Sneak

  __ /\ __       __ /\ __       __ /\ __       __ /\ __
  \_`\/`_/ .\'/. \_`\/`_/ .\'/. \_`\/`_/ .\'/. \_`\/`_/
  <_>()<_>-=>*<=-<_>()<_>-=>*<=-<_>()<_>-=>*<=-<_>()<_>
  /_,/\,_\ '/.\' /_,/\,_\ '/.\' /_,/\,_\ '/.\' /_,/\,_\
     \/          _ _\/ _   ___  ___\/_ _          \/
    .\/.    +   | | | / \ |   \|   \| | | '      .\/.
   -=><=-       |   || ' || '_/| '_/\   /       -=><=-
    '/\'        |_|_||_|_||_|  |_|   |_|     *   '/\'
  __ /\ __ _ _  ___  _    _  ___   _   _ _  __ __ /\ __
  \_`\/`_/| | |/   \| |  | ||   \ / \ | | |/ _/\_`\/`_/
  <_>()<_>|   || | || |_ | || | || ' |\   /\_ \<_>()<_>
  /_,/\,_\|_|_|\___/|___||_||___/|_|_| |_| /__//_,/\,_\
     \/                   _{}_                    \/
    .\/.     *          .'    '.             +   .\/.
   -=><=- '        +   /_......_\  +            -=><=-
    '/\'      _ __ _ ."`        `".      *       '/\'
  __ /\ __   |      |    ______    \           __ /\ __
  \_`\/`_/   |;     |_.-'o    o`-._/           \_`\/`_/
  <_>()<_>   ||     |      V       |      '    <_>()<_>
  /_,/\,_\   ||_ ,  |\  `'----'`  /            /_,/\,_\
     \/      '-.` .-';'---.--.--';    *           \/
    .\/.  *     ||   |     \  '.  \           *  .\/.
   -=><=-      _||_ /'-.____\   `\ ;            -=><=-
    '/\'      /    )        |    | |`\ +         '/\'
  __ /\ __ '  | _.'         \     \ \ \    '   __ /\ __
  \_`\/`_/    \ ||         ()\     \\\ \       \_`\/`_/
  <_>()<_>     \||            \\\\\\  \ |      <_>()<_>
  /_,/\,_\      ||         ()         |_/      /_,/\,_\
     \/     *   ||                    ;   *       \/
    .\/.        ||         ()        ' '.        .\/.
   -=><=- '   .'|| '.             -'     '-.    -=><=-
    '/\'   .-'  ||     `"   "  `            `--. '/\'
  __ /\ __jgs    __ /\ __       __ /\ __       __ /\ __
  \_`\/`_/ .\'/. \_`\/`_/ .\'/. \_`\/`_/ .\'/. \_`\/`_/
  <_>()<_>-=>*<=-<_>()<_>-=>*<=-<_>()<_>-=>*<=-<_>()<_>
  /_,/\,_\ '/.\' /_,/\,_\ '/.\' /_,/\,_\ '/.\' /_,/\,_\
     \/             \/             \/             \/

https://twitter.com/LulzRo0ted


HOHOHO merry xmas! To all you lulz anons you will find tons of candy, presents, but for you goverment, the best I can give you is coal! Welcome to LulzRooted Lulz X Mas 2013!


Idk what this shit means, but still it cam off of a government server, so it has to have some value!
                        __
                        .:::'-.
                       /:::    '.
                      /:::       \
                     /:::    \:   |
                    /:::     |::  ;
                   /:::      \:: (
                  /::::       ':.)'.
              .'```--'`'-.__.-" /.  `\
             / (   '    '     '|  (' |
             |   '   .    )  . '.  ) /
             )  .  '    .     '  )_.'
             \   ;'--""-...-'-.__/		I am the Grinch who saved Xmas and stole
              '-/   ,          \		government Property
               ;_   )`-.     .( \
           ."``  `  |   `\   / | ;
          ;         \   _|  | _|  '-.
         |           '.(_/  \(_/     \
         |                __          |
          ;  `'.__.-     (._.)   ._.  /
           \     \         )      | /`
            `'.   '.      (      / ;
               '.   `'-'-._`  _.' /
                 `.        '-'   /
                  |`-.        _.'
                 _|   `. '--;`
        jgs_.-""` .`"=. .-._|
          /   '     )  ` .  `-""-.
          \ .  ( '   .    (    '  )
           `/-.__.--._  ' ._ '  .'
           /::::.     `""`` `--`\
          /::::::.               \


