition and Management Plan" is followed by PC Site Coordinators (PCSCs).

      b.    NDPD will provide guidance to assist  PC customers in configuring personal
            computer systems which will be ordered from  Agency standard contracts.

      c.    NDPD will ensure that PC customers are aware of the established lead times that
            have been  developed for PC contract ordering  and delivery schedules.

-------
NDPD OPERATIONAL DIRECTIVE NO. 270.06                        Page 2 of 2


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. (1991) OIRM Document OIRM 1-10A.
            Washington, DC: Office of Information and Resources Management. (Location:
            Management Planning and Evaluation Staff).

      b.     Pesachowitz, A., Director OIRM. (1992) FY1992 PC Acquisition and Manage-
            ment Plan (Memorandum). Washington, DC: U. S. Environmental Protection
            Agency, Office of Information and Resources Management. (Location: Manage-
            ment Planning and Evaluation Staff).

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Voice and Data Service Level Escalation               NO.:         300.01

APPROVAL:      *    *o- -'-•-•<                            DATE:
1.0   PURPOSE
Complex service organizations, especially those with the scope of services provided by the
National Computer Center (NCC), experience operational problems from time to time.   This
policy establishes a hierarchy of personnel to notify when telecommunications problems occur
based on the type of problem and its duration.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of the NCC telecommunications
network.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
components of the NCC telecommunications network.


4.0   POLICY

      a.     The local  Network Control staff of technicians  is responsible for problem
             reporting and management.

             Technicians will  identify problems  and classify  them as hardware, system
             software, or application related.  Technicians will initially attempt to resolve all
             problems.
      b.
      c.     When appropriate, technicians will identify and report hardware problems to the
             specific hardware vendor for resolution.

      d.     When appropriate, technicians  will identify and report applications software
             problems to a departmental group or vendor for resolution.

      e.     Table 1, Voice and Data Problem and Installation Escalation Service Levels, will
             be referenced and will dictate the way in which a problem is escalated (when and
             to whom the problem will be referred).

      f.     All problems will be tracked via NDPD's Central Problem Management (CPM)
             system in accordance with standard NDPD procedures.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.01                        Page 2 of 4
          Table 1. VOICE AND DATA PROBLEM AND INSTALLATION
                        SERVICE LEVEL ESCALATION
PROBLEM ESCALATION


      Type                   Escalate After            Submit To

      Major Problem*          Immediately              Contractor Project Director
                                                     EPA Division Director
                                                     EPA Deputy Director

      Level 1                 2 Hours                 Contractor Department Manager
                                                     EPA Technical Manager

      Level 2                 4 Hours                 EPA Branch Chief

      Level 3                 8 Hours                 Contractor Project Director
                                                     EPA Division Director
                                                     EPA Deputy Director


      *Major Problem = Events that interrupt connectivity for more than 25 users for less than
      30 minutes, or which affect less than 25 users for more than 30 minutes.
INSTALLATION ESCALATION


      Type                    Escalate After            Submit To

      Level 1 Install            60 Days                 Contractor Department Manager
                                                     EPA Technical Manager

      Level 2 Install            120 Days                Contractor Department Manager
                                                     EPA Technical Manager

      Level 3 Install            240 Days                Contractor Department Manager
                                                     EPA Technical Manager

      Level 4 Install            No Commitment

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.01
                                               Page 3 of 4
5.0   DEFINITIONS

Service levels are determined by the following criteria:
Service Level 1
Service Level 2
Service Level 3
Must be an ACS Telecommunications Service Request (TSR).
User requirements are fully understood.
Cable is installed.
Hardware is in inventory or at customer site.
Standard software required.
Facilities requirements are met.
Funding has been approved.
No circuit is required.
Standard technical solution.
No procurement required.
No planning required.

Any type of TSR.
Minor unresolved issues in terms of user requirements.
Cable available  or minimal cable order.
Hardware is on  current contract.
Software is on current contract.
Facilities can  be completed by FM contractor.
Funding has been approved.
Circuit required, but less than $50K/year.
Standard technical solution needs minor modification.
No major procurement required.
Minor planning  required.

Any type of TSR.
Some unresolved issues regarding user requirements.
Cable is required and user has agreed to standards.
Additional hardware required.
Additional software required.
Major facilities  changes,  but on existing contract.
Funding approved.
Circuit required, but less than $SOK/year.
Non-standard technical solution needs to be tested.
Major procurement needed, but meets following requirements:
      JOFOC required on GSA and <$50K.
      JOFOC. required not on GSA and <$25K (small business)
         or <$10K (large business).
      PWA mod, new PWA, or EPA additional budget required.
Minor planning  required.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.01                          Page 4 of 4


Service Level 4           Any type of TSR.
                        Major unresolved issues regarding user requirements.
                        Major cable requirements; no agreement on standards.
                        Major additional hardware required.
                        Major additional software required.
                        Major facilities changes  required.
                        Funding not approved.
                        Circuit required >$50K/year.
                        No current technical solution.
                        Major procurement required:
                              JOFOC required  on GSA and >$50K.
                              JOFOC required  not on GSA and >$25K.
                              PWA mod, new PWA, or EPA additional budget required.
                              Major procurement, but not on any contract.
                        Major planning needed.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Installation Requirements for Common Use            NO.:         300.02
            Telecommunications Equipment
elecommunications Eauipi
 jK&aJ/J?
APPROVAL:  gC^flv*-*. «0ufc-f e-A'                          DATE:
1.0   PURPOSE

The National  Computer Center deploys  many types of common use telecommunications
equipment throughput Agency facilities.  Providing a proper environment for this equipment is
essential to maintain high network availability and reliability.  The purpose of this policy is to
ensure that common use equipment is installed so as to  maximize its benefits to the user
community.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees, and  to personnel of
agents (including State agencies, contractors, and grantees) of EPA who use EPA common use
telecommunications equipment at their facilities.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement, and will review policies annually
for needed modification and/or  enhancement.  The NDPD Telecommunications Branch will
develop and implement procedures to ensure that common  use telecommunications equipment
installations follow this policy.


4.0   POLICY

All Agency common use telecommunications equipment will be provided with  an environment
of adequate power (quantity and quality); heating,  ventilation, and air conditioning (HVAC);
security; and environmental monitoring where needed.  The equipment will be installed in such
a manner as to ease field maintenance.  All common use equipment must,  at  a minimum, be
installed in compliance with the manufacturers1 recommendations,  with security and access
procedures to protect the equipment.

The following guidelines have been established to aid in implementation of this policy:

      a.    NDPD Controlled  Space.  All necessary facility modifications will be included
            in the Telecommunications Service Request (TSR) requesting the installation of
            the common use equipment.  All needed facility modifications will be completed
            before installation of the equipment.

      b.    Non-NDPD Controlled Space.  The planning process will  include a facilities
            survey of the space designated for the common use equipment. The survey may
            be conducted by NDPD or  contractor staff, or by local Agency personnel or
            contractor staff. If a planned facility does not provide a proper environment, the
            NDPD Telecommunications  Branch will work with the organization controlling
            the space to either select an alternate  location that meets requirements or develop
            a facilities modification plan  to improve the planned space. All needed facilities
            modifications must be completed before the common use equipment is installed.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.02                           Page 2 of 2


       c.     Variance.  If the NDPD Telecommunications Branch finds that it cannot place
             common  use  telecommunications equipment  in  a proper environment, the
             Director,  National Data Processing Division, must approve a variance.

             The request for a variance shall include:

             (1)    A  copy of the TSR requesting the installation of common use equipment.

             (2)    The deficiency in the environment.

             (3)    The costs and schedule to correct the deficiency.

             (4)    The reason for the request for variance (i.e., why the deficiency is not
                   being corrected).

             (5)    A  risk/benefit  analysis  showing  the impact  to  telecommunications
                   availability, reliability, or stability if the variance is granted. User needs
                   which will not be met  if the variance is not granted.

             (6)    Alternatives for providing service that will meet environmental standards.

             (7)    Any other pertinent information.


5.0    DEFINITIONS

Common Use Telecommunications Equipment:  Telecommunications equipment used by more
than one work group or organization.   Examples  include,  but are not limited to, front-end
processors, data switches (port selectors), X.2S  switches, PABX  equipment, and multi-
organization LAN bridge or gateway servers.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE: IBM SNA Network
Management
APPROVAL: $_&'''^j^j
Performance and Capacity
NO.:
DATE: /
300.03
1.0   PURPOSE

This document defines the network performance and capacity management policies and standard
procedures for collecting, reporting, and correcting utilization, response time, and availability
data for the EPA IBM SNA network.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of Agency telecommunications
systems.

The EPA SNA network consists of the IBM 3090 mainframe at RTF with remote "major node
sites"  in Regions 1  through  10, Headquarters,  NEIC-Denver, Cincinnati, and Las  Vegas,
including all connections  made either directly to the IBM 3090 or with direct connection to the
3090 via a major node remote front-end processor (FEP).

"Dedicated connections" consist solely of physical unit type 2.X termination or non-EPA Type
4/5 FEP hardware physically  connected either directly to the IBM 3090 mainframe at RTP or
via a remote EPA major  node site front-end processor.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement, and will review policies annually
for needed  modification  and/or enhancement.  NDPD will provide technical support for  all
Agency  networks.

The Telecommunications Services Department is responsible for planning, installation, and
management of  day-to-day operations  for the network, including performance and capacity
monitoring  and  tuning, as  well  as  coordination of related activities between  the  Technical
Services Department and other support groups and vendors.


4.0   POLICY

      a.     NDPD will gather and analyze network performance and capacity data on a daily,
             weekly, and monthly basis.

      b.     In the event that a performance, capacity, or utilization goal is missed,  NDPD
             will investigate the source of the problem, isolate the problem,  and  report  its
             findings to the Network Control Facility for resolution.

      c.     Any network performance, capacity, or utilization  goal that is missed will  be
             documented in  the Central Problem Management system and tracked  until a
             resolution is realized.

      d.     Network performance  data will be presented to NDPD management in daily and
             monthly reports.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.03                         Page 2 of 2


      e.     NDPD will keep abreast of changing technologies to ensure that state-of-the-art
             capabilities are being utilized  to analyze network performance,  capacity,  and
             utilization.

      f.     The EPA SNA network will be maintained to perform with an average daily
             prime time total network turnaround time of <. 2 seconds to any dedicated user
             connection.

      g.     Each physical Intermediate Network Node (INN) link in the EPA dedicated SNA
             network will be maintained at 70% or less average daily prime time utilization.
             Each physical Boundary Network Node (BNN) link will be maintained at 50%
             utilization or less for the same period.

      h.     All SNA front-end processors  will be maintained  at 75% or less average daily
             prime time CPU and 80% or less memory utilization with no "slow down" events
             during normal daily operations.

      i.     The EPA dedicated network will be implemented in such a manner that there will
             be, at most, one intermediate EPA SNA node between the demarcation point and
             the NCC IBM 3090 during normal operations.

      j.     NDPD will consult with external user organizations who are connected to the
             EPA SNA network to improve total network  turnaround time. However,  EPA
             is responsible  only  for  controlling and measuring performance, capacity,  and
             utilization up to the demarcation point between EPA and non-EPA equipment.


5.0   DEFINITIONS

NCC Interactive Network Turnaround Time Goals. (As measured by TSO, "Definite Response"
from users's PU2.X controller to the NCC IBM 3090.)

      Dedicated 3270:                  2  seconds
      Dial-Up 3270:                   3  seconds
      Protocol Conversion
        (async terminals):               5  seconds
      Non-EPA SNA Gateways &
        SNI Sites:                     2  + X seconds*

             *Note:       The EPA component of the average  daily prime time network
                         turnaround will  be maintained  at _<. 2  seconds as measured  to a
                         similarly  connected physical unit at the same demarcation point.
                         The X represents the additional time of the non-EPA component
                         of the transmission.

Prime Time:  10:00 a.m. until  12:00 noon and 2:00 p.m.  until 4:00 p.m., Monday through
Friday.  It is assumed that these hours represent peak traffic time periods.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Telecommunications Change Management                   NO.:   300.05

APPROVAL:  ^/*/k*. »w*^ ^                                 DATE: 7/2/90
	~^_	'   •**•£*	__^


1.0   PURPOSE

This policy defines guidelines and procedures to be followed whenever changes are  being
planned for the EPA National Data Communications Network (NDCN).


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA, contractor, and vendor personnel who request changes to
the configuration of the national network or to  any node on that network.  This includes
hardware installation, removal, relocation, and upgrades; software upgrades; and any changes
to a facility's layout or design which affects the network or node.


3.0   RESPONSIBILITIES

NDPD is responsible for the maintenance and enforcement of this policy. NDPD personnel will
conduct an annual review for needed modifications and/or deletions, and will provide technical
support for all procedures and activities.  NDPD is also responsible for ensuring that this policy
is updated as needed to concur with changes  in NCC procedures affecting this policy or the
ability to  enforce this policy.


4.0   POLICY

Requested changes to the EPA NDCN will be made formally  and in  writing via an existing
Telecommunications Service Request (TSR) process.  This process ensures input, concurrence,
and notification to all  participants of the requested  change.   It also provides an automated
method of tracking a request, making changes to it, and reporting its schedule, status, and final
outcome to NDPD.


5.0   DEFINITIONS

The TSR is an on-line document that users or any originator of a requested change can use to
identify the nature and desired schedule of a change.  It is described in the on-line IBM User's
Guide [JUSD.USERS.REFER(TELECOM)]:

      "The TSR is the single document for requesting most types of service changes.  Services
      and  information which  must be  requested and provided via  this  form include  the
      following:

            •   Full-screen terminal support.

            •   Graphics terminal support.

            •   ASCII (TTY terminal support).

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.05                         Page 2 of 2


             •   Remote job entry registration.

             •   Terminal relocations.

      The TSR will be the only method for requesting these services.  Note that the request
      must be approved by the ADP Coordinator. Copies of the form are available through
      the ADP Coordinator or by telephone request to the Network Support Group.  Copies
      are available as on-line print on the IBM 3090 in the data set JCMT.TSR.FORMS
      (TSR)."

Once a TSR is completed and entered into the system, its originator is notified in writing and
is given the TSR number for future reference. The letter also contains the FTS and commercial
phone number of the person to whom the TSR has been assigned.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Telecommunications Disaster Recovery                      NO.:   300.06

APPROVAL; $*&£ foJlfeJtf	DATE: 9//2/90
1.0   PURPOSE

This document defines the Telecommunications Disaster Recovery policies and procedures to
reinstate access to the EPA NDPD National Computer Center (NCC) at an alternative site in the
event the existing facility at Research  Triangle Park (RTF), North Carolina, is  rendered
unusable.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA, contractor, and vendor personnel who use the EPA National
Data Communications Network (NDCN). The control facility for this network is located at the
EPA NCC at Research Triangle Park, North Carolina.

Currently, the EPA/NCC network has over 13,000 users located in all 50 states, the District of
Columbia, and Puerto Rico.  There is one major node each at the EPA Regional Offices; at
Headquarters in Waterside Mall, Washington, D.C.; and at the Environmental Research Center
in Cincinnati, Ohio.  The network also serves all EPA labs and vendor/contractor offices
nationwide.


3.0   RESPONSIBILITIES

The  Network Control Facility (NCF) at RTP  is responsible for user assistance, problem
recording/tracking,  hardware installation/removal, telecommunications  hardware operation,
offsite assistance, and telecommunications work orders resulting from Telecommunications
Service Requests (TSR's) from users or NDPD.

NDPD is responsible for policy maintenance and enforcement.  NDPD personnel at NCC RTP
will conduct annual policy reviews for needed changes, and will provide technical support for
all steps required to implement this policy. NDPD is responsible for ensuring that this policy
is updated as needed to concur with the current NCC disaster recovery plan.


4.0   POLICY

In the event of a disaster at the EPA NDPD National Computer Center, Telecommunications
Services Department personnel will follow  the procedures outlined in the  current Critical
Applications Disaster Recovery Plan maintained by the Security Officer. This plan includes
steps which address:

      •     Emergency Response
      •     Backup of Critical Applications
      •     Recovery of Processing Capabilities

As this plan dictates, Telecommunications Services will:

      a.     Participate in reactivation of the  RTP Control Center by ensuring that voice
             communications are established and by installing required terminals.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.06                          Page 2 of 2


       b.     Participate in activation of the Cincinnati Control Center by bringing up links to
             the WIC and RTF.

       c.     Participate in telecommunications operation by monitoring the network to ensure
             continual availability.

       d.     Participate in reestablishment of NCC configuration.

       e.     Participate in returning Cincinnati to normal operations.

       f.     Participate in final restoration of the NCC network.


5.0    DEFINITIONS

Currently, there is one primary source document for disaster recovery procedures at NCC:

       Critical Applications Disaster Recovery Plan,
       Document Number 379/00IB
       Published February  21, 1990

This document is maintained by NDPD and  its distribution is limited to NDPD, contractor
management personnel, and other persons having principal  responsibilities in the event of a
disaster to NCC facilities.  The Plan  is maintained by the NCC Disaster Recovery Document
Officer, who has the responsibility  to "review all documentation from  the standpoint of
completeness, accuracy, and integration with  related procedures."

In the event of an actual disaster at NCC,  the plan  calls for formal notification to all disaster
team members, including  the  Manager of  Telecommunications Services or  his appointed
representative on the team.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA^ International Telecommunications Support          NO.:         300.07

APPROVAL:  fefl"&£. &-jJtf>^                            DATE:
1.0    PURPOSE

This document outlines the policies for requesting telecommunications service between an EPA
location in the United States or one of its territories and a foreign country.  This document also
describes policies for providing access to telecommunications services to international travelers
and on-site telecommunications support for international conferences, meetings, symposiums,
or similar functions held outside of the continental United States.


2.0    SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and  their employees, and to personnel of
agencies (including State  agencies, contractors, and  grantees)  of EPA who are  involved in
international data sharing and/or traveling. International telecommunications services provided
include voice access, data transfer, electronic message and conference capability, and other
value-added services.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0    RESPONSIBILITIES

NDPD is responsible for  policy  maintenance and enforcement.  NDPD will review policies
annually, will effect necessary modifications and enhancements, and will  provide technical
support as required.

The  NDPD  Telecommunications Branch  is  responsible  for  project management  of the
international  telecommunications contract and  for tasking  contractors to  provide required
services.

EPA offices must order all services through the Telecommunications Service Request (TSR)
process.  Functional requirements must be specified in the TSR, and a contact person identified
to discuss alternative solutions.

For all services except asynchronous dial up to the EPA network, customers are responsible for
funding.  Customers are also responsible for notifying NDPD of requirements for international
services upon knowledge of same.


4.0   POLICY

This policy summarizes contract administration, service responsibilities, service levels, eligibility
criteria for ordering service, trouble reporting,  method of payment, security, and the interface
with the U. S. Department of State.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.07                           Page 2 of 3


       a.     Only the contracting officer and designated ordering officers may order supplies
             or services from the international telecommunications contract.

       b.     NDPD  will  provide  support   services  that   include  technical   design,
             troubleshooting, and diagnostics for the EPA portions of the network, installation,
             coordination, assistance with problem resolution and performance analysis.

       c.     NDPD will ensure service availability, reliability, and service levels consistent
             with established standards and procedures provided by contract administration.

       d.     Foreign agencies  that wish to have access to EPA network services  must be
             sponsored by an EPA ADP Coordinator. All services must be requested through
             the TSR process.

       e.     NDPD will provide a list of equipment and services available to international
             travelers and assist in determining the appropriate  equipment available at a
             foreign  location in order to limit  the amount of equipment that must be carried
             by the traveler and to ensure that state-of-the-art technology is being employed.

       f.     The international telecommunications contractor will provide problem resolution
             coordination via a toll-free number 24 hours a day, 7 days  a week.

       g.     NDPD will provide international  telecommunications services on a chargeback
             basis.  NDPD will provide an estimate of one-time and recurring charges, as
             applicable, for other required services.

       h.     NDPD will provide the means by which travelers can be issued telephone credit
             cards which enable the traveler to place Direct Distance Dial (DDD) telephone
             calls from foreign locations to the U. S. or to other foreign locations as required.
             These cards will also be valid for calls made to foreign destinations originating
             in the contiguous 48 states, Alaska, Hawaii, Puerto Rico, and Guam.

       i.     The   implementation  of   the    services   offered   in   the   International
             Telecommunications Support Contract must neither interfere with nor replace any
             telecommunications activities  which  are under  the exclusive authority  and
             responsibility of the U. S. Department of State (and/or any of its designated
             agencies).


5.0    DEFINITIONS

Telecommunications Service Request (TSR): A standard form which, when completed, provides
NDPD personnel with the information needed to approve, schedule, and  monitor connectivity
or changes to the EPA national network.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.07                          Page 3 of 3


6.0   STANDARDS

      a.     International services must be effectively compatible with the telecommunications
             systems in foreign locations, including existing networks and computer systems,
             service  offerings of value-added  network  suppliers, service offerings of the
             communications agencies of foreign governments, and supplied customer premise
             equipment and software.

      b.     Telecommunications connectivity service will be available 24 hours a day, 7 days
             a  week, throughout the year or  100 percent of  the time allowed in foreign
             locations (whichever is greater). Routine support and administrative services will
             be available during normal business hours in the Eastern time zone.


7.0   PROCEDURE REFERENCES

      a.     Contract 68-W2-0022 with MCI Telecommunications Corporation.  Procurement
             and Contracts Management Division. U. S. Environmental Protection Agency
             Headquarters, Washington,  DC.

      b.     (Draft)  U.  S.  Environmental  Protection Agency.  (1992)   International
             Communications Guide. Research Triangle Park, NC:  National Data Processing
             Division, Office of Administration and Resources Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     State Data Communications                               NO.    300.08

APPROVAL:  !&**&'& C^/i-Jc                                DATE:
1.0   PURPOSE

To assure effective, efficient data communications, there must be compatibility among hardware,
software, and methods used. This is especially true in connecting separate and distinct networks
such as the U. S. Environmental Protection Agency's network and those of the individual states.
(Note:  The term "state" includes a state or any entity given equal status as a state by the
Federal government.)  This policy is intended to provide a common understanding of the roles
and responsibilities for establishing the environment necessary  for data communications
connectivity between the states and the National Data Processing Division (NDPD).


2.0   SCOPE & APPLICABILITY

This policy  is applicable to the data  communications wide area network  maintained and
supported by the NDPD. Specifically, it is intended to cover  issues relating to connectivity to
the EPA network by any state.


3.0   RESPONSIBILITIES

NDPD is responsible  for policy maintenance and enforcement.  NDPD will review policies
annually for needed modification and will provide technical support for all components of the
NDPD data communications network.

NDPD will monitor the performance of the EPA's national data communications network for
potential problems as well as traffic volume and response time to individual nodes.
The  primary contact for state agencies will be  the State/EPA Data Management (SEDM)
Regional Coordinator for the responsible region. The SEDM Coordinator, in consultation with
the IRM Branch Chief, will conduct any discussions necessary with state agencies to assure the
state's designation of a single point of contact for telecommunications technical transactions.

State agencies are responsible for  defining and timely reporting of new requirements to EPA
through their respective State/EPA Data Management Regional Coordinator. Program Office
SIRMOs and Regional  Office IRM Chiefs are responsible for defining and reporting any
requirements for state data communications connectivity directly to NDPD's Telecommunications
Branch. Timely notification  of requirements will  allow NDPD the opportunity for network
design modifications to accommodate increased loads while maintaining appropriate operational
service standards.


4.0   POLICY

      a.     A single point of presence in each state will be maintained by NDPD in a location
             determined by the state for the purposes of access to the EPA's  national data
             communications network.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.08                          Page 2 of 4


       b.     Methods for data communications connectivity, and modifications thereto, shall
             be defined  through the Telecommunications Services  Request (TSR) system.
             States should communicate connectivity requirements to their Regional Office
             SEDM who will submit a TSR through the IRM Branch Chief to the Telecommu-
             nications Branch of NDPD.

       c.     State agencies desiring TCP/IP (Internet) connectivity should look to NDPD for
             consulting and design assistance.  This assistance will be provided through the
             Regional Office SEDM Coordinator via the TSR process.  This is the preferred
             means to access NCC services (including Email) for state agencies not connected
             to the state point of presence. Technical assistance will be provided through the
             Regional SEDM Coordinator via the TSR process.

       d.     NDPD shall participate in SEDM meetings to maintain contact with  the state
             agency customer community and to understand the states' data communications
             requirements.  Through this and other means as appropriate, NDPD will work
             with each Regional Office SEDM Coordinator to assure that the data communica-
             tions needs of the states are met. This specifically includes NDPD participation
             in the SEDM grant review process.


5.0    DEFINITIONS

State/EPA Data Management (SEDM): System managed by a national coordinator in the Office
of Information Resources  Management, OARM and designed to build cooperative state/EPA
relationships to  support  sound environmental  decisionmaking  through  data sharing,  data
integration, and  information exchange.  There is a State/EPA Data Management  Regional
Coordinator in each of EPA's ten Regional Offices.


6.0    STANDARDS

       a.     NDPD will purchase and maintain, at its discretion, a data circuit,  modems, and
             any other equipment  necessary for data communications between  the  state and
             NDPD (see Figure 1).  This equipment will remain the property of NDPD and
             will  be installed  at  the state point of presence only after completion of a
             Revocable License Agreement (RLA) between the state and  NDPD. The RLA
             is  a renewable legal document granting use of EPA-owned equipment; it must be
             reviewed for renewal or replacement every 3 years.

             The state shall purchase  and maintain the computer equipment necessary  to access
             the EPA network at the agreed upon point of presence. This shall include,  but
             is  not limited to, terminals, synchronous and asynchronous gateways, front-end
             processors,  and central processing units (CPUs)  as  well as the necessary
             communications software.

      c.     NDPD will review and  approve any ADP and telecommunications resources to
             be funded under the EPA State/EPA Data Management  Financial Assistance
             Program. An expedited NDPD review and approval process will be provided for
             final decision packages.
b.

-------
                          NATIONAL
            DATA COMMUNICATIONS SYSTEM
                                                                   S
                                                                   o
                                                                   *a
                                                                   *•
                                                                   H
*

I
   «r
      D
 .*"
   rttp'n,
\
 9
rf
                                                                           w
                                                                           z
                                                                           o
                                                                           •
                                                                           CM
ACM

• emiocftnoNB
               * oovrnucTcn IOCATXJNB
                        XJ9 BAOOONC NCTWCMC

                        punHC RAvcrnr MFBWO
          Figure 1. Schematic of EPA's National Data Communications Network
                                                                   n
                                                                   «
                                                                   u>
                                                                   e

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.08                         Page 4 of 4


      d.    Any operational problems experienced by the state in accessing the EPA network
            should be reported to the NDPD's Network Control Facility (NCF) at (919) 541-
            4506  or (800) 334-0741, or to Customer Support  at (919) 541-7862.  The
            respondent will open a Centralized Problem Management (CPM) record to track
            the problem until its resolution.  If repair of EPA-owned equipment is necessary,
            the proper vendor personnel will be dispatched.  Unless otherwise specifically
            agreed to, NDPD will ensure proper data communications to the output interface
            on the modem or similar device provided.  The state shall be responsible for
            repair and maintenance of equipment beginning with the interface cable to the
            state computer/data communications equipment.


7.0   PROCEDURE REFERENCES

      a.    "Development  of the SEDM Strategic Plan," Michele  Zenqn, National State
            Environmental Data Management Coordinator, presented at National Environmen-
            tal Information Conference, Philadelphia, PA, November  1991.   (Location:
            EPA/OIRM, PM-211)

      b.    EPA Series 2100, Information Resources Management Policy Manual, Chapter
            3, "State/EPA Data Management," 7/21/87, POLICY, Section 5.g, "EPA will
            design and manage its computing and data communications network to support
            timely and reliable  State access to EPA systems and data bases." (Location:
            EPA/OIRM, PM-211)

      c.    U. S. Environmental Protection Agency (1990), Federal Register. Volume 55,
            No. 243, pages 52012-52013, December 18,1990, "Financial Assistance Program
            Eligible for  Review,"  (OIRM-FR-3870-6). Office  of  Information Resources
            Management, U.  S. EPA, Washington, DC 20460.

      d.    U.  S. Environmental Protection Agency (1990), State/EPA Data Management
            Financial Assistance Program:  Guidance for Applicants. November 19,  1990,
            Information Management and Services Division, Office of Information Resources
            Management, U.  S. EPA, Washington, DC 20460.
      e.    U.  S. Environmental Protection Agency (1990), State/EPA Data Management
            Financial  Assistance  Program:  Regional  Guidance.  December  18,  1990,
            Information Management and Services Division, Office of Information Resources
            Management, U. S. EPA, Washington, DC 20460.

      f.     Fulford, D.  W. (1991),  "ADP Review of State Data Management Program
            (SEDM) Grants," Memo  to Assistant Regional Administrators, April 1,  1991.
            National Data Processing Division, MD-34, U. S. EPA, RTP, NC 27711.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Telecommunications Considerations for                     NO.    300.09
             Facilities Modifications
APPROVAL: tv^-^'^                                  DATE:
1.0   PURPOSE

Adherence to this policy will ensure consistency in the design and implementation of voice and
data communications throughout the EPA and allow for anticipated growth and modifications
brought about by the rapid changes in communications technology at the site level.


2.0   SCOPE & APPLICABILITY

This policy is applicable to the EPA voice and data communications Wide Area Network (WAN)
and Local Area Networks (LANs)  maintained and or supported by NDPD.   Specifically,  it
addresses wiring specifications for telecommunications connectivity to this network at any EPA,
contractor, or other site during the planning of a new facility, renovation of an existing facility,
or relocation to a new facility.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement and will annually review policies
for needed modification and/or enhancement.

The Chief of the Telecommunications Branch (TCB) is responsible for ensuring compliance with
this policy.


4.0   POLICY

The Telecommunications Branch of NDPD works in conjunction with the Facilities Management
and Services Division (FMSD) to provide extensive assistance  in the design, planning,  and
coordination of telecommunications services for all EPA facilities.  Special assistance is provided
for the buildout of new space.  NDPD will prepare a project plan and develop a Memorandum
of Understanding to  define the level  and  amount  of support provided  and the funding
requirements. NDPD will provide technical support for all components of the NCC telecommu-
nications  network.

NDPD will  provide detailed planning assistance with  all telecommunications requirements
including but not limited to wiring/cabling, equipment, cabinets/racks, etc., that may be specific
to this site for both voice and data.  Directive 310.12, Wiring and Optical Fiber  Cabling for
Voice and Data Telecommunications, provides NDPD  telecommunications wiring standards.

The NDPD Project Management team will conduct onsite inspections during appropriate stages
of a project and provide a progress briefing to site personnel.

While NDPD provides planning and inspection assistance, it does not supervise or manage any
construction personnel or other contractor personnel hired by GSA or site management.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.09                          Page 2 of 3


The Telecommunications Branch will assist the site staff in determining which telecommunica-
tions services will be provided to all occupants of new or renovated space.  Program office
occupants may be offered the opportunity to upgrade the type and/or level of these identified
services, on condition that the program office bear the burden of the additional expense.


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     Assistance from NDPD for any form of facility move/renovation should  be
             obtained through submission of a Telecommunications Service Request (TSR).
             It is important that NDPD be notified through the TSR system as soon as a
             requirement for a facility modification is known.

       b.     A TSR should be submitted early enough for NDPD  to provide any necessary
             preconstruction consultation and assistance.  NDPD has experience in  physical
             plant design that allows for future expansion of telecommunications wiring media
             as well as general building and workstation layout.

       c.     As NDPD does not provide funding to support Building and Facilities  (B & F)
             projects, it is especially important that each office include telecommunications
             requirements  in their respective responses to Facilities' annual B & F call letter.
             Identification of voice and data communications needs through this means will
             allow for timely and adequate budget coverage in either the Regional or  National
             Support Account.  The Telecommunications Branch will coordinate the  ordering
             and provisioning of telecommunications services within NDPD.

       d.     In accordance with Agency procurement policy, all purchases of voice communi-
             cations equipment and associated services (including FAX equipment) in excess
             of  $5000 must be approved by NDPD.  Purchase  of data  communications
             equipment is  subject to the same Agency review and approval process applicable
             for all ADP equipment. This provision is intended to assure technical compatibil-
             ity, and correct application or Agency telecommunications standards for optimal
             performance  of the purchased equipment.


7.0    PROCEDURE REFERENCES

       a.     U.  S.  Environmental Protection  Agency.  (1984) EPA Transmittals 4800 Series
             Facility and Support Services Manual, Volume 4840, Facilities Management,
             OARM-FMSD, Washington, DC. (Available from Director, FMSD, PM-215)

       b.     U.  S.  Environmental Protection  Agency.  (1992) NDPD Operational Directives
             Manual (Report 285/001), Directive 310.12, Wiring and Optical Fiber Cabling
             for  Voice and Data Telecommunications. National Data Processing Division,
             Office of Administration and Resources Management, Research Triangle Park,
             NC (Location: Publications Technical Library and on-line on IBM ES/9000 in
             data set JUSD.DIRECTIV.MANUAL)

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.09                         Page 3 of 3


      c.    U. S. Environmental Protection Agency. "Approval of Procurements for Voice
            Communications," Memorandum, dated July 17, 1989. Office of Administration
            and Resources Management. Procurement and Contracts Management Division,
            Washington, DC (Available from Director,  PCMD)

      d.    U. S. Environmental Protection Agency. "Clarification of Approval Authority for
            FAX Equipment," Memorandum, dated August 16, 1989. Office of Administra-
            tion  and Resources  Management.  Procurement and  Contracts  Management
            Division, Washington, DC (Available from  Director, PCMD)

      e.    U. S. Environmental Protection Agency. Chapter 6,  "ADP Resources Manage-
            ment," Information Resources Management Policy Manual (2100 Series). July 21,
            1987.  Office of  Information and Resources Management, Washington, DC.
            (Available from OIRM)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NDPD Telecommunications Support for                     NO.    300.10
             National Conferences and Demonstrations
APPROVAL:     vv'                                               DATE:
1.0    PURPOSE

In the past, NDPD has provided support to EPA national program system managers for various
national conferences, meetings, and demonstrations requiring data communications connectivity.
This support will be continued as outlined in this policy.


2.0    SCOPE & APPLICABILITY

This policy is applicable to the data communications Wide Area Network (WAN) maintained and
supported by NDPD.  Specifically, it will be used to evaluate all requests for connection to the
network and for NDPD support for conferences, meetings, and demonstrations.


3.0    RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement, and will annually review these
policies for needed modifications and/or enhancements.   NDPD will  provide approval  and
technical support for all components of the NCC telecommunications network.


4.0    POLICY

       a.     Assistance is obtained from NDPD through submission of a Telecommunications
             Service Request (TSR).  A TSR should be submitted at least 6 months in advance
             of a planned event to allow proper lead time for NDPD to obtain dedicated data
             circuits for a site.  If necessary, dial-up data service can be provided  to a site
             with the submission of a TSR in no less than 60 days  from the expected start of
             an event.

       b.     NDPD must be given the name of a designated "technical contact" at the site of
             the proposed event to assist with the physical constraints that are unique to each
             specific location.

       c.     For an event for which an approved TSR exists, NDPD will furnish all necessary
             equipment to provide data communications connectivity to the EPA National Data
             Communications Network. This includes,  but is not limited to, data  circuits,
             modems, multiplexors, and 3270 cluster controllers. It is the responsibility of the
             requesting organization  to provide  and/or fund any  terminals, PCs, monitors,
             projectors,  software, communications boards, ana all other end-user devices
             needed  for the event.  It is also the requesting organization's responsibility to
             provide adequate security for  these devices for the duration of the event.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.10                           Page 2 of 2

       d.     Normally, NDPD  will  provide  the following at no cost  to  the  requesting
             organization for an event lasting up to 3 days:
             •     One analog data circuit with an aggregate speed of 9600 BPS.
             •     One 3270 cluster controller or asynch terminal concentrator device.
             •     One onsite data communications technician.
       e.     Certain factors may necessitate funding from the requesting organization.  These
             include, but are not limited to, the following:
             •     Digital high-speed circuits with aggregate speeds in excess of 9600 BPS
                   or multiple analog circuits.
             •     Lengthy events (in excess of 3 days).
             •     Complicated internal wiring and setup at the site.
             •     Conferences  located  outside the continental  United States.   In this
                   instance, a  significant amount of advance planning is necessary.  Six
                   months notification,  as  well as  funding source identification,  will be
                   required.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Network File System (NFS)                              NO.    300.11

APPROVAL: £$&•Jkizh's* :                                    DATE:
	L^_^	. V.\ -J'   	


1.0   PURPOSE

This document provides background information on the application of the Network File System
(NFS) at the NDPD and defines responsibilities and policy to ensure that an appropriate level
of technical support is maintained for this product.


2.0   SCOPE & APPLICABILITY

This policy applies to the "lead" EPA Branch Chief and Technical Manager for each of the
following NDPD architectures:

      •     IBM Mainframe:  ADP Operations Management Branch
      •     Novell  NetWare:  Telecommunications Branch
      •     Prime:  Information Centers Branch
      •     VAX, DG, HPC: Scientific Computing Branch

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement, and will annually review policies
for needed  modification and/or enhancement.  NDPD will provide approval and technical
support for all components of the NCC telecommunications network.

The designated lead EPA Branch Chief and Technical Manager are specifically responsible for
NFS and for all other systems support facilities on the designated architectures.


4.0   POLICY

The EPA Geographical Information Systems (GIS)  and  Supercomputing programs require
multiplatform file services across machine architectures. At present, NFS is the only solution
available to meet these requirements. Although rapid changes in this situation are expected over
the next 3 years (e.g., GOSIP, AFS under OSF/x), NDPD must deploy NFS selectively on some
of the EPA architectures to meet these multiplatform needs.


5.0   DEFINITIONS

None.


6.0   STANDARDS

NFS is a file system consisting of systems  level software resident on the machine which uses it.
Different NFS implementations can allow  an individual machine  to be a client, server, or both
in a given set of environments.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.11                          Page 2 of 2


The NFS capability is "owned" by the operating system and its appropriate systems level support
structure/organization within NDPD.

EPA supported/approved architectures currently eligible for NFS include those for which NDPD
has announced support.  Unsupported NFS platforms  may be connected to EPA  supported
TCP/IP networks only  with the approval of the senior site technical manager and must be
temporarily disconnected from the network if they are suspected of causing service disruption.

Each NDPD supported architecture has a lead EPA NDPD Branch Chief and an EPA NDPD
Technical  Manager  in  a  position of authority  and responsibility for  total  support of the
architecture.

Telecommunications Branch supports transport of TCP/IP and other related NFS protocols only
on full speed, locally attached, 16 megabit Ethernet local area networks designed, approved, and
supported under NDPD operational LAN policies. NFS protocols on media operating at speeds
of less than 10 megabits/second will not be supported in EPA. It is NDPD's intention to install
technology to manage and control  this access.

The appropriate  Lead EPA NDPD  Branch Chief  and NDPD  Technical  Manager  will be
responsible for:

       •     Determining whether or not NFS will be supported and in what form (e.g., how
             many variations, client/server, etc.).

       •     Determining and  obtaining resources for software, distribution,  maintenance,
             support staff, etc., to support NFS.

       •     Determining the level of support NFS is to receive under the support strategy and
             obtain NDPD-wide concurrence for this level of support.

