Are there specific requirements in the regulation relating to system security?
Yes. There are six major requirements: • Where appropriate, a project must adopt effective and technologically advanced computer software and hardware designs to prevent unauthorized access to the information contained in the system; • The project must restrict access to its facilities, operating environment, and documentation to organizations and personnel authorized by the project; • The project must store information in the system in such a manner that it cannot be modified, destroyed, accessed, or purged without authorization; • The project must institute procedures to protect criminal intelligence information from unauthorized access, theft, sabotage, fire, flood or other natural or manmade disasters; • The project must promulgate rules and regulations based on good cause for implementing its authority to screen, reject for employment, transfer, or remove personnel authorized to have direct access to the system; and • A project may authorize and utilize remote (off-premises) syste