National Cemetery Administration - Local Reasonable  Accommodation Coordinators
Org.	First Name	Last Name	Username	Email	Role	Phone Number
MSN1: Memorial Service Network I	James	Vogel	james.vogel	[email protected]	LRAC	215-381-3787 x 4051
MSN1: Memorial Service Network I	Nicole	Maldon	maldon.nicole	[email protected]	Alt. LRAC	202-461-6227
MSN2: Memorial Service Network 2	Mia	Colemon	mia.colemon	[email protected]	LRAC	404-929-5906
MSN2: Memorial Service Network 2	Nicole	Maldon	maldon.nicole	[email protected]	Alt. LRAC	202-461-6227
MSN3: Memorial Service Network 3	Albert	Kuczak	albert.kuczak	[email protected]	LRAC	303-914-5707
MSN3: Memorial Service Network 3	Perdita	Johnson-Abercrombie	Johnson-Abercrombie, Perdita	[email protected]	Alt. LRAC	202-461-6743
MSN4: Memorial Service Network 4	Mary 	Baker	mary.baker	[email protected]	LRAC	317-916-3795
MSN4: Memorial Service Network 4	Gretchen	Ricketts	gretchen.ricketts	[email protected]	Alt. LRAC	317-916-3790
MSN5: Memorial Service Network 5	Angeline 	Scott	angeline.scott	[email protected]	LRAC	510-637-6283
MSN5: Memorial Service Network 5	Perdita	Johnson-Abercrombie	Perdita.Johnson-Abercrombie	[email protected]	Alt. LRAC	202-461-6743

	    .'  , _\
        _       /_____\{_}
       / ( .   {_______}
       |  `|_  / .   . \
        \_.'_} |.  v  .|     I hate the federal government so this one is for you!
        {_.'|  \ '...' /
         |   \{`'.___.'`}
          \   /'._   _.'`\
           \ ;  o ```     \
            ;  o       \   \_
            |  o_       \.'` }
            ;==[_]======{__.'\
            \             |/) |
             `;         .' /_/
             / `- /    /
            /    /\    \
           {`-._/  \ _.'`}
           ;-.__}   {__.'\
        __/   /       \_  \
       (  `  /        /   /
         '.__/        (__.'
		 Negotiated Requirements Review.

'Each negotiated requirement is presented using data from the multi-state negotiation of the Individual Requirement Review.
The Idividual Requirement Review COMPARES the specific events or actions  of two AHIC use cases to commonly identified requirements reported across all participating states.
The following tables [T2] summarizes agreed minimum negotiated requirements and requirements placed in the parking lot for further discusion.


"Negotiated Status:  AUT 1 - User Authentication
"" + "" means item is to be included in minimum policy;