       •     Assuring that field System Administrator training, documentation, guidelines, and
             other notifications are in place for quality NFS support.

       •     Assuring  that  total  NFS support for the architecture is either in place or not
             needed in other NDPD and field support organizations (i.e., Customer Support,
             Information  Centers,  Telecommunications  Hotline  (NCF),  and  Network
             Management.


7.0   PROCEDURE REFERENCE

Materials under development.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Radio Frequency Management                        NO.    300.12
1.0   PURPOSE

This document describes NDPD's  policy for  managing the  acquisition,  installation,  use,
administration, and support of radio communications systems serving EPA offices nationwide.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.    All NDPD personnel  and contractors nationwide who plan, design, engineer,
            implement, administer, maintain, and support radio communications equipment
            and services.

      b.    All EPA program office personnel nationwide who request, acquire, and use radio
            communications equipment,  services, and support.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

      a.    NDPD is responsible for acquiring and managing radio frequency services for the
            Agency.  NDPD provides assistance in planning, designing, engineering, and
            acquiring radio communications equipment and  services.  NDPD's Telecom-
            munications Branch serves as a liaison between EPA and the National Telecom-
            munications and Information Administration's (NTIA's) Frequency Assignment
            Subcommittee (FAS) within the Department of Commerce. NTIA is responsible
            for the assignment of radio frequencies to all federal agencies.

      b.    Procurement of radio communications equipment is  the responsibility of the
            requesting program office.

      c.    NDPD is responsible for maintaining and enforcing this policy and will review
            it annually for needed modifications and/or enhancements.


4.0   POLICY

      a.    EPA program offices  must request the assignment of a radio frequency before
            purchasing any type of radio transmission equipment (see EPA Radio Frequency
            and Equipment Acquisition Guide). Prior to submitting a Procurement Request
            for radio transmission equipment to a purchasing office, the program office must
            obtain NDPD  approval for use  of the proposed or requested frequencies,
            transmitter power,  antenna height, range of operation, and call signs. Headquar-
            ters program offices request radio communications frequency assignments, call
            signs, services, and support from NDPD through the  Radio Frequency Assign-
            ment Request (RFAR) process.

-------
                       ofucaia tui louiu ii«jucin.y oaaigi
                       appropriate EPA Project Officer.
NDPD OPERATIONAL DIRECTIVE NO. 300.12                         Page 2 of 2


      b.    All requests for radio  frequency assignments,  radio call  signs,  and radio
            communications acquisition assistance must be in writing on EPA letterhead from
            an EPA Program Director or Project Officer and sent to:

                  EPA Washington Telecommunications Center
                  Deputy Chief, Telecommunications Branch (PM-211T)
                  401 M Street, SW
                  Washington DC 20460

      c.    Contractor requests for radio frequency assignments and call signs must be made


      d.
5.0   DEFINITIONS

None.


6.0   STANDARDS

NDPD will conduct Radio Frequency Management operations in accordance with Manual of
Regulations and Procedures For Federal Radio Frequency Management (5-89, revised 9-90
and  1-91), National  Telecommunications  and Information  Administration (NTIA),  U.S.
Department of Commerce.


7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental Protection Agency,  (draft, 1993) EPA Radio Frequency
            Management.    Washington,  DC:    National  Data  Processing  Division.
            Telecommunications Branch.

      b.    Department of Commerce.  (1989, revised  1990 and 1991) National Telecommu-
            nications and Information Administration. Frequency Assignment Subcommittee.
            (Location: Available from NDPD Telecommunications Branch, Washington, DC
            or Government Printing Office)

      c.    U. S. Environmental Protection Agency, (draft, 1993) EPA Radio Frequency and
            Equipment Acquisition Guide. Washington, DC.

      d.    U. S. Environmental Protection Agency, (draft, 1993) EPA Radio Communica-
            tions Operations Guide. Washington, DC.

      e.    U. S. Environmental Protection Agency.  (1991, updated 1993) EPA Headquar-
            ters Telecommunications Resource Handbook. Washington, DC.

      f.    U. S. Environmental Protection Agency.   (1987) OIRM Policy Manual. Office
            of Information Resources Management. Washington, DC:  chapter 7, Section
            5.e.(2) and 5.e.(3), pp. 7-3 and 7-4, Directives 2100 dated 7/21/87.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Support for Toil-Free (800)                           NO.    300.13
             Telecommunications Support
APPROVAL:     -V-v--.;. .7^..,^                                 DATE:
1.0   PURPOSE

This policy provides guidance for establishment and utilization of toll-free (800) telephone
number  telecommunication services for access to the EPA network.  The FTS2000 contract
which provides governmentwide  telecommunications services is managed  by GSA and  is
designated as a mandatory use contract.  Therefore, EPA's toll-free (800) services must be
ordered  under the FTS2000 contract.


2.0   SCOPE & APPLICABILITY

This policy applies to all EPA organizations and their employees, and to personnel of agencies
(including state agencies,  contractors,  and grantees) of EPA.   Toll-free telecommunications
services intended include voice access,  data transport, and voice mail.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

NDPD is responsible  for policy maintenance and  enforcement.  NDPD will review  policies
annually, will  effect necessary modifications and enhancements, and will provide technical
support as required.

The NDPD Telecommunications Branch is responsible for project management of telecommuni-
cations contracts and for tasking contractors to provide required services. NDPD shall  monitor
usage of EPA 800 services  in order to discourage and detect instances of fraud, waste, and abuse
of these services.


4.0   POLICY

      a.     Toll-free (800) service to the EPA network is provided in  circumstances only
             where a local access number is not available.

      b.     NDPD-supplied 800 numbers  include  those providing access to asynchronous,
             bisynchronous, and  synchronous dial access to the EPA network and for access
             to NDPD Help Desks, (e.g., Customer Support, Network Control  Facility, the
             FTS2000 Business Office, and the International Telecommunications Help Desk).

      c.     Any organization can request and/or establish 800 services for access to the EPA
             network or NCC services whenever provision of that 800  number is intended  to
             meet a bona fide U. S. Government  requirement, the requestor  will  provide
             funding for  the service,  and the service  is in  the best interests of 'the U.  S.
             Government.  The Telecommunications Service Request (TSR) process will be
             used as the vehicle for requesting such services.

-------
NDPD OPERATIONAL DIRECTIVE NO. 300.13                          Page 2 of 2


       d.     EPA organizations that wish to have NDPD assistance to establish 800 services
             must request these services through the submission of a completed TSR, including
             justification, to:

                   EPA FTS2000 Business Office
                   MD-90B
                   Research Triangle Park, NC 27711
                   1-800-242-4387

       e.     NDPD will  ensure 800  service availability,  reliability,  and service  levels
             consistent with established standards and procedures.

       f.     Funding for all  800 telecommunications  services  must be  provided by the
             requestor.  NDPD will provide an estimate of charges if requested. Requestors
             should note that 800 services may be more costly than other alternatives and are
             provided primarily for the convenience of customers outside of the local calling
             area.  The implementation of 800 services should neither interfere with nor
             replace any existing telecommunications services.

       g.     Customers interested in establishing  toll-free international  telecommunications
             should refer to and comply with provisions  in the NDPD International Telecom-
             munications Support, NDPD Operational Directive No. 300.07.


5.0    DEFINITIONS

Telecommunications Service Request (TSR): A standard form which, when completed, provides
NDPD personnel with the information needed to approve, schedule, and monitor connectivity
changes or changes to the EPA  national network.

FTS2000:  A telephone network established  to provide communication support  to and among
agencies of the federal government.


6.0    STANDARDS

       a.     Toll-free telecommunications connectivity service will be available 24 hours a
             day, 7 days a week, throughout the year.   Routine support and  administrative
             services will be available during normal business hours.

       b.     Any 800 lines  used for data transfer  will be subject to voice-grade line limita-
             tions.


7.0    PROCEDURE REFERENCE

U.  S.  Environmental  Protection  Agency.  NDPD Operational  Directive  300.07.   NDPD
Operational Directives Manual (Report No.  285/001). Research Triangle Park, NC:  National
Data Processing Division. (Location: Publications Technical Library)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      Local Area Network (LAN) Planning                       NO.    310.01

APPROVAL:   f)     jQlt\                                      DATE: ^
	A~/Gn+L6(. KAar.
1.0   PURPOSE

This policy defines the methods approved by NDPD for establishing a new LAN or performing
a major modification to an existing LAN.

The objective of this policy is to identify all of the hardware, software,  and configuration
information necessary to assure compatibility of Agency network components and to clarify and
identify the level of support expected from the NDPD central support group.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, operation, and maintenance of Agency LANs.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modification and/or enhancement, and will coordinate technical support for
all Agency standard LANs.

NDPD will provide consultation in preparing the LAN plan, preliminary review, and appropriate
planning materials upon request.


4.0   POLICY

The success of any LAN depends largely on the quality of the implementation plan. Ail Agency
LANs will be installed and operated according to an approved LAN plan and implemented and
tracked through the NDPD Telecommunications Service Request (TSR) system as specified in
Section 6.0 Standards.


5.0   DEFINITIONS

Local Area Network (LAN):  A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

Extended LAN Facility (ELF):. An NDPD-approved LAN bridge or repeater subsystem which
joins  two  or more facility backbones to form a Metropolitan Area Network (MAN) between
facilities in a "campus" environment. All ELFs require NDPD approval under the TSR process.
ELFs are jointly funded by NDPD and the relevant user organization.  ELFs are supported by
NDPD.

Metropolitan Area Network (MAN):  A metropolitan area network comprises two or more
facility backbones joined by an ELF in a "campus" environment.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.01
Page 2 of 4
EPA LAN Manager:  SIRMO designated Federal employee who has overall responsibility for
the administration and security of the file server.

LAN System Administrator:  The person who has hands on responsibility for carrying out daily
operations and maintenance of the LAN as detailed in NDPD Operational Directive 310.03.

Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.

LAN RDBMS Server:  A relational data base management system server  deployed on a LAN
and accessed by LAN clients.  To be supported on Unix servers and on Netware servers.
6.0   STANDARDS

      a.     The following LAN plan components must accompany each TSR:

             (1)    A configuration plan, including the following items.

                          Server model.
                          Number of disk drives.
                          Amount of memory.
                          Network operating system version.
                          A count of workstations.
                          Token-ring address and symbolic name for each backbone device.
                          Location of the wiring closet, the number of MAUs in each closet,
                          the type of wiring used, and the location  of each network node
                          and its lobe length.
                   •     The distance between wiring closets and the type of wiring used to
                          connect  the closets.

             (2)    A diagram (for example, an FMSD blueprint) which is to  scale, with
                   markings designating the location of each LAN server and workstation
                   attaching to the LAN.  In  some Agency  facilities,  the instability  of
                   electrical power is a significant concern. In such facilities, the installation
                   of critical components (e.g., file servers, bridges, and gateways) in central
                   "technology areas" with appropriate power conditioners, should be consid-
                   ered.

                   Type 1 cable is recommended for token-ring LANs.  NDPD approval is
                   required for any exceptions. Type  1 cable is mandatory for all token-ring
                   backbones and  all connections to the backbone. Ethernet wiring will  be
                   "thickwire  coax" for backbones and thick- or thinwire  coax  for PC
                   connections.

                   Thickwire, thin-wire, and twisted pair Ethernet wiring conforming to the
                   10 BASE-T IEEE standard is acceptable.  Any multifioor LANs must  be
                   connected via an approved facility backbone. (For details, see Directive
                   No.  310.12,  Wiring and  Optical Fiber Cabling for Voice and Data
                   Telecommunications.')

                   Note:  It is recommended that a hardware and software plan be prepared
                   as part of the LAN planning process.  Contact LANSYS for assistance.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.01                         Page 3 of 4


            (3)    A LAN System Administrator must be named to serve as the technical
                   contact along with a backup Administrator. The names, phone numbers,
                   and Email ID of the LAN System Administrator and backup Administrator
                   must be provided. Date of completion (or scheduled completion) of the
                   EPA LAN System Administrator course must be provided.

            (4)    The name, phone number, and Email ID of the EPA LAN Manager must
                   be provided. This is the Federal employee who has overall responsibility
                   for administration and security for the LAN.

            (5)    Each LAN plan for token-ring LANs should be attached to a TSR and
                   submitted for review, approval, and implementation to:

                        TCB/LANSYS
                        NDPD  MD-90
                        U.S. EPA
                        RTP.NC 27711

                   Each LAN plan  for Ethernet LANs should be attached to a TSR and
                   submitted for review, approval, and implementation to:

                        TCB/Ethernet
                        NDPD MD-90
                        U.S. EPA
                        RTP, NC 27711

                   All TSRs must be signed by the appropriate, official EPA ADP Coordina-
                   tor.

      b.    All modifications to the facility backbone must be approved by NDPD via the
            TSR process.   This includes both major modifications such as addition of file
            servers, gateways, RDBMS Servers, and routers, and minor modifications such
            as changing a file server's token ring card. That is, every change involving a
            backbone hardware address or symbolic name must be reported via a TSR.  (See
            Directive No. 310.10, LAN Change Management.

      c.    The LAN System Administrator must ensure that adaptor cards used for the
            backbone or in  conjunction with a print ring are defined for LAN Manager in the
            symbolic name file. If a resource is defined as critical, it must be designated as
            such within LAN Manager.

      d.    The appropriate LAN System Administrator support group shall designate the
            LAN as operational when all workstations and gateways have been configured and
            tested. The LAN support group shall ensure that LANSYS or DECSYS is infor-
            med of the LAN's designation as operational.

      e.    A TSR must be submitted for an RDBMS server.   In addition to the TSR
            information for a file server,  it must include the following:

            (1)    A LAN Data Base  Administrator (LAN DBA) and  Backup LAN DBA
                   must be named to  serve as the technical contacts.  The names, phone
                   numbers, and Agency Email IDs of the LAN DBA and Backup LAN DBA
                   must be provided.  The date of completion of the EPA LAN Data Base
                   Administration course for the DBA  and backup must be provided.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.01                        Page 4 of 4


            (2)    A configuration plan for the RDBMS server, as shown in Appendix A of
                  the EPA LAN Operating Procedures and Standards manual Volume II:
                  Oracle for Netware must be submitted as part of the TSR.


7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. (1993) LAN Operational Procedures, Volume II Oracle
for NetWare (Report No. 397/002)  Research Triangle Park, NC: National  Data Processing
Division, Telecommunications Branch (Location: Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Supported LAN Hardware and Software                    NO.    310.02

APPROVALi                                                      DATEi 51
1.0   PURPOSE

This policy defines methods approved by NDPD for acquiring Agency-supported hardware and
software for Local Area Networks (LANs).

The objectives of this policy are to:

      a.    Preserve individual LAN stability.

      b.    Provide a compatible, predictable environment for applications.

      c.    Provide a consistent environment for customers.

      d.    Provide a consistent environment for testing and support.

      e.    Provide an environment where  interconnected LANs  deliver services  and
            applications to all Agency LAN workstations.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and employees and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, operations, and maintenance of Agency LANs.


3.0   RESPONSIBILITIES

NDPD is responsible for policy  maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will coordinate technical support for
all Agency standard LANs.

The Architectural Management and Planning Branch (AMPB) at NDPD will evaluate Agency
requirements for LAN  hardware and  software (and services, as appropriate).   Through
established procurement processes in conformance with GSA and Agency policy, AMPB will
establish contracts for the use of Agency offices operating LANs.

The Program Management Support  Branch  (PMSB) at NDPD will, upon  award of Agency
contracts for LAN equipment and services, assume contract administration responsibilities.

The purchasing office's PC Site Coordinator (PCSC) and Senior Information Resource Officer
(SIRMO) will review and approve all Purchase Requests for acquisition of items through Agency
contracts.
 | Indicates Change

-------
Page 2 of 10                         NDPD OPERATIONAL DIRECTIVE NO. 310.02


4.0   POLICY

      a.    LANs should be composed of Agency-supported hardware, software,  and
            telecommunications components. Generally these components will be acquired
            through Agency contracts. Hardware and software approved for interconnection
            to the Agency LAN/WAN backbone are listed in Section 6.0 Standards.  This
            policy will be updated on  a quarterly  basis.   Questions regarding recently
            approved products should be directed to LANSYS at (FTS) 629-2804 or (919)
            541-2804.

            Through the TSR process, a request may be made to the Director, NDPD for
            approval of the connection of unsupported equipment to the Agency backbone.
            This request must be accompanied by adequate justification. In the case of such
            approvals, the following two caveats will apply:

            (1)    If a customer  experiences problems with unsupported products, NDPD
                   support staff will  be  unable to work with the customer to resolve those
                   problems.   Customer departments  must plan  to allocate their own
                   resources to provide  support for such products.  Agency vendor support
                   contracts  will not be utilized  to resolve problems  with  unsupported
                   equipment.

            (2)    In the event of backbone problems, NDPD reserves the right to temporari-
                   ly disconnect such equipment as part of the troubleshooting process. If
                   the unsupported equipment is demonstrated to be the cause  of problems
                   on the backbone, it will be disconnected.

      b.    NDPD will fund and support Value-Added Backbone Service (VABS) components
            for each approved site. Additional  components will be announced annually.

      c.    NDPD  will provide and  support upgrades to Agency  standard LAN  systems
            software, including (1) operating system  software within the current platform
            (e.g. upgrade NetWare 286 Rev 2.15 to NetWare 286 Rev 2.2); (2) workstation
            shell software; and (3) communications gateway, routers, and bridges.

      d.    NDPD will manage and support Source Routing Bridges (SRBs) for sites which
            will require accessibility to an AS-400. Approval must be obtained from NDPD
            for this process.

      e.    OS/2 Communications Manager Connectivity.  A TSR  should be submitted
            requesting a coax connection to that workstation.  Source routing bridges will not
            be approved to support communications manager connectivity.

      f.    Operating system and connectivity software may not be modified without written
            approval from the Director of NDPD via the TSR process.

      g.    Extended LAN Facilities (ELFs) between campus facilities will be approved when
            all  backbones and configurations involved completely meet NDPD operational
            LAN policies.

      h.    Interconnectivity of Macintosh AppleTalk networks, or the use of a Macintosh as
            a token-ring workstation, is not supported.


|  Indicates Change

-------
NDFD OPERATIONAL DIRECTIVE NO. 310.02                        Page 3 of 10


       i.      NDPD will fund the following facility backbone token ring LAN components:
             a minimum of one Multistation Access Unit (MAU) per floor in EPA facilities
             designated as  token ring LAN sites in an approved LAN plan, wiring  and
             connectors required for the backbone to provide connectivity between LANs on
             different floors, and other internetwork resources that enable sharing of bridges,
             routers, and gateway resources.

      j.      NDPD will support DEC connectivity to an Ethernet LAN through approved
             Ethernet interfaces.  NDPD will continue to test products for compatibility.
             Further enhancements are not guaranteed.  For Ethernet LANs, NDPD will fund
             thick wire facility backbones and connections in EPA facilities designated as
             "Ethernet LAN" sites.


5.0   DEFINITIONS

Agency Contracts:  EPA has a contract from which organizations will  be able to acquire
necessary  workstations,  software, peripherals,  and LAN products.    Digital Equipment
Corporation (DEC) DECNET and Ethernet components are available via the OIRM Scientific
Computing Equipment Contract, as well as via approved GSA schedule items.

Agency supported hardware and software: Products which have been tested by NDPD/LANSYS
and determined operative in the current and planned EPA LAN environment. Agency supported
products will be part of the  NCPD LAN  Test Facility and  will be utilized in determining
acceptability of LAN products.

Bridge: Software and  hardware physically joining separate networks into a single logical
network.  Bridges allow customers on one network to access the resources of another network
and operate at Level 2 of the protocol stack.

Gateways:  Special purpose protocol translators that allow LANs to connect to other types of
services and computers.

LAN Relational Data Base Management System: A relational data base management system
server deployed on a LAN and accessed by LAN clients.

Novell SNA Gateway: Allows LAN workstations to connect to the IBM mainframe via the
Agency's SNA network.

NACS Gateway:   Novell  Asynchronous  Communications  Server  (NACS)  allows LAN
workstations to dial out over modems to make asynchronous connections to other systems.

Multistation Access Unit (MAU): A passive wiring concentrator for the star-wired, token ring
network.  Each MAU has connectors for eight devices (workstations, servers, and gateways) to
gain access to the network ring.  The MAU is generally located in a wiring closet or at a central
location within an office. Multiple MAU's are linked together to allow more than eight devices
to be attached to a ring.

Netware  Access  Server:  Provides remote workstations  access to  a Netware LAN with
functionality as if they were workstations on the local network.

Repeaters: Devices that provide a bit-by-bit signal regeneration capability, thereby allowing the
physical extension of the length of a LAN's cabling.

| Indicates Change

-------
   Page 4 of 10                       NDPD OPERATIONAL DIRECTIVE NO. 310.02


   Router:  A high level protocol-specific device allowing LAN interconnectivity, for example,
   Novell file server connected between a customer ring and a facility backbone.

   Value-Added Backbone Service (VABS):  A centrally managed platform which allows services
   that are common to all LANs connected to a backbone to be consolidated onto one system.
   VABS servers are jointly managed by NDPD and the Regional Office. Future services may be
   added and maintained in a cost-effective manner to provide increased productivity and capability
   for program offices.  This is the platform for delivery of National LAN applications.


   6.0    STANDARDS

                AGENCY SUPPORTED HARDWARE AND SOFTWARE

   Agency supported hardware and software as of the effective date of this policy is listed below.
   An updated list of the most current Agency supported hardware and software is located on each
   of the VABS  file servers.  This file,  SUPPORT.STD, may be obtained via  POSTMAN by
   receiving a file from the COMMON user.


   AGENCY TESTED WORKSTATIONS:

|   See  VABS Common directory, SUPPORT.STD file, for current information.


   WORKSTATION ADAPTER CARDS:

   Token ring:   IBM 4 MBPS token ring Adapter/A, Adapter n
               IBM 16/4 MBPS token ring Adapter/A, Adapter n
|               3COM token ring adapters - ISA (3C619), MCA (3C629), and EISA (3C679)

   Ethernet:     DEC DE1000
               DEC DE101
               DECDE200
               DEC DE201
               DEC DE210
               Western Digital (File server only)
               3COM 3C523 (File server only)
               3COM 3C503 (Workstation only)


   WORKSTATION OPERATING SYSTEMS

   DOS V3.3
   DOS V4.01
   DOS V5.0
|   DOS V6.2 on NEC Image 466, NEC Powermate 466es, and Dell 433L
     Indicates Change

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.02                      Page 5 of 10


AGENCY SUPPORTED PRINTERS:

HP DeskJet Plus, PaintJet XL, LaserJet series
Qume
IBM Proprinter
IBM Graphics Printer
QMS Postscript
Panasonic KX-P1180 Narrow Carriage Printer
Okidata Microline 391 Plus Wide Carriage Printer
Texas Instruments Laser 2115 Printer
Texas Instruments Micro-LASER PS
NEC P6300 24 Pin Matrix Printer
IBM 4019-001 Laser Printer
NEC Silent Writer 95
Tektronix Phaser JJ SX Color Printer


PRINTER TO TOKEN RING ADAPTER

HP JetDirect Card for the HP LaserJet II/nD/m/mD/mSi


AGENCY SUPPORTED FILE SERVERS:

IBM PS/2 MOD 80-071:   IBM ESDI disk controller
                       IBM 70 MB and 115 MB disk drives
                       CORE 380 MB disk drive

IBM PS/2 MOD 80-A31:   IBM Standard SCSI Controller
                       IBM Enhanced SCSI Controller
                       IBM 320 MB SCSI disk drive

IBM PS/2 MOD 95-OKF:   IBM Standard SCSI Controller
                       IBM Enhanced SCSI Controller
                       IBM 400 MB SCSI disk drive

IBM PS/2 MOD 95-OLF:   IBM Standard SCSI Controller
                       IBM Enhanced SCSI Controller
                       IBM 400 MB SCSI disk drive

IBM PS/2 MOD 95-OMF:   IBM Standard SCSI Controller
                       IBM Enhanced SCSI Controller
                       IBM 400 MB SCSI disk drive

Compaq Prosignia Model 550

CMS 1.034 GB disk (For SCSI controllers only.)

DEC 1.2GB SCSI disk
|  Indicates Change

-------
   Page 6 of 10                     NDFD OPERATIONAL DIRECTIVE NO. 310.02


   ADD-ON MEMORY CARDS FOR FILE SERVERS:

   INTEL MC-32
   INTEL Above Board-MC


   AGENCY FILE SERVER ADAPTER CARDS:

   IBM 4 MBPS token ring Adapter/A
   IBM 16/4 MBPS token ring Adapter/A
   (Note: 1990 Firmware not supported for use in file servers.)
|   IBM LANSTREAMER
   3COM Etherlink/MC Ethernet adapter card for file servers only.
|   3COM token ring adapters - MCA (3C629) and EISA (3C679)


   AGENCY SUPPORTED NOVELL OPERATING SYSTEMS:

   Netware 386 V3.ll


   TAPE BACKUP HARDWARE/SOFTWARE:

   Maynard 2200hs Tape Backup System
   Maynard Backup Software v3.10


   RE-WRITABLE OPTICAL DISK:

   SCSI Express Software for Novell Netware 386
   Micro Design Laserbank 600R
   Adaptec 1640 Micro Channel SCSI Adapter
|   IBM Enhanced SCSI Controller
   | Indicates Change

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.02                      Page 7 of 10


CD ROM:

SCSI Express Software for Novell Netware 386
Adaptec 1640 Micro Channel SCSI Adapter
IBM Enhanced SCSI Controller
Meridian Data Inc. Model 314 (Supported for existing installations, but not recommended for
new purchase)
NEC CDR-74


NAGS GATEWAY;

ASCOMIV V1.41
NASI V2.09
NACS GW V2.09
XTALK V3.71
Crosstalk For Windows VI.2.2


SNA GATEWAY/SAA:

Netware 3270 LAN Workstation V2.0
Netware 3270 LAN Gateway VI.3
Netware APA Workstation Graphics V2.0
DynaComm Elite V3.3.1
NetWare for SAA 1.3
MODEMS:

Hayes/100% Hayes Compatible 1200/2400 baud
Hayes V.32 bis Ultra 144 external modem
CODEX 3260 (Desk top or rack mount)  1200/2400/9600/19200 baud
ZOOM  V.32 - 9600 External Modem.
LAN DIAL IN VIA NETWARE ACCESS SERVER:

COMPAQ 386/25E
Netware Access Server VI.22
ONLAN for Access Server VI.22
ONLAN for Access Server VI.3B
LANSPOOL:

LANSPOOL V3.0
 Indicates Change

-------
   Page 8 of 10                      NDPD OPERATIONAL DIRECTIVE NO. 310.02


   PROBLEM DETERMINATION/PERFORMANCE MONITORING:

|   IBM Trace and Performance System
   Novell LanalyzerV3.11
|   NCC LANAIyzer V4
   Bytex Type-1 Cable Tester
|   Microtest Cable Scanner - 3570-00


   VIRUS DETECTION SOFTWARE:

|   Intel LANDesk Virus Protect V2.0


   TCP/IP WORKSTATION INTERFACE:

   LAN Workplace for DOS V4.01 Rev. A
|   LAN Workgroup V4.1


   SUPPORTED TOKEN RING INTERFACE COUPLERS (TIP:

   TIC for IBM 3720 and 3745 Front End Processors (FEP)
   TIC for IBM 3174 and Memorex/Telex 1174 Terminal Controllers
|   LAN2LAN V3.02E


   VITALINK:

   VITALINK TransRing 550 MAC Layer Bridge
   VITALINK 350  Ethernet MAC Layer Bridge


   FILE SERVER MENU SYSTEMS:

   AUTOMAXX V3.2
   WordPerfect Office V3.01
|   Microsoft Windows 3.1


   CABLING:

   Type-1 Shielded Twisted Pair
   Type-3 Unshielded Twisted Pair
   Type-3 Data Connectors
   Type-3 Media Filters
   (Note: None  of the above Type-3  equipment may be used  without pnor written NDPD
   approval.)
   Fiber Optic Cable:  62/125/250 Multimode Fiber Cable

   Fiber Optic Repeaters:     IBM 8220 Fiber Optic Repeater
                          Seicor Token Ring Transceiver


    | Indicates Change

-------
   NDPD OPERATIONAL DIRECTIVE NO. 310.02                      Page 9 of 10


   Multistation Access Unit (MAU):   IBM 8228 MAU
I                                South Hills Electronics LAT2927 MAU


   LAN UNSTRUCTURED DATA MANAGEMENT SYSTEM:

   Lotus Notes Release 3


   LAN RELATIONAL DATA BASE MANAGEMENT SYSTEM:

   Oracle V6 for Netware (VI. 1)
   Oracle 7 for NetWare
   NetWare SQL*Net SPX and SQL'Net TCP/IP
   DOS SQL«Net SPX and SQL'Net TCP/IP
   Windows SQL*Net SPX and SQL'Net TCP/IP


   PROTOCOLS ON AGENCY LAN MEDIA:

   Token-Ring: Novell and other NDPD formally designated protocols are allowed. TCP/IP is
              allowed only for LAN Workplace for DOS and LAN Workgroup connectivity.

   Ethernet:    Only DECNET, MSCP, LAT, and PCSA/Pathworks-based protocols are allowed.
              TCP/IP protocols are allowed for CIS Prime and workstation use, as well as
              supercomputer access, but  only on LAN cabling separate  from DECNET
              protocols at certain sites,  with gateways provided as needed via the TSR process.
              Combining protocols on Ethernets may be approved under the TSR process for
              sites with appropriately low levels of total anticipated network utilizations and
              demonstrated LAN Network Management capabilities.


   MULTIPROTOCOL ROUTER

   Novell Multiprotocol Router v2.0


   OTHER ITEMS:

|   Link Support Layer for ODI, LSL.COM VI.21

   IPX Version 3.04
|   IPXODI V1.20

   Token Ring LAN Driver V2.62
|   ODI Token Ring Driver VI. 12

|   Netware Shell V3.26                                                         ,

   NETBIOS V3.01C

   LAN Support Program VI.02 and VI.20
|   ODI version of LAN Support Program  - LANSUP.COM VI.20

   |  Indicates Change

-------
Page 10 of 10                       NDPD OPERATIONAL DIRECTIVE NO. 310.02


IBM LAN Network Manager VI. 1 for OS/2

IBM Bridge Program V2.1

IBM OS/2 and OS/2 Requestor VI.3 and V2.0

Arbiter Device Driver (SRRDE) V2.ll

Printer Port Extender:      Long-Link Parallel Printer Port Extender

Uninterruptible Power Systems:    Best MDSOOva Power Supply
                              American Power Conversion Corp. UPS Model 520
                              American Power Conversion Corp. Smart UPS 900


7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual (Report No. 397/001B). Research Triangle Park, NC: National
            Data Processing Division, Telecommunications Branch. (Location: Publications
            Technical Library).

      b.    U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual  Volume  II: Oracle for Netware (Report No. 397/002).
            Research Triangle Park, NC: Natipnal Data Processing Division, Telecommunica-
            tions Branch. (Location: Publications Technical Library).

      c.    U. S. Environmental Protection Agency. (1991)  VABS  Administrator's Guide
            (Report No. 451/001).  Research Triangle Park, NC: National Data Processing
            Division,  Telecommunications Branch.  (Location: Publications  Technu
            Library).
 Indicates Change

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     LAN System Management                                NO.    310.03
APPROVAL;                                                      DATE;   '
1.0   PURPOSE
Local Area Networks (LANs) require a structured  management system, including Agency
representatives to provide administrative guidance and several tiers of LAN support to the LAN
community for various functions and services.  This policy establishes and defines the various
levels of support and responsibilities necessary to manage effectively in an Agency LAN
environment.
2.0   SCOPE &  APPLICABILITY
This policy is applicable to all EPA organizations and their employees, and  to personnel of
agents (including State agencies, contracts, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LANs and/or LAN
Relational Data Base Management Systems (LAN RDBMSs).
3.0   RESPONSIBILITIES
NDPD is responsible for LAN policy maintenance and enforcement. NDPD will review policies
for needed modification and/or enhancement, and coordinate technical support for all Agency
standard LANs.
4.0   POLICY
NDPD shall provide policies,  standards, and guidance for the Agency's LANs to  promote
reliable LAN service, LAN interconnectivity, portability of LAN application software and data,
and efficient use of expertise.
Each LAN must have personnel designated to perform the following functions:
      •    EPA LAN Manager.
      •    LAN  System Administrator.
Each LAN RDBMS server must have a trained LAN Data Base Administrator.
Each LAN application must have a designated Application Owner.
Each Site must have a designated EPA Agency LAN Services Coordinator and a designated
VABS Administrator.
The specific responsibilities for these functions are listed in Section 6.0 Standards.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                          Page 2 of 9


5.0    DEFINITIONS
    (icy LAN Services:  LAN services available Agencywide eg. National LAN Applications
plus VABS services.
Local Area Network (LAN):  A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

National LAN Application:  LAN applications are considered to be national if they meet the
following conditions:

      •    They are centrally developed and  distributed for local execution at multiple
            Agency sites or multiple offices at Agency Headquarters.

      •    They support integration of Agency data.

      •    They provide information sharing among multiple offices and sites within EPA,
            with states and local governments, or with the public.

Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed.  VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC.  VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage.  VABS are the platform for delivery of National LAN
Applications.

Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.

LAN RDBMS Server:  A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard  LAN RDBMS servers are Oracle on Netware
servers and Oracle on Unix servers.


6.0   STANDARDS

EPA's LAN environment  is physically distributed with a combination of distributed and
centralized management. NDPD provides EPA  policies, standards, procedures, and technical
support.  Program and regional offices  manage local LAN environments in accordance with
these policies and procedures.  In general,  each site has evolved to a model in which certain
tasks related to LAN system management are handled in a central LAN support group at each
site,  with direct user  support handled by Information  Center staff or support staff personnel
associated with individual LANs.

      a.    NDPD Responsibilities.  NDPD shall provide the following:

            (1)    Telephone access  to  central LAN expertise, problem  resolution, and
                   consultation including vendor corporate support.

            (2)    LAN design assistance and LAN plan approvals.

            (3)    Proactive LAN management support.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                          Page 3 of 9


             (4)    LAN Laboratory Services including testing of new software upgrades, bug
                   fixes, and new contract products in LAN Laboratory and working with
                   national LAN application developers.

             (5)    Agency LAN tactical planning  and testing to ensure  that EPA's LAN
                   platform can provide a strong foundation for EPA information processing.

             (6)    LAN  System  Administrator  certification  and  continuing  education
                   seminars.

             (7)    EPA national LAN services (VABS) maintenance and enhancements.

             (8)    Onsite, central LAN  support at EPA Headquarters  and at the  EPA
                   Research Triangle Park facility.  All services listed above are provided for
                   LANs at these two sites. In addition, NDPD will administer all backbone
                   and VABS services at these sites, install and upgrade file servers, install
                   all connections to the backbone, and provide onsite troubleshooting and
                   network monitoring services.

       b.     EPA  LAN  Manager Responsibilities.   The  Senior Information  Resource
             Management  Official must  designate  Federal employees who  have  overall
             responsibility for administration and security for each file server.  The EPA LAN
             Manager is the name given to this role, which is a non-technical position.

             The EPA LAN Manager is the Federal  person with the overall responsibility for
             the operation, integrity,  and usefulness of the LAN.  The EPA LAN Manager
             shall do the following:

             (1)    Ensure that the LAN  is installed and managed in  accordance with all
                   Agency policies and standards, including NDPD Operational Policies and
                   the Standards discussed in the LAN Operational Procedures and Standards
                   Manual.

             (2)    Ensure that the LAN System  Administrator and other  support personnel
                   carry out the duties defined in this policy.

             (3)    Ensure that a LAN change management process is utilized.

             (4)    Sign LAN related Telecommunications Service Requests (TSRs).

             (5)    Serve as the liaison to NDPD and the Agency LAN Coordinator to ensure
                   that the office's requirements for LAN technology are being communicat-
                   ed and met.

             (6)    Perform the risk and security assessments outlined in OIRM policy  in
                   order  to  determine the appropriate levels  of controls  for  the LAN
                   environment.

             (7)    Report breaches in security to NDPD Security Management.

             (8)    Ensure that procedures for LAN Backup and Recovery are implemented
                   and performed regularly.

             (9)    Ensure that Agency records are created, used, and stored on the LAN  in
                   keeping with Federal regulations and Agency policies.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                          Page 4 of 9


             (10)   Review and approve records management determination and plans (see
                   f.(13) and (14).

       c.     LAN System Administrator Responsibilities. While the scope of duties of LAN
             System  Administrators  may vary, each  LAN  must have  a LAN System
             Administrator who has  completed the  required Agency  LAN Administration
             courses.  This is a technical position. Offices must ensure that for each LAN,
             the System  Administrator functions listed below are clearly provided.  These
             functions can be provided by having a single LAN System Administrator whose
             responsibilities include all the duties below or utilizing a central LAN group to
             provide a portion of the support.  (For sites where the central LAN support team
             concept has been implemented, divisions of responsibilities between the central
             team and local  LAN support are indicated.)

             The central  support team shall do the following:

             (1)    Plan for, design, and test LANs.

             (2)    Ensure LAN hardware and wiring conform to building codes.

             (3)    Ensure that standard hardware and software configurations are maintained
                   on file servers and workstations.

             (4)    Ensure that only authorized protocols run on each type of LAN media and
                   unauthorized protocol mixing does not occur.

             (5)    Manage  LAN change  control  or ensure that  LAN  change control
                   procedures are in use.

             (6)    Manage centralized data management to provide regular tape backups in
                   accordance with Agency policy or ensure that equivalent backup proce-
                   dures are in place.

             (7)    Provide administrative  backbone  services  to ensure  that  only  items
                   authorized by the Telecommunications Service Request Policy are placed
                   on Agency LAN backbones, and that network addresses for these items
                   are registered with the Network  Control Facility of NDPD in Research
                   Triangle Park.

             (8)    Manage Value-Added Backbone  Services in cooperation with NDPD to
                   provide National LAN services and telecommunications network access to
                   LAN users.

             (9)    Manage configuration control for a site/LAN.  Configuration control
                   includes the following information.

                   •     Specific location of all equipment connected to the LAN and
                         wiring identification.

                   •     Hardware address  and workstation location chart of all adaptor
                         cards.  Easily understandable symbolic names,  like user names,
                         will be assigned.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                         Page 5 of 9


                   •     Wiring chart and labels attached to all LAN cabling, identifying all
                         workstations and locations associated with every LAN cable run
                         from the wiring closet MAU to the workstation location.

                   This information will be provided to NDPD annually.

             The central support team or the local LAN System Administrator shall do the fol-
             lowing:

             (1)    Provide LAN system troubleshooting and problem solving.

             (2)    Ensure that LAN security policies are implemented in  server setup and
                   observed by LAN users.

             (3)    Install LAN software in accordance with Agency LAN policies and vendor
                   license agreements.

             (4)    Ensure that all new software installed on the LAN is virus-free.

             The local LAN System Administrator shall do the following:

             (1)    Manage daily operation and maintenance of the LAN.

             (2)    Manage and control user access to the network.  User access and privilege
                   levels on a LAN will be limited to those resources  required  for job
                   performance.

             (3)    Ensure that LAN user workstations are equipped with correct  and current
                   versions of network workstation software.

