(SCF/iSNSI --> OCF)
Review by a DC is part of every secure-to-open—i.e., SCF to OCF—TapeFIS file transfer. (Note: A special visualization FIS-DC is needed for secure-to-open image and movie file transfers.) To help DCs carry out this review role, TapeFIS provides a special set of directories dedicated to managing files undergoing review and a special software tool (ADCTOOL) for conducting the review online.
DC Review Area
In addition to the TO and FROM directories seen by each regular user of the secure FIS server, DCs have access to a separate review area (where files wait, hidden from users and protected from outside changes). This review area is organized by DC pool and user and managed when DCs run the ADCTOOL utility.
Each organization that participates in TapeFIS secure-to-open file transfers has established one or more "DC review pools" that are responsible for inspecting candidate files submitted from users in that organization. A DC review pool consists of one or more DCs and follows these rules:
- Each DC in a pool must be capable of reviewing the content of files submitted by all users assigned to that pool.
- All DCs in the same pool work as peers, with equal authority. Departments or divisions may, however, add extra security by requiring dual reviews (such as both general and content-specific reviews) from different DCs for some data.
- Every FIS user is assigned to a DC review pool based on the scope of their work as determined by their organization.
- A user assigned to one DC pool can only have their submitted files reviewed by a member of that review pool (although DCs in the same pool can exchange review duties among themselves to better handle absences or workload).
- A DC is only permitted to examine and approve (or disapprove) files submitted by the users assigned to his or her review pool.
- Associated with each DC is a lifetime. Once the lifetime has expired, the DC cannot access files from their (former) pool for review. The LIST ADCS option of ADCTOOL reveals the current expiration date for every DC in the pool of the DC who runs it.
The secure-to-open review process, based on these DC pools, is simple:
- A user submits one or more files for transfer from the secure to the open network (by FTPing them to their TO directory on the secure TapeFIS server).
- The user then contacts a DC from their review pool and alerts them that files await inspection.
- The authorized DC runs ADCTOOL on the secure TapeFIS server to list the submitting user's queued files, move some (or all) of them to a special area (inaccessible to the user) for formal review, and pass (or fail) the files for transfer once reviewed.
- The user checks their README file (/users/username/README) on the secure TapeFIS server about the outcome of each file review and claims the file on the TapeFIS node if it is transferred.
ADCTOOL Explained (For DCs Only)
ADCTOOL Quick Start Guide
- Only designated users have permission to send things to the "TO" directory in SCF FIS.
- Only designated DCs have permission to do the final DC review for reverse FIS ("FIS DCs").
- Only text files can be submitted using this process - any binary file should be rejected (marked "fail")
- The review process requires a confirming review by a second DC.
- Use the adctool to do the review, including retrieving the file, and marking it pass/fail. After retrieving the file you can either 'give' the 2nd DC the files for review, or you can show it to them on your terminal.
- If you mark the file "pass", it will then be sent manually to the unclassified network, where the person who submitted the file on the closed can retrieve it from the appropriate tapefis system on the open.
cslic% ssh tapefis # You'll be dropped into 'adctool' ADCTOOL> list # To get list of users/files to review ADCTOOL> review <username> # To review files from username review user123 (e.g.) ADCTOOL> ftp user123 # To ftp files from user123 to yourself, so you can review the file open -u <your_username> cslic # E.g., "open -u jill_dc cslic" put actual-file-name # Just the filename, no directory paths. # This file will end up in *your* home dir. quit # Review the file, and either give the file to the second DC or have the second DC review it on your screen. ADCTOOL> pass user123 # If file is deemed unclassified by both DCs, # you can "pass" the file submitted by user123. # Otherwise mark "fail". <CR> for all files "text" for file type ADCTOOL> quit
ADCTOOL Reference Guide
If you are a DC, you can log into the secure (SCF/iSNSI) TapeFIS server (using SSH) to manipulate files that users have submitted for review. A utility called ADCTOOL runs as a shell as soon as you log in and offers commands designed to select, (dis)approve, and otherwise manage user-submitted files and share DC duties among those in your DC pool. ADCTOOL offers the prompt:
and accepts these commands:
reports all files currently submitted for transfer or held for review by the DC running ADCTOOL, or (with target options) selectively reports only submitted files (queue), review-held files (held), the users for whom this DC can perform reviews (users), or this DC's peer reviewers and their expiration dates (adcs).