"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*								PARKING LOT
T2.  AUT1 Matched Requirements across use cases and reporting states			L	L/M	L/M	M	L	M	M
AUT 1 'User Authentication			AZ	CO	CT	OK	MD	NE	WA		 ISSUES / EXPLANATIONS
Negotiated Status
		Method of User Identity Vetting:
	 + 	In person	R	R	R	R	R	R	R		In person to a trusted authority recognized by the State or Federal Government.
	 -	Notary			O	O		O	O
	 + 	Demonstrate Government-issued ID	R	R	R	R	R	R	R
	 -	Other:_______________
	 +	Validate Provider Licensure	R	O	R	R	R	R	R		Validate provider licensure when applicant is requesting an identity tied to a regulated provider type
	 + 	Validate Employees of Licensed Provider Organization	R	R	R	R	R	R	R
	 + 	HIO use of a specific naming convention as a primary identifier	R	R/R	R	O	O	R	R
		Assurance Level used:
	 -	Low (username/PIN)	R	[ R ]			R
	 + 	Medium (Knowledge/strong password)	R	R	O	R	R	R	R
		Lab Results Context Restrictions:									Need to send to HSPL collaborative - certain states have restrictions.
	  -	Ordering clinician		R	O		R	O
	 - 	Associated organization		R	O		R	O
		Medication Context Restrictions:									Need definition/clarifications on both context restrictions. Out of scope for this project.
	 -	Ordering clinician		R	O	R			R
	  -	Association with organization initiating order		O	O	O			R
	 + 	Sensitivity Restricted:									Where sensitivity restrictions apply, identity,role, affiliation and purpose of use must be declared and electronically codified.
	RIA	HIV	R	O	R	R	R	O	R
	RIA	Mental Health Record	R	O	R	O	R		R
	RIA	Substance Abuse Record	R	O	R	R	R		R
	RIA	Sexual Health Record	R	O	O	O	R		R
	RIA	Prison Health Record	R	O	O
	RIA	Other: __genetic information_____	R
	State reported as Not implementable at this time
R- required; O - optional

"Negotiated Status:  AUT2 - Subject of Care Identity
"" + "" means item is to be include in policy;

"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*
T2. 'AUT2 Matched Requirements across use cases and reporting states			L	L/M	L/M	M	L	M	M
AUT2-  Subject of Care Identity			AZ	CO	CT	OK	MD	NE	WA
Negotiated Status
	 + 	"Matching criteria policy
   (e.g., exact match on DOB, First Name, Last Name, Address)"	R	R	R	R	R	R	R
R- required; O - optional


"Negotiated Status:  AUT3 - System Authentication
"" + "" means item is to be include in policy;

"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*								PARKING LOT
T2. AUT3 Matched Requirements across use cases and reporting states			L	L/M	L/M	M	L	M	M
AUT3 - System Authentication			AZ	CO	CT	OK	MD	NE	WA		 ISSUES / EXPLANATIONS
Negotiated Status
		System Identity Vetting:	R								Suggest changing "IN-PERSON SITE VISIT" to "data sharing agreement signed by legal and CEOs"
	 +	Assertion by Authorized Organization Representative	R	R/R	R	R	R	R	R
	 +	Demonstrate association with Licensed Organization	R	R	R	R		R	O
		Assurance Levels:
	 +	High (PKI/Digital ID)			R	R			R
	 + 	Sensitivity Restricted			O						Where sensitivity restrictions apply, identity,role, affiliation and purpose of use must be declared and electronically codified.
	RIA	HIV	R	/O		O	R		R
	RIA	Mental Health Record	R	/O	R	O	R		R
	RIA	Substance Abuse Record	R	/O	R	R	R		R
	RIA	Sexual Health Record	R	/O	R	O	R		R
	RIA	Prison Health Record	R	/O	O
	RIA	Other: Specify:_________	R	/O	O
R- required; O - optional


"Negotiated Status:
"" + "" means item is to be include in policy;

"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*
		Use case 	L	L/M	L/M	M	L	M	M
T2. 'AUT4 Matched Requirements across use cases and reporting states			AZ	CO	CT	OK	MD	NE	WA
	 +	Use of Timestamp	R	R	R	R	R	R	R
R- required; O - optional

"Negotiated Status:
"" + "" means item is to be include in policy;