             (4)    Ensure that LAN users are  trained in the use of the LAN and that they
                   know whom to contact for assistance with the LAN.

       d.     Information Center Responsibilities. Information Center  support personnel shall
             do the following:

             (1)    Serve as the first line of contract for end-user application  support.

             (2)    Provide end-user training to teach users how to best utilize the LAN.

             (3)    Contact the LAN Administrator with network related problems.

             (4)    Support standard LAN Applications (e.g., WordPerfect, WordPerfect
                   Office, and Windows).

       e.     LAN Data Base Administrator Responsibilities.   Each LAN relational data base
             management system (RDBMS) server must have a designated LAN Data Base
             Administrator (DBA).  This is a technical position. The LAN DBA is  responsible
             for the operation,  performance, maintenance, and security of the LAN RDBMS
             server in accordance with NDPD Operational Directive.  The  LAN  DBA must
             complete  required Agency  LAN  Data Base  Administration courses.   EPA
             organizations must ensure that the DBA functions listed below are provided for
             each LAN RDBMS server, regardless of platform.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                          Page 6 of 9


            The LAN DBA duties are distinctly different from LAN System Administrator
            duties and require different expertise and training. However, in some cases, the
            LAN DBA role may be filled by the same person as the LAN System Administra-
            tor.  The size, activity, and number of users for the LAN RDBMS server, plus
            the personnel, expertise, and structure of the  site's LAN support group will
            determine whether one  person should fill both roles.  The LAN Data Base
            Administrator shall do the following:

            (1)    Operate  the LAN RDBMS server during LAN  production hours in
                   accordance with  NDPD Operational  Policies.  The  LAN DBA shall
                   coordinate hardware and  software maintenance activities to minimize
                   impact on LAN RDBMS applications and users.

            (2)    Coordinate resolution of LAN RDBMS problems.

            (3)    Control access to  the LAN RDBMS by users and developers in accordance
                   with NDPD Operational Directive 310.09, LAN Security.

            (4)    Oversee and coordinate backup and restore of the LAN RDBMS. The
                   actual backup and restore duties may be delegated, but the LAN DBA is
                   responsible for ensuring that it is properly done.

            (S)    Maintain the system data dictionary tables.

            (6)    Establish and maintain the local LAN side of links between  multiple site
                   RDBMS  environments and/or central data base environments.

            (7)    Install, control, and maintain common tables used  by RDBMS develop-
                   ment tools.

            (8)    Coordinate between Application  Owners to facilitate  the  sharing of
                   common data.

            (9)    Act as a general RDBMS consultant to Application Owners, LAN System
                   Administrators, Information Center personnel and developers.

            (10)   Support  the Application  Owners, LAN  System  Administrators, and
                   Information Center personnel  in the setup and configuration of client
                   workstations.

            (11)   Provide assistance to the Application Owners and developers tuning the
                   RDBMS  software and environment.

            (12)   Monitor server resource utilization.

            (13)   Advise local Application Owners, application developers, and/or users of
                   applications that degrade LAN RDBMS performance.

            (14)   Establish  and maintain documentation of the LAN RDBMS including
                   hardware, software, and existing applications.

            (15)   Assist in RDBMS training for Application Owners, developers, and users.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                           Page 7 of 9


             (16)   For locally developed applications, review the logical design,  physical
                    design,  and test and acceptance plan for adherence to good design
                    principles and compliance with applicable policies and standards.

             (17)   For National LAN Applications, coordinate with the Application Owner
                    to install, operate, and update the application's database.

             (18)   Manage change control for the LAN RDBMS.

             (19)   Record problems in the Central Problem Management facility.

             (20)   Establish procedures,  as necessary,  to ensure  that relational data base
                    users can comply with Federal regulations and Agency policies concerning
                    the management of Agency data bases.

       f.     Application Owner Responsibilities.  The Application Owner is responsible for
             the logical and physical design of the application and application data base, for
             efficient use of LAN RDBMS resources, for monitoring application performance,
             resource usage, and tuning,  for developer support, and for the application's
             adherence to policies, standards, and guidelines.  For National LAN applications,
             the Application Owner responsibilities may be carried out by a central  develop-
             ment and support staff, an onsite support person, or a combination  of the two.
             The Application Owner shall do the .following:
             (1)    Evaluate, recommend, and justify the appropriate use of LAN technology.

             (2)    Develop the application logical and physical designs in conjunction with
                    the application  developers and supported by the LAN DBA.

             (3)    Coordinate the actual development of the application and ensure compli-
                    ance with applicable policies and standards.

             (4)    Oversee application test and acceptance.

             (5)    Oversee distribution of application software to users.

             (6)    Oversee training users in  using the application.

             (7)    Determine support and infrastructure requirements for the application and
                    arrange funding for the same.

             (8)    Determine  application data storage requirements, monitor actual data
                    storage growth, plan for data growth and  archiving,  and  coordinate
                    implementation or these plans with the LAN DBA.

             (9)    Monitor application performance and coordinate application tuning efforts
                    with application developers and LAN DBA.

             (10)   Maintain change control for the application.

             (11)   Record problems in the Central Problem Management facility.

             (12)   Determine sensitivity of application data.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                          Page 8 of 9


             (13)   Determine whether the proposed application will create and/or  store
                   information that meets the definition of a Federal record found in 44
                   U.S.C.  3301.  Determination should be submitted  to  the EPA  LAN
                   Manager for approval, through the Records Liaison Officer.

             (14)   If the application is found to create or store Agency records, submit a plan
                   for managing these records according to Federal regulations and Agency
                   policy.

             (IS)   Create and maintain system documentation as specified in the Agency's
                   records disposition schedules.

      g.     EPA Agency LAN Services Coordinator Responsibilities.  The Senior Information
             Resource Management Official  must designate a Federal  employee  who has
             overall responsibility for Agency LAN Services for the site. This role, the EPA
             Agency LAN Services Coordinator, is a non-technical position. This role will be
             assumed by an NDPD staff member at Headquarters and RTP.  The EPA Agency
             LAN Services Coordinator shall do the following:

             (1)    Ensure that Agency LAN Services are available to all LAN connected
                   workstations at the site.

             (2)    Ensure that problems with Agency LAN Services are reported to LANS YS.

             (3)    Ensure that VABS services, including servers, gateways, and routers, are
                   configured according  to the standards documented the LAN Operational
                   Procedures  and Standards Manual  and in  the VABS  Administrators
                   Manual.

             (4)    Serve as the Federal interface and  coordination point to ensure that
                   coordinated LAN  Email services for the site interface with the Agency
                   LAN Email system.

             (5)    Designate the VABS Administrator.

             (6)    Ensure that end-user support is available to facilitate use of Agency LAN
                   Services and associated Agency resources.

             (7)    Coordinate tactical LAN issues with the NDPD LAN Coordinator.

      h.     VABS System Administrator  Responsibilities.  The VABS Administrator shall do
             the following:

             (1)    Manage the  Centralized  Data Management  VABS (CDM) to provide
                   regular tape backups in accordance with Agency policy, or ensure that the
                   equivalent backup procedures are in place by the LAN administrator.

             (2)    Provide administrative  backbone duties  to ensure that only  items
                   authorized by the Telecommunications Service Request policy are placed
                   on Agency LAN  backbones, and that network addresses for these  items
                   are registered with the Network Control Facility of NDPD.

             (3)    Manage Value-Added Backbone Services in cooperation with  NDPD to
                   provide Agency LAN services and telecommunications network access to
                   LAN customers.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.03                         Page 9 of 9


             (4)    Manage configuration control for a site backbone. Configuration control
                   includes the following items.

                   •     Documentation showing the specific location of all equipment
                         connected to the LAN with wiring identification.

                   •     Hardware address and  location  chart of all NICs.  Standard
                         symbolic  names for these addresses  registered  within LAN
                         Manager.

             (5)    Provide support to LAN SA's at their respective sites.

       i.      Records Liaison Officer Responsibilities.  The Records Liaison Officer shall do
             the following:

             (1)    Advise EPA  LAN  Manager and application  owners on  the  records
                   management issues pertaining to LAN operations and applications.

             (2)    Review records  management determinations and plans submitted  by
                   application  owners,  and advise  the  EPA  LAN Manager concerning
                   approval of the determinations.

             (3)    Review proposed dispositions for records created and stored on the LAN
                   and forward them to the Agency Records Officer as necessary.

             (4)    Provide records management training to LAN managers, users, application
                   owners, and others as appropriate.


7.0    PROCEDURE REFERENCE

       a.      U. S. Environmental Protection Agency.  EPA LAN Operational Procedures and
             Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
             Data Processing Division, Telecommunications  Branch. (Location: Publications
             Technical Library).

       b.      U. S. Environmental Protection Agency.  EPA LAN Operational Procedures and
             Standards Manual Volume II: Oracle  for  Netware  (Report  No. 397/002).
             Research Triangle Park, NC: National Data Processing Division, Telecommunica-
             tions Branch. (Location:  Publications Technical  Library).

       c.      IRM Manual, Chapter 10.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

 TITLE:      LAN Problem Determination and Resolution                 NO.    310.04

 APPROVAL:   A     /j/) / ,A     /ift  n                          DATE: <-_ io_
 1.0    PURPOSE

 This policy establishes a framework for identifying and resolving hardware and software
 problems in a Local Area Network (LAN) environment as they occur.


 2.0   SCOPE & APPLICABILITY

 This policy is  applicable to all EPA organizations and their employees, and to personnel of
 agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
 design, development,  acquisition, operation, and maintenance of Agency LANs.


 3.0   RESPONSIBILITIES

 NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
 policies for needed  modification and/or enhancement, and will coordinate technical support for
.all Agency standard LANs.


 4.0   POLICY

       a.     The initial point of contact for LAN users experiencing PC hardware or software
             problems should be clearly identified to users.  The recommended model is as
             follows:  The Information Center (1C) staff at a site will serve as the initial
             contact for users on a  token-ring LAN who experience problems with PC
             hardware and software.  The Information Center staff will identify and classify
             the problem as  hardware, system software, or application-related, and route the
             problem to the appropriate support group. Generally, all hardware and software
             problems will be directed to the 1C staff. LAN problems will be directed to the
             LAN System Administrator who, in turn, will depend on the central LAN support
             group for further support. LANSYS and DECSYS will be the ultimate source of
             support.

       b.     LANSYS supports the central LAN support group, LAN System Administrators,
             Information Center LAN Application Support staff, and EPA LAN Coordinators.
             Other users will be referred to appropriate sources.

       c.     The  VAX Administrator is the user point of contact for problem resolution in
             DEC LANs. The System Administrator relies on DECSYS support, if necessary,
             to provide the user with  a solution.

       d.     All   significant token-ring problems  and  their respective solutions  will  be
             documented by LANSYS and placed on the  EPA LAN Bulletin Board System
             (BBS).  The LAN System Administrator of each work group will be provided
             with BBS login instructions and  may perform a  keyword search on the BBS
             problem data base to obtain fixes.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.04                         Page 2 of 2


       e.    The LAN System Administrator and central LAN support group are responsible
            for reporting significant problems to LANSYS.

       f.    For LAN RDBMS problems, the initial point of contact is the Information Center
            staff.   If the Information Center staff identifies the problem  as an RDBMS
            problem, the next point of support is the LAN Data Base Administrator  (DBA).
            The LAN DBA win either resolve the problem, or turn for assistance to LANSYS
            for second level DBA support.


5.0    DEFINITIONS

Local Area Network (LAN): A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

LAN RDBMS Server: A relational data base management system server deployed on  a LAN
and accessed by LAN clients. Agency standard LAN RDBMS  servers are Oracle on NetWare
servers and Oracle on Unix servers.


6.0   STANDARDS

None.


7.0   PROCEDURE REFERENCES


      a.    U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual (Report No.  397/001). Research Triangle Park, NC: National
            Data Processing Division, Telecommunications Branch. (Location: Publications
            Technical Library).

      b.    U. S. Environmental Protection Agencv. EPA LAN Operational Procedures and
            Standards  Manual Volume II: Oracle for  NetWare (Report  No.  397/002).
            Research Triangle Park, NC: National Data Processing Division, Telecommunica-
            tions Branch. (Location: Publications Technical Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     LAN  Data Management                                  NO.    310.05

APPROVAL:
1.0   PURPOSE

Data must be managed so that it is available when needed.  Good management practices are
demanded by the economics of available disk storage and its maintenance and operation.  In the
Local Area Network (LAN)  multi-user environment, the ability to back up and restore data is
critical.  Adherence to this policy will ensure that data are available when needed.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, operation, and maintenance of Agency LANs.


3.0  RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement,  and provide technical support for all
Agency standard LANs.

LAN System Administrators  are responsible for planning, installing,  and managing day-to-day
operations for the LAN in accordance with established Agency policies and procedures.


4.0  POLICY

Agency LANs shall be operated in accordance with established local data management policies
and procedures.  These policies and procedures shall be in accordance  with, or functionally
equivalent to, those specified in the EPA LAN Operational Procedures and Standards Manual.


5.0   DEFINITIONS

Local Area Network (LAN):  A Local  Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

Value Added Backbone Services (VABS): A centrally managed platform  which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed.  VABS are provided by NDPD and jointly  managed by NDPD and the
region, at each  regional office, EPA Headquarters,  Cincinnati, NEIC and the NCC.  VABS
currently  include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.

LAN RDBMS Server:  A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency  standard LAN RDBMS servers are Oracle on NetWare
servers and Oracle on Unix servers.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.05                           Page 2 of 2
                                        i

Installation Security Officer:  Individual designated by an Assistant Administrator or Regional
Administrator who has responsibility for overseeing that a comprehensive security program is
in place  for  each  organization's  information technology  installations, as defined  by  the
organization.


6.0    STANDARDS

       a.     The LAN System Administrator shall establish local data management policies
             and procedures in accordance with, or functionally equivalent to, those specified
             in the EPA LAN Operational Procedures and Standards Manual.

       b.     The LAN System Administrator will ensure that:

             (1)   Daily incremental backups are performed.
             (2)   Total (generation) backups are performed at least biweekly.
             (3)   Several  generations of backups  are maintained as a protection against
                  viruses.
             (4)   Backups are stored securely offsite.
             (5)   A scan for virus is performed before backups.
             (6)   Recovered data is tested twice a year.
             (7)   Logical and physical security policies are followed.

       c.     The LAN System Administrator may use  the provided VABS Centralized Data
             Management services to perform the tasks in (b) above.


7.0    PROCEDURE REFERENCE


U. S. Environmental  Protection Agency.  EPA LAN Operational Procedures and Standards
Manual (Report No. 397/001). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch.  (Location: Publications Technical Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     LAN  Performance Capacity and Monitoring                 NO.    310.06


APPROVAL:            '/                                      DATE: JSW?-
1.0   PURPOSE

Agency Local Area Networks (LANs) must be managed to provide maximum performance and
minimize the need for system upgrades.  This policy is intended to ensure that these goals are
met.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including state agencies, contractors and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LANs.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.

LAN System Administrators are responsible for monitoring the performance and capacity of the
network.


4.0   POLICY

LAN performance and capacity shall be monitored in accordance with the standards of Section
6.0.


5.0   DEFINITIONS

Local Area Network (LAN):  A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.

LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on  NetWare
servers and Oracle on Unix servers.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.06                         Page 2 of 3



6.0   STANDARDS

      a.  The System LAN Administrator:

            (1)    Utilizes NDPD-supported tools to monitor traffic and access activity on
                   the network including, but not limited to:

                   •     Space utilization on the file server.
                   •     Space utilization on the print server.
                   •     Caching size and use.

            (2)    Monitors, on a continuous basis, the following devices:

                   NetWare File Servers
                   NetWare Oracle Servers
                   NetWare External Routers
                   IBM Source Routing Bridges
                   Novell Asynchronous Communications Servers (NACS)
                   Novell Access Servers
                   Novell SNA Gateways
                   IBM Control Units
                   IBM 8220 Fiber Repeaters
                   Token Ring Interface Couplers (TICs)
                   Standards for Bridge Definitions in LAN Manager
                   VAX Ethernet Counters

            (3)    Provides an updated, annual configuration and enables/maintains the data
                   collection and submission mechanism on their LANs, as required.

      b.    The LANS YS and DECSYS groups shall be available for consultation on effective
            methods of performance and capacity management.  LANSYS and DECSYS are
            the principal Email IDs for these support groups.

      c.    NDPD will:

            (1)    Collect and analyze performance and capacity data from various Agency
                   LAN systems, as appropriate.  LAN SAs will provide  updated, annual
                   configuration data, and enable/maintain the data on their LANs.

            (2)    Continuously mon^r all token-ring and Ethernet backbones (image rings,
                   print rings, and facility backbones, including all interconnecting bridges
                   and routers) with the latest available version of its LAN/WAN Agency
                   Standard Network Management tools.

            (3)    Furnish and maintain a dedicated  486-class Network Management Work-
                   station, software, and bridges between the three backbone nngs located at
                   every EPA Major Node and Super Node site's central facility; and EMA
                   compatible device at Ethernet sites.   (Refer  to NDPD Operational
                   Directive 310.08, LAN Communication Gateways and Intercomectivity,
                   for definitions of Major Node and Super Node.)

            (4)    Maintain a pool of special LAN performance and management test equip-
                   ment and services to be loaned to Regional System Administrators to re-
                   solve reported or suspected problems as follows:

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.06                          Page 3 of 3


                   •     Time Domain Reflectometer to measure copper cable lengths and
                         locate faults.

                   •     Optical TDK and power  meters  to measure  fiber cable loss
                         budgets, lengths, and locate faults.

                   •     Special trace and performance monitor  boards to measure token
                         ring  utilization and  verify the  need  for  a 16  megabit  speed
                         upgrade.

                   •     Malfunctioning LAN analyzers.

                   •     Onsite assistance, as required, in emergency situations.


7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency.  EPA LAN Operational Procedures and Standards
Manual (Report No. 397/001). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch. (Location: Publications Technical Library).

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      LAN Naming Conventions                                NO.    310.07

APPROVAL;
1.0   PURPOSE

Consistency in Local Area Network (LAN) user/server naming conventions is necessary for
operation of LANs in conformance with EPA's computer architectural strategy for connectivity.

Network routing protocols and service advertising protocols include elements from a variety of
devices (e.g., file servers, print servers, and gateways).  Default settings allow all routers on
  " " " '  '  '"         M J  '   *  ' means of the aforementioned protocols.  It is essential
                                   entities which, in turn, requires unique nomenclature.
a WAN to identify connected devices by means of the aforementioned protocols.  It is essential
that these devices remain unique, logical <
2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and employees, and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, installation, operation, and maintenance of Agency Token-Ring LANs.
(Ethernet node names must be obtained via the Telecommunications Service Request process.)


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.

The Telecommunications Branch, through LANSYS, is the central authority for maintenance of
unique names and addresses on Agency Token-Ring facility backbones. The standards below
should be used as guidelines by the regions.

LANSYS must be contacted in order to register new equipment before implementation on the
facility backbone. LANSYS will confirm that all devices at a given regional site conform to the
standards set forth in this policy prior to allowing the site to join  the Agency WAN.

LAN System Administrators of work groups are responsible for planning, installing, and
managing day-to-day operations of the LAN, as well as for coordinating activities with the NCC,
LAN Central Support Group (ICB, TCB, and LANSYS), and vendors as appropriate.


4.0   POLICY

All Agency LANs  must follow the Agency  naming  conventions which are specified in the
Standards section of this policy.  Internal LAN RDBMS names must follow the conventions
specified in the EPA LAN Operational Procedures and Standards Manual Volume II: Oracle for
NetWare.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                         Page 2 of 9


5.0   DEFINITIONS

Local Area Network (LAN):  A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed.  VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC.  VABS
currently include file backup, communications,  software distribution, software repository, and
limited application and data file storage.  VABS are the platform for delivery of National LAN
Applications.

Wide Area Network (WAN): The extension of several geographically isolated networks into one
cohesive network.

LAN RDBMS Server:  A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on NetWare
servers and Oracle on Unix servers.


6.0   STANDARDS

6.1   FILE SERVER NAMING CONVENTIONS FOR TOKEN-RING NETWORKS

      a.    All file server names must be unique and mutually determined by the LAN
            System Administrator in consultation with  NDPD/LANSYS.  Names  shall  be
            determined as follows:

            File server names shall consist of up to 8 characters in the following format:

                         XXYYYYYY

            where XX is the Regional or Headquarters location of the server. Locations shall
            be identified as follows:

                  Rl - RIO     =     Regions 1 through 10
                  (RIO will have the form XXXYYYYY.)
                  DC          =     Headquarters Area
                  CI           =     Cincinnati Area
                  RT     '     =     Research Triangle Park Area
                  BC          =     Bay City
                  NE          =     National Enforcement Investigations Center
                  XX          =     Two-character  State code for State-based LANs.

            The remaining 6 characters (YYYYYY) must be unique and assigned by the LAN
            System Administrator in coordination with NDPD/LANSYS.

            A file server  name may not be changed without approval from LANSYS.

      b.    NetWare Serial Numbers must be unique. Logically and legally,  no two servers
            may be running the same copy of NetWare.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                         Page 3 of 9


6.2   USER NAMING CONVENTIONS

Names shall consist of 8 characters in the following format:

            XYYYYYYY

where X is the user's first initial and YYYYYYY are the first (up to) 7 letters of the user's last
name.  In the case of duplicate character combinations between two users, the LAN System
Administrator will assign a unique last character.


6.3    NETWORK ADDRESSES

All internal and external router network adapters on the same physical ring must have the same
logical network address.  All internal and external router network adapters on different physical
rings must have unique network addresses. Both of these standards hold true for NetWare 286
and 386.

NetWare, in either version, logically refers to the first token-ring card in a server or external
router as LAN A and the second card as LAN B. The LAN A card will remain unique for each
physical ring. LANSYS will ensure that unique addresses are assigned Agency-wide. The LAN
B card is  the card connected to the Agency backbone and will be addressed as FFFFFFF8.

Since geographically  separate LANs are now being  linked with Vitalinks, essentially forming
one backbone, it is important that the standard backbone address for the LAN B card always be
FFFFFFF8.  Each Region must implement this address prior to joining the Agency WAN.


6.4   IPX INTERNAL NUMBERS (NETWARE 386 SERVER NUMBERS)

NetWare 386 adds another address for file servers which must be unique on a WAN: the IPX
internal number.  In order to discern which physical  network a particular 386 server resides on
(for network management and troubleshooting purposes),  IPX Internal Numbers will be formed
by concatenating the LAN A Network address with 2 hexadecimal bytes ranging from 01 to FF.
For example:

The first 386 server on ring 106 will have an IPX Internal Number of 10601. The 10th server
on ring 106 would have an  IPX Internal Number of 1060A.

To incorporate sections 6.2, 6.3, and 6.4 into an example:

      The first 386  server for organization WXYZ  in Region 9 would have the following
      unique attributes:

            Server Name: R9WXYZ1
            LAN A address: 350
            LAN B address: FFFFFFF8
            IPX internal number: 35001

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                         Page 4 of 9


Note:  If a server has only one token-ring card (i.e., it is not bridged to the backbone) or it
      resides on the backbone with no local ring attachment (no LAN B), then the IPX internal
      number will be in the form:

                  F8NN

      where NN is a hexadecimal value in the range 01 to FF


6.5   NOVELL ASYNCHRONOUS COMMUNICATIONS SERVERS (NACS)

      a.     ASCII Gateway Name

            The names assigned to NACS ASCII gateways will consist of 8 characters in the
            following format:

                  XXYYYYYY

            where XX is the location of the gateway, identified as follows:

                  Rl - RIO    =    Regions 1 through 10
                  (RIO will have the form XXXYYYYY.)
                  DC         =    Headquarters Area
                  CI          =    Cincinnati Area
                  RT         =    Research Triangle Park Area
                  BC         =    Bay City
                  XX         =    Two character code for State-based LANs

            The remaining 6 characters will be:

                  NACSNN

            where NN are 2 hexadecimal bytes in the range 00 through FF.

            Examples:   The 2nd NACS at Region 3 would be named R3NACS02.

                        The 12th NACS at Region 3 would be named R3NACSOC.

      b.     ASCII Gateway General Port Names

            The general port names for each of the ports on the ASCII gateway will be
            determined as follows:

            General port names may be 7 characters long in the following format:

                  XXYYYYY

            where XX are the same 2-character identifiers used for the ASCII Gateway name.

            The remaining 5 characters should be used by the LAN System Administrator to
            designate the type of service connected to the port.   For VABS-prpvided
            gateways, the name will be selected by the VABS Administrator in coordination
            with LANSYS.  The first 2  characters will guarantee uniqueness among the
            regional sites; the last 5 characters must be unique within a regional site.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                          Page 5 of 9


      c.     ASCII Gateway-Specific Port Names

             Specific names for each port may be up to 14 characters long and determined as
             follows:

             The first 8 characters will be the actual NACS ASCII Gateway name.

             The 9th character will be a dash (-).

             The last 5 characters will be:

                   PORTn

             where n is a hexadecimal number ranging from 0 to F.


6.6   PRINT SERVERS

      a.     LANSpool print server names must be in the form:

                   LS_ < file server name >

             where < file server name> is replaced with the name of the file server on which
             the LANSpool VAP  resides.

      b.     NetWare 386 Print Server (PSERVER) names will be in the form:

                   PS_ < file server name > NN

             where < file server name>  is replaced with the name of the primary file server
             that the PSERVER services.

      \       where NN is replaced with 2 hexadecimal numbers in the range 00 to FF.

             It is possible to have one PSERVER service more than one file server.  It is also
             possible to have several PSERVERS service multiple queues on one file server.
             By combining  and NN, unique names are attainable.


6.7   SNA GATEWAYS

Version  1.1 of Novell's SNA gateway is the present EPA standard. With this version, SNA
gateways are made unique by using  different 12-byte, locally administered, token-ring addresses
for each and  every gateway.   [The data base of token-nng addresses is maintained by  the
Telecommunications Implementation Group (TIG)]. The Telecommunications Service Request
(TSR) process includes the establishment of a unique address for any new gateway.

Version  1.3 of Novell's SNA gateway will  use the Service Advertising Protocol (SAP). When
this version of the gateway becomes standard, unique names (as opposed to  "locally adminis-
tered" token-ring addresses) will ensure that each gateway remains unique on the WAN.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                      Page 6 of 9


The following conventions should be used when naming an SNA gateway under Version 1.3 of
the Gateway Control Program:

      XXSNAGATEWAYYY

where XX is the region number:

      Rl - RIO     =    Regions 1 through 10
      (RIO will have the form XXXYYYYY.)
      DC         =    Headquarters Area
      CI         =    Cincinnati Area
      RT         =    Research Triangle Park Area
      BC         =    Bay City
      NE         =    National Enforcement Investigations Center
      XX         =    Two-character code for State-based LANs

and  where YY are 2 hexadecimal characters in the range 01 through FF.


6.8    IBM SOURCE ROUTING BRIDGES

The following segment numbers will be used by token-ring source routing bridges in conjunction
with LAN Manager in the EPA network. These numbers have no meaning outside of the LAN
Manager/Netview context.

      a.    FACILITY BACKBONES:

           RTP-FF4              NE -FED
           WIC-FF3             KC -FE7
           ATL-FEO             NY -FES
           BOS - FE1              PHI - FE9
           CHI - FE2              SEA - FEA
           CIN-FE3              SF -FEB
           DAL-FE4             LV - FEC
           DEN - FES


      b.    PRINT RINGS:

           WIC-FF2             KC -FD7
           ATL-FDO             NE -FDD
           BOS-FD1             NY -FD8
           CHI - FD2              PHI - FD9
           CIN - FD3              SEA - FDA
           DAL-FD4             SF -FOB
           DEN - FD5

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                        Page 7 of 9


      c.     AS/400 RINGS:

            RTF - FCD              DAL - FC4
            RTF - FCF              DEN - FC5
            RTF - FCE              KC - FC7
            RTF - FCD              NE - FBO
            WIC - FCC              NY - FC8
            ATL - FCO              PHI - FC9
            BOS - FC1              SEA - FCA
            CIN - FC2              SF - FCB
            CIN - FC3

      d.     USER RINGS

            User rings will have the same IBM segment addresses that are used for Novell
            LAN local segment numbers (e.g., if a NetWare IPX network number for LAN
            A is 350,  350 will be the Source Routing ring segment number).

            For user rings which are not NetWare networks, the ring segment number will
            be XYY,  where X is the region number 0 through 9 [zero (0) will designate
            Region 10] and YY are two hexadecimal numbers in the range 00 through FF.


6.9   LAN MANAGER DEFINITIONS

The following are standards for adapter definitions within the system definition function of LAN
Manager:

      a.     Standards  for symbolic names associated with token-ring adapters:

                  XXYYY#NAME

            where XX is the region number:

            Rl - RIO     =     Regions 1 through  10
            (RIO will  have the form XXXYYYYY.)
            DC         =     Headquarters Area
            CI          =     Cincinnati  Area
            RT         =     Research Triangle Park Area
            BC         =     Bay City
            NE         =     National Enforcement Investigations Center
            XX         -     Two-character code for State-based LANs

            where YYY is the ring segment number  as explained in Section 6.8.

            where NAME =10 characters defined by the LAN administrator to identify the
            device being monitored.

            It is suggested that the naming conventions set forth in previous sections of this
            policy be  used when assigning  these names (i.e.,  file server for organization
            WXYZ in Region 9 could be identified as:

                  R9FEB#R9WXYZ1

            where R9  is the region, FEB is the ring segment, and R9WXYZ1 is the name).

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                        Page 8 of 9


       b.    Token-Ring address - Universally  administered address (i.e.,  manufacturer-
            installed address) or locally administered address.

            (Note:  Any "local" address (i.e., an address beginning with 4000) should have
            been obtained from the TIG group as part of the TSR process.

       c.    Standards for symbolic names associated with bridges:

                  XXYYYYYY

            where XX is the region number:

            Rl - RIO    =    Regions 1 through 10
            (RIO will have the form XXXYYYYY.)
            DC         =    Headquarters Area
            CI          =    Cincinnati Area
            RT         =    Research Triangle Park Area
            BC         =    Bay City
            NE         =    National Enforcement Investigations Center
            XX         =    Two-character  code for State-based LANs

            and YYYYYY  is descriptive information  which  will help  the LAN System
            Administrator identify the monitored bridge.


6.10  RDBMS SERVER NAMING CONVENTIONS

Because the RDBMS Server  is advertised across the network by SQL*Net, the SQL*Net
Listener name must be approved via the TSR process. Names shall be assigned as follows:
RDBMS Server SQL*Net Listener names shall consist of up to 12 characters in the following
format:

            XXYYYYYY_ORA

where:

      XX   =    Rl - RIO
      (RIO will have the form XXXYYYYY.)
      DC   =    Headquarters Area
      CI    =    Cincinnati Area
      RT   =    Research Triangle Park Area
      BC   =    Bay City
      NE   =    National  Enforcement Investigations  Center
      XX   =    Two character State Code for State-based LANS

The next 6 characters (YYYYYY) must be  unique and assigned  by  the  LAN  System
Administrator in coordination with  NDPD/LANSYS.  If the RDBMS software runs on a
NetWare file server, the first 8  characters  will be the same as those in the file server name. The
suffix   ORA indicates that it is an RDBMS  server.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.07                        Page 9 of 9


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual (Report No. 397/001). Research Triangle Park, NC: Na^nal
            Data Processing Division, Telecommunications Branch. (Location: Publications
            Technical Library).

      b.     U.S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual Volume II: Oracle for NetWare  (Report No.  397/002).
            Research Triangle Park, NC: National Data Processing Division, Telecommunica-
            tions Branch. (Location: Publications Technical Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     LAN Communication Gateways and Interconnectivity         NO.    310.08

APPROVAL:                                                      DATE:
1.0   PURPOSE

This policy defines network capabilities and requirements for EPA's Local Area Networks
(LANs).
2.0  SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees and to personnel of agents
(including State agencies, contractors, and grantees) of EPA who are involved in access, design,
development, acquisition, installation, operation, and maintenance of Agency LANs.


3.0  RESPONSIBILITIES

NDPD  is responsible for policy maintenance and enforcement. NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.

LAN System Administrators are responsible for planning, installing,  and managing day-to-day
operations for the LAN, as well as for coordinating activities with the Central Support Group
(TCB and ICB at NDPD), LANSYS, DECSYS, and vendors as appropriate.


4.0  POLICY

All Agency LANs are part of EPA's telecommunications network unless exempted by the
Director, NDPD, through the Telecommunications Service Request (TSR) process.   Installation
of all communication  gateways,  routers, bridges, and other backbone components requires
approval by NDPD through the TSR process. NDPD will only approve and support Agency
standard communications gateways, bridges, and routers. Non-standard devices of these types
are allowed only with the approval of the Director, NDPD, through  the TSR process.


S.O  DEFINITIONS

Major Node: A region is a major node.

Super Node: RTF, Cincinnati, and Headquarters are Super Nodes.

Local Area  Network (LAN): A Local Area Network as defined for  these policies is  a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.08                          Page 2 of 4


Extended LAN Facility (ELF):  An NDPD-approved LAN bridge or repeater subsystem which
joins two or more facility backbones to form a Metropolitan Area Network (MAN) between
facilities in a "campus" environment. All ELFs require NDPD approval under the TSR process.
ELFs are jointly funded by NDPD and the relevant user organization. ELFs are supported by
NDPD.

Metropolitan Area Network (MAN):  A  metropolitan area  network comprises two or more
facility backbones joined by an ELF in a "campus" environment.

Value Added Backbone Services (VABS):  A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office,  EPA Headquarters, Cincinnati, NEIC, and the NCC.  VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.

Wide Area Network (WAN): The extension of several geographically isolated'networks into one
cohesive network.


6.0    STANDARDS

Agency Wide Token Ring Standards:

       a.     Each physical ring is limited to single-floor operation.

       b.     LANs within a single building will be networked via a centrally located "Facility
             Backbone" which will span all floors of the building requiring LAN connectivity.
             For token-ring LANs, user  LAN-based Novell routers will provide connectivity
             from  the user LAN to the  facility backbone.   Users who  have rings requiring
             source routing bridging to facility backbones will submit a TSR for assistance and
             approval of an appropriate  approach to accomplish this function.  (See NDPD
             Operational Directive 310.01, Local Area Network (LAN) Planning.)

       c.     Internetworking of LANs between buildings will be accomplished via IBM Type
             1 cable, coax or fiber connections, where appropriate, utilizing their respective
             repeaters.  Internetworking between buildings may also be accomplished via
             Agency standard Extended LAN Facilities (ELFs) supported by NDPD. The TSR
             process is used to request assistance and approval for these connections.


Agency Standard Token-Ring Communications Gateways:

       a.     Netware SNA Gateway Version 1.3.

       b.     Novell 3270 LAN Workstation Version 2.0, Dynacom/Elite Version 3.3.

       c.     Novell's Asynchronous Communications Server (NACS).

       d.     X.25  (future).

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.08                          Page 3 of 4


Agency Standard Ethernet Gateways:

       a.     DEC RTP-and-Cincinnati-based Ethernet-to-IBM channel and link-attached SNA
             gateways.

       b.     BITNET: Joiner Associates JNET gateway.

       c.     TCP/IP: Refer to Report No. 631/001, Telecommunications Support for TCP/IP
             Networking within EPA (EPA Publication 208/R-93-002).


Token Ring Architecture for EPA Major Node Sites:

Three "backbone rings" are currently being installed and maintained by NDPD in the "central
facility" at Regional and other "Major Node" locations, as follows:

       •     The familiar Facility  Backbone is in  place for general  LAN use for inter-
             connecting Novell-based user rings and central facilities (e.g., VABS server, SNA
             gateway, Network Management, async. gateway, and ELF links to other campus
             locations). This facility backbone is designed with 16 megabit rules, funded by
             NDPD, extends throughout the Major Node central  facility, and runs nominally
             at 4 megabit/sec speeds.  It is not intended for Print or Image traffic.

       •     The "Print PC Machine Room Backbone" is a single MAU, 4 megabit ring that
             is located exclusively in the LMF machine room and supplied by NDPD as part
             of the LMF removal project.  It is connected to the backup TIC on the 3720 FEP,
             as well as being bridged to the facility backbone (with an NDPD-supplied PC) for
             backup and network management reasons. Connected to this MAU are the 3174
             cluster controller(s) and two RJE print-PC's, also supplied as part of the LMF
             removal process. This is the sole purpose and physical extent or this ring/MAU.

       •     The "Image Backbone Ring" is a third token ring dedicated to the support of the
             AS400 Image Processing System under the SCRIPS  project.  It is designed with
             16 megabit rules. Initially it was intended to be operated at 4 megabit/sec solely
             to connect AS400 IPS workstations to the AS400 system.  It is funded jointly by
             the SCRIPS project and user organizations and is to be deployed only to locations
             in the central facility where Image workstations are  to be located. The SCRIPS
             project furnishes a bridge PC to connect this ring to the facility backbone for
             network management purposes. The AS400 has two TICS~one connected to the
             Image ring and  one to the  facility backbone for ES/9000 and "peer AS400"
             access.

NDPD will continuously provide Network Management capabilities on these three rings under
the latest technology available, including Netview and LAN Manager.   Changes and special
exceptions to this architecture are only allowed with the approval of the Director, NDPD, under
the TSR process.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.08                         Page 4 of 4


7.0   PROCEDURE REFERENCE

      a.     U.S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
            Data Processing Division, Telecommunications Branch. (Location: Publications
            Technical Library).

      b.     U.  S.  Environmental Protection  Agency.   Telecommunications Support for
            TCP/IP Networking within EPA (Report No. 631/001) (EPA Publication 2p8/R-
            93-002).  Research Triangle  Park, NC: National Data Processing Division,
            Telecommunications Branch. (Location: Publications Technical Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     LAN Security                                          NO.    310.09

APPROVAL:                         *                           DATE: S-j-
1.0   PURPOSE

This policy documents a prudent but minimal security control environment required by the
Agency to protect LAN systems and resources from theft, damage, and unauthorized use. This
policy defines LAN security objectives and security auditing requirements as defined by the EPA
Information Security Manual {Report 431/001) and the EPA information Security Manual for
Personal Computers.  This policy addresses physical security, login security, logical access
security, and protection from virus attacks.


2.0    SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees and all agents (including
State agencies, contractors, and grantees) of EPA who  are involved  in access, design,
development, acquisition, installation, operation,  maintenance, and use of LANs supported by
EPA. (Refer to NDPD Operational Directive 230.08, VAX Security,  for additional information
regarding Ethernet LANs.)


3.0    RESPONSIBILITIES

NDPD is responsible for:

      •     Developing LAN security policies and procedures in cooperation with OIRM.

      •     Monitoring security policy maintenance and compliance.

      •     Assisting each EPA LAN Manager in determining the security requirements for
            his or her LAN and recommending security implementation to ensure the integrity
            of the data and applications on that LAN.

      •     Auditing the security compliance of each Agency LAN at least every three years
            in order to validate continued access to the Agency network and network services.

      •     Assisting the EPA LAN Manager in implementing recommendations of the LAN
            Security Audit. •

      •     Communicating all security  violations in writing to the designated EPA LAN
            Manager for that LAN, and to NCC Computer Security with recommendations
            for  corrective action.

