---

---

FIPS PUB 191 NM3. Responsible for securing the LAN environment within the site and interfaces to outside networks. NM4. Responsible for responding to emergency events in a timely and effective manner. NM4.1.    Notify  local  administrators  if  a  penetration  is  in  progress,  assist  other  local administrators in responding to security violations. NM4.2. Cooperate   with   local   administrators   in   locating   violators   and   assist   in enforcement efforts. NM5. Responsible for employing generally approved and available auditing tools to aid in the detection of security violations. NM6. Responsible for conducting timely audits of LAN server logs. NM7. Responsible for remaining informed on outside policies and recommended practices and when   appropriate,   informing   local   users   and   advising   management   of   changes   or   new developments. NM8.  Responsible  for  judiciously  exercising  the  extraordinary  powers  and  privileges  that  are inherent in their duties.   Privacy of users should always be a major consideration. NM9.  Responsible  for  developing  appropriate  procedures  and  issuing  instructions  for  the prevention, detection, and removal of malicious software consistent with the guidelines contained herein. NM10. Responsible for backing up all data and software on the LAN servers on a timely basis. NM11. Responsible for identifying and recommending software packages for the detection and removal of malicious software. NM12. Responsible for developing procedures that allow users to report computer viruses and other  incidents  and  then  responsible  for  notifying  potentially  affected  parties  of  the  possible threat. NM13. Responsible for promptly notifying the appropriate security or incident response personnel of all computer security incidents including malicious software. NM14. Responsible for providing assistance in determining the source of malicious software and the extent of contamination. 46