"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*								PARKING LOT
		Use case 	L	L/M	L/M	M	L	M	M
T2. AUT5 Matched Requirements across use cases and reporting states			AZ	CO	CT	OK	MD	NE	WA		 ISSUES / EXPLANATIONS
		Organization Identity Vetting:
	 +	Personal Knowledge		R	R/O	O	R	R	R
	 +	Demonstrate Articles of Incorporation		R/	/O	R	R	R	R
	 +	HIO use of a specific naming convention as a primary identifier			R		R				Don't have right now. This is a requirement at the state level.Recommend development of a Naming Convention that can be registered and identified nationally.
	RIA	Use of Object identifier (OID):______________			R	O	O
	RIA	Describe:_idiosyncratic naming (Colorado)______		R		O
		Assurance Levels:	**
	 +	High (PKI/Digital ID)	R	R	R	R			R
	 -	Lab Results Context Restrictions:									Out of scope for this project.
	 -	Ordering system		R/	O		R		R
	 -	Medication Context Restrictions:									Out of scope for this project.
	 -	Ordering system			O	O			R
	 -	Association with organization initiating order			O	O			R
	 + 	Sensitivity Restricted - Lab & Medication		O			R				Where sensitivity restrictions apply, identity,role, affiliation and purpose of use must be declared and electronically codified.
	RIA	               HIV		O	R	O	R	O	O
	RIA	              Mental Health Record		O	R	O	R		O
	RIA	              Substance Abuse Record		O	R	R	R		O
	RIA	              Sexual Health Record		O	O	O	R
	RIA	              Prison Health Record		O	O	O
R- required; O - optional

"Negotiated Status:
"" + "" means item is to be include in policy;
"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*								PARKING LOT
		Use case 	L	L/M	L/M	M	L	M	M
T2. AUT6 Matched Requirements across use cases and reporting states			AZ	CO	CT	OK	MD	NE	WA		 ISSUES / EXPLANATIONS
	 +	Means for identifying recipients of communications:	**								Need further clarification. Also not sure which use case it applies to.Need to have an identity established, but the identification method can include but not be restricted to one of the following methods:
	 +	Derived from ordering system communications		R	O		R		R
	 +	Selected from provider directory			O	R			O
	 +	Derived from identifiers included in request for information		 /R	O	R	R		R
R- required; O - optional


"Negotiated Status:
"" + "" means item is to be include in policy;

"" P "" means Parking Lot - in need of further discussion."
			L- EHR Laboratory Use Case
			M - Medication Management Use Case
			Required-Optional Requirements*
		AUT7 Included in Med Man. Use Case only.	L	M	M	M	L	M	M
T2. AUT7 Matched Requirements across use cases and reporting states			AZ	CO	CT	OK	MD	NE	WA
	 +	Signer credentials:			R
	 +	Credential issued by trusted authority		R	R	R			R
	 +	Credential is current		R	R	R			R
	 +	Credential is not suspended/revoked		R	R	R			R
	 +	Credential is of appropriate type (e.g. physician, pharmacist)		R	R	R			R
	 +	Data Integrity:			R
	 +	Data has not been changed since signature			R	R			R
	 +	Timestamp			R	R			R
R- required; O - optional