EPA LAN Managers (who are Federal employees) are responsible for:

      •     Ensuring that NDPD, OIRM, and OMB  security policies are implemented.

      •     Assessing the security requirements for each LAN system in accordance with the
            EPA Information Security Manual.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 310.09                         Page 2 of 10


       •     Reporting any security violation to NCC Security.

       •     Ensuring that procedures for LAN Backup and Recovery are implemented and
             performed regularly.

       •     Coordinating Security issues with their Installation Security Officer.

 LAN System Administrators are responsible for:

       •     Planning, installing, and managing day-to-day LAN security implementation in
             accordance with this policy.

       •     Training users on  the  importance  of maintaining  non-trivial  confidential
             passwords.

       •     Monitoring intruder lockout data to identify any attempted illegal access.

       •     Ensuring that User-IDs remain active only for those users who currently require
             access.

 LAN users are responsible for:

       •     Creating a non-trivial password for their User-IDs.

       •     Ensuring that their passwords are held in confidence.

       •     Reporting any observed security violations to the  LAN System Administrator.


4.0    POLICY

4.1    BACKGROUND

As the number of new LAN installations increases, so does the number of programs and quantity
of data stored on these LANs.  Microcomputers or Personal Computers (PCs) pose numerous
security issues by themselves. When work group PCs are connected to form LANs in order to
share resources, the task of securing these resources is  even more difficult.

Any one work group LAN may be fairly self-contained and have  a LAN System Administrator.
Once these separate LANs are connected via a  facility-wide backbone, physical access among
work groups is granted.  Processing power and data storage are distributed, but so are  access
points.  Security becomes a larger issue for  all users and LAN System Administrators.

The degree of security needed at a LAN site will vary with  the type of data processed and the
physical security afforded by the facility.  A careful analysis of the value of the resources and
the level of security needed must be viewed systemwide. (An analysis technique is provided in
the EPA Information Security Manual.)  The factors of risk and consequences of corrupted or
stolen data must be considered.   The ramifications in terms of time, money, and resources to
restore the system must be considered.  Since access to the resources is shared, some minimum
levels of security must be maintained throughout the network.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                         Page 3 of 10


4.2    POLICY

The security design for each LAN will be based on an individual risk assessment representing
a consensus of the management of that LAN and the need to meet applicable Federal laws and
regulations and OIRM policies.  Each LAN must comply with the security standards listed in
Section 6 of this policy. These standards state the minimum levels of security which must be
implemented and maintained.  Compliance with these securitypolicies is a  prerequisite  for
connection to the Agency LAN backbone and for support by NDPD.  Failure to comply with
these policies will result in disconnection of a LAN from the Agency internetwork and removal
of NDPD support.


5.0    DEFINITIONS

EPA LAN Manager:   The EPA LAN Manager is the  Federal person with  the overall
responsibility for the operation, integrity, and usefulness of the LAN.

Installation Security Officer: Individual designated by an Assistant Administrator or Regional
Administrator who has responsibility for overseeing that a comprehensive  security program is
in place  for each  organization's information  technology installations,  as  denned by  the
organization.

LAN System Administrator:  The person who has hands on responsibility for carrying out daily
operations and maintenance of the LAN as detailed in NDPD Operational Directive 310.03.

Local Area Network (LAN): A Local Area Network as defined for these  policies is a system
within  a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

LAN RDBMS Server: A relational data base management system server deployed on a LAN
and accessed by LAN clients. Agency standard LAN RDBMS servers are Oracle on Netware
servers and Oracle on Unix servers.

Value Added Backbone Services (VABS): A centrally managed platform which allows services
that are common to all Novell LANs connected to a backbone to be consolidated into one system
and centrally managed. VABS are provided by NDPD and jointly managed by NDPD and the
region, at each regional office, EPA Headquarters, Cincinnati, NEIC, and the NCC.  VABS
currently include file backup, communications, software distribution, software repository, and
limited application and data file storage. VABS are the platform for delivery of National LAN
Applications.


6.0    STANDARDS

6.1    PHYSICAL AND ENVIRONMENTAL SECURITY

Physical security of the LAN and its access points is critical to the overall security of the LAN.
Physical security controls for each LAN access point  (workstations, file servers, wire closets,
and dial-in) are discussed in this policy. Requirements  in the physical security area were derived
from the EPA Information Security Manual and have been summarized in the appropriate policy
sections.  For a more extensive explanation of the physical security controls required by the
Agency, refer to the EPA Information Security Mani

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                         Page 4 of 10


6.1.1  File Servers

The following security measures are required for an EPA token-ring LAN file server:  (Refer
to NDPD Operational Directive 230.08, VAX-Security, for applicable Ethernet information.)

       a.     The file server must be located in either a secure area (e.g., a locked or con-
             tinuously monitored area),  or procedures  must be implemented by the LAN
             System Administrator to prevent unauthorized access to the server.

       b.     The keyboard must be locked when not in use by the LAN System Administrator.
             All file servers should be protected by "keyboard lock" Value Added Process (for
             Netware 286) or Netware Loadable Module (for Netware 386). PS/2 file servers
             must also be protected with ROM boot passwords.
       c.
File servers must be dedicated systems and not utilized by an individual user as
a workstation.
      d.     At a minimum, critical files/programs must be backed up on a file server hard
             disk on a daily (incremental) and weekly (full) basis.

      e.     An Uninterruptible Power Supply (UPS) capable of supporting the server in the
             event of electrical system failure must be installed.

      f.     Smoking is not permitted in the server room.

      g.     A fire extinguisher suitable for extinguishing an electrical fire must be present in
             the area where the server is housed.

      h.     Antistatic mats must be in place to protect all servers and gateways from damage
             resulting from static electrical discharge.


6.1.2 Cables. MAUs. and Wire Closets

      a.     Multistation  Access Units (MAUs) and fiber repeaters must  be located in  a
             secured wiring closet.  The wiring closet must remain locked at all times unless
             the LAN System Administrator or a repair technician requires access to the area.

      b.     Unused, installed cabling must not  be connected  to the network,  thereby
             providing  an open access point to the LAN.   Patch cable connections to
             operational MAUs will only be made to active workstations.

      c.     Protocol analyzers and other devices capable  of reading  and decoding data
             transmitted on LAN wiring  must be kept  locked except when in use.   These
             devices shall only be used with the knowledge and consent of NDPD/LANSYS.


6.1.3 LAN RDBMS Servers

All security measures of Section 6.1.1 File Servers apply  to LAN RDBMS Servers.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                          Page 5 of 10


6.2    LOGICAL SECURITY

6.2.1  Login and User-ID Restrictions

       a.     Supervisor passwords shall be kept in strict confidence and shall be known only
             to the LAN System Administrator, backup Administrator, and the central support
             group site LAN System Administrator.   There shall be no  more than three
             supervisor level User-IDs defined for a given file server.  These User-IDs must
             only be used when a particular task specifically requires supervisor privileges.
             The passwords for  these  User-IDs  should be non-trivial,  no less  than six
             characters in  length, and  should be changed  at least  every  90  days.  The
             operating system should be used to enforce the latter two conditions.

       b.     User-level passwords are required. They must be no less  than six characters in
             length and should be non-trivial. At a minimum, NDPD encourages all users to
             at least alternate between two non-trivial passwords on a semiannual basis.  This
             is a minimum password requirement.  Should analysis of die information security
             needs of your LAN (referenced elsewhere in this policy) indicate a requirement
             for higher levels of security, operating system-based mandatory password changes
             features should be implemented.

             Note: NDPD has formally requested that Novell modify their software to allow
                   EPA to enforce the use of alternation between  two  unique passwords.
                   Currently software requires these passwords to be unique through eight
                   changes.  When  Novell  provides the capability of enforcing alternate
                   unique passwords, EPA will modify its policy to require implementation
                   of this feature.

             The practice of recording passwords on media viewable by other personnel is not
             permitted. Ease in obtaining a new password from the LAN System Administra-
             tor will be promoted as an  alternative.

       c.     Repeated,  unsuccessful attempts to log in should be noted by  the LAN System
             Administrator and the operating system should be used to  lock the user account
             after four unsuccessful attempts.  The account should remain locked for the
             maximum time period allowed by the operating system, or until the LAN System
             Administrator unlocks the account.

       d.     User-IDs or groups of User-IDs shall be given access to a  file server based on a
             specific  requirement.   Providing all users with  blanket access to all file servers
             solely for ease of configuration  is not allowed.

       e.     Training User-IDs and maintenance User-IDs  must be approved by the LAN
             System Administrator and  rendered inactive immediately after the training or
             maintenance  task is completed.  User-IDs developed for training need not be
             rendered inactive after every class if there are multiple classes during a given
             day, but these User-IDs should be rendered inactive and reinstated at the end of
             the  training task (i.e., training session of less than one day's duration).

       f.     By default, the operating system should be used to limit the number of concurrent
             logins for any User-ID to one. Sharing of User-IDs on the system is strictly pro-
             hibited.  To control sharing  of User-IDs, User-IDs to allow multiple logins should
             be established based on user processing needs.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                          Page 6 of 10


       g.     If auto-login scripts for system access are utilized, scripts may not contain the
             password associated with  the User-ID.  Prompting the user for the password by
             the login script, however, is an acceptable practice.

       h.     Application-specific User-IDs and generic User-IDs not requiring passwords, such
             as those implemented on Value-Added Backbone Services (VABS) servers, must
             have additional security measures implemented at the directory and file level.
             These User-IDs must be given rights to only those directories and files necessary
             for proper execution of the application.

       i.     The GUEST User-ID should either be removed from all servers or password-
             protected and removed from the group EVERYONE.  It is generally known that
             this User-ID is automatically created without a password during system installa-
             tion.

       j.     LAN  System  Administrators requiring logins to  user  accounts  for problem
             recreation and resolution shall change the user password prior  to performing the
             work and inform the user that the password must be changed by the  user after the
             work  is performed.   This second change will be  enforced by  the network
             operating system.


6.2.2  Directory  and File Access

       a.     The default file  and  directory protection  as outlined in the LAN Operational
             Procedures and Standards manual provides continuity among Agency file servers
             and protects applications and data for which the individual user is the custodian.
             This default structure, as distributed by NDPD or its agents, must not be changed
             without written approval from the Agency LAN Program Manager.

       b.     Application software that does not provide licensing control must be  installed with
             appropriate "front end" routines in order to restrict  the number of concurrent
             users to those who are legally entitled to use the software. The  front-end routines
             must be approved by the particular vendor as an acceptable licensing control.

       c.     Application software  shall be installed to provide users with the lowest level of
             access  needed to access  and execute the application.  The  operating  system
             "execute only" flag  should be used whenever possible to protect application
             software from unlawful copying and/or viral infection.

       d.     The EPA LAN Manager shall be responsible for all software license agreements
             and shall ensure  strict adherence to the provisions of  the agreements.


6.2.3  Virus Protection

       a.     LAN System Administrators utilizing Supervisor-equivalent User-IDs shall log in
             to other workstations with a known virus-free boot disk.

       b.     LAN  System  Administrator workstations should execute a  virus monitoring
             program upon startup. This program must remain resident while the workstation
             is operating.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                        Page 7 of 10


       c.     A check for viruses or other unauthorized programs will be performed prior to
             backing up file server data for those organizations subscribing to the NDPD data
             management service.  NDPD will supply LAN System Administrators with virus
             detection software for those organizations not subscribing to the data management
             service.

       d.     New software (non-vendor) must be checked for  a virus by the central  site
             support group prior to being loaded on a LAN.


6.2.4  Auditing and Monitoring

       a.     The LAN System Administrator will periodically (at least weekly) review the
             audit log for login and data access problems on the system. The operating system
             SECURITY utility should  be run at  least monthly to identify any potential
             security gaps. The LAN System Administrator will report any operational or
             security problems to the EPA LAN Manager and NCC Security.

       b.     Use of software and/or hardware devices to monitor or analyze LAN operation,
             remote  workstations, or message traffic  is prohibited for  the  general LAN
             community and  is reserved for the LAN System  Administrator and  his/her
             agent(s). Users will be notified of monitoring activities unless a user suspected
             or engaging in illegal or unauthorized activities on the LAN is being monitored.


6.2.5  LAN RDBMS Servers

       a.     Sections 6.2.1 through  6.2.4 apply to LAN RDBMS  servers as well as  file
             servers.

       b.     If the server is for RDBMS services only, users will not be allowed to login to
             the server.   Only the LAN DBAs and LAN System Administrators will have
             User-IDs.

       c.     If the LAN DBA responsible for operation of the  LAN  RDBMS server is a
             separate person from the LAN  System Administrator, the LAN DBA will not
             have Netware Supervisor security equivalence.  The LAN DBA  may have the
             minimum level of Netware rights necessary to do the job. An example would be
             allowing the LAN DBA create, edit, and delete rights over the RDBMS specific
             .NCF files in the SYSTEM directory,  but  no directory level rights in  the
             SYSTEM directory.  The LAN DBA will have all rights  over the ORACLE6
             directory and its  subdirectories.

       d.     The default file and directory structure as outlined in the EPA LAN Operational
             Standards and Procedures  Manual  Volume II Oracle for Netware must be
             followed.

       f.     The passwords for the LAN RDBMS users SYS and SYSTEM must be changed
             from the default immediately  upon  database creation.  The LAN DBA is
             responsible for maintaining the passwords  for the SYS and SYSTEM users.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                        Page 8 of 10


      g.    When a new Oracle LAN RDBMS server is installed, the line SET AUTHORI-
            ZATION = BYPASS is included in the server's CONFIG.ORA.  This allows
            anyone at the console to load SQLDBA and issue STARTUP, SHUTDOWN, and
            CONNECT INTERNAL commands.  This is acceptable as  long as the server
            meets the security restrictions of being in a  secure area and having keyboard
            access restricted by Secure Console.

      h.    RDBMS users must have individual RDBMS  usernames and  passwords. If the
            RDBMS user must access a remote RDBMS server, the username and password
            shall be the same as upon the local RDBMS  server.  This allows use of a
            DELINK to the remote database without using  the "CONNECT TO username
            IDENTIFIED BY password" clause in the DELINK.

      i.     Generic  usernames for application access are acceptable if  access  to database
            objects is strictly controlled. The generic application username must have access
            permissions (ALTER, DELETE, INDEX, INSERT, REFERENCES, SELECT,
            ALL, PUBLIC, WITH GRANT OPTION) only to objects  in the  application,
            these permissions must be the minimum necessary, and grants to PUBLIC access
            must be  minimum.

      j.     Application tables are to be created and owned by usernames  that reflect the
            application. The LAN DBA owns and maintains these generic usernames. Only
            these usernames may have RESOURCE privileges to the application's tablespace.

      k.    Users will be created with the minimum privilege level necessary for their job -
            usually CONNECT.   Users will  have RESOURCE privileges  only in the
            tablespace USERS. Only the LAN DBA and backup LAN DBA  may have DBA
            privileges.

      1.     Table and View  access privileges  (ALTER,  DELETE, INDEX, INSERT,
            REFERENCES, SELECT, and UPDATE) will be granted to  individual  users on
            the basis of the minimum necessary to do the job.  Only the SELECT access
            privilege to Tables and Views will be granted to PUBLIC.


6.3   DIAL-IN ACCESS SYSTEMS

Access to a LAN which  has no connections to the outside is generally limited to those with
access to the facility itself.   Once dial-in  access to the LAN is provided,  the network  is
potentially opened to the public, and additional controls are needed for a networked environ-
ment.  Dial-in, however, only provides access similar to that  provided by a network  attached
workstation. Server operating system security must still be surmounted.  Users can dial in via
a single dedicated PC or via a multiport remote access server. An important distinction is made
for the dedicated PC environment in that the user has access to the local drives of the dedicated
PC. Otherwise,  security  implementations are similar for both.

      a.    For dial-in access directly to  a LAN-based workstation, users must implement
            password protection at the dial-in host. Call-back features should be used when
            possible.

      b.    LAN dial-in capability  is intended strictly for  use by Agency staff and their
            agents. Agency bulletin board systems which are accessed by the public  shall not
            be attached to the Agency intranet.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                         Page 9 of 10


       c.     LAN System Administrators must create and  maintain an operating system
             "Group  for each file server which  contains  the  User-IDs  of those users
             authorized for dial-in access. Logic must be coded in the individual login scripts
             of these users which will combine membership in the aforementioned Group and
             physical network address as criteria for login access to the server.  Instructions
             for implementing this logic can be found in the Security  chapter of the LAN
             Operational Procedures and Standards manual.

       d.     The audit trail function provided by the Access Server must be activated and the
             audit log must be monitored at least weekly.


6.4    RISK ANALYSIS AND SECURITY ASSESSMENT

Organizations planning to implement a LAN should use the following tables  and worksheets
extracted from the EPA Information Security Manual (see NDPD Operational Directive 310.01,
Local Area Network (LAN) Planning) as a guideline for determining  the sensitivity of
applications and data in terms of availability, integrity, and confidentiality:

       •     TABLE FOR SENSITIVITY EVALUATION. This table is referenced as Table
             4-1 in the EPA Information Security Manual.

       •     DETERMINING RELEVANT SECURITY OBJECTIVES  AND DEGREE OF
             SENSITIVITY worksheet. This worksheet is referenced as Table 4-2 in the EPA
             Information Security Manual.

       •     SENSITIVE APPLICATION CERTIFICATION WORKSHEET. This worksheet
             is referenced as  Exhibit B-l in  Appendix B of the EPA Information Security
             Manual.

       •     RISK ANALYSIS WORKSHEET. This worksheet is referenced as Exhibit C-l
             in Appendix C of the EPA Information Security  Manual.

A file should be maintained with these worksheets and should be updated when new applications
are added to the existing environment. The following additional controls may be implemented
based on the assessments  made:

       a.     Users and administrators should only be allowed  to log in to the file server from
             workstations which are  assigned to those users.   The operating system can be
             used to enforce  these logical network and physical workstation address limita-
             tions.

       b.     Passwords for all User-IDs should be changed at least every ninety days. This
             should be enforced by the network operating system.

       c.     LANs which are processing confidential information should not be  connected to
             the Agency internetwork.
      d.
Operating system GROUPS should be established which contain only the User-IDs
of users needing access to sensitive information.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.09                       Page 10 of 10


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual (Report No. 397/001). Research Triangle Park, NC: National
            Data Processing Division, Telecommunications Branch. (Location: Publications
            Technical Library).

      b.     U. S. Environmental Protection Agency. EPA LAN Operational Procedures and
            Standards Manual Volume  II:  Oracle for  Netware (Report No.  397/002).
            Research Triangle Park, NC: National Data Processing Division, Telecommunica-
            tions Branch. (Location: Publications Technical Library).

      c.     U. S. Environmental Protection Agency. (1989)   EPA  Information  Security
            Manual (Report No. 431/001).  Washington, DC:  Office of Information and
            Resources  Management,  Information Management  and  Services Division.
            (Location:  Publications Technical Library).

      d.     U. S. Environmental Protection Agency.  EPA Information Security Manual for
            Personal Computers.   Washington D.C.: Office of Information  Resources
            Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     LAN Change Management                                NO.    310.10

APPROVAL:  C\     \  /iLfl                                    DATE: J--/?-fy



1.0   PURPOSE

Hardware and software commonality must be maintained so that Local Area Networks (LANs)
can function effectively in the Agency's integrated network. This policy ensures that all changes
are managed in a timely  manner with minimum disruption to system performance.


2.0   SCOPE & APPLICABILITY

This  policy is applicable to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LAN's.


3.0   RESPONSD3ILITIES

NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LANs.

LAN System Administrators are responsible for planning, installing, and managing day-to-day
LAN operations and change management, as well as for coordinating activities with the NCC
LANSYS, DECSYS, and  NDPD Telecommunications  Department  support  groups and
appropriate vendors.


4.0   POLICY

The  central  LAN support group  and/or  the LAN  System  Administrator shall  carry out
established local management policies and procedures, including documentation requirements as
recommended in the LAN Operational Procedures and Standards Manual. These policies and
procedures shall be established through the appropriate EPA LAN Coordinator, in consultation
with  the cognizant ADP  Coordinator as required.


5.0   DEFINITIONS

Local Area Network (LAN):  A Local Area Network as defined for these policies is a system
within a given facility backbone comprising multiple devices connected directly to an Ethernet
or token-ring medium.

National LAN Application:  LAN applications are considered to be national if they meet the
following conditions:

      •    They  are  centrally  developed and distributed for local  execution at  multiple
            Agency sites or multiple offices at Agency Headquarters.

      •    They support integration of Agency data.

-------
NDFD OPERATIONAL DIRECTIVE NO. 310.10                          Page 2 of 3


       •    They provide information sharing among multiple offices and sites within EPA,
            with states and local governments, or with the public.

Extended LAN Facility (ELF):  An NDPD-approved LAN bridge or repeater subsystem which
joins two or more facility backbones to form a Metropolitan Area Network (MAN) between
facilities in a "campus" environment. All ELFs require NDPD approval under the TSR process.
ELFs are jointly funded by NDPD and the relevant user organization. ELFs are supported by
NDPD.


6.0    STANDARDS

       a.    The LAN System Administrator shall manage performance of change management
            activities and inform users of all major changes prior to their taking effect.  At
            a minimum, the  LAN System Administrator will maintain a simple log of all
            changes with the date and time of implementation.

       b.  '  The following  changes must be approved by NDPD  and tracked through the
            Telecommunications Service Request  (TSR) process  (see NDPD  Operational
            Directive 310.01, Local Area Network (LAN) Planning), or via Change Manage-
            ment for VAX LANs:

            (1)    Modifications or major upgrades to system software.

            (2)    Installs, upgrades,  and configuration  changes  in  the LAN operating
                   system, communications  gateways, repeaters,  LAN-to-LAN bridges,
                   routers, and other internetwork connections.

            (3)    Additions to or changes in connections to  a  facility backbone  and/or
                   Extended  LAN Facility.   That  is,  every change involving a backbone
                   hardware  address or symbolic name must be reported via a TSR.

            (4)    Changes in LAN wiring type.

            (5)    Changes in LAN System Administrator assignments.

            (6)    Any configuration changes exceeding the following limits:

                   •  200 total connections on a token-ring using Type-1 wiring.
                   •  50 total connections on a token-ring using Type-3  wiring.
                   •  10 connections on a single Farallon Phonenet Apple network unit.
                   •  20 connections on a single AppleTalk network.

            (7)    Modifications or major upgrades to a National LAN Application.

            (8)    Changes to LAN RDBMS system software. For example, installation of
                   a new RDBMS network protocol, or a new version of the RDBMS. This
                   does  not  include internal RDBMS changes such  as  reorganization or
                   expansion of data storage.

       c.    Proper notification will be given to affected individuals for any network outage
            resulting  from changes.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.10                        Page 3 of 3


7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. EPA LAN Operational Procedures and Standards
Manual (Report No. 397/001). Research Triangle Park, NC: National Data Processing Division,
Telecommunications Branch. (Location: Publications Technical Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     LAN Timeshare Accounting                              NO.    310.11
APPROVAL; jQ^ j j) u ^  /) hft                         DATE; g-H-
1.0   PURPOSE
OMB Circular A- 130 requires all Government agencies to establish and implement policies and
procedures to:
    a.    Account for the full cost of operating data processing facilities.
    b.    Allocate all costs to users according to the service they receive.
This policy ensures that these requirements are met.
2.0 SCOPE & APPLICABILITY
This policy is applicable  to all EPA organizations and their employees, and to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, operation, and maintenance of Agency LAN's.
3.0 RESPONSIBILITIES
NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modification and/or enhancement, and will provide technical support for all
Agency standard LAN's.
4.0 POLICY
NDPD will publish timeshare chargeback rates and collect timeshare charges as appropriate.
5.0 DEFINITIONS
None.
6.0 STANDARDS
None.
7.0 PROCEDURE REFERENCES
Not applicable.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Wiring and Optical Fiber Cabling for                       NO.    310.12
            Voice and Data Telecommunications
APPROVAL:                      I                                 DATE:   ..
1.0   PURPOSE

Adherence to this policy will ensure consistency in the selection and use of wiring and optical
fiber components at the National Computer Center and enable NDPD to provide appropriate and
necessary support to the NCC user community. The objectives of this policy are to:

   a. Ensure that all wiring acquisitions are consistent to facilitate EPA's ability to provide
      quality support to the NDPD user community.

   b. Provide a compatible environment for applications.

   c. Preserve the Agency's telecommunications network stability and performance.


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees, and to personnel  of
agents (including State agencies, contractors, and grantees) of EPA who are involved in the
design, development, acquisition, operation, and maintenance of the Agency  network at  EPA
locations.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement, and will annually review policies
for needed modification and/or enhancement.


4.0   POLICY

Only the Agency standard wiring listed in the Standards Section of this policy is supported by
NDPD.   Each user request for a wiring  medium  other than that  herein described will be
reviewed on a case-by-case  basis by the NDPD to determine compatibility and an appropriate
level of support. Requests must be submitted in writing to the Director, NDPD, under the TSR
process. The NDPD "Decision Paper" process will be used to document and determine the level
of support to be provided a  "new"  design.


5.0   DEFINrnONS

Balun:  A device used to convert coaxial cable to twisted pair wiring and twisted pair to coaxial.
Two types of baluns are used in EPA for passing 3270 signals over twisted pairs and Ethernet
signals over Type 1 Token-Ring  station wiring.

Coaxial  Cable:  Two-conductor,  concentric, constant impedance transmission  cable.

Station:  A single addressable device on a LAN.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.12                          Page 2 of 4
Thickwire: A Digital trademark used to describe its IEEE 802.3 compliant Ethernet cable used
for backbone wiring in LANs.
Thinwire: A Digital trademark used to describe its IEEE 802.3 compliant Ethernet cable used
for limited distance station wiring.
10BASET: The new IEEE 802.3-related 10 megabit/sec Ethernet wiring standard which utilizes
unshielded twisted pairs of designated maximum lengths for Ethernet station wiring.
AUI Cable:   A type of Ethernet cabling of a designated length used to connect an Ethernet
"station" to a backbone via a "transceiver."  (Also called a "transceiver cable.")
Transceiver:  A device attached to an  Ethernet backbone  which  allows a connection to an
Ethernet "station."
Twisted Pair:  Multiple-conductor cable whose component cables are paired together, twisted,
and enclosed within a single jacket.
Type 1:  An  IBM identifier used to describe its IEEE 802.5-compliant,  IBM, Teflon-coated,
shielded, twisted pair wiring.
Type 3:  An IBM identifier used to describe its IEEE 802.5-compliant, IBM,  four-pair,
unshielded, twisted pair.
6.0   STANDARDS
The following standards have been established for various wiring media:
    a. Vertical wiring for VOICE shall  consist of unshielded twisted pairs, as required.
    b. Station wiring for VOICE shall consist of unshielded twisted pairs, as required.
    c. Token-Ring vertical backbone wiring for DATA shall include 802.5 cabling consisting
      of IBM Type 1, Teflon™-coated,  shielded twisted pair, or optical cable as designated in
      the National Electrical Code:
      (1) Cable in plenums, ducts, and floor-to-floor risers will be Type CMP (copper cable).
      (2) Optical cables  in plenums, ducts, and floor-to-floor  risers will be Type OFNP.
      (3) "Standard" optical cable, nonplenum, will be Type OFC or OFN.
      EPA token ring backbones shall be constructed under 16 megabit/sec design rules, but
      operated at 4 megabit speeds unless approved for speedup by NDPD under the TSR pro-
      cess.   Contact LANSYS for details.
    d. Ethernet vertical backbone wiring for DATA shall include 802.3 thickwire cabling where
      user requirements  dictate an Ethernet facility.  This  cabling consists of Teflon-coated,
      standard Ethernet coaxial cable.  Ethernet LANs shall be constructed under standard 10
      megabit/sec design rules.  Contact DECSYS  for details.
    e. Vertical wiring for special needs (LDM circuits, terminal servers, etc.) shall consist of
      unshielded twisted  pair, Teflon-coated, as appropriate.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.12                          Page 3 of 4


   f.  Token-Ring station  wiring for DATA shall consist of IBM Type 1,  Teflon-coated,
       shielded twisted pair, Type 3, or optical cable run from wiring closets on each floor to
       each workstation as  designated in the National Electrical Code:

       (1) Cable in plenums, ducts, and floor-to-floor risers will be Type CMP (copper cable).

       (2) Optical cables in plenums, ducts, and floor-to-floor risers will be Type OFNP.

       (3) "Standard" optical cable, nonplenum, will be Type OFC or OFN.

       Type 3 supports up  to 4 MBPS; Type 2 up to 16 MBPS.  EPA token ring user LANS
       shall normally be constructed under 4 megabit/sec design rules.  However, if the user
       organization's SIRMO feels strongly that the network must operate at 16 megabits/sec,
       he or  she may request and fund an implementation under the TSR process for a  16
       megabit/sec user nng.

   g.  Ethernet station wiring for DATA shall consist of Type 3, four-pair, unshielded twisted
       pairs,  where connection  is required as a terminal through a terminal server, and 802.3
     •  thinwire coax cabling, twisted pairs under the IEEE 10 BASET standard where user
       requirements dictate a direct-connection to an Ethernet facility.  For direct connection
       to a thickwire Ethernet backbone, standard PVC or Teflon-coated Ethernet "transceiver-
       AUI" cables shall be used as appropriate.

   h.  Terminal to Async ASCII and 3270 services shall consist of one run Type 3, four-pair,
       unshielded twisted pairs from wiring closets on each floor to each workstation.  This
       wiring facilitates the use of one ASCII terminal and one 3270, balun-matched device per
       user location, or two of either terminal type.

   i.  All wiring will conform  to the applicable national and local electrical codes for "optical
       fiber cabling" and "computer/communications wiring."

   j.  In designated facilities, based on distance constraints of the LAN technology involved,
       an optical fiber system consisting of 62.S/12S micron, multimode optical fiber cabling
       and associated  patch equipment shall be  used  with  appropriate cable coatings  and
       connectors.


7.0    PROCEDURE REFERENCE

   a.  In general, the above standards are based on the Electrical Industries Association (EIA)
       building wiring work group,  TR 41.8.1 standards proposals now before EIA and ANSI
       for final approval.  Users slrould consult the final standard for more details. The latest
       National Electrical Code designates:

       (1)    Cable types in plenums, ducts,  and floor-to-floor risers will  be Type CMP
              (copper cable).

       (2)    Optical cables in plenums, ducts, and floor-to-floor risers will be Type OFNP.

       (3)    "Standard" optical cable, nonplenum, will be Type OFC  or OFN.

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.12                        Page 4 of 4


   b. U. S. Environmental Protection Agency.   EPA LAN Operational Procedures and
      Standards Manual (Report No. 397/001). Research Triangle Park, NC: National Data
      Processing Division, Telecommunications Branch.  (Location: Publications Technical
      Library).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     Use of Remote Access to EPA LANs                       NO.    310.13

APPROVAL:                                                       DATE=  f.
1.0   PURPOSE

This policy outlines the supported and unsupported use of remote access to EPA Local Area
Networks (LANs).  Access is provided in three ways:

      •     LAN dial-in capabilities.

      •     EPA campus Wide Area Networks (WANs)

      •     EPA Extended LAN Facility (ELF).


2.0   SCOPE & APPLICABILITY

This policy is applicable to all EPA organizations and their employees, and  to personnel of
agents (including State agencies, contractors, and grantees) of EPA who are involved in access,
design, development, acquisition, installation, operation, and maintenance of Agency LANs and
LAN-based applications.


3.0   RESPONSIBILITIES

NDPD is responsible for policy maintenance and enforcement.  NDPD will annually review
policies for needed modifications and/or enhancement, and will provide technical support for all
Agency standard LANs.

LAN System Administrators are responsible for planning, installing, and managing day-to-day
operations for the LAN, as well as for coordinating activities with NDPD, LANSYS, DECSYS,
and vendors as appropriate.


4.0   POLICY

4.1   BACKGROUND

The user friendly PC software that runs on local LANs/PCs has been very successful in bringing
information processing to the desktop.  As a result, many in the EPA community would like to
move as many applications as possible to the LAN/PC platform. Unfortunately, in some cases,
this impetus to move all applications to LANs does not consider the fact that LANs are most
appropriate for applications being delivered to users who are connected "locally" to a file server
housing  the applications.

If many  users of a proposed application are remote from the LAN file server (i.e., not connected
to a LAN to which the file server is connected), a LAN may not be the appropriate platform on
which to deliver the application.  Neither EPA's wide area network nor LAN dial-in can provide
adequate performance and stability to support remote users  of conventional (non-client-server)
LAN applications in the next 2 to 5 years. With a conventional LAN application, the entire
program, and often the entire data base,  must travel over the slow speed wide area network.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 310.13                           Page 2 of 4


 Emerging client server technology and Structured Query Language (SQL) mainframe links offer
 new opportunities for designing and implementing applications which may provide satisfactory
 performance  and  stability  for  remote  LAN users  within the  LAN/WAN environment.
 Applications design must focus  on the appropriateness of current EPA infrastructure as the
 delivery vehicle for that application.


 4.2    POLICY

 LANs are intended primarily to  deliver applications to  clients who are locally (directly)
 connected to the file server housing the applications.  The Standards section of this policy
 delineates supported and unsupported remote LAN access. It provides guidance as to where and
 when remote access can be supported within the Agency LAN/WAN network in the next 2 to
 5 years.   NDPD has no commitment to provide robustness or performance for  unsupported
 remote use. If unsupported remote LAN access adversely affects supported LAN uses, the client
 may be asked to remove that application from the network.


 5.0    DEFINITIONS

 Campus WAN:  A network  of connected local rings at each Novell site.

 Client/Server Application: An application in which the work is divided between the client and
 the server. That is, much of the  data base application actually runs on the server, and only the
 "answer" is sent over the LAN wire.  The client application can be stored "remotely" on the
 local server.  Examples of client server development platforms are Notes and Oracle.

 Conventional Application: An application developed with such conventional software as dBASE,
 Clipper, Foxbase, and LOTUS.  Conventional applications execute on the client's workstation,
 with the LAN server functioning as a large,  central, hard disk on which the data base and
 application are stored.  Since the "computing"  is actually done by the workstation, the applica-
 tion and data base (or its indexes) must be sent over the LAN wire to the workstation whenever
 the client uses them.

 Local Connection:  Direct connection of a LAN workstation to the local backbone ring.  "Local"
 workstations are in the same (or adjacent) building as the LAN file server, are connected at full
 LAN speed, and permit clients to work equally well  on any server to which they are locally
 connected.

 Remote Connection: Connection of a workstation and LAN file server by means of a telephone
 line.  "Remote" workstations are not directly connected to the local backbone ring and utilize
 either LAN dial-in  capabilities'or a WAN.

 Local Area Network (LAN):  A  Local Area Network as defined for these policies is a system
 within a given facility backbone comprising multiple devices connected directly to an Ethernet
 or token-ring medium.

 Extended LAN Facility (ELF): The EPA Wide Area Network providing IPX/SPX connectivity
between the facility backbones at RTP, HQ, and the Regional Offices.

LAN RDBMS Server:   A relational data base  management system server deployed on a LAN
and accessed by LAN clients.  Agency standard LAN RDBMS servers are Oracle on Netware
 servers and Oracle  on Unix  servers.

-------
 NDPD OPERATIONAL DIRECTIVE NO. 310.13                          Page 3 of 4


 Value Added Backbone Services (VABS):  A centrally managed platform which allows services
 that are common to all Novell LANs connected to a backbone to be consolidated into one system
 and centrally managed.  VABS are provided by NDPD and jointly managed by NDPD and the
 region, at each regional office, EPA Headquarters, Cincinnati, NEIC and the NCC.  VABS
 currently include file backup, communications, software distribution, software repository, and
 limited application and data file storage. VABS are the platform for delivery of National LAN
 Applications.


 6.0   STANDARDS

 6.1    LAN DIAL-IN ACCESS

 LAN dial-in capability is intended strictly for limited use by Agency staff and their agents.
 Supported use includes the following:

       •     Casual home use of the LAN by clients who normally work on that LAN.

       •     Transference of files to and from a remote site so that the files can be worked on
             remotely with local copies of software and then retransmitted when complete.

 Examples of unsupported use are as follows:

       •     Critical activities.

       •     State access to EPA LAN-based systems.

       •     Public access.

       •     Reliable offsite access  for interactive use or data input/retrieval.


 6.2   CAMPUS WANS

 At each EPA campus, the local rings are interconnected with bridges into a "Campus" wide area
 network.  Since this campus WAN contains links that involve a slow speed telecommunications
 line, the entire campus network no longer  runs at LAN speed.  Campus WANs contain slow-
 speed telecommunications links and  provide considerably less performance than is available
 through a direct local LAN attachment. A client  separated from the application server by a
 slow-speed link is considered a remote client. Such remote access can only provide adequate
 performance for certain limited uses.

 Campus WANs are not supported for routine, heavy use to  provide access  to conventional
 applications. Well designed client server applications should function adequately in the campus
 WAN environment.


 6.3   EXTENDED LAN FACILITY (ELF)

 When operational, the Agency ELF will provide low-speed connections among Value Added
 Backbone Servers (VABS) and Novell Access Servers.  This ELF will not provide direct access
 to any other servers except as approved under the Telecommunications Service Request (TSR)
process.   All  applications which depend upon use of the ELF, including client server
applications, must be approved through the National LAN Application Approval Process (See
NDPD Operational Directive 310.14).  Expected support includes the following:

-------
NDPD OPERATIONAL DIRECTIVE NO. 310.13                          Page 4 of 4

      •    File transfer (via LAN Postman, for example).
      •    Some SQL access to RDBMS servers at another site.  (SQL client/server access
            will not be supported until it has been thoroughly tested.)
      •    Limited remote logon to an access server at another site (password required).
            The access server will support direct remote server access for such tasks as
            executing programs.   However, since access server ports are a very limited
            resource, access through this technique will be restricted.
      •    Non-interactive store and forward message based traffic (for example,  CC Mail
            post-office to post-office communication).
      •    Distribution  of data  by selective  replication  processes, within bandwidth
            constraints (for example, replicating Notes or Oracle data bases).
Use of the Agency ELF will not be supported for the following:
      •    Program loading or conventional data base access.
      •    Applications which require mapping drives across the ELF.
                                                      *
7.0   PROCEDURE REFERENCES
      a.    U. S. Environmental Protection Agency.  EPA LAN Operational Procedures and
            Standards Manual (Report No. 397/001). Research Triangle Park, NC: Natipnal
            Data Processing Division, Telecommunications Branch. (Location: Publications
            Technical Library).
      b.    U. S. Environmental Protection Agency.  EPA LAN Operational Procedures and
            Standards  Manual Volume II:  Oracle  for  Netware (Report No.  397/002).
            Research Triangle Park, NC: National Data Processing Division, Telecommunica-
            tions Branch. (Location: Publications Technical Library).
      c.    NDPD Operational Directive 130. JO, RDBMS Platform Selection Techniques, and
            NDPD Operational Directive 130.11, SQL Programming Techniques.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Email Usage Guidelines                             NO.    320.01

APPROVAL;  &&M*-/<~('	DATE:  7/y/fe,
                           ' ••**.-


1.0   PURPOSE

The EPA Email Usage Guidelines Policy establishes the following course of action pertaining
to electronic mail:

      a.    Purpose of Email.

      b.    Justification.


