• Thanks for stopping by. Logging in to a registered account will remove all generic ads. Please reach out with any questions or concerns.

PERs : All issues questions...2003-2019

Status
Not open for further replies.
I'm not sure publicly posting the password is appropriate.

While the staff suggested the we share the password widely with other military personnel, if they had wanted it available to everybody, I suspect that they would have posted it. 

my  :2c:

AK
 
AK said:
I'm not sure publicly posting the password is appropriate.

While the staff suggested the we share the password widely with other military personnel, if they had wanted it available to everybody, I suspect that they would have posted it. 

my  :2c:

AK

The CDS posted it online in June 2012. Google: "Maple Leaf" & CFPAS. First hit: publications.gc.ca

The Taliban and ISIL don't get to see the chapters on pecking order, reprisals, and bun tosses though.

Or you could have Googled this:

http://www.ctvnews.ca/password-and-letmein-among-worst-passwords-ever-1.729935

:)
 
Hi, I did send a request for the password on the CFPAS web site and I didn't received anything and I also tried to call but no chance.  Now I'm stuck at home with 5 PER to write, can someone help me with the password to download CFPAS please.
 
USS and ISSO here :-)

If just the information at the top of the PER is filled out technically it's only Protected A. For those that fill out the PER with all the write up but leave the tombstone data out, it's still Protected B and as an ISSO if I had to do an ISSIR on this I would classify it as a security breach.  Please don't try the "but it only says Cpl Bloggins in it", I can tell you that by reading the write-up I will very likely be able to tell you who the PER is for and it should be encrypted.

As for "copies", in accordance with CFPAS there are only two versions allowed to be in existence once the PER is completed and signed by all parties. The original goes on a merit file (the merit file exists in different places for RegF vs NAVRES vs Militia), one copy is made and given to the individual who's PER it is.  That is it, that is all - any other copies are in contravention of CFPAS.

What a member decides to do with their PER is up to them, it's their document and information regarding them.  If they want to scan it and post it to Facebook, all the more power to them.  If anyone else has a copy of it, it's in contravention of CFPAS.  If anyone else an electronic copy of it and it's not encrypted than it's an IS Security Infraction and an ISSIR should be completed.

Advice from an ISSO... encrypt working copies, once they're delivered to the individual, delete all electronic copies and ensure you don't have "working copies."
 
Buck_HRA said:
USS and ISSO here :-)

If just the information at the top of the PER is filled out technically it's only Protected A. For those that fill out the PER with all the write up but leave the tombstone data out, it's still Protected B and as an ISSO if I had to do an ISSIR on this I would classify it as a security breach.  Please don't try the "but it only says Cpl Bloggins in it", I can tell you that by reading the write-up I will very likely be able to tell you who the PER is for and it should be encrypted.

As for "copies", in accordance with CFPAS there are only two versions allowed to be in existence once the PER is completed and signed by all parties. The original goes on a merit file (the merit file exists in different places for RegF vs NAVRES vs Militia), one copy is made and given to the individual who's PER it is.  That is it, that is all - any other copies are in contravention of CFPAS.

What a member decides to do with their PER is up to them, it's their document and information regarding them.  If they want to scan it and post it to Facebook, all the more power to them.  If anyone else has a copy of it, it's in contravention of CFPAS.  If anyone else an electronic copy of it and it's not encrypted than it's an IS Security Infraction and an ISSIR should be completed.

Advice from an ISSO... encrypt working copies, once they're delivered to the individual, delete all electronic copies and ensure you don't have "working copies."

No encryption needed if it is on a Protected B medium and properly stored.

 
I may be mistaken on this one but I believe the treasury board regs require all GC removable media to be encrypted.
 
SupersonicMax said:
No encryption needed if it is on a Protected B medium and properly stored.

As far as DWAN machines go, Protected A is authorized for processing and storage, while Protected B is only authorized for processing.  Any storage must be PKI encrypted.
 
Nuggs said:
I may be mistaken on this one but I believe the treasury board regs require all GC removable media to be encrypted.

True, however, TB regs also state :

Only on an exception basis, as per departmental / agency risk tolerance and with formal departmental / agency approval, may unencrypted GC information be stored on a non-password or non-biometric controlled portable data storage device

And the department of National defense makes such an exception:

...

Can't find it off DWAN. Anyways, the policy from ADM(IM) is pretty much verbatim what the TB policy is, but it adds a para that reads something like: " portable data storage devices, if not intended to contain classified material, are not required to be encrypted".

I can paste it tomorrow but essentially, if I can store  a hard copy PROB  file in my filing cabinet, why can't I store a PROB USB key containing unencrypted PROB files in the same filing cabinet?

Don't even get me started on storing encrypted PROB files on hard drive...
 
It's worth consulting the DGDS website (DWAN only) for security regulations; I believe that some have been rewritten.
 
According to MARPAC IS security orders, if you store PROB information on a USB stick unencrypted, you store the USB key in a PROB cabinet just like all your other PROB file. If, however, the PROB information is encrypted, then you can store the USB stick in the same manner as a PROA file.

Now that's just one Formation in the RCN; other elements might have different policies, but the policy makes sense to me. Why would we have to lock up and encrypt electronic information when the hardcopies are only locked up?
 
Status
Not open for further replies.
Back
Top