Applicable ISO 17799 Standard(s) & References	HIPAA Citation	Standard Implementation Specification	Implementation	Requirement Description
SECURITY STANDARDS: GENERAL RULES
ADMINISTRATIVE SAFEGUARDS
6.1.2, 6.1.4	164.308(a)(3)(ii)(B)	Workforce Clearance Procedure	Addressable	Procedures to ensure appropriate PHI access
6.1.2, 6.1.4	164.308(a)(3)(ii)(C)	Termination Procedures	Addressable	Procedures to terminate PHI access
9.6.1, 9.5.3, 9.2.2, 10.4.3	164.308(a)(4)(i)	Information Access Management		P&P to authorize access to PHI
4.2.1	164.308(a)(4)(ii)(A)	Isolation Health Clearinghouse Functions	Required	P&P to separate PHI from other operations
9.1.1, 9.2.2, 9.4.1, 9.6.2, 9.2.1, 8.1.4, 5.2.1	164.308(a)(4)(ii)(B)	Access Authorization		P&P to authorize access to PHI
8.1.4, 9.1.1, 9.2.2, 9.2.4, 9.4.1, 9.5.2, 9.5.3, 9.6.2,  8.6.4, 5.2.1, 9.4.2, 9.4.3, 9.4.4, 9.4.5, 12.1.5	164.308(a)(4)(ii)(C)	Access Establishment and Modification	Addressable	P&P to grant access to PHI
6.2.1, 8.7.7, 9.2.1, 9.2.2, 9.3.2, 9.8.1, 8.7.7, 8.7.4, 12.1.5, 6.1.1, 6.1.3	164.308(a)(5)(i)	Security Awareness Training		Training program for workers and managers
6.2.1, 9.3.2, 6.1.1, 6.1.3	164.308(a)(5)(ii)(A)	Security Reminders	Addressable	Distribute periodic security updates
8.3.1, 8.7.4, 4.1.4, 10.4.1, 10.4.2, 10.5.1-10.5.5	164.308(a)(5)(ii)(B)	Protection from Malicious Software	Addressable	Procedures to guard against malicious software
8.4.2, 9.7.1, 9.7.2, 8.4.3	164.308(a)(5)(ii)(C)	Log-in Monitoring	Addressable	Procedures and monitoring of log-in attempts
9.2.3, 9.3.1, 9.5.4	164.308(a)(5)(ii)(D)	Password Management	Addressable	Procedures for password management
8.1.3, 4.1.6	164.308(a)(6)(i)	Security Incident Procedures		P&P to manage security incidents
6.3.1,6.3.2,6.3.4,8.1.3	164.308(a)(6)(ii)	Response and Reporting	Required	Mitigate and document security incidents
11.1.1, 8.6.3, 4.1.6, 8.1.2	164.308(a)(7)(i)	Contingency Plan		Emergency response P&P
8.1.1, 8.4.1, 11.1.3, 11.1.2, 8.6.3	164.308(a)(7)(ii)(A)	Data Backup Plan	Required	Data backup planning & procedures
11.1.3	164.308(a)(7)(ii)(B)	Disaster Recovery Plan	Required	Data recovery planning & procedures
11.1.3	164.308(a)(7)(ii)(C)	Emergency Mode Operation Plan	Required	Business continuity procedures
7.2.2, 11.1.3, 11.1.5, 8.1.5, 7.2.3, 10.5.1-10.5.5	164.308(a)(7)(ii)(D)	Testing and Revision Procedures	Addressable	Contingency planning periodic testing procedures