2.0   SCOPE & APPLICABILITY

This policy applies  to EPA Email customers and all NDPD and contractor staff personnel
responsible for  the management, operation, and support of the EPA Email system.

Any deviation from  this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.

The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.


4.0   POLICY

The EPA Email System provides reliable, rapid, and accurate transfer of messages to members
of the EPA community.  It also provides facilities for the online storage and access of
documentation  that  is of interest to the EPA community or specific segments  of the EPA
community.  The  EPA  Email System must also provide message  exchange with other
government agencies and scientific and business communities concerning official EPA business
only.

      a.    The EPA Email system may only be used for the purpose of conducting legitimate
            Agency business.

      b.    The EPA  Email  system will not be used  to transmit or store confidential or
            sensitive materials. Official  signatures cannot be transmitted via Email.

      c.    The EPA Email system will be used to transmit memos, letters, documents, and
            other  correspondence materials of relatively short length where expedited delivery
            is important.

      d.    The EPA Email system will be used to facilitate work group communication and
            productivity tools whenever possible  through the use  of bulletin  boards,
            distribution lists,  on-line text storage, and other EPA purchased or commercially
            available services (e.g., OAG).

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.01                          Page 2 of 2


       e.     The EPA Email system may not be used to generate and send messages by EPA
             vendors  or contractors for the express purpose of marketing any products  or
             services to the EPA customer community.  In order to use the EPA Email system
             for product announcements, feature releases, briefings, and/or classes, vendors
             must:

                   •      Have a current contract in  place with EPA to sell services  or
                          equipment.

                   •      Relate announcements to a product  or service that EPA already
                          uses, a replacement, or upgrade for that product or service.

                   •      Distribute the Email messages only to those (distribution list) who
                          have expressed a desire to receive the information.

                   •      Delete entries on their distribution lists as soon as notified.

                   •      Update the distribution list no less than once a year so that people
                          can sign up for the groups in which  they have an interest.


5.0    DEFINITIONS

None.


6.0    STANDARDS

Refer to the following for more information about standards:

       •     Directive 320.02: EPA Email Customer Registration

       •     Directive 320.03: EPA Email Security

       •     Directive 320.07: EPA Email Additional Services

       •     Directive 320.13: EPA Email Connectivity Standards


7.0    PROCEDURE REFERENCES

       a.     U. S. Environmental Protection Agency.   (1993) ALL-IN-1  Administrative
             Procedures (Report  502/001) Research Triangle  Park,  NC:   National Data
             Processing Division.  (Location:   Publications Technical Library)

       b.     U. S. Environmental  Protection Agency. (1991) ALL-IN-1 Technical Reference
             Guide (Report 474/001) Research Triangle Park, NC:  National Data Processing
             Division.  (Location:  Publications Technical Library)

       c.     U. S. Environmental  Protection Agency. (1992) Guide to NCC Services: Email
             Guide.   Research  Triangle Park, NC:  National Data  Processing  Division.
             (Available through Customer Support)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Email Customer Registration                          NO.    320.02
             ; ff
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.02                          Page 2 of 3


       c.     Two types of mailboxes are available for assignment:

             •     Individual Mailboxes.  An individual mailbox will be  issued by the
                   NDPD Email Support Group to the requestor for the new mailbox owner.
                   The mailbox owner is  responsible  for all activities  attributed to the
                   mailbox.  Each individual mailbox will be initialized with all Basic Mail
                   service and issued with an initial password.

             •     Group Mailboxes.  A group mailbox will be issued by the NDPD Email
                   Support Group in  special cases to meet the specific  needs of defined
                   groups where access to a mailbox is required by more than one customer.
                   Group mailboxes will be discouraged at the time accounts are requested.
                   The security implications will be explained to the requestor prior to
                   issuing a mailbox number. A registered owner is required for each group
                   mailbox.  The registered owner is the point of contact for all communica-
                   tion with the NDPD Email Support Group regarding the management and
                   use of the group mailbox.  The registered owner is responsible for all
                   activities attributed  to the group mailbox.   Each group mailbox will be
                   initialized with the Basic Mail service.  The requestor/owner of a group
                   mailbox must execute a "statement of acceptance of risk" to indicate that
                   he/she is aware of the insecure nature of this arrangement.

       d.     The initial password issued for individual and group mailboxes  must  be changed
             by the registered owner the first time the mailbox is accessed. The registered
             owner of a group mailbox is responsible for maintaining the confidentiality of the
             password among the defined group.

       e.     Mailboxes that  have  not  been accessed  for an  extended  period of time are
             considered inactive and will be deleted.

       f.     The mailbox-ID's of customers terminating employment will be deleted from the
             system or reassigned.

       g.     The Email Coordinator will send all approved changes required in the EPA Email
             directory to the NDPD Email Support Group.

       h.     The NDPD Email Support Group will be responsible for deleting and  reassigning
             mailboxes.

       i.     System utilization will be recorded  for each  mailbox.

       j.     The EPA Email'Support Group will provide a monthly  report to the EPA Email
             Technical Monitor on the number and status of Email registration requests.


5.0    DEFINITIONS

NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email  system.

The Email  Coordinator is the person in a Program Office or Region who is responsible for
coordinating the messaging activities within  his/her assigned group.

The Email Technical Monitor is the NDPD individual who is responsible for managing the EPA
Email system.

-------
NDPD OPERATIONAL DIRECETIVE NO. 320.02                        Page 3 of 3

6.0   STANDARDS
Turnaround time for an Email system mailbox registration will be 24 hours from the time the
approved request was submitted to the NDPD Email Support Group.
Individual or group mailbox passwords must be changed at least every 90 days.
Mailboxes that have not been accessed for 1 year are considered inactive and will be removed
from the system.
Refer to the following for more information about standards:
      •     Directive 320.01:  EPA Email Usage Guidelines
      •     Directive 320.03:  EPA Email Security
      •     Directive 320.05:  EPA Email Customer Notification
      •     Directive 320.07:  EPA Email Additional Services

7.0   PROCEDURE REFERENCE
U. S. Environmental Protection  Agency.  (1993) ALL-IN-1 Administrative Procedures (Report
502/001) Research Triangle  Park,  NC:   National  Data Processing Division.   (Location:
Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     EPA Email Security                                     NO.    320.03
APPROVAL: $#.•&£. ^Jlf^-0                                DATE: 7//f/fj
1.0   PURPOSE
The EPA Email System Security Policy establishes the following course of action pertaining to
electronic mail:
      a.    Security objectives.
      b.    Security facilities and requirements.
      c.    Security responsibilities.
      d.    Security enforcement requirements.
2.0   SCOPE & APPLICABILITY
This policy applies to the EPA Email customer community and to NDPD and contractor staff
personnel responsible for the management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.

3.0   RESPONSIBILITIES
The EPA Email Primary Support Contractor (PSC) will develop, update, and monitor procedures
to implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
The EPA Email customer community will rely on the  terms of this policy to protect their
resources.
NDPD will conform to the requirements of statutes, oversight Agency publications, and OIRM
directives in administering security on the EPA Email system.
4.0   POLICY
      a.    The  EPA Email system will not be  used to transmit  or store confidential,
            sensitive, or proprietary information.
      b.    The  NDPD Email Support Group  will initialize each individual mailbox and
            group mailbox with an initial password. The password must be changed the first
            time the system is accessed.
      c.    Passwords must be kept confidential and changed periodically.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.03                          Page 2 of 2


       d.     The NDPD Email Support Group can reset a password for the owner  of an
             individual mailbox.  In the case of a group box, the request must be from the
             registered owner.

       e.     The EPA Email contractor shall limit physical access to the processor complex
             and peripherals to authorized contractor personnel requiring  such access in the
             normal course of their duties.

       f.     Mailbox messages will be readable by the individual mailbox owner or the group
             mailbox  customers only.   System management functions (required to operate,
             support, and maintain the system) shall avoid/restrict access to mailbox messages.

       g.     Group mailboxes are  set  up to service multiple customers; this means the
             password is shared.  Group mailboxes do not comply with Office of Management
             and Budget (OMB) computer security policy.  The requestor/owner of a group
             mailbox  must execute a  statement of acceptance of risk" to indicate that he/she
             is aware of the insecure nature of this arrangement.

       h.     Changes and deletions to the Email Directory must be submitted by the mailbox
             owner or the appropriate Email Coordinator.

       i.     The EPA Email system will provide the capability to automatically log a customer
             off after a defined period  of system inactivity.  The length of  this period is
             defined and controlled by the EPA Email Technical Monitor.

      j.     Use of the Email system is restricted to official EPA business only.


5.0    DEFINITIONS

NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.


6.0    STANDARDS

Passwords must be changed at least every 90 days.

Refer to the following for more information about standards:

       •     Directive 320.01: EPA Email Usage Guidelines

       o     Directive 320.02: EPA Email Customer Registration


7.0    PROCEDURE REFERENCE

U. S. Environmental Protection Agency.  (1993) ALL-IN-1 Administrative Procedures (Report
502/001) Research Triangle  Park, NC:   National Data Processing Division.  (Location:
Publications Technical Library)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Email Problem Resolution                            NO.    320.04

APPROVAL:
 EPA Email Problem Resolution                           NO.    320.04
  Jni'  • ft *? •"•    f. f  /*)
:  WsUf^ftv-^'s'-'J                                DATE: ?//&/?3
1.0   PURPOSE
The EPA Email Problem Resolution Policy establishes the following course of action pertaining
to electronic mail:

      a.     Problem resolution objectives.

      b.     Problem resolution responsibilities.

      c.     Problem tracking and reporting requirements.

      d.     Customer notification requirements and responsibilities.

      e.     Management notification requirements and responsibilities.


2.0   SCOPE & APPLICABILITY

This policy applies to the EPA Email customer community and to all NDPD and contractor staff
personnel responsible for the management, operation, and support of the EPA Email system.

Any deviation from  this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and monitor procedures to
implement this policy.

The EPA PSC will adhere  to  NDPD policies and  procedures to ensure that problems are
resolved expeditiously.


4.0   POLICY

      a.     The NDPD Email Support Group will strive to resolve problems with the EPA
             Email system  as soon as possible after identification  in  order to provide the best
             possible level  of service to the customer community.

      b.     The EPA Email Customer Support Group will serve as the point of contact for
             reporting,  tracking,  and  resolving  customer-reported Email problems.   The
             Customer  Support Group  staff  will forward all problems which they cannot
             resolve  to the appropriate EPA Primary Support  Contractor technical staff.
             Customers may not  call the EPA Email contractor technical  staff directly to
             obtain assistance.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.04                         Page 2 of 3


       c.     The Email Support Group will immediately notify the Email Technical Monitor
             of any critical problem where service is affected or data may be lost. Status of
             all reported problems is continuously available to the EPA Email Technical
             Monitor through the online Problem Management Reporting System.

       d.     Customers reporting problems will be periodically called or sent Email keeping
             them aware of the status and progress of their problem resolution.

       e.     The NDPD Email Support Group will post messages  on the Email System to
             notify customers of system problems. The messages will be posted on the EPA
             Email banner page.

       f.     All problems reported to the NDPD Email Support Group will be entered into the
             Problem Management System by close of business on the day the  problem was
             reported.

       g.     Problems  encountered with the EPA Email system  will  be  categorized and
             reported according to the list  of problem codes approved by the EPA  Email
             Technical  Monitor.  A weekly report of all open Email problems will be sent to
             the EPA Email Technical Monitor and the Program Management Support Branch
             Chief.

       h.     The NDPD Email Support Group will submit a monthly report to the EPA Email
             Technical  Monitor identifying  the number, nature, and status of  the problems
             addressed  during the reporting period.

       i.     The Director of NDPD will be immediately notified by the EPA Email Technical
             Monitor of any data loss experienced by the EPA Email customer  community.


5.0    DEFINITIONS

NDPD Email Support Group includes any and all personnel used in the support,  management,
or operation of the EPA Email system.


6.0    STANDARDS

Customers reporting problems will be called within 24 hours, excluding weekends  and holidays,
to advise them of the problem status.

No problems will be allowed to go without management attention for more than 48 hours.

Refer to the following for more information about standards:

       •     Directive 320.05: EPA Email  Customer Notification

       •     Directive 320.08: EPA Email  Report Generation

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.04                        Page 3 of 3


7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency.  (1991) Centralized Problem Management System
Workshop (Report 357/011) Research Triangle Park, NC: National Data Processing Division.
(Location: Publications Technical Library)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVE MANUAL
TITLE:      EPA Email Customer Notification                          NO.    320.05
APPROVAL: f&tojl* '-•:.                                         DATE: 7//6/?3

1.0   PURPOSE
The  EPA Email Customer Notification Policy  establishes the  following course  of action
pertaining to electronic mail:
      a.     Customer notification responsibilities.
      b.     Customer notification objectives.
      c.     Customer notification methods.
2.0   SCOPE &  APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA  Email system.
Any  deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The EPA Primary  Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email customer notification procedures.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0   POLICY
The  Email Technical Monitor is responsible for defining the methods of assuring customer
notification for events that affect the Email System. The Email Technical Monitor will direct the
Email Primary Support Contractor to implement procedures that will assure complete, adequate,
and timely customer notification concerning any events that will impact customers of the Email
system.  The  Email Technical Monitor will  determine  the most  appropriate  method for
communicating with the customer (e.g., banner, bulletin boards, videotex!, Email, reports,  or
letters). The events that need to be considered for notice include,  but are not limited to:
      •      System maintenance  schedules.
      •      System modifications or enhancements.
      •      Unscheduled system  stops or performance degradation.
      •      Changes in system resource availability.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.05                         Page 2 of 2

      •     Changes in system response  time in excess of the specified service level for
            extended periods.
      •     Verification of action requests, (e.g., additions, deletions, changes) received from
            the Email Coordinators.

5.0   DEFINITIONS
None.
6.0   STANDARDS
Refer to the following for more information about standards:
      •     Directive 320.02: EPA Email Customer Registration
      •     Directive 320.04: EPA Email Problem Resolution
      •     Directive 320. IS: EPA Email Operations
7.0   PROCEDURE REFERENCES
      a.     U. S. Environmental  Protection  Agency.   (1993) ALL-IN-1 Administrative
            Procedures  (Report 502/001) Research Triangle  Park, NC:  National  Data
            Processing Division.  (Location:  Publications Technical Library)
      b.     U. S. Environmental  Protection Agency,  (pending) ALL-IN-1  Management
            Guide (written  under contract with TPMC) Research  Triangle Park,  NC:
            National Data Processing Division. (Location: EPA Technical Monitor)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Email Education and Training                         NO.    320.06

APPROVAL:  &ftv££. if*--ie-«*                                  DATE:
1.0   PURPOSE

The EPA Email Education and Training Policy establishes the following course of action
pertaining to electronic mail:

      a.    Coordination of education and training.

      b.    Responsibility for education and training.

      c.    Creation and storage of education and training documentation.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.

The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.


4.0   POLICY

      a.    The NDPD  Email Support Group will coordinate all  central  Email system
            training, including network access  methods and wqrdprocessing interface.
            Information Centers (ICs) will be responsible for providing local Email  training.

      b.    The EPA Email Primary Support  Contractor  will provide Email  system
            documentation oh all products and services available through the Email system.

      c.    The NDPD Email Support Group  will develop all customized documentation for
            the EPA Email system. An EPA Email Technical Reference Guide, documenting
            functions and features of the Email system will be maintained and available to all
            users.

      d.    All Email  documentation will be distributed through the NDPD Email Support
            Group and/or Information Centers.

      e.    Whenever possible  and appropriate, technical   documentation,  educational
            materials, and other Email supporting documentation will be stored and accessed
            electronically. The master and electronic copies of documents will be kept up to
            date in a timely and synchronous manner to assure that both  copies are current.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.06                         Page 2 of 2

5.0   DEFINITIONS
NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.

6.0   STANDARDS
An Email usage hint will be displayed in the banner, and the hint will be changed weekly.
On-line HELP and HINTS are maintained, with changes documented within 1 week of change.
Training is provided at EPA's direction.  Course evaluations are 4.5 or higher on a 5.0 scale.
Email Reference Guide is updated at least quarterly and will have a 99 percent accuracy level.
7.0   PROCEDURE REFERENCE
U. S. Environmental Protection Agency. Email Training Procedures (pending) Research Triangle
Park, NC: National Data Processing Division. (Being written by Customer Support)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     EPA Email Additional Services                           NO.    320.07
APPROVAL;  fiaJLg. %'<*£/*$	DATE: 7//6fy 3

1.0   PURPOSE
The EPA Email Additional Services Policy establishes the following course of action pertaining
to electronic mail:
      a.    Videotext.
            •    Definition of videotex!.
            •    Creation and maintenance of videotex!.
            •    Deletion of old items.
      b.    Bulletin Boards.
            •    Definition of bulletin boards.
            •    Creation and maintenance of bulletin boards.
            •    Deletion of old items.
      c.    Distribution Lists.
            •    Definition of distribution lists.
            •    Creation and maintenance of distribution lists.
            •    Deletion of old items.
      d.    Banner Broadcast.
            •    Definition of banner broadcast.
            •    Creation of banner broadcasts.
            •    Deletion of banner broadcasts.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy  must be approved in writing  by the Director of NDPD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.07                           Page 2 of 3


3.0    RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.

The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on EPA Email additional services.


4.0    POLICY

       a.     Videotext.

             •      Videotext is an efficient method of storing and accessing text related
                    material that must be available to  a large number of customers (e.g.,
                    NDPD operation  policies will be  stored in  videotex!, including these
                    policy  statements).   Use of videotex! entries is restricted  to official
                    Agency business  use only.   Requests for new VTX entries will  be
                    reviewed by the EPA Email Technical  Monitor.

             •      Videotext applications will be initialized by Email Support Staff and will
                    be updated and maintained by the customer.

             •      Videotext applications will be monitored periodically.  At least annually,
                    the owner of the videotex! will be contacted to determine if there is a
                    current need for the topic or a policy reason to retain the videotex! entry.
                    If  the owner has  no need for continued use of the files, they will  be
                    deleted.

       b.     Bulletin Boards.

             •      Bulletin Boards are an  efficient method for posting notes for all  Email
                    users or a specific private audience.  A bulletin board should be used
                    when messages are frequently exchanged among group members. Bulletin
                    board entries require no prior approval, but use of bulletin boards  is
                    restricted to official Agency business use only.

             •      Bulletin board applications will be initialized by the Email Support Group,
                    and will be updated and maintained by the customer.

             •      Annually the manager of each inactive bulletin board will be queried to
                    determine if the bulletin board is still required.  If the bulletin board is no
                    longer required, it will be deleted.

       c.     Distribution Lists.

             •      Distribution lists are an effective method of providing group routing and
                    messaging to a specific set of individuals.

             •      Most distribution lists are created and maintained by individual customers.
                    Some lists which are Agencywide or have general applicability to multiple
                    customers, such as lists of ADP Coordinators, Email Coordinators, Senior
                    Information  Resource  Management Officers (SIRMO),  etc.  may  be
                    submitted to and will be installed and updated as system distribution lists
                    by the Email Support Staff.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.07                         Page 3 of 3


             •     At least annually,  the owner of the system  distribution lists will  be
                   contacted to determine if there is a current need for the list(s) and to
                   verify that the list is correct.  If the owner has no need for continued use
                   of the list(s), it will be deleted.

       d.     Banner Broadcasts.

             •     Banner broadcasts appear each time an Email customer signs on to the
                   system.  Banner broadcasts are an effective means of providing limited
                   information to a wide audience for  a  specific length  of  time  (e.g.,
                   upcoming events or temporary conditions). There is a limit to the number
                   of broadcasts that may be displayed at any one time and the EPA Email
                   Technical Monitor will review each request for banner broadcasts.

             •     Banner broadcasts  will be initiated and  updated by the  Email Support
                   Group.

             •     Banner broadcasts  will be deleted  after the need for the message has
                   passed.


5.0    DEFINITIONS

NDPD Email Support Group includes any and all personnel used in the support, management,
or operation of the EPA Email system.


6.0    STANDARDS

All banners are carefully reviewed to ensure correct spelling and grammar.

Refer to the following for more information about standards:

       •     Directive 320.05:  EPA Email Customer Notification


7.0    PROCEDURE REFERENCE

       a.     U. S. Environmental Protection  Agency.   (1993)  ALL-IN-1  Administrative
             Procedures (Report 502/001) Research Triangle Park,  NC:  National  Data
             Processing Division.  (Location:  Publications Technical Library)
      b.
U. S. Environmental Protection Agency,   (pending) ALL-IN-1 Management
Guide (written under contract with  TPMC)  Research  Triangle Park, NC:
National Data Processing Division.  (Location:  EPA Technical Monitor)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Email Report Generation                             NO.    320.08

APPROVAL:  jg&f?-:\'i.^'''Jl  v                                DATE: 7//l>/?3
1.0   PURPOSE

The EPA Email Report Generation Policy establishes the following course of action pertaining
to electronic mail:

      a.     Purpose of reports.

      b.     Generation of reports.

      c.     Distribution of reports.

      d.     Definition and modification of report contents.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.

Any deviation from  this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.

The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes  that might have an adverse impact on the EPA Email report generation.

The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.


4.0   POLICY

      a.     Email reports are used to ensure that policy and procedures are  followed by
             measuring the results of specific activities. Email reports are used to check the
             accuracy of data supplied by the system, measure operational service levels and
             resource  utilization, verify administrative activities,  and aid  management in
             making decisions about planning and operating the system.

      b.     Email reports will be generated as often as required to assist the Email Technical
             Monitor,  Primary Support  Contractor, Customer Representatives, and Email
             Coordinators to carry out their duties.  The schedule for each report will be
             determined by the Email Technical Monitor.  An audit will be performed, at least
             annually, to determine that the period of the reports and the information contained
             on them is valid and useful in  operating the Email system. Reports not meeting
             this criteria will be modified, made inactive, or deleted from the reporting
             system.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.08                         Page 2 of 2


      c.    Email reports will be distributed in a manner to conserve resources. Electronic
            routing of reports is preferred to printing.

      d.    Additions or changes to existing Email  reports may be requested  through the
            Email Technical Monitor. Permanent additions or changes to Email reports will
            be evaluated and approved/disapproved by the Email Technical Monitor and the
            necessary changes carried out by the Email PSC.


5.0   DEFINITIONS

Email reporting consists of operational, administrative, management, and customer services
reporting.


6.0   STANDARDS

Monthly and quarterly reports will be available for distribution 7 working days after the end of
the report penod.


7.0   PROCEDURE REFERENCE

U. S. Environmental  Protection Agency.  VAX Email Systems  Reports Package  (pending)
Research Triangle Park, NC:  National Data Processing Division. (Internal documentation for
DEC Technical Services Group.)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     EPA Email System Management                           NO.    320.09
APPROVAL:   $£• •-?:'.. i,'.,v-     • x                                 DATE:
1.0   PURPOSE
The EPA Email System Management Policy establishes the following course of action pertaining
to electronic mail:
      a.     Objectives for managing the system.
      b.     Functions to be managed to meet the objectives.
      c.     Responsibilities for system management, administration, operation, and customer
             support.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD  and contractor staff personnel responsible for providing
management, operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.

3.0   RESPONSIBILITIES
The EPA Email Technical Monitor  will coordinate Agency wide use of the EPA Email system,
establish usage standards, provide overall operations monitoring and control, and manage all
aspects of the  Email system.
The Email Coordinators will coordinate all EPA Email activities within their organizations.
The Primary Support Contractor will establish an NDPD Email Support Group. The group will:
      a.     Provide general technical support.
      b.     Coordinate all EPA Email system training.
      c.     Perform all EPA  Email system management and administrative functions.
      d.     Provide administrative support to the EPA Email Technical Monitor.
4.0   POLICY
      a.     The EPA Email system will be managed in a manner to provide a cost-effective,
             reliable, available, and accessible service to the EPA Email customer community.
      b.     The EPA Email system will be managed to meet the service levels defined in the
             Standards section of Directive No.  320.15, EPA Email System Operations.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.09                          Page 2 of 2


       c.     While the organizational structure of the NDPD and the supporting contractors
             may change from time to time, the  following major areas of responsibility will
             be managed:

             (1)    Email System Customer Services.
             (2)    Email System Administration.
             (3)    Email System Management.
             (4)    Email System Operations.


5.0    DEFINITIONS

Customer Services:  Includes any activity that involves direct interface with a customer, such
as training, documentation requests, problem reporting,  tracking, and resolution,  including
creating directory entries and distribution lists, as requested.

Administration:  Includes reporting on activities necessary to operate and maintain the services.

Management:   Must consider  the process  of planning and operating the  Email system and
delivering services to the customers.  Management must be concerned with providing sufficient
resources to operate the system, measuring customer satisfaction, providing needed features, and
setting standards for operating in a multi-vendor environment.

Operation:  Must consider aspects such as system testing, evaluation, installation, operation,
maintenance, and archiving.

NDPD Email Support Group:   Includes any and all  Primary Support Contractor  personnel
defined above who are involved in  the support, management, or operation  of the EPA  Email
system.


6.0    STANDARDS

Refer to the following for more information about standards:

       •     Directive 320.02: EPA Email Customer Registration

       •     Directive 320.07: EPA Email Additional Services

       •     Directive 320.08: EPA Email Report Generation

       •     Directive 320.15: EPA Email System Operations


7.0    PROCEDURE REFERENCE

       a.     U. S. Environmental Protection  Agency,  (pending)  ALL-IN-1  Management
             Guide (written  under contract with  TPMC) Research  Triangle Park,  NC:
             National Data Processing  Division.  (Location: EPA Technical Monitor)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Email Configuration Management                      NO.    320.10

APPROVAL:  $^J<.;  £; jU J                                   DATE:  7//4/9J
1.0   PURPOSE

The EPA Email System Management Policy establishes the following course of action pertaining
to electronic mail:

      a.     Requirements for operating the Email system.

      b.     Measuring current workload.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.

Any deviation from  this policy must be approved in  writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.

The EPA PSC will advise the EPA Email Technical  Monitor of potential problems and system
changes  that might have an adverse impact on the EPA Email system configuration.

The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.


4.0   POLICY

      a.     Email system  configuration will  be fully documented  and  updated  at least
             quarterly to maintain accuracy.

      b.     In order to provide effective and efficient service to the EPA Email customers the
             Email Technical Monitor will monitor resource utilization on a periodic basis, but
             not less than quarterly, and set thresholds for  critical  evaluation in order to
             identify trends that indicate more resources need to be acquired, or resources may
             be released or their use modified.

             •     Resource utilization should include, but  is not limited to data  storage,
                   processing  capacity, communications capabilities, message traffic, and
                   additional services utilization.

             •     Trend analysis reports should include a historical perspective as well as
                   a narrative description of the effective causes and their duration.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.10                         Page 2 of 2


       c.     The EPA Email system will be managed to conserve disk storage.  Disk storage
             use will be  monitored and evaluated periodically, but at least twice a year.
             Messages  that have been processed by the customer (read, sent,  etc.) will be
             marked and deleted periodically.

       d.     Communications are response time based.  Every effort will be made to minimize
             reponse time to the customer. Responsive and efficient communications methods
             will be selected and used.

5.0    DEFINITIONS

None.


6.0    STANDARDS

Every two weeks Read messages marked more than 30 days old will be deleted.

Every two weeks Outbox (sent) messages marked more than 30 days old will be deleted.

The Email system will terminate a session (auto logoff)  with any customer who  has not been
active for 10 minutes.

Response time will be 5 seconds or less 95 percent of the time.

Refer to the following for more information about standards:

       •    Directive 320.03:  EPA Email Security

       •    Directive 320.08:  EPA Email Report Generation

       •    Directive 320.11:  EPA Email Workload Forecasting

       •    Directive 320.15:  EPA Email Operations


7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental  Protection Agency. VAX Email  Systems Reports Package
            (pending) Research Triangle Park, NC:  National Data Processing  Division.
            (Internal documentation for DEC Technical Services Group.)

      b.    U. S. Environmental Protection Agency. Configuration Management Procedures
            (pending) Research Triangle Park, NC:  National Data Processing  Division.
            (DEC Technical Services Group.)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Email Workload Forecasting                         NO.    320.11

APPROVAL: $*)*££ ^r.
-------
NDPD OPERATIONAL DIRECTIVE NO. 320.11                        Page 2 of 2
6.0   STANDARDS
Refer to the following for more information about standards:
      •     Directive 320.08:  EPA Email Report Generation
      •     Directive 320.09:  EPA Email System Management
7.0   PROCEDURE REFERENCE
U. S.  Environmental Protection Agency.'VAX Email Systems Reports Package (pending)
Research Triangle Park, NC:  National Data Processing Division. (Internal documentation for
DEC Technical Services Group.)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     EPA Email Enhancement/Feature Evaluation                NO.    320.12
            and Selection
APPROVAL: 1&/M. y^JfJ^                                DATE:  7//*/?J
1.0   PURPOSE
The EPA Email Enhancement and Service Evaluation and Selection  Policy establishes the
following course of action pertaining to electronic mail:
      a.    Review, evaluation, and selection of features.
      b.    Purchase, installation, and announcement of selected features.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, ana support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0   POLICY
      a.    Enhancement and change requests are submitted to Email Support staff.
      b.    The Email Technical Monitor is responsible for evaluating and recommending
            new services and features that may become available for the EPA Email system.
            These may include vendor supplied features or purchased services from other
            vendors that may be used with the Email system (e.g., OAG, CompuServe, etc.).
            The final approval  of additional services will be made by the NDPD Division
            Director.
      c.    The NDPD Email  Support Group  will  review and analyze  new services and
            features as required by the EPA Email Technical Monitor.
5.0   DEFINITIONS
NDPD Email Support Group includes any and  all personnel used in the  support, management,
or operation of the EPA Email system.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.12                        Page 2 of 2


6.0   STANDARDS

None.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental  Protection Agency.  (1993) ALL-IN-1 Administrative
            Procedures (Report 502/001) Research  Triangle Park, NC:  National Data
            Processing Division.  (Location: Publications Technical Library)

      b.     U. S. Environmental  Protection Agency,  (pending) ALL-IN-1 Management
            Guide (written under contract  with  TPMC) Research Triangle  Park,  NC:
            National Data Processing Division.  (Location: EPA Technical Monitor)

      c.     U. S. Environmental  Protection Agency,  (pending)  ALL-IN-1 Enhancement
            Requests Procedures.  Research  Triangle Park, NC:  National Data Processing
            Division.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Email Connectivity Standards                         NO.    320.13
                            ,  i   /•
APPROVAL:  HL/  --.. ''•',. '                                   DATE:
1.0   PURPOSE

The  EPA  Email Connectivity  Standards Policy establishes  the following  course of action
pertaining  to electronic mail:

      a.     Interconnection standards (e.g., X.400, Internet).

      b.     Directory standards.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation,  and support of the EPA Email system.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.

The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email connectivity standards.


4.0   POLICY

In order to provide the widest use and productivity of Email by the EPA the system will support
connectivity to other Email systems, both internal and external to the Agency. In providing this
connectivity  EPA will  attempt to follow all  Government  Services Administration  (GSA)
guidelines  and requirements regarding communications methods and standards.  If the desired
connectivity cannot be obtained through recommended standards (e.g., GOSIP), exceptions will
be requested from GSA and the required connectivity will be provided in the most effective and
cost efficient manner.

      a.     The EPA Email system will provide industry standard interconnection capabilities
             to allow EPA customers to communicate with other Email systems and conduct
             the business of the Agency as efficiently as possible.

      b.     In the future, the EPA Email system will provide central directory services to all
             connected internal Email systems.  It is the intent of this directory to provide
             look-up capabilities to any Email  customer who is  registered with the system.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.13                         Page 2 of 2
5.0   DEFINITIONS
None.
6.0   STANDARDS
The interconnection standards supported by the Agency will include:
      •     X.400. The international standard, specified in GOSIP, for message interchange
            among external Email systems.
      •     Internet. Access will be provided to an Internet gateway for message transfer
            to the Internet public computer network.
Refer to the following for more information about standards:
      •     Directive 320.01: EPA Email Usage Guidelines
The Total Support Program Email  Report  details the  telecommunications access methods
supported from each EPA site to access the central  Email system.
7.0   PROCEDURE REFERENCES
Not applicable.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Email System Testing and Installation                  NO.    320.14

APPROVAL:  ^J J? J^JJ?                                 DATE:
1.0   PURPOSE

The purpose of the EPA Email System Testing and Installation Policy is to define the actions
that need to be taken to assure that EPA provides adequate service for the Email customer
community. In particular this policy covers:

      a.     New software release evaluation.

      b.     System testing.

      c.     Customer notification.


2.0   SCOPE & APPLICABILITY

This policy applies to all members of the EPA Email community, all NDPD and contractor staff
responsible for the management, operation, and support of the EPA Email system.

Any deviation from this policy must be approved in writing by the Director of NDPD.


3.0   RESPONSIBILITIES

The EPA Email Technical Monitor will direct the efforts of the Primary Support Contractor
(PSC) in order to assure compliance with this policy concerning the implementation of new
Email software.

The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.


4.0   POLICY

      a.     The most critical issues concerning the EPA Email system are stability, reliability
             and availability.  All new releases, upgrades, and maintenance releases to the
             EPA Email system will be thoroughly tested and the results documented.

      b.     The EPA Email Technical Monitor and the Change Management Council are
             responsible for reviewing and approving all proposed changes  to the production
             Email system prior to any implementation.

      c.     Customer notification that describes the schedule, changes, and impact on the
             Email system shall be given prior to any implementation. Customer communica-
             tion, for changes that nave customer impact, will be scheduled to take place so
             that reasonable time remains for comments on the proposed changes. Communi-
             cation should be done through the Email system whenever possible.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.14                       Page 2 of 2
5.0   DEFINITIONS
None.
6.0   STANDARDS
Refer to the following for more information about standards:
      •     Directive 320.05:  EPA Email Customer Notification
7.0   PROCEDURE REFERENCE
U. S. Environmental Protection Agency.   (1993)  Change Management Procedures Manual
(Report 245/001F) Research Triangle Park, NC: National Data Processing Division. (Location:
Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     EPA Email Operations                                   NO.    320.15
APPROVAL;     jJLj. SW                                 DATE;
1.0   PURPOSE
The EPA Email Operations Policy establishes the following service levels and course of action
pertaining to electronic mail:
      a.    Operations.
            •     Service level goals.
            •     System stability goals.
      b.    Scheduled hours of system availability.
      c.    System Backup.
      d.    Maintenance.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update, and maintain procedures to
implement this policy.
The EPA PSC will advise the EPA Email Technical Monitor of potential problems and system
changes that might have an adverse impact on the EPA Email system operation and/or support.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0   POLICY
      a.    Operations.  EPA Email operations will adhere  to the  following guidelines
            regarding hours of operation, service level goals, and system availability.
            •     Service level goals.
                        The EPA Email response time will be reasonable and timely, based
                        on the telecommunications method used.
                        The  central EPA Email system will be accessible through the
                        networks supported by Agency telecommunications facilities.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.15                          Page 2 of 3


             •     System Stability.  The EPA Email system stability goal is 99.5 percent
                   each month, after allowing for scheduled maintenance.

       b.     Scheduled hours of system availability. The EPA Email system will be available
             to the EPA customer community 7 days a week, 24 hours each day, except when
             it is unavailable due to scheduled maintenance.

       c.     System Backup. System backups will be scheduled and taken to ensure that the
             system  can be restarted without data loss.  Copies of system backups will be
             maintained to assure that  no data will be lost if a recovery is necessary.  In
             addition to scheduled times, backups will be taken any time that the EPA Email
             Technical  Monitor or the Operations/Systems Manager determines it necessary
             (e.g., system upgrades, major modifications, or prior to system maintenance)..

       d.     The EPA PSC will schedule and perform maintenance at times when the system
             is least used.   Any maintenance done outside the regularly  scheduled weekly
             maintenance  timeframe must  be announced in advance via an Email banner
             message.

       e.     Any  system event that requires unscheduled maintenance will be carried out as
             quickly as possible.  Email customers will be notified as soon as possible after
             any failure when the system will be available and  any impacts  to customer
             messaging or other services.   Any required maintenance other than emergency
             fixes will  be scheduled and  executed  at a time that will  provide the least
             disruption  to the customers.


5.0    DEFINITIONS

None.


6.0    STANDARDS

EPA Email CPU response time will be less than 2 seconds plus communications  access time,
95 percent of the time.

Backup data will be maintained for 90 days.

Incremental backups will be done nightly and whenever deemed necessary by the EPA Email
Technical Monitor or  Systems Manager.

Normal system maintenance will be scheduled between 10 p.m. Sunday and 6 a.m. Monday.

Refer to the following for more information about standards:

       •     Directive 320.03:  EPA Email Security

       •     Directive 320.05:  EPA Email Customer Notification

       •     Directive 320.10:  EPA Email Configuration Management

       •     Directive 320.13:  EPA Email Connectivity Standards

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.15                        Page 3 of 3


7.0   PROCEDURE REFERENCE

U. S. Environmental Protection Agency. (1993) Operations Handbook for the MAIL VAXcluster
(Report 507/001) Research Triangle Park, NC:  National Data Processing Division (Location:
Publications Technical Library)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     EPA Email System Requirements                          NO.    320.16
             A   C- £ '•'•-  /''/   V
APPROVAL: f&JA***- iwA*.'j <••-'• <•                                  DATE:  7/&/J3
	             * —>«

1.0   PURPOSE
The  EPA  Email System Requirements Policy establishes  the following  course of action
pertaining to the requirements of electronic mail:
      a.    Basic messaging requirements.
      b.    Additional services.
      c.    Messaging to other Email systems.
      d.    File transfer capabilities.
      e.    Premium services.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD and contractor staff personnel responsible for the management,
operation, and support of the EPA Email system.
Any deviation from  this policy must be approved in writing by the Director of NDPD.
3.0   RESPONSIBILITIES
The EPA Primary Support Contractor (PSC) will develop, update,  and maintain procedures to
implement this policy.
The EPA Email PSC will perform the tasks necessary to meet the objectives of this policy.
4.0   POLICY
      a.    Classes of services.  The EPA Email system will provide the following classes
            of products:
            (1)    Basic Service - no additional usage charges.
            (2)    Additional Services - provided through EPA  owned and operated equip-
                   ment.  These  are supplied at no additional charge.  Bulletin boards and
                   videotext are examples of additional services.
            (3)    Messaging to other Email systems will be provided through X.400 and
                   Internet interfaces - no additional usage charge.
            (4)    File transfer capabilities will provide the ability to send binary  files as
                   attachments to Email messages - no additional usage charge.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.16                           Page 2 of 3

             (5)    Premium  Services - services acquired or purchased by  EPA from  an
                   outside vendor.  These services will be funded by the customer.
       b.     The  Basic Services of the central  EPA Email system  will meet the criteria
             specified in Section 5.0, Definitions.
       c.     All services except Premium will be provided to all registered customers of the
             central EPA Email system.
       d.     Requests for the development of applications using Email services or enabling
             technology must be submitted to the EPA Email Technical Monitor for review
             and approval.  Requests must be submitted at the level of Division Director or
             above.
       e.     Premium services will be provided to customers after submission of an approved
             Premium Services Request Form from an Agency credit card holder.
       f.     The central EPA Email system will be able to interface with word processing
             software supported by the Agency.
5.0    DEFINITIONS
                                                                       i
       a.     Basic Messaging Requirements.
             •     Support and preserve the complete 128-character ASCII set.
             •     Create messages on-line.
             •     Upload previously prepared messages.
             •     Edit messages.
             •     Selectively read/scan messages.
             •     Print messages.
             •     Create public or private distribution lists.
             •     Support alias/nicknames.
             •     Track  messages  (read receipt).
             •     Hold and resume creating messages.
             •     File messages in subject folders.
             •     Auto-forward.
             •     New message notification.

