|
NASS
Security Pledge
Our
Guarantee for Securing
Official Estimates
|
1. |
Every NASS employee is constantly
aware of the critical importance of data security.
NASS employees embrace a firm commitment to data security. It is a matter
of integrity that is woven into every fiber of the Agency and its people.
Each year, every person working for NASS at headquarters and in each
of the 46 field offices signs a confidentiality certification stating
that survey information must not be compromised. Any offender would receive
severe punishment of up to a $10,000 fine and/or 10 years in prison.
|
2. |
Only authorized personnel are allowed
access to NASS reports before the official release time.
As NASS employees work on the 425 reports published each year, security
is a top priority at all times. Every NASS field office and headquarters
unit employs strict security procedures when working on reports.
Only NASS employees working on a specific report have access to the data,
and work areas are limited to those employees involved in the report process.
Employees who do not have direct involvement with a specific report are
prohibited from accessing the data until they are released to the public.
Whether employees are preparing weekly broiler numbers, monthly crop
production forecasts, annual cattle inventories, or the 5-year census
of agriculture results, security procedures ensure protection from premature
disclosure of the data prior to the official release time.
|
3. |
NASS facilities are physically secure
when reports are compiled.
NASS applies different levels of security corresponding to the sensitivity
of each report. The lockup process is the most stringent level of security,
and is used for data review and estimation of market sensitive commodities
(those traded on the commodities market).
The limited access lockup area is protected by an armed guard, and no communication with the outside (including
e-mail or telephone) is permitted in the area until the report is
released. Window shades are closed and sealed, and surveillance equipment
monitors the area for electronic signals during the lockup period. Employees
with special identification badges are permitted to enter but no one may exit
the area during the lockup period for any reason. In case of an extreme emergency, an
employee would be allowed to leave only if accompanied by an armed guard
until the report is released.
Invited guests may be allowed to observe the lockup procedure, but are
only admitted within one hour of data release. The visitors are briefed
on lockup procedures, are escorted while touring NASS facilities, but also cannot leave the lockup area until after data is publicly released.
|
4. |
Computer data files are protected
by state-of-the-art security technology.
The NASS network is password protected and monitored
by a security officer. Virus scans are executed on every computer when employees log into the
NASS computer network.
Yield and production data for market sensitive commodities are machine
encrypted in field offices prior to submission to headquarters. The data
are de-encrypted by headquarters personnel within the lockup area during
the lockup process.
NASS has spent considerable staff and dollar resources in the past to conduct security reviews and continues to monitor and strengthen security. Past reviews have included one by Lockheed Martin in 1997, by the USDAs Office of Inspector General (OIG) in 2000/2001 and 2002 and an additional review conducted by an outside consultant in 2001 specifically looking at remote access. Recommendations from each of these reviews were the basis of enhanced security measures implemented by NASS. These enhancements and changes to methodology include:
implementation of a firewall between USDA and the Internet,
implementation of Virtual LANs and intrusion detection at shared Federal and State facilities,
acquisition of routers supporting link level encryption,
installation of an access server and multiple level password protection for remote access,
planned installation of an advanced authentication system,
electronic key card access to and round the clock video surveillance of the secure computer room,
monthly execution of security vulnerability scanning software.
|
5. |
NASS reports do not require departmental
approval.
NASS reports are the official USDA estimates prepared under unbiased,
objective, nonpartisan, statistically sound procedures. The reports are
reviewed internally and released with the final approval of the Agricultural
Statistics Board. Neither the members of the Board nor the NASS Administrator
is politically appointed.
Prior to release of a report from lockup conditions, the Secretary of
Agriculture or a designated representative signs the report. The Secretary
is then briefed on the details in the report. However, the report is not
changed as a result of this briefing.
|
6. |
Published data are released to everyone
at the same time.
When NASS releases data, they are made available to everyone at the same
time so that no individual or organization has an unfair advantage. Release
dates are published in advance on the NASS Web site and in printed calendars.
Members of the press may be allowed into the lockup area up to two hours
prior to report release in order to compile timely media releases. They
are unable to transmit their stories until after the official release
time, when the phone and Internet connections are restored.
Printed copies of the final reports are made available to the public
at release time, and commodity statisticians are then permitted to discuss
the information. Reports are available on the Internet within minutes
of the release.
|