review [username [filelist]]
moves the specified file(s) for the specified user into the review area of the DC running ADCTOOL.
pass [username [filelist]]
approves the specified file(s) for the specified user, prompts for a description of the file type(s), moves the file(s) into the collection area for tape transfer to the open network, and alerts the user by appending a message to their README file.
fail [username [filelist]]
disapproves the specified file(s) for the specified user, deletes the file(s) and overwrites the space, and alerts the user by appending a message to their README file.
assume [username [adcname]]
enables the DC running ADCTOOL to "assume" review duties from the specified DC (adcname) for all currently held files of the specified user.
starts an FTP session so you can move any currently held files for the specified user to another machine where you can examine their contents to determine their classification status.
displays general ADCTOOL help, or help on the specified command.
ends ADCTOOL and logs out of the secure (SCF) FIS node.
assume [username [dcname]]
Enables a second DC to "assume" review duties from a first DC (called dcname) for all (and only the) currently held (under-review) files submitted by username. If one DC transfers username's file(s) to their review area to begin the classification review but does not complete the process, this command lets any other DC in the same review pool (only) move the already-held files to their second review area to resume review. If you specify username but no dcname, ADCTOOL prompts for the missing DC's name. If you omit both names, ADCTOOL prompts for each one.
Enables you to move held files to another machine (this is the only way you can examine their content in detail to confirm their classification status). This command:
- Starts an FTP client on the secure FIS node.
- Changes local directories so that (only) file(s) submitted by username are available for transfer.
- Lets you OPEN a connection to another secure machine, PUT files, and then QUIT the FTP session.>
- Resumes your ADCTOOL session when FTP ends.
While FTP runs, you get its prompt directly (and you can use any of its options). If you omit username, ADCTOOL prompts for it. Only a file copy is transferred to the remote machine; each file's reference version remains in the FIS node's review area until you pass or fail it with ADCTOOL.
To use this mode to transfer a file to another secure system (in this example, connecting to the LC cslic system):
after entering the ftp mode enter
-u your-username cslic put filename
This will transfer a copy of the file into home directory on cslic
Displays a brief descriptive list of available ADCTOOL commands, or, if you specify command, provides a brief explanation of that command's role.
Ends ADCTOOL and logs you out of your current interactive session on the secure FIS node.
Authorization Levels: The Classification Review Categories
Most users are prohibited from transferring any data from the SCF to the OCF. The use of the secure transfer server is limited to retrieving files transferred from the open environment. Users have a TO directory as part of the standard work space, but any files placed in that directory will not be transferred.
For users who have a need and are authorized to transfer files from SCF to OCF, you will have the standard work space (TO and FROM directories) for submitting and retrieving files. Files that you place in the TO directory will be held in the TO directory awaiting DC review and approval. Typically, you submit files into the TO directory and then seek out a DC within your organization who is capable of reviewing your data. Your completed user request form contains the name of a DC pool; the DCs assigned to this pool are capable of reviewing your data. Ask your computer coordinator for the names of the DCs assigned to this pool. Each department or division determines its own file review policy for its own DCs. LC, for example, expects a "cognizant system administrator" DC to review system data before a second, routine review by a "FIS DC" takes place.
You and your DC(s) will usually begin by discussing the content of your submitted files. The DC is also able to select and copy your files for review and examine them on his or her local computer (assisted by a special program called ADCTOOL). The DC can accept the files as approved data and release them back into the transfer path or reject the files as disapproved data and purge the files from FIS.
When a file is selected for review by a DC, it is copied from your TO directory into a review area that is inaccessible by the user. (All files must be submitted in the TO directory, where they await DC inspection.)
So how do users find out if their files have completed review? One way is to ask the DC; another is to look at the README file found in your top-level directory on the secure FIS node (/var/spool/fis/ftp/users/yourname/README). Each time a file has been reviewed (pass or fail), an entry is added to README; you can examine the tail end of this file for the results of the review, or you can simply examine the modification time of the README file to determine if the review action has occurred.