-------
NDPD OPERATIONAL DIRECTIVE NO. 320.16                          Page 3 of 3


             •     Message distribution options.

                          Express (urgent).
                          Request response.
                          Message forwarding.
                          Carbon copy.
                          Delivery/read acknowledgement.
                          Delay/defer delivery.

             •     Message disposition options.

                          Reply with original text.
                   -      Reply without original text.
                          Forward to ID or distribution list.
                          Save.
                          Download.
                          Delete.

       b.     Additional Services - provided through EPA owned and operated equipment.

             •     Bulletin Boards.

                          Public.
                          Private (limit access).

             •     Online Text Storage (videotex!).

             •     Distribution lists.

             •     Banner notices.

       c.     Message exchange via messaging gateways (e.g., X.400, Internet).

       d.     Premium Services - services  acquired or purchased by EPA from an outside
             vendor.

       e.     File Transfer Capabilities. Transfer ASCII text or binary files.


6.0    STANDARDS

The central EPA Email system will be able to interface with the WordPerfect word processing
software and other word processing software meeting EPA support guidelines.


7.0    PROCEDURE REFERENCES

       a.     U. S. Environmental Protection Agency.  (1991) ALL-IN-1 Technical Reference
             Guide (Report 474/001) Research Triangle Park, NC:  National Data Processing
             Division. (Location: Publications Technical Library)

       b.     ALL-IN-1 News Conference (Bulletin Board),  Premium Services Note.  On-Line
             ALL-IN-1 Bulletin Board (Available by signing on to Email, choosing  BB from
             the Electronic Messaging Menu, adding a conference (AC), and using Gold-L to
             select the News Conference)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     National Voice Telecommunications                        NO.    330.01
APPROVAL: $fi'j£ ^>^lfe^                                 DATE: /d/2

1.0   PURPOSE
This policy  outlines  the  responsibilities  of EPA's  National Voice Telecommunications
organization.
2.0   SCOPE & APPLICABILITY
This policy applies to all EPA employees and contract personnel who are involved in the design,
development, implementation, acquisition, and maintenance  of EPA's telecommunications
network.
Any deviation from  this policy must be approved in writing by the Director, NDPD.
3.0   RESPONSIBILITIES
The EPA support contractor will establish an EPA National Voice Support Group.  The group
will:
      a.     Provide general technical  support.
      b.     Coordinate all National Voice functions.
The EPA support contractor will develop, update, and maintain procedures to implement this
policy.
The EPA  support contractor will advise the EPA National Voice Technical Manager of potential
problems  and system changes that might have an adverse impact on the EPA National Voice
network maintenance and/or support.
The EPA support contractor will perform the tasks necessary to meet the objectives of this
policy.
4.0   POLICY
The National Voice  Telecommunications group shall:
      a.     Assist Regional Offices and field sites with the evaluation, planning, acquisition,
            implementation, and development of voice telecommunications systems subject
            to the FIRMR guidelines.  (Funding source will be determined on a case-by-case
            basis.)
      b.     Provide guidance to  the Regional Offices and field sites in the areas of cost
            control, traffic analysis, and other administrative functions.
      c.     Develop and update detailed site profiles for all of EPA's Regional Offices and
            field sites.

-------
NDPD OPERATIONAL DIRECTIVE NO. 330.01                         Page 2 of 2


5.0   DEFINITIONS

Telecommunications systems:  The switching equipment and software required to satisfy
communications needs, e.g., PBX, Centrex, key telephone systems, and other voice peripheral
equipment.


6.0   STANDARDS

All requests will be submitted to the following:

            National Voice Support
            US EPA (MD-90B)
            Research Triangle Park, NC  27711


7.0   PROCEDURE REFERENCES

(Draft) U. S. Environmental Protection Agency. (1992) National Voice Operations Policies and
Procedures Manual. Research Triangle Park, NC:  National Data Processing Division, Office of
Administration and Resources Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     FTS2000 Business Office                                NO.    330.02

APPROVAL: $£&£ §-^JJ?DATE:
1.0   PURPOSE

This policy outlines the responsibilities of EPA's FTS2000 Business Office.


2.0   SCOPE & APPLICABILITY

This policy applies to all EPA employees and contract personnel who are involved in the design,
development,  implementation, acquisition, and maintenance  of EPA's telecommunications
network.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

The EPA support contractor will establish and maintain an FTS2000 Support Group. The group
will:

      a.      Provide general technical support.

      b.      Coordinate all FTS2000 Group functions.

The EPA support contractor will develop, update,  and maintain procedures to implement this
policy.

The EPA support contractor will advise  the EPA FTS2000 Technical  Manager of potential
problems and system changes that might have an adverse impact on the EPA FTS2000 network
maintenance and/or support.

The EPA support contractor will perform the  tasks necessary to meet the objectives of this
policy.


4.0   POLICY

The FTS2000 Business Office shall:

      a.      Place and track all of the Agency's orders for FTS2000 services; ensure that all
             orders are installed by their due dates, and expedite when necessary.

-------
NDPD OPERATIONAL DIRECTIVE NO. 330.02                         Page 2 of 2


       b.     Provide information to EPA's national user community on the following:

                   •     FTS2000 services and applications.

                   •     Trouble handling.

                   •     Cost control methods.

                   •     Service pricing.

       c.     Report FTS2000 network troubles.  Assist the Regional Offices and field sites in
             the escalation of major outages and network troubles.

       d.     Validate EPA's monthly AT&T FTS2000 billing tape and  document billing
             disputes to GSA.  Detect and report network misuse and implement preventive
             mechanisms.

       e.     Manage projects to beta-test new voice telecommunications services and products
             which would benefit EPA as well as other Federal agencies.

       f.     Support FTS2000 network security through call data collection, verification, and
             monitoring.  Recommend and implement  technologies to detect and prevent
             network abuse.


5.0    DEFINITIONS

Beta-test: Test performed with first-time users of new services not widely offered, serving as
a secondary testing site.


6.0    STANDARDS

All requests will be submitted to the following:

             FTS2000 Business Office
             US EPA (MD-90B)
             Research Triangle Park, NC 27711


7.0    PROCEDURE REFERENCES

(Draft) U. S. Environmental Protection Agency. (1992) Telecommunications Procedures Manual,
Procedures EPA7500 through EPA7630. Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resources Management.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     Provision of FTS2000 Switched Voice                      NO.    330.03
            Service to EPA Contractors
APPROVAL:        ,   r                                          DATE:
1.0   PURPOSE
This policy outlines the EPA's responsibilities in providing FTS2000 switched voice service to
EPA contractors.
2.0   SCOPE & APPLICABILITY
This policy applies to all EPA employees and contract personnel who are involved in the design,
development,  implementation, acquisition, and maintenance  of EPA's telecommunications
network.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0   RESPONSIBILITIES
The EPA support contractor will establish an FTS2000 Support Group.  The group will:
      a.      Provide general  technical  support.
      b.      Coordinate all EPA FTS2000 functions.
The EPA support contractor will develop, update,  and maintain procedures to implement this
policy.
The EPA support contractor will advise the EPA FTS2000 Technical  Manager of potential
problems and system changes that might have an adverse impact on the EPA FTS2000 network
maintenance and/or support.
The EPA support contractor will  perform the  tasks necessary to meet the objectives of this
policy.

4.0   POLICY
The FTS2000 Business Office  shall provide FTS2000 service to contractors when:
      a.      The contractor has  a clear requirement to  make long distance calls on EPA's
             behalf.
      b.     The contractor's statement of work contains tasks that require making these long
             distance calls.
      c.      NDPD has been notified (in writing) of the requirement and has been  given
             sufficient time to budget for the expense.

-------
NDPD OPERATIONAL DIRECTIVE NO. 330.03                          Page 2 of 2


Note: If NDPD does not receive sufficient notification of a contractor's requirement  for
      FTS2000 service and FTS200Q service is clearly required for contract performance, then
      the respective program office(s) must provide funding  to  NDPD prior to service
      installation.

FTS2000 service will not be provided to contractors when:

      a.    Long distance telephone usage is determined to be "incidental" and not essential
            to the performance of contractual requirements.

      b.    Other arrangements have been made in the statement of work.


5.0   DEFINITIONS

Incidental phone use: Phone use likely to occur in unpredictable or infrequent circumstances.


6.0   STANDARDS

All requests will be submitted to the following:

            FTS2000 Business Office
            US EPA (MD-90B)
            Research Triangle Park, NC 27711


7.0   PROCEDURE REFERENCES

(Draft) U.S. Environmental Protection Agency. (1992) Telecommunications Procedures Manual,
Procedures EPA7510 through EPA7570. Research Triangle Park, NC: National Data Processing
Division, Office of Administration and Resources  Management.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                   NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Cellular Equipment/Services                           NO.    330.04
             Acquisition and Use
APPROVAL:                         jV                        DATE: 7.
                                    ff      X

1.0   PURPOSE

This document establishes EPA policy for the acquisition and  use of cellular equipment and
services by EPA activities nationwide.


2.0   SCOPE & APPLICABILITY

This policy applies to all EPA  regional and program office personnel  as well as EPA
contractors, nationwide, who acquire and use cellular equipment and services.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

      a.     NDPD is responsible for reviewing this policy annually for needed modifications
             and/or enhancements.

      b.     NDPD is responsible for providing guidance and recommendations to prospective
             Agency cellular users concerning the acquisition,  implementation, and sustained
             operation of EPA cellular equipment.

      c.     NDPD is responsible for monitoring cellular service quality, nationwide, and
             maintaining general Agency usage trends by conducting  periodic surveys.


4.0   POLICY

      A.     Authority and responsibility fui cellular equipment acquisition, accountability, and
             usage within EPA geographical or organizational boundaries rest with  respective
             EPA regional and program offices.  This includes all direct, indirect, recurring,
             nonrecurring, and other related costs to operate,  maintain, and  support cellular
             equipment.  Regional and program offices are encouraged to augment this policy
             with  more detailed operating procedures tailored to individual program require-
             ments.
                                                                         r

      b.     Within the regional and program offices, cellular equipment procurement request
             authorizations are  the  responsibility  of the  respective Senior  Information
             Resources  Management Official (SIRMO).   Information copies of  cellular
             acquisitions should be submitted to the NDPD Telecommunications Branch. This
             information  will  assist  NDPD  in  ensuring  emergency  communications
             interoperability.  Information copies should be sent to the following address:

                   Deputy Chief, Telecommunications Branch (PM-211T)
                   US EPA Washington Telecommunications Center
                   401 M Street, SW
                   Washington, DC 20460

-------
NDPD OPERATIONAL DIRECTIVE NO. 330.04                           Page 2 of 4


       c.     Cellular telephones and other cellular equipment are to be used only for the
             conduct of official  Government business.   Federal Information Resources
             Management Regulation (FIRMR) and Code of Federal Regulations, Titles 5 and
             41, address disciplinary actions and collection efforts that can be taken against
             Federal employees who misuse Government property or services.  This includes
             the unauthorized use of Government owned property, such as cellular devices,
             with the intent to later  reimburse the Government.   FIRMR Bulletin C-13
             authorizes  certain calls  using Government  facilities, primarily in the local
             commuting area, that may be necessary in the interest of the Government; these
             provisions  normally  do not apply to cellular  services except under extreme
             circumstances, or during legitimate personal emergencies.

       d.     Government-acquired, mobile cellular equipment will not be installed in privately
             owned vehicles of EPA personnel.   Cellular  equipment is  authorized  to  be
             procured and installed in the Government owned/leased vehicles if it is in the best
             interest of the Government to meet the Agency's requirements.

       e.     Transportable and portable cellular equipment may  be procured for those EPA
             officials whose duties require constant and immediate  telephonic availability,
             either during normal duty hours or otherwise. These portable cellular instruments
             are authorized to be transported and used in privately owned vehicles. Additional-
             ly,  a centralized cellular telephone "pool" may be appropriate for other EPA
             personnel who may need immediate telephonic access during temporary absences
             or travel required by regional or program offices. Such absences will normally
             be for official business; however, in certain cases during personal absences or
             travel, persons may still be required to be constantly  available to program offices
             for official reasons.

       f.     Procedures  will  be established by appropriate regional  program  offices for
             reviewing  monthly cellular billing in order to certify/verify that usage was for
             official business.

       g.     Program  offices  are  responsible  for requesting an FTS2000 long distance
             authorization code card  to use the  FTS network with the local cellular service
             provider.

       h.     Normally, cellular equipment will be purchased rather than leased. Extraordinary
             circumstances  that require  leasing  cellular equipment  for temporary periods
             during emergency response situations (i.e.,  30 to 90 days) may be authonzed by
             SIRMOs.

       i.     Acquisition of cellular equipment and services will be in accordance with the EPA
             Acquisition  Regulation (EPAAR).  Existing GSA regional contracts should be
             used to purchase cellular equipment insofar as possible. Within regions, payment
             for equipment and service may be provided under separate contract.

       j.     Cellular instruments must  be accounted for,  and  they  will be managed in
             accordance with appropriate EPA property  accountability procedures.


5.0    DEFINITIONS

Cellular Billing:  The invoice detailing the usage of the cellular service provided by the cellular
carrier to the specific users of that service.

-------
NDPD OPERATIONAL DIRECTIVE NO. 330.04                          Page 3 of 4


Cellular Service:  The capability provided by the cellular carrier that allows a user to operate
radio telephone equipment.

El A:  Electronic Industries Association, a standards organization.

FTS2000 Authorization: A personal card  allowing the holder to access and use the Federal
Telecommunication Network from any location on the Public Switched Telephone Network
(PSTN).

IS:  Interim Standard, an EIA associated standard.

Mobile  Cellular:   Cellular equipment, including  telephone and facsimile, that is mount-
ed/installed in a  vehicle.  The transceiver, normally installed under the seat or in the trunk,
operates from the vehicular battery and generates 3 watts of power.

Nonrecurring:  An initial cost charged for implementation of a specific type of telecommunica-
tions service that is charged  one time only.

Portable Cellular: A  small,  possibly pocket-size,  hand-held cellular telephone which is carried
by the user and  offers the  most freedom.  A  rechargeable  battery  provides .6 watt power.
Common names include flip-phones, micros, and  minis.

Recurring:  A charged rate  for a specific type  of telecommunications service that is  repeated
throughout the period of the service.

TIA:  Telecommunications Industries Association, a standards organization.

Transportable Cellular:  Cellular equipment, including telephone or facsimile, that can  be
transferred from one vehicle to another or from one location to another. This is a self-contained
unit with 3 watts of power; the unit is capable of operating from the vehicle battery or from an
optional battery pack, which gives it the versatility of being portable outside the vehicle.  The
transportable telephones are  sometimes referred to as "bag phones."


6.0   STANDARDS

Cellular equipment and services must adhere to EIA/TIA/IS cellular standards.


7.0   PROCEDURE REFERENCES

      a.     Code of Federal'Regulations, Title 5, part 735 and Title 41, part 201.

      b.     Federal Information Resources  Management Regulation (FIRMR) Bulletin C-13,
             "Management of Long Distance Telephone Service."

      c.     Office  of Management and Budget  (OMB),  "Guidance  on  the  Privacy Act
             Implications  of Call Detail  Programs  to Manage Employees'  Use of the
             Government's Telecommunications System."

      d.     EPA Privacy Act Manual, No. 2190 Rev. March 28, 1986.

      e.     EPA Emergency Communications Policy (Draft).

-------
NDPD OPERATIONAL DIRECTIVE NO. 330.04                        Page 4 of 4


      f.     U. S. Environmental Protection Agency. NDPD Operational Directive 340.10,
            Domestic Telephone Credit Cards and Authorization Codes, Research Triangle
            Park, NC: National Data Processing Division (Contact T. Rogers, MD-34)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Headquarters Telecommunications                     NO.    340.01
            Program Management
APPROVAL:    *«.   <<                                     DATE:
1.0   PURPOSE

This document describes NDPD's policy for managing the acquisition, implementation, and
maintenance of telecommunications equipment, services, and support to EPA's Headquarters
facilities.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All NDPD personnel and contractors who plan, design, engineer,  implement,
             administer, maintain, repair, and support telecommunications equipment and
             services at EPA Headquarters facilities.

      b.     All EPA Headquarters program office personnel who request, acquire, and use
             telecommunications equipment and services.


3.0   RESPONSIBILITIES

The organizational structure of the NOPD/Telecommunications Branch (TCB) staff authorized
to provide and obtain telecommunication services in the Washington, D.C. metropolitan area is
as follows:

      a.     Director, NDPD:  Directs the management of all voice, data, facsimile, telex,
             and image processing, storage, display, and communications services to all EPA
             organizations and  their employees and contractors.   The Director approves all
             related policies.

      b.     Chief, Telecommunications Branch: Directs the telecommunication programs for
             EPA within the policies of NDPD.

      c.     Deputy Chief, Telecommunications Branch:   Formulates,  evaluates, and
             recommends  revisions  to EPA  plans and  policies  on telecommunications
             management  and  operations  as they pertain to all Headquarters  Operations.
             Reviews the  quality and cost of telecommunications  services  to  ensure that
             maximum support is received as cost-efficiently and  effectively as  possible.
             Manages all telecommunications activity in the Washington, DC  area,  including
             ongoing operations and major projects.  Sets rates charged to the program offices
             for Telecommunications Services and equipment.

      d.     Headquarters Administrative Officers and ADP Coordinators:

             (1)    Administrative  Officers  (AOs):   Approve Telecommunication Service
                   Requests (TSRs)  for  voice services.   AOs are appointed  by either a
                   division or branch chief within a program office.  All installation and
                   relocation services from NDPD are obtained through the TSR.

-------
NDPD OPERATIONAL DIRECTIVE 340.01                              Page 2 of 2


             (2)    ADP Coordinators:  Approve Telecommunication Service Requests for
                   data services.  The ADP  Coordinator can be designated by either the
                   Responsible Program Implementation Official (RPIO)  or  the  Senior
                   Information Management Official  (SIRMO) of a program office.   All
                   installation and relocation services  from NDPD are obtained through the
                   TSR.

NDPD is responsible for maintaining and enforcing this  policy and will review it annually for
needed modifications and/or enhancements.


4.0    POLICY

       a.     NDPD's Telecommunications Branch provides voice,  data, facsimile, telex,
             image, and radio communications services to all EPA organizations and their
             employees and contractors at  EPA Headquarters.

       b.     Rates charged to the program offices for services and equipment will be set no
             less frequently than annually  by NDPD.  Rates will be based on actual costs to
             NDPD.


5.0    DEFINITIONS

None.


6.0    STANDARDS

None.


7.0    PROCEDURE REFERENCES

       a.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Program Management (internal, 10-92). EPA Headquarters, Washington, DC.

       b.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Resource Handbook  (external, 10-91, updated 10-92).   EPA Headquarters,
             Washington,  DC.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Headquarters Telecommunications                     NO.    340.02
            Equipment, Services,, and Support

APPROVAL: &&*****' ^A'^'s'                                 DATE: 7/f/fj
1.0   PURPOSE

This document describes NDPD's policy for managing the acquisition, installation, use,
administration, and support for telecommunications equipment, services, and support functions
at EPA Headquarters facilities.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All NDPD personnel and contractors who plan, design, engineer, implement,
             administer, maintain, repair,  and support telecommunications equipment and
             services at EPA Headquarters facilities.

      b.     All EPA Headquarters program office personnel who request, acquire, and use
             telecommunications equipment and services.


3.0   RESPONSIBILITIES

      a.     NDPD provides  telecommunications voice, data,  facsimile, telex,  and  image
             communications equipment and services to all EPA organizations and their
             employees and contractors at EPA Headquarters.  NDPD performs or oversees
             planning, design, engineering,  installation, programming,  relocation, mainte-
             nance, and repair of these equipment and services. Some equipment and services,
             defined  by NDPD no less frequently than annually,  are funded by requesting
             program offices.

      b.     NDPD is responsible for maintaining and enforcing this policy and will review
             it annually for needed modifications and/or enhancements.


4.0   POLICY

      a.     NDPD  provides the following telecommunications equipment, services, and
             support to all EPA organizations and their employees and contractors at EPA
             Headquarters.    NDPD  will  advise  programs by  annual memorandum of
             equipment, services and support for which program office funding is required.

             (1)    Equipment.

                   •     Voice.

                            Single-line telephones.
                         -  Feature telephones.
                         -  Integrated Services Digital Network (ISDN) voice terminals.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02                           Page 2 of 6


                          -   Electromechanical key telephone systems.
                          -   Electronic key telephone systems.
                          -   Electronic hybrid telephone systems.
                          -   Portable conferencing units.
                          -   Secure voice terminals.
                          Data.
                              Local area networks (LANs) and LAN backbone access.
                              Printer-sharing devices.
                              Telecommunications devices for the deaf (TDD).
                              3270 controllers and access.
                              Data-switch access.
                              X.2S switches, pads, and access.
             (2)    Services.

                   •     Voice.
                          -   Local exchange telephone service.
                          -   Domestic interexchange telephone service.
                          -   International telephone service.
                          -   Telephone credit cards and authorization codes.
                          -   Voice processing.
                              Multipoint audio teleconferencing.
                          -   Secure calling.
                          -   Directory assistance.
                          -   Headquarters telephone directory.

                   •     Data.

                          -   Access to national networks (SNA, X.25).
                          -   Centrally managed LAN and Dataswitch services.
                          -   Washington campus network.

                   •     Secure Telecommunications Center.

             (3)    Support.

                   •     Requirements analyses and feasibility studies.

                   •     Telecommunications  Service  Request  (TSR)  processing  and
                          fulfillment.

                   •     Acquisition  support.

                   •     Installation, testing, and acceptance.

                   •     Problem reporting, diagnosis, and resolution.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02                          Page 3 of 6


       b.     The objective of NDPD is to provide each EPA Headquarters program with the
             telecommunications equipment, services,  and support it requires to function
             effectively.   Headquarters Telecommunications  Branch staff  will assist  in
             identifying and implementing  solutions to telecommunications needs.  Solutions
             will  meet identifiable operational requirements  and  will observe  applicable
             Federal   Information   Resources  Management  Regulations  (FIRMRs)  and
             approaches to controlling costs.

       c.     Telecommunications  equipment,  services,  and  support provided  to EPA
             employees and contractors are to be used for official business purposes only.
             EPA managers and supervisors are responsible for controlling the use of these
             services  in accordance with  the Long Distance Call Verification Program
             guidelines as described in EPA Information Resources Management @RM) Policy
             Manual 2100, change 1,  dated June 6, 1988, and in the NDPD Operational
             Directive No. 340.02.

       d.     Equipment and services which are not included in the NDPD budget will  be
             funded by the program offices receiving the benefits of this equipment and
             service.  Prior to each fiscal year, the Deputy Chief, Telecommunications Branch
             will  issue to  key  program  office  officials  in  Washington  a memorandum
             describing equipment  and  service  for which payment will be required, and the
             corresponding charges during  the forthcoming  year.

       e.     Headquarters program offices request telecommunications equipment, services,
             and support  from  NDPD through  the Telecommunications  Service Request
             process.  Program offices requesting arrangements beyond the scope of published
             standards must document their requirement for NDPD review.

       f.     NDPD staff  issue telecommunications advisories  to inform Administrative
             Officers  and  ADP Coordinators of changes that occur in  normal service.
             Advisories will be issued by the Telecommunications Branch on an as-required
             basis and will contain information that is unique to Headquarters operations. The
             Telecommunications Resources Handbook previously provided all AOs and ADP
             Coordinators is the suggested  repository for all such information.


5.0    DEFINITIONS

None.


6.0    STANDARDS

NDPD  provides the following   telecommunications  equipment and services to all EPA
Headquarters program offices. The technical staff is prepared to support items or  equipment
meeting equivalent functional and performance specifications.

       a.     Equipment.

             (1)    Voice.

                   •      Single-line telephones  (2500-type single-line telephones).

                   •      Feature telephones: Panasonic and  Comdial (for single-line sets)
                          and Comdial Voice Express 41 (for multiline sets).

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02                          Page 4 of 6


                   •     ISDN voice terminals (AT&T ISDN 7506 and 7507 terminals).

                   •     Electromechanical  key  telephone systems (1A2  key telephone
                         equipment). Technical support will be limited to the installed base
                         or 1A2 equipment at Headquarters. NDPD will NOT install 1A2
                         equipment in new Headquarters buildings.

                   •     Electronic key telephone  systems  (AT&T Merlin  and  Spirit
                         systems).

                   •     Portable conferencing units (NEC VoicePoint).

                   •     Secure voice.  RCA Secure Telephone Unit III (STU III).

                   •     Amplified handsets.

                   •     Noise-cancelling headsets.

                   •     Voice communications wiring and cabling systems that conform to
                         the current  EIA/TIA Commercial Building Telecommunications
                         Wiring Standard and Commercial Building Standard for Telecom-
                         munications Pathways and Spaces.  NDPD/TCB staff is the only
                         authorized source for voice or data communications cabling at any
                         EPA facilities.

            (2)    Data.

                   •     Local area network cabling for LANs conforming with the Token
                         Ring (IEEE 802.5) and Ethernet (IEEE 802.3) standards.  LAN
                         management will conform to NDPD LAN policies.  Only autho-
                         rized NDPD personnel  are permitted direct access to any back-
                         bone. All action affecting the  backbone will be coordinated with
                         Headquarters LANSYS  via the national TSR process.

                   •     Printer-sharing devices (Baytech printer-sharing devices).

                   •     Telecommunications Devices for the Deaf (TDD).

                   •     Data communications wiring and cabling systems that conform to
                         the current  EIA/TIA Commercial Building Telecommunications
                         Wiring Standard and Commercial Building Standard for Telecom-
                         munications Pathways and Spaces.  NDPD/TCB staff is the only
                         authorized source for data or voice communications cabling at any
                         EPA facilities.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02                           Page 5 of 6
       b.     Services.

             (1)    Voice.
                          Local-exchange  telephone  service.   Washington  Interagency
                          Telecommunications System (WITS) and Consolidated Centrex
                          local-exchange telephone service are provided under GSA contract
                          by the Chesapeake and  Potomac (C&P) Telephone  Companies.
                          EPA is required to utilize GSA WITS and/or Consolidated Centrex
                          services in the Washington, DC metropolitan area.

                          Domestic interexchange telephone service. Federal Telecommuni-
                          cations System 2000  (FTS2000) Network A domestic interex-
                          change telephone service  is provided under  GSA  contract by
                          AT&T.   EPA is required to utilize FTS2000 interexchange
                          services in the United  States.

                          International  telephone  service.     Commercial  international
                          telephone  service  offerings are approved  by  NDPD.    EPA
                          travellers  should  plan to  use calling card  and packet circuit
                          services  for  Email and EPA  Network connectivity that are
                          available from EPA's International Services Contract with MCI
                          (Contract 68-W2-0022).  Information on the use of this contract is
                          available by calling 202-260-9600.

                          Telephone credit cards and authorization codes. Telecommunica-
                          tions staff issues telephone credit cards for international usage or
                          FTS2000 authorization codes, when appropriate, to senior agency
                          officials who have a recurring need to mace  long-distance tele-
                          phone calls from locations where FTS2000 service  is not available.

                          Voice  processing.    Voice mail,  interactive voice  response,
                          enhanced call processing, and other voice-processing services are
                          provided by Agency-owned Octel systems.

                          Multipoint audio teleconferencing.   Multipoint audio teleconfer-
                          encing services are provided by the  Agency-owned MultiLink
                          system, installed at the Washington  Telecommunications Center.

                          Secure voice calling.  Secure voice calling services are provided
                          at the the Secure Telecommunications Center, located in the lower
                          concourse of Waterside Mall.

                          Directory assistance.  Directory assistance services are provided
                          by  the  Washington  Telecommunications  Center's  Directory
                          Assistance operators.
             (2)    Facsimile and telex.
                          Secure.  Classified facsimile and both classified and unclassified
                          Department of  State (DOS)  and Automatic  Digital Network
                          (AUTODIN) cables  and messages are processed  in  the Secure
                          Telecommunications  Center.  The facility is located in the lower
                          concourse of Waterside Mall.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.02                          Page 6 of 6


       c.     Support.  NDPD provides the  following support services for voice,  data,  and
             telex communications systems at Headquarters through the Agency's Telecommu-
             nications Services Contractor and Primary Support Contractor.

             (1)    Requirements analyses and feasibility studies.

             (2)    Telecommunications Service Request processing and monitoring.

             (3)    Acquisition support, including order entry and tracking, functional  and
                   system  specification,   and   radio-frequency assignment  application
                   processing.

             (4)    Implementation, testing, and acceptance.

             (5)    Problem reporting, diagnosis, and resolution.

             (6)    LAN backbone connections.

             (7)    Centralized LAN  and data communications services, including  modem
                   pooling, 3270 controller access, and Dataswitch access.

Requests for information on types of equipment, services,  and support  available should be
directed to the Washington Telecommunications Center (WTC) at 202-260-6778.  Procurement
of these services by Federal Agencies is regulated by the General Services Administration (GSA)
and requires a Delegation of Procurement Authority (DPA). Program offices must submit their
requirements via a TSR along with a statement of need to the Washington Telecommunications
Center.   Special types of  telecommunications equipment and cabling may  be procured by
program  offices with  NDPD  approval.   Program  offices  that have  telecommunications
requirements not listed above must submit their requirements in a TSR accompanied with a
statement of need to  the Washington Telecommunications  Center.


7.0    PROCEDURE REFERENCES

       a.     U. S. Environmental Protection Agency.  EPA Headquarters Telecommunications
             Equipment, Services,  and  Support (internal,  10-92).   EPA  Headquarters,
             Washington,  DC.

       b.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Resource  Handbook (external,  10-91,  updated  10-92).   EPA  Headquarters,
             Washington,  DC.

       c.     U.  S. Environmental  Protection Agency.  EPA  LAN User's Guide. (1990)
             Research Triangle Park, NC: National Data Processing Division. Telecommuni-
             cations Branch.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Telecommunications                     NO.    340.03
             Service Requests
APPROVAL: fi^XC ;&*£•>-•..                                  DATE:
1.0   PURPOSE

This document describes NDPD's policy for processing and fulfilling Telecommunications
Service Requests (TSRs) at EPA Headquarters and for managing the scheduling and notification
of TSR work that may disrupt EPA Headquarters program office telecommunication services.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All NDPD personnel and contractors who plan, design, engineer, implement,
             administer, maintain, repair, and  support telecommunications equipment and
             services at EPA Headquarters facilities.

      b.     All EPA Headquarters program office  personnel who request,  acquire, and use
             telecommunications equipment, services, and support.


3.0   RESPONSIBILITIES

      a.     NDPD  provides telecommunications voice,  data, facsimile, telex, and image
             communications  equipment  and services  to all EPA organizations and their
             employees and contractors at EPA Headquarters.  NDPD performs or oversees
             planning,  design, engineering,  installation,  programming, relocation, mainte-
             nance, and repair of these services. NDPD may require program office funding
             before providing equipment and services.

      b.     Program offices appoint staff persons to serve as Administrative Officers (AOs)
             and  Automated  Data  Processing  (ADP) Coordinators  for  their respective
             organizations.   An AO or ADP Coordinator  is a point of contact within an
             organization for voice or data TSRs,  respectively, and is  responsible  for
             coordinating  the requisition,  installation,  training,  funding and repair of
             telecommunications systems, services, and support.

      c.     NDPD is responsible for reviewing, approving, and scheduling  a due date when
             a TSR  is received and  for communicating the date to  the  authorized TSR
             originator. The TSR Due Date indicates when NDPD will complete work on the
             TSR.

      d.     NDPD is responsible for providing notification to program offices of TSR work
             that may disrupt telecommunications services.

      e.     NDPD is responsible for maintaining and  enforcing this policy and will review
             it annually for needed modifications and/or enhancements.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.03                          Page 2 of 3


4.0    POLICY

       a.     Headquarters AOs and ADP Coordinators generally request equipment, services,
             and support  from NDPD through the Telecommunications Service  Request
             process.  Program offices requesting equipment, service, and support arrange-
             ments beyond the scope of published standards must document their requirement
             for NDPD review.

       b.     EPA Headquarters program offices must follow TSR procedures when requesting
             voice and data telecommunications equipment, services, and support.

       c.     Current voice and data TSR procedures are detailed in the Telecommunications
             Resources Handbook (TRH) maintained by AOs and ADP Coordinators for each
             program office.  Periodic procedural updates are issued by the Telecommunica-
             tions Branch.  The quarterly AO/ADP Coordinators meetings provide a timely
             forum for the exchange of such information.

       d.     Program offices will identify on an annual basis those individuals authorized to
             sign TSRs. The TRH contains a current register of AOs and ADP Coordinators.

       e.     NDPD's Telecommunications Branch notifies program offices scheduled for TSR
             work whenever such work may disrupt their telephone or data communications.

       f.     Notification of anticipated service disruption will be given to the program office
             AO or ADP Coordinator.  Whenever possible, such work will be scheduled
             outside of standard business hours.  However, when the work is due to a major
             relocation of personnel, program offices should expect to experience some down
             time.  Every  attempt will be made to minimize any  disruption.

       g.     If a program office strongly believes that  it cannot risk communications down
             time, it has the option of paying the full overtime cost of technician time so that
             work can be performed outside the program office's normal business hours.

       h.     Telecommunications Branch  and contractor staff will escalate inquiries on all
             TSRs not completed by their assigned due dates to the attention of the appropriate
             EPA management staff. Program offices may also elect to escalate inqumes based
             on the same criteria.


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     Requests  for telecommunications equipment, services,  and support—including
             moves, changes, installations, telephone feature additions, and removals-must be
             made on  the  latest available version of EPA Form  5020-1.  TSR forms can be
             obtained from program office Administrative Officers (AOs). As defined in an
             annual  memorandum from  the  Deputy Chief, Telecommunications  Branch,
             program office funding may be required for equipment and services.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.03                          Page 3 of 3

       b.     NDPD must include the TSR Due Date on the TSR form when a TSR is received
             and communicate the date to the TSR originator.  The TSR Due Date indicates
             when NDPD will complete work on the TSR.
       c.     The cognizant  support contractor will  report  missed  TSR  due dates  to the
             appropriate TCB contact so that they may be escalated within NDPD as follows
             (current telephone numbers appear in the organizational section of the Headquar-
             ters Telephone Directory):
             (1)    One day late or 1st delay:  Deputy Chief, Telecommunications Branch.
             (2)    Second delay:  Chief, Telecommunications Branch.
             (3)    Third delay:  Director, NDPD.
             Program office AO/ADP coordinators may elect to escalate any missed TSR
             due dates, based on  the criteria stated above, to the appropriate TCB staff
       d.     The following communications will be sent by  the telecommunications staff to
             Program offices when TSRs are on hold:
             (1)    Immediate written notification will be given to the customer of hold status.
             (2)    Monthly written status notification will be provided to the customer.
       e.     AOs and ADP Coordinators will be notified at least 5 working days in advance
             of a possible service outage. This notification will be followed  by a telephone
             inquiry to ensure that the program office understands the planned action.
7.0    PROCEDURE REFERENCES
       a.     U.S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Service Request (internal, 10-92). EPA Headquarters, Washington, DC.
       b.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Resource  Handbook (external, 10-91,  updated 10-92).   EPA  Headquarters,
             Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Telecommunications                     NO.    340.04
             Trouble Reporting
APPROVAL:*iVK*JUC *M£4**'\                                   DATE:
1.0   PURPOSE

This document describes NDPD's policy for reporting and clearing problems with voice, data
cabling,  facsimile, telex,  and image  communications equipment and  services at EPA
Headquarters facilities, including the policy for managing the scheduling of and notification for
trouble-response work that may disrupt EPA Headquarters program office telecommunication
services.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All NDPD personnel and contractors who plan, design, engineer, implement,
             administer, maintain, repair, and support telecommunications equipment and
             services at EPA Headquarters facilities.

      b.     All EPA Headquarters program office personnel who request,  acquire, and use
             telecommunications equipment, services, and support.


3.0   RESPONSIBILITIES

      a.     NDPD provides telecommunications  voice, data, facsimile, telex, and image
             communications  services to all EPA organizations and their employees and
             contractors at EPA Headquarters. NDPD performs or oversees planning, design,
             engineering, installation, programming, relocation, maintenance, and repair of
             these offerings.

      b.     Headquarters program offices report telecommunications technical problems and
             obtain resolution of such problems through the trouble reporting process described
             below.

      c.     NDPD is responsible for communicating the trouble due date/time promptly to
             the trouble call originator.

      d.     NDPD is responsible for responding to  telecommunications trouble calls within
             the intervals specified below.

      e.     NDPD  is responsible  for providing  notification  to  program offices where
             maintenance work activities may disrupt telecommunications services.

      f.      Headquarters  program  offices are  encouraged  to  escalate  missed trouble
             commitments to NDPD Telecommunications management.

      g.     NDPD is responsible for maintaining and enforcing this policy and will review
             it annually for needed modifications and/or enhancements.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.04                           Page 2 of 3


4.0    POLICY

       a.     Headquarters program office personnel must report telecommunications troubles
             to the published EPA Headquarters Telecommunications help desk number 202-
             260-HELP.  The caller should provide trouble description, trouble location, point
             of contact, and any other related information.

       b.     NDPD telecommunication will repair routine troubles in 8 work hours or sooner.
             Emergency troubles will be processed immediately, technicians will be dispatched
             within 30 minutes and the trouble will be cleared as soon as possible.


5.0    DEFINITIONS

       a.     Routine troubles.

             (1)    Troubles involving fewer than 10 workstation outlets,  or troubles on less
                    than SO percent of the program office's workstations.

             (2)    Customer requirements do not require expedited service.

       b.     Emergency troubles.

             (1)    Troubles involving service disruption to more than 10 workstations or
                    troubles on more than 50 percent of a program office's workstations.

             (2)    Customer requirements necessitate emergency  response.


6.0    STANDARDS

       a.     NDPD Headquarters  Help desk will  provide to the person  reporting  the trouble
             information on the expected problem resolution. In addition the Help desk staff
             will  inform the  customer when the trouble  is  cleared.  The following  due
             dates/times apply  to telecommunications troubles:

             (1)    Routine troubles to be repaired within 8 working hours or sooner.

             (2)    Emergency troubles will be processed immediately and, if required,
                    technicians will be dispatched  within 30  minutes. Emergency troubles are
                    to be cleared as soon as possible.

       b.     The cognizant support contractor will report missed Trouble Ticket due dates to
             the appropriate TCB contact so that they  may be escalated within NDPD as
             follows (current telephone numbers  appear in  the organizational section of the
             Headquarters Telephone Directory):

             (1)    First delay: Deputy Chief, Telecommunications Branch.

             (2)    Second delay:  Chief, Telecommunications Branch.

             (3)    Third delay:   Director, NDPD.

             Program office staff  may elect to escalate any  missed Trouble Ticket due dates
             as indicated above.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.04                          Page 3 of 3


      c.    The cognizant support contractor will ensure that trouble status information is
            available to individuals designated on the trouble ticket. In the event the trouble
            is not resolved in the standard time indicated, contractor staff will contact the
            individual reporting the trouble with an updated status.