11.1.2, 11.1.4, 8.1.5, 5.2.2, 8.1.2	164.308(a)(7)(ii)(E)	Applications and Data Criticality Analysis	Addressable	Prioritize data and system criticality for contingency planning
4.1.5, 9.7.2, 12.2.1, 12.2.2, 3.1.2, 6.3.4, 8.1.1, 8.2.2	164.308(a)(8)	Evaluation		Periodic security evaluation
4.2.1, 4.2.2, 4.3.1, 8.1.6, 12.1.1, 4.1.6, 8.2.1, 8.7.4	164.308(b)(1)	Business Associate Contracts and Other Arrangements		CE implement BACs to ensure safeguards
8.71,4.3.1,12.1.1	164.308(b)(4)	Written Contract	Required	Implement compliant BACs
PHYSICAL SAFEGUARDS
7.1.1-7.1.5, 12.1.3, 9.3.2	164.310 (a)(1)	Facility Access Controls		P&P to limit access to systems and facilities
7.2.2, 11.1.1, 11.1.3, 12.1.3, 4.1.7, 7.2.3, 7.2.4, 8.1.1	164.310(a)(2)(i)	Contingency Operations	Addressable	Procedures to support emergency operations and recovery
7.1.1, 7.1.3	164.310(a)(2)(ii)	Facility Security Plan	Addressable	P&P to safeguard equipment and facilities
7.1.2, 7.1.4, 9.1.1	164.310(a)(2)(iii)	Access Control Validation Procedures	Addressable	Facility access procedures for personnel
7.2.4, 12.1.3	164.310(a)(2)(iv)	Maintenance Records	Addressable	P&P to document security-related repairs and modifications
2.2.4, 7.2.1, 8.6.1, 7.1.4, 7.2.4, 8.6.1, 12.1.5, 9.3.2, 8.1.5, 4.1.4, 5.2.1	164.310(b)	Workstation Use		P&P to specify workstation environment & use
7.2.1, 7.2.4, 8.6.2, 9.3.2, 7.3.2	164.310(c)	Workstation Security		Physical safeguards for workstation access
5.1.1, 7.2.5, 7.3.2, 8.7.2, 8.6.7, 9.8.1, 8.5.1, 6.3.3	164.310(d)(1)	Device and Media Controls		P&P to govern receipt and removal of hardware and media
7.2.6, 8.6.2	164.310(d)(2)(i)	Disposal	Required	P&P to manage media and equipment disposal
7.2.6, 8.6.2	164.310(d)(2)(ii)	Media Re-use	Required	P&P to remove PHI from media and equipment
5.1.1, 7.3.2, 7.2.5, 8.7.2, 9.8.1	164.310(d)(2)(iii)	Accountability	Addressable	Document hardware and media movement
8.1.1, 8.4.1, 8.6.3, 12.1.3	164.310(d)(2)(iv)	Data Backup and Storage	Addressable	Backup PHI before moving equipment
TECHNICAL SAFEGUARDS
9.1.1, 9.4.1, 9.6.1, 12.1.3	164.312(a)(1)	Access Control 		Technical (administrative) P&P to manage PHI access
9.2.1, 9.2.2	164.312(a)(2)(i)	Unique User Identification	Required	Assign unique IDs to support tracking
11.1.3	164.312(a)(2)(ii)	Emergency Access Procedure	Required	Procedures to support emergency access
9.5.7, 9.5.8, 7.3.1	164.312(a)(2)(iii)	Automatic Logoff	Addressable	Session termination mechanisms