7.0   PROCEDURE REFERENCES

      a.    U.S. Environmental Protection Agency.  EPA Headquarters Telecommunications
            Trouble Reporting (internal, 10-92). EPA Headquarters, Washington, DC.

      b.    U. S. Environmental Protection Agency.  EPA Headquarters Telecommunications
            Resource  Handbook (external,  10-91,  updated  10-92).   EPA Headquarters,
            Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Telecommunications                      NO.    340.05
             Service Request and Trouble Reporting
             Quality Control
APPROVAL:    **          . ,'                                  DATE:
1.0    PURPOSE

This document  describes  NDPD's policy for ensuring continued provision of high-quality
Telecommunications Service Request (TSR)  and trouble support for telecommunications
equipment and services at EPA Headquarters facilities.


2.0    SCOPE  & APPLICABILITY

This policy applies to the following personnel:

       a.     All NDPD personnel and contractors who plan, design,  engineer, implement,
             administer,  maintain, repair, and  support telecommunications equipment and
             services at EPA Headquarters facilities.

       b.     All EPA Headquarters program office personnel who request, acquire, and use
             telecommunications equipment, services, and support.


3.0    RESPONSIBILITIES

       a.     NDPD provides telecommunications voice, data, facsimile, telex,  and image
             communications  equipment  and  services to all EPA organizations and their
             employees and contractors at EPA  Headquarters.  NDPD performs or oversees
             planning,  design, engineering,  installation, programming, relocation, mainte-
             nance, and repair of these services.  NDPD maintains proactive quality assurance
             standards and procedures to ensure  continuing provision of high-quality work on
             Headquarters TSRs and trouble tickets.

       b.     Headquarters program offices request telecommunications equipment, services,
             and  support  from NDPD  through the Telecommunications  Service Request
             process;  and  obtain resolution  of technical  problems  through the Trouble
             Reporting process.   Program offices  are responsible for  providing prompt,
             accurate,  and complete information in response to NDPD quality-assurance
             inquiries,  surveys, and reviews.

       c.     NDPD is  responsible for maintaining and enforcing  this policy and will review
             it annually for needed modifications and/or enhancements.


4.0    POLICY

       a.     EPA  Headquarters telecommunications staff will ensure continued compliance
             with Total Quality Management (TQM) principles and practices when performing
             work associated with TSRs or trouble resolution.  Quality control cards will be
             distributed to sample  user  satisfaction with the services provided.   On-site
             inspections of actual completed work will also be performed.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.05                          Page 2 of 2


      b.    QA reviews  will be performed on at least 10 percent of TSR and trouble-call
            work completed by the EPA Headquarters telecommunications staff.


5.0   DEFINITIONS

None.


6.0   STANDARDS

      a.    NDPD will contact the program office customer within 1 day of completion of
            each standard  TSR to determine whether  all telecommunications work was
            performed satisfactorily.

      b.    NDPD will place Telecommunications Quality Survey cards at each workstation
            worked on.  The program office is encouraged to complete the survey form and
            return  to  the  Headquarters Telecommunications  Supervisor for  review  and
            appropriate action.

      c.    NDPD staff  will perform full quality assurance reviews on at least 10 percent of
            all TSRs and trouble reports within 1 week of completion. The QA  reviews will
            include site inspection of workmanship and adherence to NDPD standards.


7.0   PROCEDURE REFERENCES

      a.    U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
            Service Request and Trouble Reporting Quality Control (internal, 10-92).  EPA
            Headquarters, Washington,  DC.

      b.    U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
            Resource Handbook (external,  10-91, updated 10-92).  EPA  Headquarters,
            Washington, DC.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     EPA Headquarters Program Office                         NO.   340.06
            Acquisition of Telecommunications
            Equipment, Services, and Support
APPROVAL:  W***-**^-^                               DATE:
1.0   PURPOSE

This document describes NDPD's policy for acquiring  and  procuring telecommunications
equipment, services, and support for EPA Headquarters facilities, including the determination
or funding sources.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.    All NDPD personnel and contractors who  plan, design, engineer, implement,
            administer, maintain,  repair, and support  telecommunications equipment and
            services at EPA Headquarters facilities.

      b.    All EPA Headquarters program office personnel who request, acquire, and use
            telecommunications equipment, services, and support.


3.0   RESPONSIBILITIES

      a.    NDPD provides telecommunications voice, data, facsimile, telex, and image
            communications  equipment and  services to all EPA organizations and their
            employees and contractors at EPA Headquarters. NDPD performs or oversees
            planning, design, engineering,  installation, programming, relocation, mainte-
            nance, and repair of these equipment and services.

      b.    Program  offices  must contact their Telecommunications  Customer Service
            Representatives  (CSRs)  for  assistance in  completing  telecommunications
            procurement packages.

      c.    Headquarters Telecommunications CSRs are responsible for obtaining all EPA
            Telecommunications  staff approvals (technical or otherwise) on Procurement
            Requests (PRs) for acquisition of NDPD-approved telecommunications equipment
            and services.

      d.    NDPD is responsible for maintaining and enforcing this policy and will review
            it annually for needed modifications and/or enhancements.


4.0   POLICY

      a.    Telecommunications equipment and services are procured by program offices
            using EPA Form  1900-8 (Procurement Request/Order).

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.06                         Page 2 of 3


       b.     Procurement of telecommunications equipment, services,  and support must be
             approved in writing by NDPD to assure that appropriate technical standards are
             met.  Requests for information on types of equipment available should be sent to
             the Washington Telecommunications Center (WTC)(PM211T).  In accordance
             with  Agency procurement guidance, all voice and data telecommunications
             systems and equipment procured for use at EPA Headquarters must meet the
             established standards for technical  compatibility and connectivity as well as
             standards for possible system growth and redesign. PRs for the procurement of
             all telecommunications equipment and services under $5,000 should be approved
             by TCB staff.  PRs of $5,000 or more must be approved by the Director of
             NDPD.

       c.     Headquarters program offices generally request telecommunications equipment,
             services, and support from NDPD  through the Telecommunications  Service
             Request (TSR) process.  There are two exceptions:

             (1)    Program  offices  request radio-frequency assignments and   call signs
                   through the  Radio-Frequency Assignment Request (RFAR) process.

             (2)    Program offices request long-distance calling cards through  the Long-
                   Distance Calling Card Application process.

             Program offices requesting equipment, service, and support arrangements beyond
             the published standards are required to document, in memorandum form, their
             requirement for NDPD review.


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     PRs originating in  program  offices for the procurement of telecommunications
             equipment and services for use in EPA Headquarters must be approved by the
             EPA Washington Telecommunications Staff to ensure that technical standards and
             equipment compatibility requirements are met.

       b.     The following two  types of PRs are used to acquire or purchase telecommunica-
             tions equipment ana support:

             (1)    EPA Program Office Funded PRs: These are for items that are purchased
                   by program  offices.

                   •     Upon approval by EPA Washington  Telecommunications Staff,
                         Program Office Funded PRs will be logged in and then  forwarded
                         through appropriate procurement channels by the Telecommunica-
                         tions Cost Accounting Staff (TCAS).   The Program Office
                         Originator will be provided with a copy of the processed PR with
                         the date it was forwarded to PCMD.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.06                         Page 3 of 3


                   •     The "deliver to" block of the SF 1900-8 must indicate the "WTC
                         Warehouse  (PM211T)".  This is to ensure timely and accurate
                         installation  of the  equipment.   As a result, Program  Office
                         Originators  are responsible for forwarding a copy of the awarded
                         purchase order (PO) to the Telecommunications CSR.

                   •     Program Office Originators are  responsible  for tracking  their
                         procurements excepting as described in the bulleted item below.

                   •     Equipment  purchases from  the GSA-administered  Washington
                         Interagency  Telecommunications  System  (WITS) contract are
                         handled uniquely.  For WITS equipment purchases,  program
                         offices need only to bring their PRs to their Telecommunications
                         CSRs.  As a rule, WITS equipment orders are placed (obligated)
                         directly with the vendor by EPA Washington Telecommunications
                         Staff.  Program Office Originators are provided with copies of
                         their processed orders.

             (2)    EPA Program Office Incremental (Reimburseable) Funding PRs:  These
                   PRs  reimburse NDPD for items provided out of stock  and/or for
                   NDPD-provided telecommunication  support,  such  as   installation,
                   maintenance, and repair. The PRs are incrementally funded  to NDPD's
                   Telecommunications Services Contract, in accordance with a memorandum
                   of instruction issued each fiscal year by the Deputy Chief, Telecommuni-
                   cations Branch.

      c.     Funding for purchase, installation, and support of telecommunications equipment,
             services,  and support is provided by program offices or, in  some cases, by
             NDPD. NDPD requires reimbursement from program offices for some types of
             equipment, services,  and  support.  Procurement of any telecommunications
             systems or equipment must be approved by NDPD to assure that technical
             standards and equipment compatibility requirements are met.  Funding responsi-
             bilities are defined by the memorandum of instruction issued each fiscal year by
             the Deputy Chief, Telecommunications Branch, and which is subject to revision
             within the fiscal year.


7.0   PROCEDURE REFERENCES

      a.     U. S.  Environmental Protection Agency.   EPA Headquarters  Program Office
             Acquisition of Telecommunications Equipment, Services, and Support (internal,
             10-92). EPA Headquarters, Washington, DC.

      b.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Resource Handbook  (external, 10-91, updated 10-92).   EPA Headquarters,
             Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Voice Processing Systems                NO.    340.07

APPROVAL:^  >jft  '?.   /I/  n                                  DATE:  6//t/f;
	•*****"-^  • '-•.-rt-'jtttV	


1.0   PURPOSE

This document  describes NDPD's policy  for  managing the  acquisition,  installation, use,
administration, and support of Voice-Processing Systems (VPS) at EPA Headquarters.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All  NDPD personnel and contractors who plan, design, engineer, implement,
             administer, maintain, repair,  and support VPS equipment and services at EPA
             Headquarters facilities.

      b.     All EPA Headquarters program office personnel  who request, acquire, and use
             VPS equipment, services, and support.


3.0   RESPONSIBILITIES

      a.     NDPD provides VPS equipment and services to all EPA organizations and their
             employees  and contractors at EPA Headquarters.  NDPD performs or oversees
             procurement,  planning,  design,   engineering,  installation,   programming,
             administration, operation, relocation, maintenance, and repair of these services,
             including all related equipment.

      b.     Program offices appoint staff persons to serve as  Voice Messaging  Site
             Coordinators (VMSCs) for their respective organizations. A VMSC is the single
             point of contact within an organization for VPS and is responsible for coordinat-
             ing the planning, installation, training, funding and repair of VPS services.

      c.     NDPD is responsible for maintaining, enforcing, and educating program offices
             in  this policy and  will review  it  annually for needed  modifications and/or
             enhancements.


4.0   POLICY

      a.     NDPD provides EPA Headquarters program  offices with high-quality,  cost-
             effective, reliable VPS services, which include the following:

             (1)    Voice mail.

             (2)    Automated attendant.

             (3)    Interactive voice response.

             (4)    Enhanced call processing.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.07                           Page 2 of 3


             (S)     Information center mailboxes.

             (6)     Voice forms.

       b.     Program offices must fund PRs for one-time purchase and installation of voice
             mailboxes and  annual PRs to cover annual maintenance charges.  Headquarters
             Telecommunications staff will provide each program office with  an  annual
             accounting of their mail boxes.

       c.     Program offices may not use voice-messaging service on main or service-oriented
             program-office telephone lines on  which incoming callers require  immediate
             attention.

       d.     Headquarters Telecommunications staff sets the one-time purchase/installation
             costs, as well as the annual maintenance costs.

       e.     Headquarters VMSCs generally request VPS services and support from NDPD
             through the Telecommunications Service Request (TSR) and Procurement Request
             (PR) processes.  Program offices requesting equipment, service, and support
             arrangements beyond  the  published  standards are required  to document in
             memorandum form their requirement for  NDPD review.

       f.     All  Headquarters  VPS equipment  and services  must be procured from the
             standard EPA contract or be determined by NDPD to be compatible with NDPD's
             existing VPS equipment and services.


5.0    DEFINITIONS

Voice  mail:  A service for  receiving, recording, sending, storing, retrieving, listening to,
replying to, and forwarding voice messages.

Automated attendant:  A service that greets incoming callers with voice prompts that instruct
them on how to  reach  the  desired party's extension, a voice mail box, a  group,  or an
information recording.

Interactive voice response:   A service that allows callers to  query, retrieve,  and listen (via
synthesized voice) to computer data base information based on telephone keypad input.

Enhanced  call processing:   A service that answers an  incoming  call and routes it to the
appropriate destination based  on  telephone keypad input from the caller.

Information center  mailboxes:   A service  that answers an  incoming call,  disseminates
information to callers, and routes callers to other mailboxes or user extensions.

Voice  forms:  An information-collection  service that answers an incoming call,  plays pre-
recorded questions to callers, and records callers'  verbal and touchtone keypad responses.


6.0    STANDARDS

       a.     EPA Headquarters program offices obtain VPS services from  Agency-owned
             Octel  systems installed and operated by the National Data Processing Division.
             These  systems  were obtained through the Agencywide  standard voice mail
             contract.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.07                        Page 3 of 3


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency.  EPA Headquarters Voice Processing
            Systems (internal, 10-92).  EPA Headquarters, Washington, DC.

      b.     U. S. Environmental Protection Agency.  EPA Headquarters Voice Processing
            Services Quick  Reference Guide  (external, 11-92).    EPA  Headquarters,
            Washington, DC.

      c.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
            Resource  Handbook (external, 10-91,  updated  10-92).   EPA  Headquarters,
            Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Locator Service                         NO.    340.08

APPROVAL: A   f /    .                                           DATE:
                    '   '     '
1.0   PURPOSE

This document describes NDPD's policy for providing locator services at EPA Headquarters.


2.0   SCOPE & APPLICABILITY

This policy applies to all EPA Headquarters program office personnel who request, acquire, and
use locator service.


3.0   RESPONSIBILITIES

      a.     NDPD operates a consolidated locator service on behalf of EPA Headquarters.

      b.     Headquarters Administrative Officers (AOs) serve as Telephone Directory (TD)
             contacts for their respective organizations.  A TD contact is the single point of
             contact within an  organization  for  updating  the locator data  base for that
             organization.

      c.     NDPD is responsible for maintaining and enforcing this policy and will review
             it annually  for needed modifications and/or enhancements.


4.0   POLICY

      a.     The EPA Headquarters locator staff will provide telephone locator service to EPA
             program offices  and  the general public.  The locator service will be available
             Monday through  Friday from 7:30 am to 6:00 pm, with the exception of Federal
             holidays, by calling 202-260-2090.

      b.     Program office TD contacts must submit locator information on employees joining
             their organization, must change locator information as required, and must request
             deletion of employees as they depart. These actions will be taken in a timely
             manner, so that the information on an organization's employees is current.

      c.     The TD contacts will submit  Locator information on all Federal employees and
             on-site contractors affiliated with their organizations. Federal employees will be
             distinguished from other persons in all Locator files and publications.


5.0   DEFINITIONS

None.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.08                          Page 2 of 2


6.0    STANDARDS

       a.     TD contacts must submit information on change of name, telephone number, mail
             code, and location, and forward this information to the WTC (PM-211T). AOs
             may  use  the Express Locator Change  Form  displayed in the  Headquarters
             Telephone Directory.

       b.     The EPA Headquarters Locator data base, which is the  locator staffs primary
             reference tool, contains the following information on all EPA employees and
             on-site contractors:

             (1)    Name.

             (2)    Telephone number.

             (3)    Mail code.

             (4)    Location (city,  building, room number).

             (5)    Designation as  EPA employee or as other.

       c.     Members of the Telecommunication Branch staff will update the  Locator data-
             base within one business day of receipt of an Express Locator Change Form.  It
             is the responsibility of all EPA employees and contractor personnel to notify the
             appropriate AO of any additions, deletions, or changes that  need to be made to
             the Locator. AOs are responsible for the accuracy ofinformation on the Express
             Locator Change Forms.

       d.     Locator data base information is published twice each year as the alphabetical
             section of the EPA Headquarters Telephone Directory. The locator data base is
             used to update NDPD's National Locator.


7.0    PROCEDURE REFERENCES

       a.     U. S.  Environmental Protection Agency.  EPA Headquarters Locator Service
             (internal,  10-92).  EPA Headquarters, Washington, DC.

       b.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Resource  Handbook  (external, 10-91, updated 10-92).   EPA Headquarters,
             Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Telephone Directory                     NO.    340.09

APPROVAL; jjj^^ jfr^WV                                  DATE: 
-------
NDPD OPERATIONAL DIRECTIVE NO. 340.09                          Page 2 of 3


       b.     EPA employees wishing to make changes or additions to the  EPA telephone
             directory should contact the program office's AO.  Once the changes or additions
             are verified, the AO will forward the  request to telecommunications staff  for
             inclusion in the next Directory.

       c.     Changes to distribution levels or requests for copies of the EPA Headquarters
             telephone directory should be addressed to EPA Telecommunications, Washington
             Telecommunications Center  (PM-211T). The  public may acquire copies  by
             purchasing the item through the Government Printing Office (GPO); copies  for
             public distribution are not available from EPA.


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     Each full EPA Headquarters Telephone Directory will contain, at a minimum, the
             following sections:

             (1)    How To Use Your Telephone.

             (2)    Organizational Directory.

             (3)    Organizational Charts (with function statements).

             (4)    Alphabetical Directory.

             (5)    Subject Directory.

             (6)    Regional Directory.

             (7)    Hotline Directory.

             (8)    Facsimile Directory.

             (9)    Agency Directory.

             (10)   General Information.

       b.     Each section of the directory will adhere to EPA and the Government Printing
             Office  (GPO)  regulations and guidelines--in particular,  U.S.  Code, Title  44,
             Chapter 5: Production and Procurement of Printing and Binding and implement-
             ing regulations.

       c.     Information on Federal employees will appear in bold-faced type in the Telephone
             Directory. Information on on-site contractors will appear in a lighter faced type.
             This data will be verified against EPA's payroll system (EPAYS) to ensure the
             accuracy of existing and new data.

       d.     Information in the Subject, Hotline, Facsimile, Agency, and General sections will
             be verified with program offices before publication.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.09                        Page 3 of 3


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection Agency.  EPA Headquarters Telephone Directory
            (internal, 10-92).  EPA Headquarters, Washington, DC.

      b.     U. S. Environmental Protection Agency.  EPA Headquarters Telecommunications
            Resource Handbook (external, 10-91,  updated 10-92).  EPA Headquarters,
            Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Domestic Telephone                     NO.    340.10
             Credit Cards and Authorization Codes

APPROVAL:  $fe&* &>Jl:•- (                                 DATE:
1.0   PURPOSE

This document describes NDPD's policy for provision of long-distance domestic telecommunica-
tions access to Headquarters personnel for official Agency business when FTS2000 access is not
available, as well as the responsibilities of Agency officials for use of this service.


2.0   SCOPE & APPLICABILITY

This policy applies to all EPA Headquarters program office personnel who request, acquire, and
use domestic telephone credit cards and authorization codes.


3.0   RESPONSIBILITIES

      a.     NDPD is responsible for providing long-distance telecommunications access for
             conduct of official Agency business to EPA officials based in the Headquarters.
             The Deputy Chief, NDPD Telecommunications Branch, formulates, evaluates and
             revises EPA plans and policies for the provision of long distance service when
             FTS access is not available; reviews the quality, cost, and need for these services
             to ensure that the maximum level of support  is  provided as  cost-efficiently and
             effectively as  possible;  reviews all requests for program-funded  long distance
             calling card accounts; and approves use and termination of service.

      b.     Program offices are responsible for funding the  full cost to NDPD of providing
             domestic telephone credit cards.

      c.     NDPD provides telephone credit cards and FTS2000 authorization codes to EPA
             organizations and their employees and contractors at EPA Headquarters. NDPD
             performs or oversees use, administration, tracking,  and control of these cards and
             codes.

      d.     NDPD, in accordance with FIRMR Bulletin C-13,  is responsible for the monthly
             verification of all calls and calling charges as official government business.

      e.     NDPD is  responsible for annual validation or  review of the requirement for
             providing the service.

      f.     Headquarters  Administrative  Officers  (AO)  are  responsible for ensuring the
             security  of the  long distance access, requesting  additional  cards, issuing and
             retrieving cards as employees join and  leave their organization and processing
             funds to pay for the services received.

      g.     EPA staff users (card holders) are responsible for ensuring the security of their
             cards, for utilizing the service only for official Agency business and for assisting
             NDPD/TCB personnel as the latter perform monthly verifications  and  annual
             audits.  Users are also responsible for reimbursing  the Agency for any calls
             identified by the verification process as  personal (not official).

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.10                          Page 2 of 3


       h.     NDPD is responsible for maintaining and enforcing this policy and will review
             it annually for needed modifications and/or enhancements.


4.0    POLICY

       a.     An inventory of unissued cards will be maintained by NDPD TCB staff.

       b.     Cards can be obtained by sending a completed Calling Card Request  Form,
             requesting a permanent card, to the TCB Calling Card Program Manager. This
             process  shall be coordinated  by  the  requestor's AO.  TCB  management will
             approve or deny each request  based on the  following criteria:

             (1)   Each applicant must demonstrate a need for a card due to frequent travel
                   to locations without FTS access.

             (2)   Each request must be accompanied by approved funding, or cite funding
                   already provided  to pay for credit card services.

             Programs  will  prefund  all telephone credit cards with Incremental Funding
             Procurement Requests (PR). These PRs will be processed by and available funds
             monitored through TCB staff. Program offices are encouraged  to consolidate
             their funding actions into as few PRs as possible.

       c.     Upon receipt of approval by the TCB Calling Card Program Manager,  TCB Cost
             Accounting staff will establish an account for the program office.

       d.     Card privileges can be terminated at the discretion of the Deputy Branch Chief,
             Telecommunications Branch, based upon the following criteria:

             (1)   Calling patterns that include the following.

                    •     Local telephone calls.

                    •     Multiple users,  i.e. sharing of the card number with co-workers

                    •     Misleading certification of charges.

             (2)   Failure to certify each  month's charges promptly.

             (3)   Determination during validation that a need for the card no longer exists.


5.0    DEFINITIONS

Abnormal Charges:  Charges, either individual or aggregate, which appear to fall outside of the
normal calling pattern(s)/standards established by the card holders.  Such  abnormalities may
result from a card and/or its number being compromised.

Abusive Charges:  Charges, either individual or aggregate, which do not meet the criteria and
regulations for use of the service, including personal communications. Abusive activity may be
the result of the cardholders' failure to follow the policy and regulation  guidelines, or it may be
the result of a card and/or  its  number  being compromised.   Charges for local  calls  are
considered abusive charges.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.10                         Page 3 of 3


Official Business Calls: Long-distance calls which may include emergency calls and other calls
the Agency determines are necessary in the interest of the  Government when Government
provided service is not available (for further details and examples, see FIRMR Bulletin C-13).


6.0   STANDARDS

Program offices are required to perform monthly certification of all telephone credit card bills.


7.0   PROCEDURE REFERENCES

      a.     U. S. Environmental Protection  Agency.  EPA Headquarters Telephone Credit
            Cards and Authorization Codes (internal, 10-92). EPA Headquarters, Washing-
            ton,  DC.

      b.     U.S. Environmental Protection Agency. EPA Headquarters Telecommunications
            Resource Handbook (external,  10-91, updated 10-92).  EPA  Headquarters,
            Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Audio                                  NO.   340.11
             Teleconferencing Center
APPROVAL:   fflf*-    '-«*r-*                                   DATE:
1.0   PURPOSE

This document describes NDPD's policy for operation of the Audio Teleconferencing Center
located in the EPA Headquarters Washington Telecommunications Center.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All NDPD personnel and  contractors nationwide who use the services of the
             Audio Teleconferencing Center.

      b.     All EPA  program office personnel nationwide who request, acquire, and use
             audio teleconferencing equipment, services, and support.


3.0 RESPONSIBILITIES

      a.     NDPD provides multipoint audio teleconferencing to all EPA organizations and
             their personnel nationwide and provides portable teleconferencing units to all EPA
             Headquarters organizations and employees through the Audio Teleconferencing
             Center at  the Washington Telecommunications Center (WTC).

      b.     Users  are encouraged to follow  reservation, operational,  and trouble reporting
             procedures documented in the Audio Teleconferencing Services Quick Reference
             Guide.

      c.     NDPD is  responsible for maintaining and enforcing this policy and will review
             it annually for needed modifications and/or enhancements.


4.0 POLICY

      a.     NDPD provides  EPA  program  offices nationwide with high-quality,  cost-
             effective,  reliable, full-duplex multipoint teleconferencing  service.  Conferences
             will typically operate in the meet-me mode and be monitored for quality by the
             WTC staff, which will assist in solving conference problems. Detailed guidance
             to conferees  is available in the  EPA Audio Teleconferencing Services Quick
             Reference Guide,  which is available through the WTC.

      b.     The Audio Teleconferencing Center provides portable conferencing  units to
             Headquarters personnel on a first-come, first-served, temporary-loan basis for use
             in EPA offices and conference rooms.

      c.     The Audio Teleconferencing Center provides teleconference speaker training and
             user manuals to users upon request.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.11                           Page 2 of 2


       d.     NDPD provides program  offices with assistance,  upon  request, with  the
             analytical, design, and engineering services:

             (1)    In support of the design or refurbishment of facilities which will be used
                   for teleconferencing.

             (2)    To certify facilities that meet  the established standards.

             Note:  NDPD will issue a separate policy on teleconferencing facility design and
                   certification during 1993.

       e.     NDPD provides multipoint audio teleconferencing service  to EPA personnel
             nationwide through  the Audio Teleconferencing Center, which operates during
             normal working hours:  Monday through Friday from 8:00  a.m. to 6:00 p.m.,
             excepting Federal holidays.  Program offices requesting equipment, service, and
             support arrangements beyond  the published standards are required  to document
             their requirement for NDPD review.


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     NDPD provides EPA  program offices nationwide with  high-quality, cost-
             effective, reliable, full-duplex multipoint conference calls  through MultiLink
             digital audio teleconferencing bridges installed in the Audio Teleconferencing
             Center.

       b.     Requests  for Audio Teleconferencing Center services and equipment should be
             submitted to the center at least 24 hours prior to the planned conference, because
             use  of these services and equipment often exceeds system  capacity.   USERS
             MUST ADVISE IMMEDIATELY when a conference is cancelled.


7.0    PROCEDURE REFERENCES

       a.     U. S. Environmental Protection Agency.  EPA Headquarters Audio Teleconferen-
             cing Center (internal, 8-92, updated 10-92).  EPA Headquarters,  Washington,
             DC.

       b.     U.S. Environmental Protection Agency.  EPA Headquarters Audio Teleconferen-
             cing Services Quick Reference  Guide (internal,  12-91).   EPA Headquarters,
             Washington, DC.

       c.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
             Resource Handbook (external,  10-91,  updated  10-92).  EPA  Headquarters,
             Washington, DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      EPA Headquarters Print-Sharing Services                    NO.    340.12

APPROVAL:  &'A*&i ?>:: -S'.\- < ;                                 DATE:
1.0   PURPOSE

This document  describes  NDPD's policy for managing  the acquisition, installation,  use,
administration, and support of print sharing devices at EPA Headquarters facilities.


2.0   SCOPE & APPLICABILITY

This policy applies to the following personnel:

      a.     All NDPD personnel and contractors who plan, design,  engineer, implement,
             administer, maintain, repair, and support print-sharing equipment and services at
             EPA Headquarters facilities.

      b.     All EPA Headquarters program office personnel who request, acquire, and use
             print-sharing equipment, services, and support.


3.0   RESPONSIBILITIES

      a.     NDPD  provides print-sharing devices  to  all  EPA organizations  and their
             employees and contractors at EPA Headquarters. NDPD performs or oversees
             planning, design,  engineering, installation, programming,  relocation, mainte-
             nance, and repair of this equipment.

      b.     NDPD is reimbursed for the full cost of providing print-sharing service  by the
             program office.

      c.     NDPD is responsible for maintaining and enforcing this policy and will review
             it  annually for needed modifications and/or enhancements.


4.0   POLICY

      a.     Telecommunications Branch Headquarters staff must approve all devices to be
             installed in EPA Headquarters facilities for the purpose of print-sharing.

      b.     Headquarters program offices request  print-sharing equipment from  NDPD
             through the Telecommunications Service Request (TSR) process. Program offices
             may choose  to acquire such devices directly from  Telecommunications Branch
             stock on a reimbursable basis. Program offices are responsible for reimbursing
             the Telecommunications Branch for any new hardware acquired, any installation
             work performed,  and for developing  the  appropriate TSR and  supporting
             documentation.

      c.     Program offices requesting equipment and  service  arrangements beyond the
             published standards are required to document their requirement for NDPD review
             and approval.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.12                           Page 2 of 3


5.0    DEFINITIONS

None.


6.0    STANDARDS

       a.     All print-sharing devices will be configured for serial connections (thin wire) for
             all workstations in excess of 15 feet from the box. Any workstation within  IS
             feet will be allowed to use parallel (thick wire) connection.  The acquisition  of
             any additional communications boards required in program office PC's will be the
             responsibility of the program office.

       b.     A Telecommunications Service Request Form  (TSR  EPA Form 5020-1)  is
             required.   Program  offices  should  submit the TSR along with a floor plan
             showing the EXACT location of each  workstation or printer outlet to the TSR
             Control Desk, in the Washington Telecommunications Center (WTC) PM211T
             located on the mall level of the Waterside Mall complex.

       c.     Payment for print-sharing devices and/or cable installation will be accomplished
             via a funded Purchase Request (PR) completed in accordance with the Deputy
             Chiefs annual memorandum titled "Payment for Telecommunications Work".

       d.     NDPD will compute the charge to program offices for provisioning of new or
             reconditioned print-sharing devices based on the cost of the equipment plus the
             cost of installation.  The installation charge is the actual hardware cost of the
             print-sharing device and a set fee for each connection to the print-sharing device.
             The charge includes NDPD costs for the following services:

             (1)    Acquiring and installing the print-sharing device.

             (2)    Running  cable between the print-sharing device,  workstations, and
                   printers.

             (3)    Installing cable between workstations/printers and wall outlets.

       e.     In the event a program office relocates or finds another technology to provide
             print sharing, the used print sharing device will be returned to the telecommunica-
             tions warehouse for  reissue.  Program offices receiving reissued/reconditioned
             equipment will only be charged based on the formula used for costing recondi-
             tioned units indicated above.

       f.     At the option  of EPA Telecommunications Branch in  an  effort to enhance
             serviceability of these units, any device installed may be located in  a centralized
             location.  This may result in the program office having to acquire additional serial
             PC ports.  Program offices are expected  to absorb these costs.


7.0    PROCEDURE REFERENCE

       a.     U. S.  Environmental  Protection  Agency.   EPA Headquarters Print-Sharing
             Services (internal, 10-92). EPA Headquarters, Washington, DC.

-------
NDPD OPERATIONAL DIRECTIVE NO. 340.12                        Page 3 of 3


      b.     U. S. Environmental Protection Agency. EPA Headquarters Telecommunications
            Resource Handbook  (external, 10-91, updated 10-92).  EPA Headquarters,
            Washington,  DC.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:      National Environmental Supercomputing Center              NO.    400.01
             (NESC) Mission
                            .  '  f~\
APPROVAL:^..-..1..  .-  ::'•.--''                                 DATE:
1.0   PURPOSE
This policy  establishes the mission  of the  Environmental Protection  Agency's  National
Environmental Supercomputing Center (NESC) in Bay City, Michigan.

2.0   SCOPE & APPLICABILITY
This policy applies to all  involved in  the programs and  services of the EPA's  National
Environmental Supercomputing Center including Agency personnel, contractors, grantees, and
participants in cooperative agreements.
Any deviation from this policy must be approved in writing by the Director, NDPD.
3.0   RESPONSIBILITIES
The NESC is responsible for providing Supercomputing service to customers within the Agency
as well as to external customers.
NDPD is responsible for providing assistance in procuring hardware, software, and pther
equipment for the Bay City Facility; providing telecommunications planning for and providing
connectivity to the NESC in accordance with Agency Telecommunications Request for Services;
providing assistance in strategic planning efforts for the NESC as a part of such planning for the
EPA as a whole.
The NDPD will also be responsible  for providing  specific assistance in the following areas:
      a.    Facilities Management (FM) Support.
      b.    Problem Management.
      c.    Change Management.
      d.    Configuration Management.
      e.    Capacity Management.
      f.    Documentation Support.
4.0   POLICY
      a.    The National  Environmental Supercomputing Center is to provide high perfor-
            mance computing resources necessary to support environmental research or global
            proportions, improved science for the development of regulations, and educational
            programs for  the environmental  and computational sciences.

-------
NDPD OPERATIONAL DIRECTIVE NO. 400.01                        Page 2 of 2


      b.     The  National  Environmental Supercomputing  Center  will follow  NDPD
            operational policies as they apply to the supercomputing environment. (Some of
            the existing NDPD operational policies will require modification to be applicable
            to a supercomputing environment.)


5.0   DEFINITIONS

None.


6.0   STANDARDS

Not applicable.


7.0   PROCEDURE REFERENCE

None.

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      National Environmental Supercomputing Center              NO.    400.02
             (NESC) Customer Interface

APPROVAL:  *$&**- - ~*'•-•'-  7c" <                                 DATE:
1.0   PURPOSE

This policy specifies how potential customers of the NESC are to contact and interface with the
facility for the purpose of requesting the allocation of resources  for environmental science
research projects.


2.0   SCOPE & APPLICABILITY

This policy applies to  all  EPA  personnel,  contractors,  cooperative scientists, and  academic
organizations and grantees  that seek to use supercomputing resources at the NESC.

Any deviation from this policy must be approved in writing by the Director, NDPD.


3.0   RESPONSIBILITIES

The NESC is responsible  for determining what projects will be allocated resources and the
amount of resources that will be provided to each individual project.

Each petitioner for NESC allocated resources will be responsible for submitting a proposal to
the Director of the NESC in order  to be considered.


4.0   POLICY

      a.     NESC supercomputing resources will be allocated to a project only upon approval
             of a  standard proposal  submitted to the NESC in Bay City.

      b.     All proposals will  be submitted using the format and procedures contained in the
             NESC Supercomputing Resource Allocation Request document.

      c.     Requests for the NESC Supercomputing Resource Ajlpcation document should
             be made  to the Secretary to the Director either in writing, to the address given
             in Section 6.0 below, or by calling the NESC Director's Office.

      d.     The  NESC  will establish and maintain a data base of existing and potential
             customers of NESC services.

      e.     The NESC will develop and maintain programs to "market" and educate potential
             future customers for NESC services.

-------
NDPD OPERATIONAL DIRECTIVE NO. 400.02
Page 2 of 2
5.0   DEFINITIONS

The definitions that follow describe the scope of customers of NESC services:

      a.     Those who have either the wish or the need to receive information about the
             NESC and its services and have the means to obtain those services.

      b.     Those individuals who have User-IDs with valid accounts on the NESC system.

      c.     Application system managers for those programs, such as AREAL,  that may
             require NESC resources.

      d.     EarthVision participants.

Other customers are to be defined as the nature and scope of NESC services develops over time.


6.0   STANDARDS

All proposals are to be submitted to:             Director
                                            NESC
                                            135 Washington Street
                                            Bay City, Michigan 48708
                                            Phone: (517)894-7695


7.0   PROCEDURE REFERENCE

NESC Super-computing Resource Allocation Request. This document is published by the
NESC and is distributed to all potential requestors of NESC services either through a distribution
list developed  from requests for NESC training programs or other mailing lists.

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NESC System Management                               NO.    420.01

APPROVAL:  &flvS'^i ^;y.; <\'                                DATE:
1.0   PURPOSE

The National  Environmental Supercomputing  Center (NESC) System Management policy
establishes:

      a.    Objectives for managing the system.

      b.    Functions which will be managed to meet the objectives.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management, operation, or maintenance of
the NESC.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy.

The PSC will adhere to NDPD  policies and  perform  the tasks necessary  to meet policy
objectives.

Any deviation  from this policy must be approved  in writing by the Director of NDPD and be
incorporated in the applicable primary support contractual documents.


4.0   POLICY

      a.    The NESC will be managed in a manner which provides cost-effective service to
            the customer community.

      b.    The NESC will be managed to meet the service levels defined by the Director of
            NDPD and required by the primary support contract.

      c.    While the organizational structure of NDPD and the primary support may change
            from time to time, the following major functional areas of responsibility will be
            managed:

            (1)   System Operations.
            (2)   System Software Maintenance.
            (3)   Data Communications Support.
            (4)   System Performance Tuning.
            (5)   Capacity Planning.
            (6)   Customer Services.
            (7)   Visualization Support.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.01                           Page 2 of 2


       d.     The Primary Support Contractor will, in concert with NDPD technical managers,
             ensure that NDPD operational policies are implemented for each of the areas of
             responsibility identified above.


5.0    DEFINITIONS

System Operations:  Consists of console and peripheral equipment operation, physical facilities
management, data  storage management, preventive  and  remedial hardware maintenance
scheduling, change management, and production control.

System Software Maintenance:   Consists of installing and maintaining all vendor-supplied
software.  This includes Cray system and program products, as well as software supplied  by
third party vendors.

Data  Communications  Support:   Consists of  installing,  maintaining, and  monitoring the
performance of all  data links and associated equipment in use at NESC.

System Performance Tuning: Consists of all activities required to ensure that the goals defined
in the service level policy are met on a daily basis.

Capacity Planning:   Consists of all activities required to predict future workload and to identify
resources which must be acquired to meet the service level policy objectives in the future.

Customer Services:  Consists of customer support activities for problem resolution,  customer
registration and billing, and central data base administration.

Visualization Support:  Consists of the activities required  to design, develop,  implement, and
maintain a visualization laboratory and associated support services for supercomputer customers.


6.0    STANDARDS

Not applicable.


7.0    PROCEDURE REFERENCE

(Pending)  U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual.  Bay City, Michigan. National Environmental
Supercomputing Center. (Location:  NESC)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NESC Service Levels                                    NO.    420.02

APPROVAL:  *£&**-''>'.'-   -'^                                D\TE:  7/
-------
NDPD OPERATIONAL DIRECTIVE NO. 420.02                           Page 2 of 4


4.0    POLICY

       a.     NESC components:

             (1)    The NESC consists of a high-performance, scientific computing environ-
                   ment necessary to attack the environmental challenges of the EPA.  The
                   NESC is composed of major components needed to provide a supercom-
                   puter facility and support capabilities.  It is comprised of:

                   (a)    One or more supercomputers such as a Cray Y-MP8I/2S6.
                   (b)    High-capacity, high-speed data storage subsystems such as an STK
                         Silo.
                   (c)    High-resolution visualization graphics equipment.
                   (d)    High-speed communications lines and controllers such as Tl, T3,
                         and 56kb lines and NSC communications routers.
             (2)    The NESC is dedicated  to processing  scientific applications  such  as
                   environmental modeling and the analysis of experimental data. Nonscien-
                   tific applications are not to be processed at NESC.

             (3)    System software consists of:

                   (a)    General  purpose  operating  system  environment  supporting
                         multiprocessors and time sharing/slicing such as UNICOS on the
                         Cray.
                   (b)    General purpose third-party vendor software products that support
                         common customer  needs  such as  the  "Gaussian  92" software
                         program.

      b.     Access Rules for NESC:

             (1)    The NDPD Director, after consultation with the SPRWG and SRAEC,
                   will approve customer access to the NESC and will establish direction on
                   levels of usage to be allowed for each customer.

             (2)    The Primary  Support Contractor will guarantee levels of service for the
                   NESC customers in keeping with overall available resources and with the
                   goal of minimizing job turnaround time while maximizing resources, such
                   as memory and disk space, available to each customer.

      c.     Hours of Availability:

             (1)    The NESC will be available to the customer community 24 hours a day,
                   7 days a week,  with the following restrictions:

                   (a)    The system  will be unavailable on Mondays from 5:00 a.m. to
                         8:00 a.m. Eastern Time for system preventative maintenance.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.02                           Page 3 of 4


                   (b)    Prescheduled  maintenance, in addition  to  regularly  scheduled
                          preventive maintenance, must be approved  by the  EPA  NESC
                          Director and the Primary Support Contractor site Manager before
                          being done. Customers will be notified at least 7 days before the
                          maintenance is to be performed, if it will effect their access.  This
                          maintenance will be used for such activities as installation of new
                          equipment and/or special maintenance such as overhauling a major
                          water chiller.  Prescheduled maintenance time will not be consid-
                          ered part of scheduled production time.

             (2)    A console operator will be present from 7:30 a.m. until 12 midnight,
                   Monday through Friday, and on Saturday and Sunday from 7:30 a.m.
                   until 3:30 p.m.

             (3)    Scientific Computer Support will be available from 8:00 a.m. until  5:00
                   p.m., Monday through Friday.

       d.     The NESC stability/service level goals are:

             (1)    An up-time percentage of at least 99 percent of scheduled production time
                   for the processor complex.

             (2)    An up-time percentage of at least 99 percent of scheduled production time
                   for access via a major telecommunications route to the NESC.

             (3)    A Mean Time Between Failures (MTBF) to be greater than  96 hours for
                   the Cray and STK Silos and a Mean Time To Repair (MTTR)  of 2.0
                   hours or less where the MTTR time begins when the maintenance team
                   arrives. These  mean  times will be calculated over each trimester period
                   of October-January, February-May, and June-September.

             (4)    To provide time  on  the supercomputer  and/or time  on other  NESC
                   controlled equipment  to each customer  in accordance with  NDPD/Cus-
                   tomer support agreements.

             (5)    These stability goals are dependent upon those factors within the control
                   of local NESC personnel. Adjustments will be made to the algorithm for
                   those factors outside their control, e.g., citywide power failures.

             Stability goals will be  computed only for the scheduled hours of service listed
             above.

       e.     Periodic reports will be submitted to NDPD management and to the  NESC
             Working Group, and NESC Executive Council.


5.0    DEFINITIONS

None.


6.0    STANDARDS

Not applicable.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.02                        Page 4 of 4


7.0   PROCEDURE REFERENCE

(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual.  Bay City, Michigan. National Environmental
Supercomputing Center.  (Location: NESC)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:      NESC Performance and Capacity Monitoring                 NO.   420.03
APPROVAL:  f&+-L  -:    >   •                                  DATE: 1/9/93

1.0   PURPOSE
The  National Environmental Supercomputing Center (NESC) Performance and  Capacity
Monitoring policy establishes:
      a.     Performance and capacity monitoring objectives.
      b.     Methodology to support the objectives of this policy.
      c.     Reporting  requirements  designed  to  alert senior  management  to  potential
             problems.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management, operation, or maintenance of
the NESC. The SRPWG will assist NDPD in the collection and assessment of mission-based
requirements which  will affect long-term capacity planning and system performance.
3.0   RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy, and will alert
NDPD to potential performance problems.
The PSC will adhere to NDPD policies and offer recommendations designed to meet the policy
objectives.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG) and be incorporated  in the
applicable primary support contractual documents.
4.0   POLICY
      a.     NESC performance and capacity  monitoring activities include  performance
             analysis,  stability analysis, and capacity planning.
      b.     System performance will be monitored to ensure compliance with the objectives
             of Directive 420.02, NESC Service Levels.
      c.     Workload  trends  will  be monitored to  identify  potential  future  resource
             constraints.
      d.     The potential resource  utilization of major new applications will be assessed to
             determine their impact  on system performance.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.03                          Page 2 of 2


      e.     System  performance  and  capacity data  will be captured  and analyzed  with
             commercially available software.  Local code written to support this effort will
             be minimized to the greatest degree possible consistent with the objectives of this
             policy.

      f.     System performance,  stability, and resource utilization  will  be summarized and
             reported to NDPD management daily and shared with the SRPWG, in summary
             form during the SPRWG periodic  meetings.

      g.     Deficiencies in  system performance, stability, or resource  availability will  be
             corrected as soon as possible consistent with the provisions of Directive 420.04,
             Change Management.

      h.     The system's capacity to support projected growth in workload will be evaluated
             and  reported  to NDPD management each trimester.  The report will be shared
             with the SRAEC and  SRPWG.


5.0   DEFINITIONS

None.


6.0   STANDARDS

Not applicable.


7.0   PROCEDURE REFERENCE

(Pending)  U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual.  Bay City, Michigan. National Environmental
Supercomputing Center.   (Location: NESC)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NESC Change Management                               NO.    420.04

APPROVAL:^. AV:;J :,      u
applicable under their contract) responsible for the management or implementation of hardware
and system software changes to the NESC and the associated networks.
3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy, and will review
stability reports to assess compliance.

The PSC will adhere to NDPD policies and procedures to ensure  that the terms of Directive
420.02, NESC Service Levels, are met.

Any deviation from this policy must be approved in writing by the director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research  Planning Working Group (SRPWG) and  be  incorporated in the
applicable primary support contractual documents.


4.0   POLICY

      a.     System changes are classified either as "required"  or "emergency." Hardware or
             system  software maintenance  required  to  correct  a stability or performance
             problem constitutes an emergency change. Required system changes are routine
             activities needed to upgrade the hardware or software configurations. This policy
             is designed to ensure that all changes are  applied in a timely manner without
             disrupting system stability or performance.

      b.     The following system components are subject to this policy:

             (1)    The supercomputer and its peripherals.

             (2)    All network devices attached locally at the NESC to the network.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.04                          Page 2 of 3


             (3)    Electrical, air conditioning, and other components vital to the operation
                   of the processor or any of its peripheral devices.

             (4)    All Cray licensed and third-party vendor software products installed at the
                   NESC and supported by NESC.

       c.     A Change Management Council representing the Primary Support Contractor and
             NDPD will review and  approve changes to the components defined  above.
             Members of the  SPRWG  may sit as observers on the  Change Management
             Council.

       d.     All emergency changes must be approved by the Primary Support Contractor's
             NESC manager.  The EPA NESC Director must grant approval for emergency
             changes if the Primary Support Contractor's department manager specified above
             cannot be reached. Approval for emergency changes can be obtained in writing,
             in person,  or over the telephone.

       e.     All required changes will be submitted to the Change Management Council for
             review  and approval before installation.   The impact of proposed changes on
             system stability and performance must be considered before approval is granted.

       f.     Local code development will be approved in writing by NDPD before the task is
             initiated.

             Local code implementation  into production will be with the approval of the
             Change  Management  Council.   This  approval  requires  complete  testing,
             documentation, and supervisory level code review. These requirements can only
             be waived  in emergencies by NDPD.

       g.     All Cray and third-party software products will be maintained at a release level
             which is no more than one level behind the current release level supported by the
             vendor unless there is a known stability, performance, or functional problem with
             the new release.  The Director  of NDPD must approve all cases of delayed
             implementation of a new release.

       h.     Customers will be notified at least 30 days prior to any  software or hardware
             scheduled releases (i.e., implementations on the operational system) that might
             affect existing customer programs.


5.0    DEFINITIONS

Local code is defined as code that changes vendor software that is not written and formally
released by the vendor as an update to the vendor's software.


6.0    STANDARDS

Not applicable.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.04                        Page 3 of 3


7.0   PROCEDURE REFERENCE

(Pending) U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual.  Bay City, Michigan. National Environmental
Supercomputing Center.  (Location:  NESC)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NESC Problem Resolution                                NO.    420.05

APPROVAL:   $&,$.& ^JiA^V                                 DATE:
1.0   PURPOSE

The  National Environmental  Supercomputing  Center  (NESC)  Problem Resolution  policy
establishes:

      a.     Problem resolution objectives.

      b.     Problem classifications.

      c.     Problem resolution responsibilities.

      d.     Customer notification requirements.


2.0   SCOPE & APPLICABILITY

This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicabje under their contract) responsible for the management or operation of the NESC and
for providing support to the customer community.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy.

The PSC will adhere to NDPD policies and procedures to ensure that problems are resolved
expeditiously.

Any deviation from this policy must be  approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research  Planning Working Group (SRPWG) and  be incorporated  in the
applicable primary support contractual documents.


4.0   POLICY

      a.     NESC will  strive to resolve problems with any part of the system as soon after
             identification as possible in order to provide the best possible level of service to
             the customer community.

      b.     Problems encountered at the NESC will be categorized as Customers and System
             problems with subcategories of hardware, software, performance, telecommunica-
             tions, and customer problems.

      c.     All problems with NESC supported hardware and/or software will be entered into
             the Central Problem Management (CPM) system by close of business on the day
             the problem was discovered.  Customer problems not resolved within one day
             will also be recorded in the Central Problem Management  system.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.05                          Page 2 of 2


      d.     The central problem resolution contact  will report to NDPD management the
             status of unresolved problems on a daily basis.

      e.     The central problem resolution contact will post News Alerts for any problem
             which may result in customer job failures or customer data loss.

      f.     The Scientific Computer Support  staff  will serve as the point of contact for
             resolving customer problems.

      g.     The Scientific Computer Support staff will submit reports to NDPD identifying
             the number and  nature of customer problems addressed during the reporting
             period.  The reports will be shared with the NESC SRPWG.

      h.     The EPA  Director of  Scientific Computing of NDPD and the  EPA NESC
             Director will  be immediately  notified of data loss due  to  system  failures
             experienced by the customer community.

      i.     Customers  reporting problems will be called within 24 hours to advise them of
             progress being made in  seeking a solution.

      j.     Closed problem reports will be archived for a period of 3 years from the date the
             problem was logged.


5.0   DEFINITIONS

None.


6.0   STANDARDS

Not applicable.


7.0   PROCEDURE REFERENCE

(Pending)  U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting Center Operational Procedures Manual.  Bay City, Michigan. National Environmental
Supercomputing Center.   (Location:  NESC)

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NESC Accounting                                       NO.    420.06

APPROVAL:   A  j _   J/J / ' |. //   O                    DATE:
      PURPOSE
The National Environmental  Supercomputing Center (NESC) Accounting policy establishes
accounting objectives.


2.0   SCOPE & APPLICABILITY

This policy applies to all NESC customers, and to all NDPD personnel and Primary Support
Contractor (PSC) personnel (as applicable under their contact) responsible for the management
or operation of the NESC.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy.

The PSC will perform the tasks necessary to meet the objectives of this policy.

Customers will rely on the terms of this policy to manage their timeshare allowance.

Any deviation from this policy must be  approved in writing by  the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research Planning Working Group (SRPWG)  and be incorporated in the
applicable primary support contractual documents.


4.0   POLICY

      a.     NDPD will conform to the requirements of OMB Circular A- 130 in accounting
             fcr  full cost allocation associated with providing data processing services to the
             user community.

      b.     NESC utilization data will be collected for resource usage in the following areas:

             (1)    Processor utilization.
             (2)    Mass storage utilization.

      c.     The rate (which could be charged in the future) for services will be reviewed and
             adjusted annually by the Director of NDPD after consultation with the SRAEC
             and SRPWG to reflect changes in the potential cost of providing these services.
             The rate for the new fiscal year will be published in the first quarter of the new
             fiscal year. Charges will be adjusted  retroactively to the beginning of the year
             to reflect the new rates.

      d.     Every interactive or batch session  will have data collected for actual resources
             identified in "b" above that are consumed if data can  be captured accurately and
             the  cost of capture does not outweigh the cost recovery of the resource.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.06                          Page 2 of 2


       e.     NDPD may  apply premiums or discounts for certain  processing priorities or
             techniques to encourage efficient resource utilization.

       f.     Charges, if assessed  on customers, will be refunded if a transaction fails due to
             console operator error, system hardware failure, or system software error.  Jobs
             using more than 2 hours of CPU time must have a user defined save and restart
             capability to  be eligible for a refund. The refund will not exceed charges greater
             than those incurred during 2 hours of CPU utilization.

       g.     NDPD will  make available on-line to ADP Coordinating and IAG contacts a
             summary of each month's usage by the 5th business day of the following month.

       h.     Management reports  will be made available on-line monthly through the On-Line
             Timeshare Utilization System (OTUS).  These reports will be available to ADP
             Coordinators and Senior  Budget Officers by the fifth  business day  of the
             following month.


5.0    DEFINITIONS

None.


6.0    STANDARDS

Not applicable.


7.0    PROCEDURE REFERENCE

(Pending)  U. S. Environmental Protection Agency. (1993) National Environmental Supercom-
puting  Center Operational Procedures Manual.  Bay  City, Michigan.  National Environmental
Supercomputing Center. (Location:  NESC)

       a.     Procedure Title:  Cray Billing Procedures Manual (Location:  Billing Services
             staff).

       b.     Procedure Title:   On-Line Timeshare Utilization System (OTUS) Procedures
             Manual (Location: Billing Services staff).

       c.     Procedure Title:  On-Line Timeshare Utilization System (OTUS) On-line User's
             Guide (Location:  Billing Services staff).

       d.     Procedure Title:   INFOPAC Procedures Manual  (Location:  Billing Services
             staff).

       e.     Procedure Title:   Billing  Report Distribution  System, On-Line Viewing  and
             Printing User's Guide (Location:  Billing Services staff).

-------
                 U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:      NESC Customer Registration                               NO.    420.07

APPROVAL: ffa&H I...  •.\-~.V                                  DATE: 7/?/?j
                         '  ~.i	


1.0    PURPOSE

The National Environmental Supercomputing Center (NESC) Registration policy establishes:

       a.     Customer registration objectives.

       b.     Customer registration requirements.

       c.     Reporting requirements for managing the customer registration process.


2.0    SCOPE & APPLICABILITY

This policy applies lo all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management of operation of the NESC and
to the NESC customers.


3.0    RESPONSIBILITIES

The PSC will develop,  update, and monitor procedures to implement this policy.

The PSC will perform the tasks necessary to implement this policy.

The Time Sharing Services Management Systems (TSSMS) Office will  be responsible for
conducting customer registration services.

The customer community will  follow the NDPD procedures derived from this policy to gain
access to the NESC.

Any deviation from this policy must be  approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing  Research  Planning Working Group (SRPWG) and be incorporated in the
applicable primary support contractual documents.


4.0    POLICY

       a.     Customer registration procedures will conform to the objectives of this policy and
             the terms of Directives 420.06, NESC  Accounting, and 420.08, NESC Security.

       b.     System utilization will  be recorded for authorized individual customers and for
            accounts  which may include multiple customers.

       c.    New accounts may be created by EPA ADP Coordinators only.  Provisions will
            be made  for group designations and the use of Access Control List facilities.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.07                          Page 2 of 2


      d.     Each customer will be assigned a unique customer identification code and will be
             associated with one or more accounts as requested by the EPA ADP Coordinator
             or EPA Account Manager.

      e.     Every EPA ADP Coordinator  and Account Manager will be responsible for
             ensuring that customers are registered on the NESC for the purpose of conducting
             legitimate Agency business only.

      f.     Customer identification  codes  previously assigned to a  customer  no longer
             registered on the NESC may be reassigned to another  customer.

      g.     Requests for account and customer registration may be made via Email or regular
             mail.

      h.     A customer terminating employment  will be  removed from  the system.  All
             resources associated with this customer  identification code will be assigned to
             another customer or deleted at the discretion of the ADP Coordinator or Account
             Manager.

      i.     Every EPA ADP Coordinator and Account Manager will be responsible for
             ensuring  customer  identification  termination  for all EPA,  contractor,  or
             subcontractor employees upon the termination  of a  project  or resignation of
             employees under his jurisdiction.

      j.     Accounts and customer identification codes which have not been accessed for 1
             year will be deleted from the system.  The customer and Account Managers will
             be notified at least 30 days prior to deletion of an account or customer identifica-
             tion code.

      k.     Every ADP Coordinator and Account Manager will  receive  a  periodic report
             identifying  the accounts and customer identification codes  for  which he is
             responsible.

5.0   DEFINITIONS

None.


6.0   STANDARDS

Not applicable.


7.0   PROCEDURE REFERENCE

(Pending) U. S. Environmental Protection  Agency. (1993) National  Environmental Supercom-
  ?uting Center Operational Procedures  Manual.  Bay City, Michigan. National Environmental
  upercomputing Center.  (Location: NESC)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                 NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NE£C and UNICOS Security                              NO.    420.08

APPROVAL: »fe«4^. •; :^; ;>  ,/                                DATE: 7/7/^



1.0   PURPOSE

This policy establishes a set of security standards and practices  for the  Agency UNICOS
operating system  which  operates the CRAY Supercomputer at the National Environmental
Supercomputing Center (NESC) in Bay City, Michigan and is supported by EPA's National Data
Processing Division (NDPD).  These standards  are in compliance with generally accepted
security standards and practices and with  Federal regulations and directives referenced in
Paragraph 7.0 PROCEDURE REFERENCES of this policy.


2.0   SCOPE & APPLICABILITY

This policy applies to all customers of NDPD owned or supported computer  systems which use
the UNICOS Unix-based operating system and to  all personnel who provide for the operation,
maintenance, support,  or telecommunications services of those systems.

Any request for a deviation from this policy must be provided in writing to the Director, NDPD
ana, if approved,  must be approved in writing.  Email is an acceptable medium for requesting
and receiving an exemption under this policy. Policy exemptions must be requested through the
NDPD Computer Security Manager,  ALL-IN-1 User-ID SECURITY.  Provisions in this policy
might be superseded by future policies developed for public access and which are subsequently
reviewed and approved by the NDPD Computer Security Officer. Provisions in Public Access
policies are regarded as approved exemptions to this policy.


3.0   RESPONSIBILITIES

      a.     The Director, NDPD is responsible for:

            (1)    Providing a secure environment for all UNICOS or  UNICOS-based
                  computer systems covered by this policy.

            (2)    Ensuring that this policy is consistent with all Federal  regulatory statutes
                  and directives.

            (3)    Requesting exemptions to Federal regulatory statutes and directives when
                  required by considerations  unique to the operating environment of the
                  computer systems covered by this policy.

            (4)    Appointing an NDPD Computer Security  Officer  responsible  for
                  implementing,  maintaining,  and reviewing compliance with this policy.

            (5)    Participating in NDPD's Computer Emergency Response Team (CERT)
                  as described in NDPD policies and procedures for that team.

            (6)    Approving, in writing, any approved  exemptions to this  policy.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                           Page 2 of 9


       b.     The NDPD Computer Security Officer is responsible for:

             (1)    Establishing and implementing all procedures necessary for the implemen-
                   tation and maintenance of this policy.

             (2)    Reviewing and approving all security environment  changes allowable
                   under this policy, and reviewing and approving all system-wide special
                   privileges for all UNICOS or UNICOS based systems covered by this
                   policy.

             (3)    Directing efforts of Primary Support Contract (PSC) personnel in security
                   matters pursuant to provisions of the PSC.

             (4)    Coordinating any exemptions to Freedom of Information or Public Access
                   Acts regarding access to  data  processed  on data processing systems
                   covered by this policy.

             (5)    Participating in NDPD's Computer Emergency Response  Team (CERT)
                   as described in NDPD policies and procedures for that team.

             (6)    Monitoring system compliance with this policy.

       c.     The management of each technical support function established by NDPD for the
             support  and  maintenance  of computer  systems covered  by  this  policy  is
             responsible for:

             (1)    Adhering to all policy provisions.

             (2)    Subscribing to and  using industry security risk  bulletin  boards for the
                   purpose  of identifying potential security exposures in the  UNICOS or
                   environment.

             (3)    Coordinating with the NDPD Computer Security Officer or  his delegate,
                   System Managers, and System Administrators:

                   (a)    Policy provision implementations, monitoring, and maintenance.

                   (b)    Configuration, according  to  security policy standards  of all
                          UNICOS operating systems,  utilities, and applications for which
                          it provides central distribution, support, or maintenance.

                   (c)    Reporting, defensive, and  corrective actions related  to  system
                          security exposures, breaches, and virus attacks.

             (4)    Participating in the NDPD Computer Emergency Response Team (CERT)
                   as described in NDPD policies or procedures for that team.

       d.     The System Manager and System Administrator will be responsible for:

             (1)    Adhering to all provisions of this policy.

             (2)    As directed by the Program Office, ensuring that provisions in this policy
                   governing the office are implemented, monitored, and maintained.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                           Page 3 of 9


             (3)    Subscribing to and using industry security risk bulletin boards for the
                    identifying potential security exposures in the UNICOS environment.

             (4)    Coordinating  with NDPD technical support  management and System
                    Administrators:

                    (a)    Policy provision implementations, monitoring, and maintenance.

                    (b)    Configuration,  according to security policy standards, of all
                          operating systems, utilities, and applications for their system(s).

                    (c)    Reporting,  defensive, and corrective actions related to  system
                          security exposures, breaches, and virus attacks.

                    (d)    Implementation of system warning notices during system logon  to
                          provide legal protection from unauthorized access attempts.

                    (e)    Aid to the NDPD Computer Security Staff with security audits.

             (5)    Participating in NDPD's  Computer Emergency Response Team (CERT)
                    as described in NDPD policies or procedures for that team.

       e.     Supercomputer  customers or customers of  a UNICOS-based  computer  are
             responsible for:

             (1)    Adhering to all provisions of this policy.

             (2)    Practicing sound password management (i.e., no shared User-IDs and
                    passwords).

             (3)    Coordinating  with the system  manager on implementing required data
                    security BEFORE placing their data on the system and securing data based
                    on an evaluation of the sensitivity of that data.

             (4)    Operating, according  to  security policy standards, all their utilities and
                    applications.

             (5)    Reporting, defensive, and corrective actions related to system security
                    exposures, breaches, and virus attacks.

       f.     The EPA NDPD security function is a commercially contracted responsibility of
             the Primary Support Contractor (PSC) as provided for in Attachment A of OMB
             Circular A-76. All NCC Primary Support Contractor departments and personnel
             engaged in the operation, support,  or maintenance of systems covered by this
             policy are responsible for adhering to these policy provisions and for conducting
             security-related  activities as directed by the NDPD Computer  Security Officer
             under provisions of the primary  support contract.


4.0    POLICY

The computer systems covered by this policy will be used for official Government business only.
Unauthorized use of any of these systems is a criminal offense under Title  18 of the United
States Code, Section  641,  and may subject  violators to a fine of up  to  $10,000  and/or
imprisonment of up to 10 years.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                          Page 4 of 9


The security of UNICOS or UNICOS-based computer systems, and the facilities within which
they reside and which are owned, operated, or supported by EPA's NDPD will be implemented,
maintained, and monitored in compliance with generally  accepted security standards,  with
Federal regulations and directives, and specifically, with Federal regulations and directives and
UNICOS and applicable Unix security vulnerability documentation referenced in Paragraph 7.0,
PROCEDURE REFERENCES, of this policy.

Access to Agency UNICOS or UNICOS-based computers and data residing on those computers
will be protected from unauthorized access from computer systems not covered by this policy.

Any Agency owned or operated UNICOS or UNICOS-based computer system attaching to the
Agency network must demonstrate conformity to this policy to the NDPD Computer Security
Officer within 90 days of attachment.  Demonstration of conformance will be measured by the
completion of a UNICOS security review questionnaire.  Failure to demonstrate conformance
will result in removing the computer system's attachment from EPA's wide area network.  EPA
Unix systems covered by this policy will, as a design goal, meet C2 security requirements.


5.0   DEFINITIONS

      a.     Industry Standard - for the purpose of this policy, industry standards are defined
             through the documents in Paragraph 7.0 PROCEDURE REFERENCES of this
             policy, industry bulletin boards  referenced  in those documents, and Security
             Administrator guides for each computer system.

      b.     Federal Trusted Computing Base  (C2) Discretionary Access Control- C2 level of
             security is described in the Trusted Computer System Evaluation Criteria. CSC-
             STD-001-83  and   includes security  functionality  in the  following areas:
             Discretionary Access Control,  Object Reuse,  Identification and Authentication,
             and Audit Accountability.


6.0   STANDARDS

6.1   SYSTEM CONFIGURATION AND OPERATION

      a.     The design goal for the operating system of all computers covered under this
             policy will be C2.  Some security options are left up to customer application such
             as Object Reuse and some UNICOS security options such as Multi-Level Security
             (MLS) features include  functionality beyond  C2.

      b.     Security  recommendations contained in Security Administrator guides and other
             documentation provided by the vendor of each Unix or Unix-based operating
             system will be implemented.

      c.     The use of trivial file transfer protocol (TFTP) is not permitted.

      d.     Only secure versions/implementations of FTP (versions later than December
             1988) are allowed.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08  ^                        Page 5 of 9


       e.     Sendmail will be configured with the following considerations:

             (1)    Remove the "decode" alias from the aliases file.

             (2)    If you create aliases that allow messages  to be sent to  programs,  be
                   absolutely sure that there is no way to obtain a shell or send commands
                   to a shell from these programs.

             (3)    Make sure the "wizard"  password is  disabled in the configuration file,
                   sendmail.cf.

             (4)    Make sure sendmail does not support the "debug" command.

       f.     UNICOS will not use fmgerd.

       g.     Files residing on the computer system will be backed up as follows: incrementals
             daily and full backups weekly.  A monthly backup will be stored  off-site.


6.2    SYSTEM DIRECTORY AND FILE PROTECTION

Files and directories which comprise the operating system must have ownership and permission
settings which ensure that they cannot easily be tampered with. In general, allowing world write
access is discouraged.


6.3    DEVICE PROTECTION

       a.     All devices will be protected with appropriate access and ownership permissions
             in accordance with vendor specifications.   Security parameters and permissions
             will not  compromise  the  system  or  the   device.    Devices   "/dev/mem",
             "/dev/kmem",  and "/dev/swap" must never be world-readable.

       b.     UNICOS system device files are used to access system peripherals (e.g., printers,
             terminals,  networks,  disks, system  memory)  and must  be  protected from
             unauthorized access.  Files comprising device definitions must be protected from
             unauthorized access.

       c.     Memory and disk devices must  be owned by a system account.   Their access
             permissions must generally be:

             (1)    Owner - READ and WRITE
             (2)    Group - READ
             (3)    World - no access


6.4    NETWORK

6.4.1   System Warning Notice

       a.     Each computer  covered by this policy which is attached to the Agency telecom-
             munications network will display the  following message at login:

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                           Page 6 of 9


             WARNING:  The use of this computer is for official Government business only.
                          Unauthorized use of this computer is a criminal offense under Tide
                          18 United States Code, Section 641, and may subject violators to
                          a fine of up to $10,000, or imprisonment of up to 10 years, or
                          both.

       b.     The customer will be notified of session monitoring activities unless a customer
             is suspected of engaging in illegal or unauthorized activities on the computer.


6.4.2  Remote Access

       a.     No wild-carding must  be permitted in the "/etc/hosts.equiv" file.

       b.     Only  local hosts not located  in  public  areas  should  be configured in  the
             "/etc/hosts.equiv" file as "trusted".

       c.     ".rhosts" files must not be established without the coordination of the System
             Administrator.

       d.     ".netrc" files  must have permissions  set to no world and group access.


6.4.3  NFS

Note:  NFS is not currently in use at NESC.   However, if utilized, the following restrictions
apply:

       a.     Each entry in  "/etc/exports" will have an associated "access=hostlist" parameter.

       b.     No entry in "etc/exports" may specify the "root=hostlist" parameter.

             If an  entry in "etc/exports" contains netgroup entries the host  name must be
             specified and  the domain field must contain a "-" if it is not used.
c.
6.4.4  UUCP

Use of UUCP is discouraged under UNICOS.  In general, no programs other than mews and
rmail must be accessible through the UUCP system.


6.5    USER-ID SECURITY

6.5.1  Registration

       a.     Procedures will be developed by local system administrators for obtaining a User-
             ID, password, group, or password reset, and updating system authentication files.

       b.     A User-ID is required for access to any computer system covered by this policy.

       c.     User-IDs may  not be shared.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                          Page 7 of 9


6.5.2  Disabled User-IPs

       a.     Disabled User-IDs will be kept to a minimum.

       b.     Disabled User-IDs will be periodically reviewed by the System Administrator to
             determine if any of them  should be removed from system authorization files.


6.5.3  Duplicate UIDs

Each User-ID will be identified with a unique UID. Duplicate UIDs are not allowed.  UIDs will
not be-reused.


6.5.4  Guest User-IDs

Guest User-IDs are not allowed. A guest User-ID established for the purpose of anonymous
FTP is NOT allowed under this policy.


6.5.5  User-ID Activity

       a.     User-IDs which have not been  accessed for 90 days will be reviewed by the
             System Administrator  to determine if the User-ID should remain  in system
             authorization files.

       b.     A review will be conducted  at least once a year to determine User-IDs which
             have not been used to access  the system since their assignment. These User-IDs
             will be removed from system authorization files, unless necessary  for system
             administration.


6.6    CUSTOMER FILE PROTECTION

Customer files, including '.login', '.cshrc', and '.profile' must be protected by default such that
only the owner can write to them.


6.7    PASSWORD SECURITY MANAGEMENT

       a.     The password  file must  be  protected such that  non-administrative personnel
             cannot view passwords in clear text.

       b.     All customer User-IDs must  have passwords.

       c.     Passwords are assigned  by  a password  generator program  to prevent trivial
             passwords.

       d.     A  maximum  of four  unsuccessful  login attempts  will be  allowed by each
             workstation.  Upon the fifth attempt, the User-ID will be disabled for 10 minutes.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                           Page 8 of 9


       e.     The system must enforce password expiration 90 days from issue.

       f.     The system will display, at login,  the date and time of the last successful and
             number of unsuccessful logins to the customer.

       g.     Passwords will  be protected from  disclosure.   Any file  which requires a
             hardcoded password will be encrypted, if possible.


6.8    FILE SYSTEM  SECURITY

       a.     All directories and files established or created by  or  for a customer  will be
             protected  at a default level access (read, write, execute) by anyone other than the
             owner.   The default "umask" setting will be 027 (no world access, group read
             and execute).

       b.     No directory will have world  write access unless required  for system functional-
             ity.

       c.     No files should have world write access unless required for system functionality.

       d.     Setuid and setgid  programs  must  be reviewed and approved by the  System
             Administrator.

       e.     No file will be owned by an undefined owner.


6.9    PHYSICAL SECURITY

       a.     At sites where computer systems and associated peripherals  are contained  in a
             central location, procedures will  be developed and implemented to grant, deny,
             and monitor access to the central location, and the central location will be:

             (1)    Protected from unauthorized access  by  industry accepted access control
                    devices (e.g., badge readers, key locks).

             (2)    Protected from environmental hazards through  use of industry accepted
                    environmental  protection devices  (e.g.,  sprinkler and uninterruptible
                    power supply systems).

       b.     Individual workstations  will  employ  power strips or other industry accepted
             devices to protect  the workstation  from electrical hazards.  A  fire extinguisher
             will be within reasonable  proximity to each workstation  location  to  allow  for
             quick response to any fire hazard occurrence.

       c.     Individual workstation owners/operators  will be responsible for protecting  the
             workstation  against unauthorized access (e.g., logging off  when not  in use,
             keyboard  locks if available).

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.08                          Page 9 of 9


MEASUREMENT:

       a.     System Security Administrators will periodically, at least monthly, monitor the
             following files (or  system  specific equivalencies) to establish a baseline  of
             customer usage  for the  purpose of detecting patterns outside of that baseline
             which may indicate a system abuse or intrusion:

             (1)    system syslog

             (2)    /etc/utmp

             (3)    /etc/wtmp

             (4)    /usr/adm/acct/*

       b.     The NDPD Computer Security Officer is authorized to conduct periodic policy
             compliance  reviews as required for quality assurance.  The NDPD Computer
             Security Officer will perform a review at least every 3 years as required  by
             Federal regulations.

       c.     Findings from system reviews for locally owned and operated NDPD systems will
             be presented via TO-DO Meeting or other mechanisms for review and action  by
             the Director, NDPD.


7.0    PROCEDURE REFERENCES

       a.     Office of Management and Budget. OMB Circulars A-76, A-123, and A-130.
             (Available from the Government Printing Office.)  (These publications, while not
             strictly procedurally directive, are important components in the administration of
             security in the Agency. They set the guidelines for policies and procedures at the
             operational levels.)

       b.     U. S.  Environmental Protection Agency. (1989)  EPA   Information   Security
             Manual (Report No. 431/001).  Washington, DC:  Office of Information and
             Resources  Management, Information Management  and  Services  Division.
             (Location:  Publications Technical Library).

       c.     Computer Security Act of 1987. (Available from  the Office of Information and
             Resources Management).

       d.     SRI International. Information and Telecommunications Services and Technology
             Division. Improving the Security of Your UNICOS System.  David A. Curry.
             (available from the NDPD Computer Security Officer).

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL

TITLE:     NESC Data Management                                 NO.    420.09

APPROVAL: *&*•£•'_ £:,, f . •", - !                                  DATE:
1.0   PURPOSE

The  National Environmental Supercomputing Center (NESC)  Data  Management policy
establishes:

      a.    Data management objectives.

      b.    Data storage requirements.

      c.    Data storage media performance and capacity requirements.


2.0   SCOPE & APPLICABILITY

This policy applies  to all NESC customers and the NDPD personnel and Primary Support
Contractor (PSC) personnel (as applicable under their contract) responsible for the management
or operation of the NESC.


3.0   RESPONSIBILITIES

The PSC will develop, update, and monitor procedures to implement this policy.

The PSC will perform the tasks necessary  to meet the objectives of this policy.

The customer community will rely on the terms of this policy to manage their data storage
requirements.

Any deviation from this policy must be approved in writing by the director  of NDPD after
consultation with the Supercomputing Resource Allocation Executive Couoncil (SRAEC) and the
Supercomputing  Research  Planning Working Group  (SRPWG)  and  be incorporated in the
applicable primary support contractual documents.


4.0   POLICY

      a.    Data storage devices at NESC will be managed to meet the storage requirements
            of the customer community  in a secure and cost-effective manner.  Data storage
            devices will also be managed to enhance system performance.

      b.    A procedure will be provided to enable customers to archive to tape their own
            disk files.

      c.    Tape files created at the NESC will be controlled by a software tape management
            system to prevent accidental erasure of data.

      d.    NESC will perform daily backups of permanent files which have been created or
            changed since  the previous  backup. Daily backup tapes will be retained for 7
            days.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.09                         Page 2 of 2


       e.     Customers must call NESC operations to request file restores.

       f.     A complete copy of the permanent files on disk will be created weekly. The tape
             copies will be retained for 5 weeks before being reused.  One weekly file system
             copy per month will be kept for 90 days.  One file system copy per month will
             be stored offsite and kept for 6 months.

       g.     A disk and tape utilization report will be submitted weekly to NDPD and shared
             with the SRPWG to indicate available data storage capacity.

       h.     Data Migration Facility (DMF) will be used to automatically  move resident disk
             files to tape to manage free space on disk.


5.0    DEFINITIONS

None.


6.0    STANDARDS

Not applicable.


7.0    PROCEDURE REFERENCE

(Pending)  U. S. Environmental Protection Agency.  (1993) National Environmental Supercom-
puting  Center Operational Procedures Manual.  Bay City, Michigan. National Environmental
Supercomputing Center.  (Location:  NESC)

-------
                U.S. ENVIRONMENTAL PROTECTION AGENCY
                  NDPD OPERATIONAL DIRECTIVES MANUAL
TITLE:     NESC Configuration Management                          NO.    420.10
APPROVAL: JS&JLi. £',....--.  •-»                                 DATE: 1/9/9J
1.0   PURPOSE
The National Environmental Supercomputing Center (NESC) Configuration Management policy
establishes:
      a.    Configuration management objectives.
      b.    Activities required to meet the configuration management objectives.
      c.    Review requirements to ensure compliance.
2.0   SCOPE & APPLICABILITY
This policy applies to all NDPD personnel and Primary Support Contractor (PSC) personnel (as
applicable under their contract) responsible for the management or operation of the NESC.
3.0   RESPONSIBILITIES
The PSC will develop, update, and monitor procedures to implement this policy.
The PSC will perform the tasks necessary to meet the objectives of this policy.
Any deviation from this policy must be approved in writing by the Director of NDPD after
consultation with the Supercomputing Resource Allocation Executive Council (SRAEC) and the
Supercomputing Research  Planning Working Group  (SRPWG) and be  incorporated in  the
applicable primary support contractual documents.

4.0   POLICY
      a.    The NESC will be managed in a manner which provides:
            (1)    A current inventory of all system components.
            (2)    A current system hardware and software configuration.
            (3)    A current system telecommunications configuration.
            (4)    A  mechanism for processing hardware, software, and  maintenance
                   procurement requests in a timely manner.
      b.    A computerized data  base containing the information required  to meet policy
            objectives will be maintained and updated within  5 working days of any system
            configuration change.

-------
NDPD OPERATIONAL DIRECTIVE NO. 420.10                          Page 2 of 2


       c.     The data base will contain sufficient detail to enable technical personnel to obtain
             system hardware and  software configurations or parameters necessary for the
             customary performance of their duties.

       d.     The Primary Support Contractor will review and certify the  accuracy of the
             configuration management data base quarterly.

       e.     The configuration data base, or reports from the configuration data base, will be
             made available to NDPD and shared with the NESC SRPWG.

       f.     All  system  software  residing  on the supercomputer must be installed  and
             maintained in compliance with the provisions of the Change Management Policy.
             In the context of this policy, system  software consists of all  vendor supplied
             products accessible by the general user community.  It also includes all system
             control and monitoring software, plus NESC developed modifications that support
             these products.

       g.     All  system  software  residing on  the  supercomputer must  be obtained in
             accordance with NDPD purchasing practices.

       h.     NDPD will  provide PSC with licensing information so that PSC personnel can
             ensure that only properly licensed software is installed and maintained. PSC will
             not install any software without first obtaining the above licensing information.


5.0    DEFINITIONS

None.


6.0    STANDARDS

Not applicable.


7.0    PROCEDURE REFERENCE

       a.     (Pending) U. S. Environmental Protection Agency. (1993) National Environmen-
             tal Supercomputing Center Operational Procedures Manual. Bay City, Michigan.
             National Environmental Supercomputing Center.  (Location:  NESC)

       b.     U.  S.  Environmental Protection Agency.  (1993)  (draft) NDPD Software
             Acquisition  and Control Procedures Manual (Report  No. 665/001).  Research
             Triangle Park, NC:  National Data Processing Division, Office of Administration
             and  Resources Management.

-------