8.5.1, 8.7.4, 10.3.1, 10.3.2, 10.3.3, 12.1.6	164.312(a)(2)(iv)	Encryption and Decryption	Addressable	Mechanism for encryption of stored PHI
8.1.3, 8.6.2, 9.7.1, 9.7.2, 12.3.1, 12.3.2, 10.3.4, 9.7.3, 4.1.6, 4.1.7	164.312(b)	Audit Controls		Procedures and mechanisms for monitoring system activity
12.1.3, 10.2.1, 10.4.2	164.312(c)(1)	Integrity		P&P to safeguard PHI unauthorized alteration
10.2.3, 8.1.6	164.312(c)(2)	Mechanism to Authenticate Electronic Protected Health Information	Addressable	Mechanisms to corroborate PHI not altered
9.4.3, 9.5.3, 8.76, 4.2.1, 9.2.1, 9.2.2, 10.2.1, 10.3.3	164.312(d)	Person or Entity Authentication		Procedures to verify identities
10.3.1, 10.3.4, 10.2.4, 4.2.1	164.312(e)(1)	Transmission Security		Measures to guard against unauthorized access to transmitted PHI
12.1.3, 10.3.4, 8.7.4, 7.2.3, 8.7.6, 9.4.3, 9.4.3-9.4.9, 9.6.2,10.2.2, 10.2.4, 10.4.3	164.312(e)(2)(i)	Integrity Controls	Addressable	Measures to ensure integrity of PHI on transmission
8.5.1, 8.7.4, 10.3.1, 10.3.2, 10.3.3, 10.4.2, 12.1.6	164.312(e)(2)(ii)	Encryption	Addressable	Mechanism for encryption of transmitted PHI
ORGANIZATIONAL REQUIREMENTS
4.2.2, 4.3.1, 8.1.6, 12.1.1, 4.2.1, 8.2.1, 4.1.6	164.314(a)(1)	Business Associate Contracts or Other Arrangements		CE must ensure BA safeguards PHI
4.2.2, 4.3.1, 8.1.6, 8.7.1, 12.1.1, 8.7.4	164.314(a)(2)	Business Associate Contracts		BACs must contain security language
N/A	164.314(b)(1)	Requirements for Group Health Plans		Plan documents must reflect security safeguards
N/A	164.314(b)(2)(i)	Implement Safeguards		Plan sponsor to implement safeguards as appropriate
N/A	164.314(b)(2)(ii)	Ensure Adequate Separation		Security measures to separate PHI from plan sponsor and plan
N/A	164.314(b)(2)(iii)	Ensure Agents Safeguard		Ensure subcontractors safeguard PHI
N/A	164.314(b)(2)(iv)	Report Security Incidents		Plan sponsors report breaches to health plan
3.1.1, 8.1.1, 12.1.4 (Privacy 6.1.3, 7.3.1, 8.7.4, 8.7.7), 12.1.1, 9.8.2, 12.1.2, 12.2.1, 12.1.4	164.316(a)	Policies and Procedures		P&P to ensure safeguards to PHI
8.1.1, 12.1.1, 12.2.1	164.316(b)(1)	Documentation		Document P&P and actions & activities
	164.316(b)(2)(i)	Time Limit		Retain documentation for 6 years
	164.316(b)(2)(ii)	Availability		Documentation available to system administrators
4.1.7, 12.1.1	164.316(b)(2)(iii)	Updates		Periodic review and updates to changing needs


                   .------,
      .\/.          |______|
    _\_}{_/_       _|_Ll___|_
     / }{ \       [__________]          .\/.
      '/\'        /          \        _\_\/_/_
                 ()  o  o    ()        / /\ \
                  \ ~~~   .  /          '/\'
             _\/   \ '...'  /    \/_
              \\   {`------'}    //
               \\  /`---/',`\\  //
                \/'  o  | |\ \`//
                /'      | | \/ /\
   __,. -- ~~ ~|    o   `\|      |~ ~~ -- . __
               |                 |
          jgs  \    o            /
                `._           _.'
                   ^~- . -  ~^


IT Product Name	Policy Path	Policy Setting Name	FDCC Windows XP Final	FDCC Windows Vista Final	Windows 7 USGCB	Windows 7 DOD	Windows 7 SSLF
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy	Account lockout duration	15 minutes	15 minutes	15 minutes	0 minutes	15 minutes
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy	Account lockout threshold	5 invalid logon attempts	5 invalid logon attempts	5 invalid logon attempts	3 invalid logon attempts	10 invalid logon attempt(s)
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy	Reset lockout counter after	15 minutes	15 minutes	15 minutes	60 minutes	15 minutes
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy	Enforce user logon restrictions	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy	Maximum lifetime for service ticket	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy	Maximum lifetime for user ticket	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy	Maximum lifetime for user ticket renewal	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy	Maximum tolerance for computer clock synchronization	Not Defined	Not Defined
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy	Enforce password history	24 passwords remembered	24 passwords remembered	24 passwords remembered	24 passwords remembered	24 passwords remembered
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy	Maximum password age	60 days	60 days	60 days	60 days	90 days
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy	Minimum password age	1 day	1 day	1 day	1 day	1 day
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy	Minimum password length	12 characters	12 characters	12 characters	14 characters	12 characters
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy	Password must meet complexity requirement	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy	Store passwords using reversible encryption	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Maximum application log size	16384 kilobytes	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Maximum security log size	81920 kilobytes	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Maximum system log size	16384 kilobytes	Not Defined
Windows Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Prevent local guests group from accessing application log	(Not Applicable)	Not Defined
Windows Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Prevent local guests group from accessing security log	(Not Applicable)	Not Defined
Windows Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Prevent local guests group from accessing system log	(Not Applicable)	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Retain application log	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Retain security log	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Retain system log	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Retention method for application log	Not defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Retention method for security log	Not defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Event Log	Retention method for system log	Not defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\rcp.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\reg.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\regedt32.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\regedit.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\arp.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\at.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\attrib.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\cacls.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\debug.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\edlin.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\eventcreate.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\eventtriggers.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\mshta.exe	"Administators: Full
System: Full
Users: Read and Execute"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\net.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\net1.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\netsh.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\regini.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\regsvr32.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\rexec.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\route.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\rsh.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\sc.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\secedit.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\subst.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\System32\systeminfo.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\tftp.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\File System	%SystemRoot%\system32\tlntsvr.exe	"Administators: Full
System: Full"	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit account logon events	Success, Failure	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit account management	Success, Failure	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit directory service access	Failure	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit logon events	Success, Failure	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit object access	Failure 	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit policy change	Success	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit privilege use	Failure	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit process tracking	No auditing	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy	Audit system events	Success	Not Defined
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Accounts: Administrator account status	Enabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Accounts: Guest account status	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Accounts: Limit local account use of blank passwords to console logon only	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Accounts: Rename administrator account	Renamed_Admin 	Renamed_Admin 	Renamed_Admin 	ORGANIZATIONAL DEFINED NAME	Recommended
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Accounts: Rename guest account	Renamed_Guest 	Renamed_Guest 	Renamed_Guest 	ORGANIZATIONAL DEFINED NAME	Recommended
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Audit: Audit the accesss of global system objects	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Audit: Audit the use of Backup and Restore privilege	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings	(Not Applicable)	Enabled	Enabled	Enabled	Enabled
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Audit: Shut down system immediately if unable to log security audits	Disabled	Disabled		Disabled	Disabled
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not defined	Not Defined			Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not Defined	Not Defined			Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Devices: Allow undock without having to log on	Not Defined	Not Defined			Not Defined
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Devices: Allowed to format and eject removable media	Administrators and Interactive Users	Administrators and Interactive Users	Not Defined	Administrators 	Administrators
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Devices: Prevent users from installing printer drivers	Disabled	Disabled	Disabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Devices: Restrict CD-ROM access to locally logged-on user only	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Devices: Restrict floppy access to locally logged-on user only	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Devices: Unsigned driver installation behavior	Do not allow installation	(Not Applicable)
Windows XP	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain controller: Allow server operators to schedule tasks	Not Defined	(Not Applicable)
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain controller: LDAP server signing requirements	Not Defined	Not Defined
Windows XP and Vista	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain controller: Refuse machine account password changes	Not Defined	Not Defined
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain member: Digitally encrypt or sign secure channel data (always)	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain member: Digitally encrypt secure channel data (when possible)	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain member: Digitally sign secure channel data (when possible) 	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain member: Disable machine account password changes	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain member: Maximum machine account password age	30 Days	30 Days	30 Days	30 Days	30 Days
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Domain member: Require strong (Windows 2000 or later) session key	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Interactive logon: Do not display last user name	Enabled	Enabled	Enabled	Enabled	Enabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Interactive logon: Do not require CTRL+ALT+DELETE	Disabled	Disabled	Disabled	Disabled	Disabled
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Interactive logon: Message text for users attempting to logon	This system is for the use of authorized users only. Individuals using this computer system without authority or in excess of their authority are subject to having all their activities on this system monitored and recorded by system personnel. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity system personal may provide the evidence of such monitoring to law enforcement officials.	This system is for the use of authorized users only. Individuals using this computer system without authority or in excess of their authority are subject to having all their activities on this system monitored and recorded by system personnel. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity system personal may provide the evidence of such monitoring to law enforcement officials.	This system is for the use of authorized users only. Individuals using this computer system without authority or in excess of their authority are subject to having all their activities on this system monitored and recorded by system personnel. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity system personal may provide the evidence of such monitoring to law enforcement officials.	DoD Banner	Not Defined
Windows XP, Vista, and 7	Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options	Interactive logon: Message title for users attempting to logon	-- WARNING --